ruby_srp.git
8 years agoMerge branch 'feature-py_srp_compat' into develop develop
Azul [Fri, 5 Oct 2012 10:44:47 +0000 (12:44 +0200)]
Merge branch 'feature-py_srp_compat' into develop

8 years agomade m and m2 calculation srp 6A compatible
Azul [Fri, 5 Oct 2012 10:44:22 +0000 (12:44 +0200)]
made m and m2 calculation srp 6A compatible

Also added session_test that tests agains values calculated with py_srp

8 years agousing the SRP 6a algorithm for calculating M
Azul [Thu, 4 Oct 2012 11:08:21 +0000 (13:08 +0200)]
using the SRP 6a algorithm for calculating M

8 years agomoved all server side auth stuff into session so i can remove the authentication...
Azul [Thu, 4 Oct 2012 09:48:38 +0000 (11:48 +0200)]
moved all server side auth stuff into session so i can remove the authentication module

8 years agocreated session class to hold aa, bb and so forth - done for client
Azul [Thu, 4 Oct 2012 09:23:00 +0000 (11:23 +0200)]
created session class to hold aa, bb and so forth - done for client

We have a session in the server already - duplication there now, merge next

8 years agomore cleanup - no more duplicate password and username in Client
Azul [Thu, 4 Oct 2012 08:47:19 +0000 (10:47 +0200)]
more cleanup - no more duplicate password and username in Client

A client has a set of pwd and login and tries to auth with this.

8 years agosimplifying modpow to default to BIG_PRIME_N
Azul [Thu, 4 Oct 2012 08:32:39 +0000 (10:32 +0200)]
simplifying modpow to default to BIG_PRIME_N

8 years agosome cleanup, sha functions now concat multiple args
Azul [Thu, 4 Oct 2012 08:22:46 +0000 (10:22 +0200)]
some cleanup, sha functions now concat multiple args

also u does not depend on n

8 years agousing BIG_PRIME_N and hashing the byte array - tests pass
Azul [Thu, 4 Oct 2012 07:54:47 +0000 (09:54 +0200)]
using BIG_PRIME_N and hashing the byte array - tests pass

We still calculate M differently than in SRP 6a

8 years agocalculate verifiers and multiplier just like in py srp feature-py_srp_compat
Azul [Wed, 3 Oct 2012 14:59:46 +0000 (16:59 +0200)]
calculate verifiers and multiplier just like in py srp

Some other parts are still missing. Main issue was using hashes of hex representation rather that hashes of byte arrays

8 years agomoved readme links from ruby-srp to ruby_srp
Azul [Mon, 17 Sep 2012 17:04:17 +0000 (19:04 +0200)]
moved readme links from ruby-srp to ruby_srp

8 years agoadded travis ci and codeclimate to the readme
Azul [Tue, 21 Aug 2012 09:21:30 +0000 (11:21 +0200)]
added travis ci and codeclimate to the readme

8 years agono more spam for me please
Azul [Tue, 21 Aug 2012 09:16:54 +0000 (11:16 +0200)]
no more spam for me please

8 years agoadding minimal Rakefile so travis runs our tests
Azul [Tue, 21 Aug 2012 09:08:45 +0000 (11:08 +0200)]
adding minimal Rakefile so travis runs our tests

8 years agoupdated srp-js after forced push
Azul [Tue, 21 Aug 2012 08:57:51 +0000 (10:57 +0200)]
updated srp-js after forced push

8 years agohand over the login on handshake like we normally would
Azul [Mon, 6 Aug 2012 11:07:11 +0000 (13:07 +0200)]
hand over the login on handshake like we normally would

still missing the salt in this. auth should be more independent from registry to resemble the real process more closely

8 years agoadded authenticate! which raises SRP::WrongPassword if it fails, version 0.0.2
Azul [Mon, 6 Aug 2012 10:34:47 +0000 (12:34 +0200)]
added authenticate! which raises SRP::WrongPassword if it fails, version 0.0.2

8 years agoadded gemspec
Azul [Thu, 2 Aug 2012 13:37:51 +0000 (15:37 +0200)]
added gemspec

8 years agomake sure our urls still work with srp-js
Azul [Thu, 2 Aug 2012 13:24:00 +0000 (15:24 +0200)]
make sure our urls still work with srp-js

8 years agobringing in srp-js as a submodule for the example
Azul [Wed, 1 Aug 2012 12:55:25 +0000 (14:55 +0200)]
bringing in srp-js as a submodule for the example

This will most likely become a simple js file once both are more stable.

