ruby_srp.git
6 years agoMerge branch 'feature/hex-interface' master
Azul [Sun, 14 Jul 2013 13:39:10 +0000 (15:39 +0200)]
Merge branch 'feature/hex-interface'

6 years agoversion 2.0: API change! expecting and sending hex values now
Azul [Sun, 14 Jul 2013 13:06:19 +0000 (15:06 +0200)]
version 2.0: API change! expecting and sending hex values now

6 years agostore aa, bb and u as hex by default
Azul [Sun, 14 Jul 2013 12:22:31 +0000 (14:22 +0200)]
store aa, bb and u as hex by default

6 years agofirst take on a hex based api
Azul [Sun, 14 Jul 2013 12:01:04 +0000 (14:01 +0200)]
first take on a hex based api

6 years agomore fixtures
Azul [Sun, 14 Jul 2013 12:00:44 +0000 (14:00 +0200)]
more fixtures

6 years agoversion 0.1.7: expose session internal state for debugging
Azul [Mon, 24 Jun 2013 10:03:44 +0000 (12:03 +0200)]
version 0.1.7: expose session internal state for debugging

6 years agorefactore tests: use #internal_state and fixtures
Azul [Mon, 24 Jun 2013 09:17:24 +0000 (11:17 +0200)]
refactore tests: use #internal_state and fixtures

6 years agoapi: Session#internal_state to test and debug
Azul [Mon, 24 Jun 2013 08:41:19 +0000 (10:41 +0200)]
api: Session#internal_state to test and debug

Also use functions with memoizing instead of instance vars

6 years agoversion 0.1.6 - added SRP::Session#to_hash
Azul [Mon, 25 Feb 2013 14:33:48 +0000 (15:33 +0100)]
version 0.1.6 - added SRP::Session#to_hash

6 years agobumped version to 0.1.5
Azul [Wed, 6 Feb 2013 15:06:29 +0000 (16:06 +0100)]
bumped version to 0.1.5

6 years agochanged SRP:Client so it can be used to wrap a user record on the server
Azul [Wed, 6 Feb 2013 15:05:59 +0000 (16:05 +0100)]
changed SRP:Client so it can be used to wrap a user record on the server

7 years agomaking byte algo work in 1.9.3 - bumping version
Azul [Sun, 4 Nov 2012 15:21:58 +0000 (16:21 +0100)]
making byte algo work in 1.9.3 - bumping version

in ruby 1.9.3 string[i] will be a char. Need to call #ord to make sure we have a charcode.

7 years agoauthenticate returns the user, to_json includes M2. bumped version to 0.1.3 release-0.1.0
Azul [Thu, 11 Oct 2012 15:02:15 +0000 (17:02 +0200)]
authenticate returns the user, to_json includes M2. bumped version to 0.1.3

This way the controller can easily use @user = @session.authenticate; respond_with @sessoin;

7 years agoremoved duplicate requires, bumped version
Azul [Thu, 11 Oct 2012 10:40:40 +0000 (12:40 +0200)]
removed duplicate requires, bumped version

7 years agobumped version to 0.1.1
Azul [Fri, 5 Oct 2012 14:35:30 +0000 (16:35 +0200)]
bumped version to 0.1.1

7 years agoadd to_json for session so it's easy to use in rails controllers
Azul [Fri, 5 Oct 2012 14:34:47 +0000 (16:34 +0200)]
add to_json for session so it's easy to use in rails controllers

7 years agobugfix - zero padded salts do not break login anymore
Azul [Fri, 5 Oct 2012 14:34:07 +0000 (16:34 +0200)]
bugfix - zero padded salts do not break login anymore

7 years agobumped version
Azul [Fri, 5 Oct 2012 10:54:38 +0000 (12:54 +0200)]
bumped version

7 years agorakefile now runs all tests
Azul [Fri, 5 Oct 2012 10:54:23 +0000 (12:54 +0200)]
rakefile now runs all tests

7 years agoMerge branch 'feature-py_srp_compat' into develop develop
Azul [Fri, 5 Oct 2012 10:44:47 +0000 (12:44 +0200)]
Merge branch 'feature-py_srp_compat' into develop

7 years agomade m and m2 calculation srp 6A compatible
Azul [Fri, 5 Oct 2012 10:44:22 +0000 (12:44 +0200)]
made m and m2 calculation srp 6A compatible

