From 4f57d8010a90fe1221c351f695d15d29a9cdc37f Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 3 Oct 2012 16:59:46 +0200 Subject: calculate verifiers and multiplier just like in py srp Some other parts are still missing. Main issue was using hashes of hex representation rather that hashes of byte arrays --- lib/ruby-srp.rb | 1 + lib/srp/client.rb | 16 ++++++++-------- lib/srp/util.rb | 15 ++++++--------- test/client_test.rb | 29 +++++++++++++++++++++++++++++ test/util_test.rb | 33 +++++++++++++++++++++++++++++++++ 5 files changed, 77 insertions(+), 17 deletions(-) create mode 100644 test/client_test.rb create mode 100644 test/util_test.rb diff --git a/lib/ruby-srp.rb b/lib/ruby-srp.rb index 7cbe06f..d5d6cf3 100644 --- a/lib/ruby-srp.rb +++ b/lib/ruby-srp.rb @@ -10,6 +10,7 @@ $:.unshift File.dirname(__FILE__) module SRP autoload :Client, 'srp/client' autoload :Authentication, 'srp/authentication' + autoload :Util, 'srp/util' class WrongPassword < StandardError end end diff --git a/lib/srp/client.rb b/lib/srp/client.rb index 484d12b..37f37d7 100644 --- a/lib/srp/client.rb +++ b/lib/srp/client.rb @@ -7,10 +7,10 @@ module SRP attr_reader :salt, :verifier - def initialize(username, password) + def initialize(username, password, salt = nil) @username = username @password = password - @salt = "5d3055e0acd3ddcfc15".hex # bigrand(10).hex + @salt = salt.hex || bigrand(4).hex @multiplier = multiplier # let's cache it calculate_verifier end @@ -27,15 +27,15 @@ module SRP protected def calculate_verifier - x = calculate_x(@username, @password, @salt) - @verifier = modpow(GENERATOR, x, PRIME_N) + x = calculate_x + @verifier = modpow(GENERATOR, x, BIG_PRIME_N) @verifier end - def calculate_x(username, password, salt) - shex = '%x' % [salt] - spad = "" # if shex.length.odd? then '0' else '' end - sha256_str(spad + shex + sha256_str([username, password].join(':'))).hex + def calculate_x + shex = '%x' % [@salt] + inner = sha256_str([@username, @password].join(':')) + sha256_str([shex].pack('H*') + [inner].pack('H*')).hex end def calculate_client_s(x, a, bb, u) diff --git a/lib/srp/util.rb b/lib/srp/util.rb index bf4c248..66bd9e7 100644 --- a/lib/srp/util.rb +++ b/lib/srp/util.rb @@ -10,7 +10,7 @@ module SRP 115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3 EOS - BIG_PRIME_N = <<-EOS # 1024 bits modulus (N) + BIG_PRIME_N = <<-EOS.split.join.hex # 1024 bits modulus (N) eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c25657 6d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089da d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 @@ -43,21 +43,18 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 end def multiplier - return "c46d46600d87fef149bd79b81119842f3c20241fda67d06ef412d8f6d9479c58".hex % PRIME_N @k ||= calculate_multiplier end protected def calculate_multiplier - n = PRIME_N + n = BIG_PRIME_N g = GENERATOR - nhex = '%x' % [n] - nlen = nhex.length + (nhex.length.odd? ? 1 : 0 ) - ghex = '%x' % [g] - hashin = '0' * (nlen - nhex.length) + nhex \ - + '0' * (nlen - ghex.length) + ghex - sha256_hex(hashin).hex % n + nhex = '%x' % n + ghex = '0%x' % g + hashin = [nhex].pack('H*') + [ghex].pack('H*') + sha256_str(hashin).hex end def calculate_m(aa, bb, s) diff --git a/test/client_test.rb b/test/client_test.rb new file mode 100644 index 0000000..8ef53aa --- /dev/null +++ b/test/client_test.rb @@ -0,0 +1,29 @@ +require File.expand_path(File.dirname(__FILE__) + '/test_helper') + +class ClientTest < Test::Unit::TestCase + + def setup + @login = "testuser" + @password = "password" + @salt = "7686acb8" + @client = SRP::Client.new("testuser", "password", "7686acb8") + end + + def test_calculation_of_x + assert_equal "84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398", + "%x" % @client.send(:calculate_x) + end + + # using python srp: + # s,V = pysrp.create_salted_verification_key("testuser", "password", pysrp.SHA256, pysrp.NG_1024) + + def test_verifier + s = '4c78c3f8' + v = '474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c' + @client = SRP::Client.new(@login, @password, s) + assert_equal v, "%x" % @client.verifier + end +end + + + diff --git a/test/util_test.rb b/test/util_test.rb new file mode 100644 index 0000000..9b1d09b --- /dev/null +++ b/test/util_test.rb @@ -0,0 +1,33 @@ +require File.expand_path(File.dirname(__FILE__) + '/test_helper') + +class UtilTest < Test::Unit::TestCase + + include SRP::Util + + # comparing to the hash created with python srp lib to make sure + # we use the same constants and hash the same way. + def test_sha256_of_prime + n = BIG_PRIME_N + nhex = '%x' % [n] + assert_equal "494b6a801b379f37c9ee25d5db7cd70ffcfe53d01b7c9e4470eaca46bda24b39", + sha256_hex(nhex) + end + + def test_hashing + x = sha256_str("testuser:password") + assert_equal 'a5376a27a385bcd791d76cbd6484e1bde130129210e4647a4583e49f45de107f', + x + end + + def test_packing_hex_to_byte_string + shex = "7686acb8" + assert_equal [118, 134, 172, 184].pack('C*'), [shex].pack('H*') + end + + def test_multiplier + # >>> "%x" % pysrp.H(sha, N, g) + assert_equal 'bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0', + "%x" % multiplier + end + +end -- cgit v1.2.3 From 693b6d1e36828fa17915a9297595f65c739b611a Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 09:54:47 +0200 Subject: using BIG_PRIME_N and hashing the byte array - tests pass We still calculate M differently than in SRP 6a --- lib/srp/authentication.rb | 8 ++++---- lib/srp/client.rb | 20 ++++++++++---------- lib/srp/util.rb | 5 ++--- test/auth_test.rb | 2 +- 4 files changed, 17 insertions(+), 18 deletions(-) diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb index 4afe20b..0505a58 100644 --- a/lib/srp/authentication.rb +++ b/lib/srp/authentication.rb @@ -13,18 +13,18 @@ module SRP @aa = aa @b = bigrand(32).hex # B = g^b + k v (mod N) - @bb = (modpow(GENERATOR, @b, PRIME_N) + multiplier * verifier) % PRIME_N + @bb = (modpow(GENERATOR, @b, BIG_PRIME_N) + multiplier * verifier) % BIG_PRIME_N end def u - calculate_u(aa, bb, PRIME_N) + calculate_u(aa, bb, BIG_PRIME_N) end # do not cache this - it's secret and someone might store the # session in a CookieStore def secret(verifier) - base = (modpow(verifier, u, PRIME_N) * aa) % PRIME_N - modpow(base, @b, PRIME_N) + base = (modpow(verifier, u, BIG_PRIME_N) * aa) % BIG_PRIME_N + modpow(base, @b, BIG_PRIME_N) end def m1(verifier) diff --git a/lib/srp/client.rb b/lib/srp/client.rb index 37f37d7..947bd7b 100644 --- a/lib/srp/client.rb +++ b/lib/srp/client.rb @@ -10,17 +10,17 @@ module SRP def initialize(username, password, salt = nil) @username = username @password = password - @salt = salt.hex || bigrand(4).hex + @salt = (salt || bigrand(4)).hex @multiplier = multiplier # let's cache it calculate_verifier end def authenticate(server, username, password) - x = calculate_x(username, password, salt) + x = calculate_x(username, password) a = bigrand(32).hex - aa = modpow(GENERATOR, a, PRIME_N) # A = g^a (mod N) + aa = modpow(GENERATOR, a, BIG_PRIME_N) # A = g^a (mod N) bb = server.handshake(username, aa) - u = calculate_u(aa, bb, PRIME_N) + u = calculate_u(aa, bb, BIG_PRIME_N) client_s = calculate_client_s(x, a, bb, u) server.validate(calculate_m(aa, bb, client_s)) end @@ -32,18 +32,18 @@ module SRP @verifier end - def calculate_x + def calculate_x(username = @username, password = @password) shex = '%x' % [@salt] - inner = sha256_str([@username, @password].join(':')) + inner = sha256_str([username, password].join(':')) sha256_str([shex].pack('H*') + [inner].pack('H*')).hex end def calculate_client_s(x, a, bb, u) base = bb - base += PRIME_N * @multiplier - base -= modpow(GENERATOR, x, PRIME_N) * @multiplier - base = base % PRIME_N - modpow(base, x * u + a, PRIME_N) + base += BIG_PRIME_N * @multiplier + base -= modpow(GENERATOR, x, BIG_PRIME_N) * @multiplier + base = base % BIG_PRIME_N + modpow(base, x * u + a, BIG_PRIME_N) end end end diff --git a/lib/srp/util.rb b/lib/srp/util.rb index 66bd9e7..cafa5f4 100644 --- a/lib/srp/util.rb +++ b/lib/srp/util.rb @@ -59,14 +59,13 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 def calculate_m(aa, bb, s) hashin = '%x%x%x' % [aa, bb, s] - sha256_str(hashin).hex + sha256_hex(hashin).hex end def calculate_u(aa, bb, n) - nlen = 2 * ((('%x' % [n]).length * 4 + 7) >> 3) aahex = '%x' % [aa] bbhex = '%x' % [bb] - return sha256_str("%x%x" % [aa, bb]).hex + return sha256_hex("%x%x" % [aa, bb]).hex end end diff --git a/test/auth_test.rb b/test/auth_test.rb index 4311683..559403a 100644 --- a/test/auth_test.rb +++ b/test/auth_test.rb @@ -35,7 +35,7 @@ class AuthTest < Test::Unit::TestCase assert @client.authenticate(@server, @username, @password) end - def test_wrong_password + def test_a_wrong_password assert !@client.authenticate(@server, @username, "wrong password") end -- cgit v1.2.3 From b889ef34d4fff0d156901ae2aebfcee02339ce77 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 10:22:46 +0200 Subject: some cleanup, sha functions now concat multiple args also u does not depend on n --- lib/srp/authentication.rb | 2 +- lib/srp/client.rb | 4 ++-- lib/srp/util.rb | 29 +++++++++++++++-------------- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb index 0505a58..0fd275c 100644 --- a/lib/srp/authentication.rb +++ b/lib/srp/authentication.rb @@ -17,7 +17,7 @@ module SRP end def u - calculate_u(aa, bb, BIG_PRIME_N) + calculate_u(aa, bb) end # do not cache this - it's secret and someone might store the diff --git a/lib/srp/client.rb b/lib/srp/client.rb index 947bd7b..65052f5 100644 --- a/lib/srp/client.rb +++ b/lib/srp/client.rb @@ -20,7 +20,7 @@ module SRP a = bigrand(32).hex aa = modpow(GENERATOR, a, BIG_PRIME_N) # A = g^a (mod N) bb = server.handshake(username, aa) - u = calculate_u(aa, bb, BIG_PRIME_N) + u = calculate_u(aa, bb) client_s = calculate_client_s(x, a, bb, u) server.validate(calculate_m(aa, bb, client_s)) end @@ -35,7 +35,7 @@ module SRP def calculate_x(username = @username, password = @password) shex = '%x' % [@salt] inner = sha256_str([username, password].join(':')) - sha256_str([shex].pack('H*') + [inner].pack('H*')).hex + sha256_hex(shex, inner).hex end def calculate_client_s(x, a, bb, u) diff --git a/lib/srp/util.rb b/lib/srp/util.rb index cafa5f4..fcbab31 100644 --- a/lib/srp/util.rb +++ b/lib/srp/util.rb @@ -30,8 +30,15 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 end end - def sha256_hex(h) - Digest::SHA2.hexdigest([h].pack('H*')) + # Hashes the (long) int args + def sha256_int(*args) + sha256_hex(*args.map{|a| a.to_s(16)}) + end + + # Hashes the hex args + def sha256_hex(*args) + h = args.join('') + sha256_str([h].pack('H*')) end def sha256_str(s) @@ -49,23 +56,17 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 protected def calculate_multiplier - n = BIG_PRIME_N - g = GENERATOR - nhex = '%x' % n - ghex = '0%x' % g - hashin = [nhex].pack('H*') + [ghex].pack('H*') - sha256_str(hashin).hex + # GENERATOR hex needs to be prefixed with 0 so it's not "2" -> 32 + ghex = '0%x' % GENERATOR + sha256_hex(BIG_PRIME_N.to_s(16), ghex).hex end def calculate_m(aa, bb, s) - hashin = '%x%x%x' % [aa, bb, s] - sha256_hex(hashin).hex + sha256_int(aa, bb, s).hex end - def calculate_u(aa, bb, n) - aahex = '%x' % [aa] - bbhex = '%x' % [bb] - return sha256_hex("%x%x" % [aa, bb]).hex + def calculate_u(aa, bb) + sha256_int(aa, bb).hex end end -- cgit v1.2.3 From c73f7c1b4c1270d4d0ca47650a12893a6d13e796 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 10:32:39 +0200 Subject: simplifying modpow to default to BIG_PRIME_N --- lib/srp/authentication.rb | 6 +++--- lib/srp/client.rb | 8 ++++---- lib/srp/util.rb | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb index 0fd275c..3428fd4 100644 --- a/lib/srp/authentication.rb +++ b/lib/srp/authentication.rb @@ -13,7 +13,7 @@ module SRP @aa = aa @b = bigrand(32).hex # B = g^b + k v (mod N) - @bb = (modpow(GENERATOR, @b, BIG_PRIME_N) + multiplier * verifier) % BIG_PRIME_N + @bb = (modpow(GENERATOR, @b) + multiplier * verifier) % BIG_PRIME_N end def u @@ -23,8 +23,8 @@ module SRP # do not cache this - it's secret and someone might store the # session in a CookieStore def secret(verifier) - base = (modpow(verifier, u, BIG_PRIME_N) * aa) % BIG_PRIME_N - modpow(base, @b, BIG_PRIME_N) + base = (modpow(verifier, u) * aa) % BIG_PRIME_N + modpow(base, @b) end def m1(verifier) diff --git a/lib/srp/client.rb b/lib/srp/client.rb index 65052f5..22ed9f7 100644 --- a/lib/srp/client.rb +++ b/lib/srp/client.rb @@ -18,7 +18,7 @@ module SRP def authenticate(server, username, password) x = calculate_x(username, password) a = bigrand(32).hex - aa = modpow(GENERATOR, a, BIG_PRIME_N) # A = g^a (mod N) + aa = modpow(GENERATOR, a) # A = g^a (mod N) bb = server.handshake(username, aa) u = calculate_u(aa, bb) client_s = calculate_client_s(x, a, bb, u) @@ -28,7 +28,7 @@ module SRP protected def calculate_verifier x = calculate_x - @verifier = modpow(GENERATOR, x, BIG_PRIME_N) + @verifier = modpow(GENERATOR, x) @verifier end @@ -41,9 +41,9 @@ module SRP def calculate_client_s(x, a, bb, u) base = bb base += BIG_PRIME_N * @multiplier - base -= modpow(GENERATOR, x, BIG_PRIME_N) * @multiplier + base -= modpow(GENERATOR, x) * @multiplier base = base % BIG_PRIME_N - modpow(base, x * u + a, BIG_PRIME_N) + modpow(base, x * u + a) end end end diff --git a/lib/srp/util.rb b/lib/srp/util.rb index fcbab31..087ce5d 100644 --- a/lib/srp/util.rb +++ b/lib/srp/util.rb @@ -20,7 +20,7 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 GENERATOR = 2 # g # a^n (mod m) - def modpow(a, n, m) + def modpow(a, n, m = BIG_PRIME_N) r = 1 while true r = r * a % m if n[0] == 1 -- cgit v1.2.3 From 66c3ed01eb012cae84193b4864c7c48eb77c2a8c Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 10:47:19 +0200 Subject: more cleanup - no more duplicate password and username in Client A client has a set of pwd and login and tries to auth with this. --- lib/srp/client.rb | 22 ++++++++++++---------- test/auth_test.rb | 8 +++++--- test/client_test.rb | 10 ++++------ 3 files changed, 21 insertions(+), 19 deletions(-) diff --git a/lib/srp/client.rb b/lib/srp/client.rb index 22ed9f7..de17fb3 100644 --- a/lib/srp/client.rb +++ b/lib/srp/client.rb @@ -10,31 +10,33 @@ module SRP def initialize(username, password, salt = nil) @username = username @password = password - @salt = (salt || bigrand(4)).hex + @salt = salt || bigrand(4).hex @multiplier = multiplier # let's cache it calculate_verifier end - def authenticate(server, username, password) - x = calculate_x(username, password) + def authenticate(server) a = bigrand(32).hex aa = modpow(GENERATOR, a) # A = g^a (mod N) - bb = server.handshake(username, aa) + bb = server.handshake(@username, aa) u = calculate_u(aa, bb) - client_s = calculate_client_s(x, a, bb, u) + client_s = calculate_client_s(private_key, a, bb, u) server.validate(calculate_m(aa, bb, client_s)) end protected + def calculate_verifier - x = calculate_x - @verifier = modpow(GENERATOR, x) - @verifier + @verifier ||= modpow(GENERATOR, private_key) + end + + def private_key + @private_key ||= calculate_private_key end - def calculate_x(username = @username, password = @password) + def calculate_private_key shex = '%x' % [@salt] - inner = sha256_str([username, password].join(':')) + inner = sha256_str([@username, @password].join(':')) sha256_hex(shex, inner).hex end diff --git a/test/auth_test.rb b/test/auth_test.rb index 559403a..c1bffd0 100644 --- a/test/auth_test.rb +++ b/test/auth_test.rb @@ -32,15 +32,17 @@ class AuthTest < Test::Unit::TestCase end def test_successful_auth - assert @client.authenticate(@server, @username, @password) + assert @client.authenticate(@server) end def test_a_wrong_password - assert !