From 4f57d8010a90fe1221c351f695d15d29a9cdc37f Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Wed, 3 Oct 2012 16:59:46 +0200
Subject: calculate verifiers and multiplier just like in py srp

Some other parts are still missing. Main issue was using hashes of hex representation rather that hashes of byte arrays
---
 lib/ruby-srp.rb     |  1 +
 lib/srp/client.rb   | 16 ++++++++--------
 lib/srp/util.rb     | 15 ++++++---------
 test/client_test.rb | 29 +++++++++++++++++++++++++++++
 test/util_test.rb   | 33 +++++++++++++++++++++++++++++++++
 5 files changed, 77 insertions(+), 17 deletions(-)
 create mode 100644 test/client_test.rb
 create mode 100644 test/util_test.rb

diff --git a/lib/ruby-srp.rb b/lib/ruby-srp.rb
index 7cbe06f..d5d6cf3 100644
--- a/lib/ruby-srp.rb
+++ b/lib/ruby-srp.rb
@@ -10,6 +10,7 @@ $:.unshift File.dirname(__FILE__)
 module SRP
   autoload :Client, 'srp/client'
   autoload :Authentication, 'srp/authentication'
+  autoload :Util, 'srp/util'
   class WrongPassword < StandardError
   end
 end
diff --git a/lib/srp/client.rb b/lib/srp/client.rb
index 484d12b..37f37d7 100644
--- a/lib/srp/client.rb
+++ b/lib/srp/client.rb
@@ -7,10 +7,10 @@ module SRP
 
     attr_reader :salt, :verifier
 
-    def initialize(username, password)
+    def initialize(username, password, salt = nil)
       @username = username
       @password = password
-      @salt = "5d3055e0acd3ddcfc15".hex # bigrand(10).hex
+      @salt = salt.hex || bigrand(4).hex
       @multiplier = multiplier # let's cache it
       calculate_verifier
     end
@@ -27,15 +27,15 @@ module SRP
 
     protected
     def calculate_verifier
-      x = calculate_x(@username, @password, @salt)
-      @verifier = modpow(GENERATOR, x, PRIME_N)
+      x = calculate_x
+      @verifier = modpow(GENERATOR, x, BIG_PRIME_N)
       @verifier
     end
 
-    def calculate_x(username, password, salt)
-      shex = '%x' % [salt]
-      spad = "" # if shex.length.odd? then '0' else '' end
-      sha256_str(spad + shex + sha256_str([username, password].join(':'))).hex
+    def calculate_x
+      shex = '%x' % [@salt]
+      inner = sha256_str([@username, @password].join(':'))
+      sha256_str([shex].pack('H*') + [inner].pack('H*')).hex
     end
 
     def calculate_client_s(x, a, bb, u)
diff --git a/lib/srp/util.rb b/lib/srp/util.rb
index bf4c248..66bd9e7 100644
--- a/lib/srp/util.rb
+++ b/lib/srp/util.rb
@@ -10,7 +10,7 @@ module SRP
 115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3
     EOS
 
-    BIG_PRIME_N = <<-EOS # 1024 bits modulus (N)
+    BIG_PRIME_N = <<-EOS.split.join.hex # 1024 bits modulus (N)
 eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c25657
 6d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089da
 d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
@@ -43,21 +43,18 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
     end
 
     def multiplier
-      return "c46d46600d87fef149bd79b81119842f3c20241fda67d06ef412d8f6d9479c58".hex % PRIME_N
       @k ||= calculate_multiplier
     end
 
     protected
 
     def calculate_multiplier
-      n = PRIME_N
+      n = BIG_PRIME_N
       g = GENERATOR
-      nhex = '%x' % [n]
-      nlen = nhex.length + (nhex.length.odd? ? 1 : 0 )
-      ghex = '%x' % [g]
-      hashin = '0' * (nlen - nhex.length) + nhex \
-        + '0' * (nlen - ghex.length) + ghex
-      sha256_hex(hashin).hex % n
+      nhex = '%x' % n
+      ghex = '0%x' % g
+      hashin = [nhex].pack('H*') + [ghex].pack('H*')
+      sha256_str(hashin).hex
     end
 
     def calculate_m(aa, bb, s)
diff --git a/test/client_test.rb b/test/client_test.rb
new file mode 100644
index 0000000..8ef53aa
--- /dev/null
+++ b/test/client_test.rb
@@ -0,0 +1,29 @@
+require File.expand_path(File.dirname(__FILE__) + '/test_helper')
+
+class ClientTest < Test::Unit::TestCase
+
+  def setup
+    @login = "testuser"
+    @password = "password"
+    @salt = "7686acb8"
+    @client = SRP::Client.new("testuser", "password", "7686acb8")
+  end
+
+  def test_calculation_of_x
+    assert_equal "84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398",
+      "%x" % @client.send(:calculate_x)
+  end
+
+  # using python srp:
+  # s,V = pysrp.create_salted_verification_key("testuser", "password", pysrp.SHA256, pysrp.NG_1024)
+
+  def test_verifier
+    s = '4c78c3f8'
+    v = '474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c'
+    @client = SRP::Client.new(@login, @password, s)
+    assert_equal v, "%x" % @client.verifier
+  end
+end
+
+
+
diff --git a/test/util_test.rb b/test/util_test.rb
new file mode 100644
index 0000000..9b1d09b
--- /dev/null
+++ b/test/util_test.rb
@@ -0,0 +1,33 @@
+require File.expand_path(File.dirname(__FILE__) + '/test_helper')
+
+class UtilTest < Test::Unit::TestCase
+
+  include SRP::Util
+
+  # comparing to the hash created with python srp lib to make sure
+  # we use the same constants and hash the same way.
+  def test_sha256_of_prime
+    n = BIG_PRIME_N
+    nhex = '%x' % [n]
+    assert_equal "494b6a801b379f37c9ee25d5db7cd70ffcfe53d01b7c9e4470eaca46bda24b39",
+      sha256_hex(nhex)
+  end
+
+  def test_hashing
+    x = sha256_str("testuser:password")
+    assert_equal 'a5376a27a385bcd791d76cbd6484e1bde130129210e4647a4583e49f45de107f',
+      x
+  end
+
+  def test_packing_hex_to_byte_string
+    shex = "7686acb8"
+    assert_equal [118, 134, 172, 184].pack('C*'), [shex].pack('H*')
+  end
+
+  def test_multiplier
+    # >>> "%x" % pysrp.H(sha, N, g)
+    assert_equal 'bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0',
+      "%x" % multiplier
+  end
+
+end
-- 
cgit v1.2.3