Also added session_test that tests agains values calculated with py_srp

7 years agousing the SRP 6a algorithm for calculating M
Azul [Thu, 4 Oct 2012 11:08:21 +0000 (13:08 +0200)]
using the SRP 6a algorithm for calculating M

7 years agomoved all server side auth stuff into session so i can remove the authentication...
Azul [Thu, 4 Oct 2012 09:48:38 +0000 (11:48 +0200)]
moved all server side auth stuff into session so i can remove the authentication module

7 years agocreated session class to hold aa, bb and so forth - done for client
Azul [Thu, 4 Oct 2012 09:23:00 +0000 (11:23 +0200)]
created session class to hold aa, bb and so forth - done for client

We have a session in the server already - duplication there now, merge next

7 years agomore cleanup - no more duplicate password and username in Client
Azul [Thu, 4 Oct 2012 08:47:19 +0000 (10:47 +0200)]
more cleanup - no more duplicate password and username in Client

A client has a set of pwd and login and tries to auth with this.

7 years agosimplifying modpow to default to BIG_PRIME_N
Azul [Thu, 4 Oct 2012 08:32:39 +0000 (10:32 +0200)]
simplifying modpow to default to BIG_PRIME_N

7 years agosome cleanup, sha functions now concat multiple args
Azul [Thu, 4 Oct 2012 08:22:46 +0000 (10:22 +0200)]
some cleanup, sha functions now concat multiple args

also u does not depend on n

7 years agousing BIG_PRIME_N and hashing the byte array - tests pass
Azul [Thu, 4 Oct 2012 07:54:47 +0000 (09:54 +0200)]
using BIG_PRIME_N and hashing the byte array - tests pass

We still calculate M differently than in SRP 6a

7 years agocalculate verifiers and multiplier just like in py srp feature-py_srp_compat
Azul [Wed, 3 Oct 2012 14:59:46 +0000 (16:59 +0200)]
calculate verifiers and multiplier just like in py srp

Some other parts are still missing. Main issue was using hashes of hex representation rather that hashes of byte arrays

7 years agomoved readme links from ruby-srp to ruby_srp
Azul [Mon, 17 Sep 2012 17:04:17 +0000 (19:04 +0200)]
moved readme links from ruby-srp to ruby_srp

7 years agoadded travis ci and codeclimate to the readme
Azul [Tue, 21 Aug 2012 09:21:30 +0000 (11:21 +0200)]
added travis ci and codeclimate to the readme

7 years agono more spam for me please
Azul [Tue, 21 Aug 2012 09:16:54 +0000 (11:16 +0200)]
no more spam for me please

7 years agoadding minimal Rakefile so travis runs our tests
Azul [Tue, 21 Aug 2012 09:08:45 +0000 (11:08 +0200)]
adding minimal Rakefile so travis runs our tests

7 years agoupdated srp-js after forced push
Azul [Tue, 21 Aug 2012 08:57:51 +0000 (10:57 +0200)]
updated srp-js after forced push

7 years agohand over the login on handshake like we normally would
Azul [Mon, 6 Aug 2012 11:07:11 +0000 (13:07 +0200)]
hand over the login on handshake like we normally would

still missing the salt in this. auth should be more independent from registry to resemble the real process more closely

7 years agoadded authenticate! which raises SRP::WrongPassword if it fails, version 0.0.2
Azul [Mon, 6 Aug 2012 10:34:47 +0000 (12:34 +0200)]
added authenticate! which raises SRP::WrongPassword if it fails, version 0.0.2

7 years agoadded gemspec
Azul [Thu, 2 Aug 2012 13:37:51 +0000 (15:37 +0200)]
added gemspec

7 years agomake sure our urls still work with srp-js
Azul [Thu, 2 Aug 2012 13:24:00 +0000 (15:24 +0200)]
make sure our urls still work with srp-js

7 years agobringing in srp-js as a submodule for the example
Azul [Wed, 1 Aug 2012 12:55:25 +0000 (14:55 +0200)]
bringing in srp-js as a submodule for the example

This will most likely become a simple js file once both are more stable.

7 years agowe cache neither the verifier nor the secret in the session just in case
Azul [Thu, 26 Jul 2012 10:08:55 +0000 (12:08 +0200)]
we cache neither the verifier nor the secret in the session just in case

People might store the session in a CookieStore - which would probably be a bad idea anyway - but let's be save rather than sorry.