8 years agowe cache neither the verifier nor the secret in the session just in case
Azul [Thu, 26 Jul 2012 10:08:55 +0000 (12:08 +0200)]
we cache neither the verifier nor the secret in the session just in case

People might store the session in a CookieStore - which would probably be a bad idea anyway - but let's be save rather than sorry.

8 years agosession is handled by the class that includes SRP::Authentication - not the client
Azul [Thu, 26 Jul 2012 09:46:55 +0000 (11:46 +0200)]
session is handled by the class that includes SRP::Authentication - not the client

8 years agoSRP::Authentication::Session holds the per session data
Azul [Thu, 26 Jul 2012 09:33:29 +0000 (11:33 +0200)]
SRP::Authentication::Session holds the per session data

8 years agoremoving the remaining zerofills
Azul [Thu, 26 Jul 2012 08:59:32 +0000 (10:59 +0200)]
removing the remaining zerofills

8 years agoboth sides calculate their own u
Azul [Thu, 26 Jul 2012 08:58:28 +0000 (10:58 +0200)]
both sides calculate their own u

8 years agoturned server class into authentication module - test green, example broken
Azul [Thu, 26 Jul 2012 08:51:42 +0000 (10:51 +0200)]
turned server class into authentication module - test green, example broken

The example seems to be broken due to changes in srp-js

8 years agoremoved debugging output and adjusted ruby client to new server api
Azul [Thu, 26 Jul 2012 08:26:20 +0000 (10:26 +0200)]
removed debugging output and adjusted ruby client to new server api

8 years agomore info and resources on the index page
Azul [Tue, 3 Jul 2012 13:40:21 +0000 (15:40 +0200)]
more info and resources on the index page

bit of styling added

8 years agofixed workflow and reduced copy
Azul [Tue, 3 Jul 2012 12:24:17 +0000 (14:24 +0200)]
fixed workflow and reduced copy

8 years agousing json instead of xml responses
Azul [Tue, 3 Jul 2012 11:50:26 +0000 (13:50 +0200)]
using json instead of xml responses

8 years agoadopted srp algo to srp-js way of doing things.
Azul [Thu, 28 Jun 2012 17:43:40 +0000 (19:43 +0200)]
adopted srp algo to srp-js way of doing things.

all large integers are now send as hex strings.
Using sha256_str all over the place.

This finally gives me successful logins. Needs a log of cleanup never the less.

8 years agocomplete ajax flow is working - just auth fails
Azul [Thu, 28 Jun 2012 14:13:13 +0000 (16:13 +0200)]
complete ajax flow is working - just auth fails

Also we currently generate the salt on the server - this should happen on the client but for now i stick to the srp-js workflow.

8 years agoadjusted user model to use srp
Azul [Wed, 27 Jun 2012 13:26:55 +0000 (15:26 +0200)]
adjusted user model to use srp

8 years agomoved to ajax workflow and integrated srp-js - not quite there yet
Azul [Wed, 27 Jun 2012 13:08:41 +0000 (15:08 +0200)]
moved to ajax workflow and integrated srp-js - not quite there yet

* needs a bit of cleanup from the old workflow
* are client and server using the same primes right now?
* store multiple users on the server side

8 years agofirst steps towards adding a server side srp flow to the example
Azul [Tue, 26 Jun 2012 21:02:51 +0000 (23:02 +0200)]
first steps towards adding a server side srp flow to the example

8 years agomoved user and log class to models, verify prints logs
Azul [Tue, 26 Jun 2012 16:56:43 +0000 (18:56 +0200)]
moved user and log class to models, verify prints logs

8 years agomoved the sample app to it's own subdirectory
Azul [Tue, 26 Jun 2012 16:13:22 +0000 (18:13 +0200)]
moved the sample app to it's own subdirectory

8 years agostress three step layout with a little helper
Azul [Tue, 26 Jun 2012 16:06:28 +0000 (18:06 +0200)]
stress three step layout with a little helper

8 years agousing layout in the sinatra app
Azul [Tue, 26 Jun 2012 15:43:50 +0000 (17:43 +0200)]
using layout in the sinatra app

8 years agoadded simple sinatra app for demoing / testing
Azul [Tue, 26 Jun 2012 15:33:57 +0000 (17:33 +0200)]
added simple sinatra app for demoing / testing

8 years agoadded readme
Azul [Mon, 18 Jun 2012 10:40:03 +0000 (12:40 +0200)]
added readme

8 years agoinitial commit - testing srp auth
Azul [Mon, 18 Jun 2012 10:34:11 +0000 (12:34 +0200)]
initial commit - testing srp auth

* This is lacking a few steps. We confirm the secret is the same but no key is generated from it and it is transfered over the wire in clear.
* this was inspired by https://gist.github.com/790048
* seperated util, client, server and test code