From 66c3ed01eb012cae84193b4864c7c48eb77c2a8c Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 10:47:19 +0200 Subject: more cleanup - no more duplicate password and username in Client A client has a set of pwd and login and tries to auth with this. --- lib/srp/client.rb | 22 ++++++++++++---------- test/auth_test.rb | 8 +++++--- test/client_test.rb | 10 ++++------ 3 files changed, 21 insertions(+), 19 deletions(-) diff --git a/lib/srp/client.rb b/lib/srp/client.rb index 22ed9f7..de17fb3 100644 --- a/lib/srp/client.rb +++ b/lib/srp/client.rb @@ -10,31 +10,33 @@ module SRP def initialize(username, password, salt = nil) @username = username @password = password - @salt = (salt || bigrand(4)).hex + @salt = salt || bigrand(4).hex @multiplier = multiplier # let's cache it calculate_verifier end - def authenticate(server, username, password) - x = calculate_x(username, password) + def authenticate(server) a = bigrand(32).hex aa = modpow(GENERATOR, a) # A = g^a (mod N) - bb = server.handshake(username, aa) + bb = server.handshake(@username, aa) u = calculate_u(aa, bb) - client_s = calculate_client_s(x, a, bb, u) + client_s = calculate_client_s(private_key, a, bb, u) server.validate(calculate_m(aa, bb, client_s)) end protected + def calculate_verifier - x = calculate_x - @verifier = modpow(GENERATOR, x) - @verifier + @verifier ||= modpow(GENERATOR, private_key) + end + + def private_key + @private_key ||= calculate_private_key end - def calculate_x(username = @username, password = @password) + def calculate_private_key shex = '%x' % [@salt] - inner = sha256_str([username, password].join(':')) + inner = sha256_str([@username, @password].join(':')) sha256_hex(shex, inner).hex end diff --git a/test/auth_test.rb b/test/auth_test.rb index 559403a..c1bffd0 100644 --- a/test/auth_test.rb +++ b/test/auth_test.rb @@ -32,15 +32,17 @@ class AuthTest < Test::Unit::TestCase end def test_successful_auth - assert @client.authenticate(@server, @username, @password) + assert @client.authenticate(@server) end def test_a_wrong_password - assert !@client.authenticate(@server, @username, "wrong password") + client = SRP::Client.new(@username, "wrong password", @client.salt) + assert !client.authenticate(@server) end def test_wrong_username - assert !@client.authenticate(@server, "wrong username", @password) + client = SRP::Client.new("wrong username", @password, @client.salt) + assert !client.authenticate(@server) end end diff --git a/test/client_test.rb b/test/client_test.rb index 8ef53aa..3a191a8 100644 --- a/test/client_test.rb +++ b/test/client_test.rb @@ -5,22 +5,20 @@ class ClientTest < Test::Unit::TestCase def setup @login = "testuser" @password = "password" - @salt = "7686acb8" - @client = SRP::Client.new("testuser", "password", "7686acb8") end - def test_calculation_of_x + def test_calculation_of_private_key + @client = SRP::Client.new(@login, @password, "7686acb8".hex) assert_equal "84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398", - "%x" % @client.send(:calculate_x) + "%x" % @client.send(:private_key) end # using python srp: # s,V = pysrp.create_salted_verification_key("testuser", "password", pysrp.SHA256, pysrp.NG_1024) def test_verifier - s = '4c78c3f8' + @client = SRP::Client.new(@login, @password, '4c78c3f8'.hex) v = '474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c' - @client = SRP::Client.new(@login, @password, s) assert_equal v, "%x" % @client.verifier end end -- cgit v1.2.3