7 years agosession is handled by the class that includes SRP::Authentication - not the client
Azul [Thu, 26 Jul 2012 09:46:55 +0000 (11:46 +0200)]
session is handled by the class that includes SRP::Authentication - not the client

7 years agoSRP::Authentication::Session holds the per session data
Azul [Thu, 26 Jul 2012 09:33:29 +0000 (11:33 +0200)]
SRP::Authentication::Session holds the per session data

7 years agoremoving the remaining zerofills
Azul [Thu, 26 Jul 2012 08:59:32 +0000 (10:59 +0200)]
removing the remaining zerofills

7 years agoboth sides calculate their own u
Azul [Thu, 26 Jul 2012 08:58:28 +0000 (10:58 +0200)]
both sides calculate their own u

7 years agoturned server class into authentication module - test green, example broken
Azul [Thu, 26 Jul 2012 08:51:42 +0000 (10:51 +0200)]
turned server class into authentication module - test green, example broken

The example seems to be broken due to changes in srp-js

7 years agoremoved debugging output and adjusted ruby client to new server api
Azul [Thu, 26 Jul 2012 08:26:20 +0000 (10:26 +0200)]
removed debugging output and adjusted ruby client to new server api

7 years agomore info and resources on the index page
Azul [Tue, 3 Jul 2012 13:40:21 +0000 (15:40 +0200)]
more info and resources on the index page

bit of styling added

7 years agofixed workflow and reduced copy
Azul [Tue, 3 Jul 2012 12:24:17 +0000 (14:24 +0200)]
fixed workflow and reduced copy

7 years agousing json instead of xml responses
Azul [Tue, 3 Jul 2012 11:50:26 +0000 (13:50 +0200)]
using json instead of xml responses

7 years agoadopted srp algo to srp-js way of doing things.
Azul [Thu, 28 Jun 2012 17:43:40 +0000 (19:43 +0200)]
adopted srp algo to srp-js way of doing things.

all large integers are now send as hex strings.
Using sha256_str all over the place.

This finally gives me successful logins. Needs a log of cleanup never the less.

7 years agocomplete ajax flow is working - just auth fails
Azul [Thu, 28 Jun 2012 14:13:13 +0000 (16:13 +0200)]
complete ajax flow is working - just auth fails

Also we currently generate the salt on the server - this should happen on the client but for now i stick to the srp-js workflow.

7 years agoadjusted user model to use srp
Azul [Wed, 27 Jun 2012 13:26:55 +0000 (15:26 +0200)]
adjusted user model to use srp

7 years agomoved to ajax workflow and integrated srp-js - not quite there yet
Azul [Wed, 27 Jun 2012 13:08:41 +0000 (15:08 +0200)]
moved to ajax workflow and integrated srp-js - not quite there yet

* needs a bit of cleanup from the old workflow
* are client and server using the same primes right now?
* store multiple users on the server side

7 years agofirst steps towards adding a server side srp flow to the example
Azul [Tue, 26 Jun 2012 21:02:51 +0000 (23:02 +0200)]
first steps towards adding a server side srp flow to the example

7 years agomoved user and log class to models, verify prints logs
Azul [Tue, 26 Jun 2012 16:56:43 +0000 (18:56 +0200)]
moved user and log class to models, verify prints logs

7 years agomoved the sample app to it's own subdirectory
Azul [Tue, 26 Jun 2012 16:13:22 +0000 (18:13 +0200)]
moved the sample app to it's own subdirectory

7 years agostress three step layout with a little helper
Azul [Tue, 26 Jun 2012 16:06:28 +0000 (18:06 +0200)]
stress three step layout with a little helper

7 years agousing layout in the sinatra app
Azul [Tue, 26 Jun 2012 15:43:50 +0000 (17:43 +0200)]
using layout in the sinatra app

7 years agoadded simple sinatra app for demoing / testing
Azul [Tue, 26 Jun 2012 15:33:57 +0000 (17:33 +0200)]
added simple sinatra app for demoing / testing

7 years agoadded readme
Azul [Mon, 18 Jun 2012 10:40:03 +0000 (12:40 +0200)]
added readme

7 years agoinitial commit - testing srp auth
Azul [Mon, 18 Jun 2012 10:34:11 +0000 (12:34 +0200)]
initial commit - testing srp auth

* This is lacking a few steps. We confirm the secret is the same but no key is generated from it and it is transfered over the wire in clear.
* this was inspired by https://gist.github.com/790048
* seperated util, client, server and test code