@client.authenticate(@server, @username, "wrong password") + client = SRP::Client.new(@username, "wrong password", @client.salt) + assert !client.authenticate(@server) end def test_wrong_username - assert !@client.authenticate(@server, "wrong username", @password) + client = SRP::Client.new("wrong username", @password, @client.salt) + assert !client.authenticate(@server) end end diff --git a/test/client_test.rb b/test/client_test.rb index 8ef53aa..3a191a8 100644 --- a/test/client_test.rb +++ b/test/client_test.rb @@ -5,22 +5,20 @@ class ClientTest < Test::Unit::TestCase def setup @login = "testuser" @password = "password" - @salt = "7686acb8" - @client = SRP::Client.new("testuser", "password", "7686acb8") end - def test_calculation_of_x + def test_calculation_of_private_key + @client = SRP::Client.new(@login, @password, "7686acb8".hex) assert_equal "84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398", - "%x" % @client.send(:calculate_x) + "%x" % @client.send(:private_key) end # using python srp: # s,V = pysrp.create_salted_verification_key("testuser", "password", pysrp.SHA256, pysrp.NG_1024) def test_verifier - s = '4c78c3f8' + @client = SRP::Client.new(@login, @password, '4c78c3f8'.hex) v = '474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c' - @client = SRP::Client.new(@login, @password, s) assert_equal v, "%x" % @client.verifier end end -- cgit v1.2.3 From 0e5f57d3e07db606a779485e1537d4db8b5d3da2 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 11:23:00 +0200 Subject: created session class to hold aa, bb and so forth - done for client We have a session in the server already - duplication there now, merge next --- lib/ruby-srp.rb | 1 + lib/srp/authentication.rb | 15 ++++++-- lib/srp/client.rb | 27 +++++---------- lib/srp/session.rb | 87 +++++++++++++++++++++++++++++++++++++++++++++++ lib/srp/util.rb | 7 ---- 5 files changed, 108 insertions(+), 29 deletions(-) create mode 100644 lib/srp/session.rb diff --git a/lib/ruby-srp.rb b/lib/ruby-srp.rb index d5d6cf3..383cbca 100644 --- a/lib/ruby-srp.rb +++ b/lib/ruby-srp.rb @@ -11,6 +11,7 @@ module SRP autoload :Client, 'srp/client' autoload :Authentication, 'srp/authentication' autoload :Util, 'srp/util' + autoload :Session, 'srp/session' class WrongPassword < StandardError end end diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb index 3428fd4..c87fe1d 100644 --- a/lib/srp/authentication.rb +++ b/lib/srp/authentication.rb @@ -17,7 +17,7 @@ module SRP end def u - calculate_u(aa, bb) + @u ||= calculate_u end # do not cache this - it's secret and someone might store the @@ -28,11 +28,20 @@ module SRP end def m1(verifier) - calculate_m(aa, bb, secret(verifier)) + calculate_m(secret(verifier)) end def m2(m1, verifier) - calculate_m(aa, m1, secret(verifier)) + sha256_int(@aa, m1, secret(verifier)).hex + end + + protected + def calculate_u + sha256_int(@aa, @bb).hex + end + + def calculate_m(s) + sha256_int(@aa, @bb, s).hex end end diff --git a/lib/srp/client.rb b/lib/srp/client.rb index de17fb3..94e36af 100644 --- a/lib/srp/client.rb +++ b/lib/srp/client.rb @@ -5,23 +5,23 @@ module SRP include Util - attr_reader :salt, :verifier + attr_reader :salt, :verifier, :username def initialize(username, password, salt = nil) @username = username @password = password @salt = salt || bigrand(4).hex - @multiplier = multiplier # let's cache it calculate_verifier end def authenticate(server) - a = bigrand(32).hex - aa = modpow(GENERATOR, a) # A = g^a (mod N) - bb = server.handshake(@username, aa) - u = calculate_u(aa, bb) - client_s = calculate_client_s(private_key, a, bb, u) - server.validate(calculate_m(aa, bb, client_s)) + @session = SRP::Session.new(self) + @session.handshake(server) + @session.validate(server) + end + + def private_key + @private_key ||= calculate_private_key end protected @@ -30,23 +30,12 @@ module SRP @verifier ||= modpow(GENERATOR, private_key) end - def private_key - @private_key ||= calculate_private_key - end - def calculate_private_key shex = '%x' % [@salt] inner = sha256_str([@username, @password].join(':')) sha256_hex(shex, inner).hex end - def calculate_client_s(x, a, bb, u) - base = bb - base += BIG_PRIME_N * @multiplier - base -= modpow(GENERATOR, x) * @multiplier - base = base % BIG_PRIME_N - modpow(base, x * u + a) - end end end diff --git a/lib/srp/session.rb b/lib/srp/session.rb new file mode 100644 index 0000000..b61058b --- /dev/null +++ b/lib/srp/session.rb @@ -0,0 +1,87 @@ +require File.expand_path(File.dirname(__FILE__) + '/util') + +module SRP + class Session + include Util + attr_accessor :user, :aa, :bb + + def initialize(user, aa=nil) + @user = user + aa ? initialize_server(aa) : initialize_client + end + + # client -> server: I, A = g^a + def handshake(server) + @bb = server.handshake(user.username, aa) + @u = calculate_u + end + + # client -> server: M = H(H(N) xor H(g), H(I), s, A, B, K) + def validate(server) + server.validate(calculate_m(client_secret)) + end + + def authenticate!(m) + authenticate(m) || raise(SRP::WrongPassword) + end + + def authenticate(m) + if(m == calculate_m(server_secret)) + return m2 + end + end + + protected + + def initialize_server(aa) + @aa = aa + @b = bigrand(32).hex + # B = g^b + k v (mod N) + @bb = (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N + @u = calculate_u + end + + def initialize_client + @a = bigrand(32).hex + @aa = modpow(GENERATOR, @a) # A = g^a (mod N) + end + + # client: K = H( (B - kg^x) ^ (a + ux) ) + def client_secret + base = @bb + # base += BIG_PRIME_N * @multiplier + base -= modpow(GENERATOR, @user.private_key) * multiplier + base = base % BIG_PRIME_N + modpow(base, @user.private_key * @u + @a) + end + + # server: K = H( (Av^u) ^ b ) + # do not cache this - it's secret and someone might store the + # session in a CookieStore + def server_secret + base = (modpow(@user.verifier, @u) * @aa) % BIG_PRIME_N + modpow(base, @b) + end + + def m1 + calculate_m(server_secret) + end + + def m2 + sha256_int(@aa, m1, server_secret).hex + end + + # this is outdated - SRP 6a uses + # M = H(H(N) xor H(g), H(I), s, A, B, K) + def calculate_m(s) + sha256_int(@aa, @bb, s).hex + end + + def calculate_u + sha256_int(@aa, @bb).hex + end + end +end + + + diff --git a/lib/srp/util.rb b/lib/srp/util.rb index 087ce5d..50ff9bb 100644 --- a/lib/srp/util.rb +++ b/lib/srp/util.rb @@ -61,13 +61,6 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 sha256_hex(BIG_PRIME_N.to_s(16), ghex).hex end - def calculate_m(aa, bb, s) - sha256_int(aa, bb, s).hex - end - - def calculate_u(aa, bb) - sha256_int(aa, bb).hex - end end end -- cgit v1.2.3 From 777254f7ba10a0dd8fbee433e6a631d96e9d76f0 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 11:48:38 +0200 Subject: moved all server side auth stuff into session so i can remove the authentication module --- lib/srp/authentication.rb | 68 ----------------------------------------------- lib/srp/session.rb | 14 ++++------ test/auth_test.rb | 18 +++++++------ 3 files changed, 15 insertions(+), 85 deletions(-) delete mode 100644 lib/srp/authentication.rb diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb deleted file mode 100644 index c87fe1d..0000000 --- a/lib/srp/authentication.rb +++ /dev/null @@ -1,68 +0,0 @@ -require File.expand_path(File.dirname(__FILE__) + '/util') - -module SRP - module Authentication - - include Util - - class Session - include Util - attr_accessor :aa, :bb - - def initialize(aa, verifier) - @aa = aa - @b = bigrand(32).hex - # B = g^b + k v (mod N) - @bb = (modpow(GENERATOR, @b) + multiplier * verifier) % BIG_PRIME_N - end - - def u - @u ||= calculate_u - end - - # do not cache this - it's secret and someone might store the - # session in a CookieStore - def secret(verifier) - base = (modpow(verifier, u) * aa) % BIG_PRIME_N - modpow(base, @b) - end - - def m1(verifier) - calculate_m(secret(verifier)) - end - - def m2(m1, verifier) - sha256_int(@aa, m1, secret(verifier)).hex - end - - protected - def calculate_u - sha256_int(@aa, @bb).hex - end - - def calculate_m(s) - sha256_int(@aa, @bb, s).hex - end - - end - - def initialize_auth(aa) - return Session.new(aa, verifier) - end - - def authenticate!(m, session) - authenticate(m, session) || raise(SRP::WrongPassword) - end - - def authenticate(m, session) - if(m == session.m1(verifier)) - return session.m2(m, verifier) - end - end - - - end - -end - - diff --git a/lib/srp/session.rb b/lib/srp/session.rb index b61058b..367f5e2 100644 --- a/lib/srp/session.rb +++ b/lib/srp/session.rb @@ -27,7 +27,7 @@ module SRP def authenticate(m) if(m == calculate_m(server_secret)) - return m2 + return calculate_m2(m, server_secret) end end @@ -63,20 +63,16 @@ module SRP modpow(base, @b) end - def m1 - calculate_m(server_secret) - end - - def m2 - sha256_int(@aa, m1, server_secret).hex - end - # this is outdated - SRP 6a uses # M = H(H(N) xor H(g), H(I), s, A, B, K) def calculate_m(s) sha256_int(@aa, @bb, s).hex end + def calculate_m2(m, secret) + sha256_int(@aa, m, secret).hex + end + def calculate_u sha256_int(@aa, @bb).hex end diff --git a/test/auth_test.rb b/test/auth_test.rb index c1bffd0..24bc42f 100644 --- a/test/auth_test.rb +++ b/test/auth_test.rb @@ -1,23 +1,25 @@ require File.expand_path(File.dirname(__FILE__) + '/test_helper') -class User +# single user test server. +# You obviously want sth. different for real life. +class Server - include SRP::Authentication + attr_accessor :salt, :verifier, :username - attr_accessor :salt, :verifier - - def initialize(salt, verifier) + def initialize(salt, verifier, username) @salt = salt @verifier = verifier + @username = username end def handshake(login, aa) - @session = initialize_auth(aa) + # this can be serialized and needs to be persisted between requests + @session = SRP::Session.new(self, aa) return @session.bb end def validate(m) - authenticate(m, @session) + @session.authenticate(m) end end @@ -28,7 +30,7 @@ class AuthTest < Test::Unit::TestCase @username = 'user' @password = 'opensesami' @client = SRP::Client.new(@username, @password) - @server = User.new(@client.salt, @client.verifier) + @server = Server.new(@client.salt, @client.verifier, @username) end def test_successful_auth -- cgit v1.2.3 From 0c70bc88f14f9cc92a98a902a99b88a9b1f672e6 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 13:08:21 +0200 Subject: using the SRP 6a algorithm for calculating M --- lib/srp/session.rb | 6 ++++-- lib/srp/util.rb | 21 +++++++++++++++++---- test/util_test.rb | 6 ++++++ 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/lib/srp/session.rb b/lib/srp/session.rb index 367f5e2..a1153e0 100644 --- a/lib/srp/session.rb +++ b/lib/srp/session.rb @@ -65,8 +65,10 @@ module SRP # this is outdated - SRP 6a uses # M = H(H(N) xor H(g), H(I), s, A, B, K) - def calculate_m(s) - sha256_int(@aa, @bb, s).hex + def calculate_m(secret) + n_xor_g_hash = sha256_str(hn_xor_hg).hex + username_hash = sha256_str(@user.username).hex + sha256_int(n_xor_g_hash, username_hash, @user.salt, @aa, @bb, secret).hex end def calculate_m2(m, secret) diff --git a/lib/srp/util.rb b/lib/srp/util.rb index 50ff9bb..1e4beac 100644 --- a/lib/srp/util.rb +++ b/lib/srp/util.rb @@ -19,6 +19,10 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 EOS GENERATOR = 2 # g + def hn_xor_hg + byte_xor_hex(sha256_int(BIG_PRIME_N), sha256_int(GENERATOR)) + end + # a^n (mod m) def modpow(a, n, m = BIG_PRIME_N) r = 1 @@ -32,7 +36,7 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 # Hashes the (long) int args def sha256_int(*args) - sha256_hex(*args.map{|a| a.to_s(16)}) + sha256_hex(*args.map{|a| "%02x" % a}) end # Hashes the hex args @@ -56,9 +60,18 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 protected def calculate_multiplier - # GENERATOR hex needs to be prefixed with 0 so it's not "2" -> 32 - ghex = '0%x' % GENERATOR - sha256_hex(BIG_PRIME_N.to_s(16), ghex).hex + sha256_int(BIG_PRIME_N, GENERATOR).hex + end + + # turn two hex strings into byte arrays and xor them + # + # returns byte array + def byte_xor_hex(a, b) + a = [a].pack('H*') + b = [b].pack('H*') + a.bytes.each_with_index.map do |a_byte, i| + (a_byte ^ (b[i] || 0)).chr + end.join end end diff --git a/test/util_test.rb b/test/util_test.rb index 9b1d09b..4dd6d86 100644 --- a/test/util_test.rb +++ b/test/util_test.rb @@ -30,4 +30,10 @@ class UtilTest < Test::Unit::TestCase "%x" % multiplier end + def test_hn_xor_hg + # >>> binascii.hexlify (pysrp.HNxorg(hashlib.sha256, N, g)) + assert_equal '928ade491bc87bba9eb578701d44d30ed9080e60e542ba0d3b9c20ded9f592bf', + hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join + end + end -- cgit v1.2.3 From ce246cb722f7f61b3a1ba7223857627f1bed4f4c Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 5 Oct 2012 12:44:22 +0200 Subject: made m and m2 calculation srp 6A compatible Also added session_test that tests agains values calculated with py_srp --- lib/srp/session.rb | 16 +++++++++------- test/session_test.rb | 28 ++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 7 deletions(-) create mode 100644 test/session_test.rb diff --git a/lib/srp/session.rb b/lib/srp/session.rb index a1153e0..db8d428 100644 --- a/lib/srp/session.rb +++ b/lib/srp/session.rb @@ -27,15 +27,16 @@ module SRP def authenticate(m) if(m == calculate_m(server_secret)) - return calculate_m2(m, server_secret) + return calculate_m2 end end protected - def initialize_server(aa) + # only seed b for testing purposes. + def initialize_server(aa, b = nil) @aa = aa - @b = bigrand(32).hex + @b = b || bigrand(32).hex # B = g^b + k v (mod N) @bb = (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N @u = calculate_u @@ -66,13 +67,14 @@ module SRP # this is outdated - SRP 6a uses # M = H(H(N) xor H(g), H(I), s, A, B, K) def calculate_m(secret) - n_xor_g_hash = sha256_str(hn_xor_hg).hex + @k = sha256_int(secret).hex + n_xor_g_long = hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join.hex username_hash = sha256_str(@user.username).hex - sha256_int(n_xor_g_hash, username_hash, @user.salt, @aa, @bb, secret).hex + @m = sha256_int(n_xor_g_long, username_hash, @user.salt, @aa, @bb, @k).hex end - def calculate_m2(m, secret) - sha256_int(@aa, m, secret).hex + def calculate_m2 + sha256_int(@aa, @m, @k).hex end def calculate_u diff --git a/test/session_test.rb b/test/session_test.rb new file mode 100644 index 0000000..f41b34b --- /dev/null +++ b/test/session_test.rb @@ -0,0 +1,28 @@ +require File.expand_path(File.dirname(__FILE__) + '/test_helper') + +class SessionTest < Test::Unit::TestCase + + attr_accessor :salt, :verifier, :username + + def setup + @username = "testuser" + @password = "password" + @salt = '4c78c3f8'.hex + @client = SRP::Client.new(@username, @password, @salt) + @verifier = @client.verifier + end + + def test_equivalance_to_py_srp + aa = '9ff9d176b37d9100ad4d788b94ef887df6c88786f5fa2419c9a964001e1c1fa5cd22ea39dcf27682dac6cd8861d9de88184653451fd47f5654845ed24e828d531f95c44377c9bc3f5dd83a669716257c7b975a3a032d4d8adb605553cf4d45c483d7aceb7e6a23c5bd4b0aeeb2ef138b7fc75b27d9d706851c3ab9c721710272'.hex + b = 'ce414b3b52d13a1f67416b7e00cdefb07c874291aed395efeab9435ec1ad6ac3'.hex + bb = 'b2e852fe7af02d7931186f4958844b829d2976dd58c7bc7928ba3102ff269a9029c707112ab0b7cafdaf86a760f7b50ddd9c847e0c97f564d53cfd52daf61982f06582d49bbb3ea4ad6be55d513028eaf400a6d5a9d26b47689d3438a552716d65680d1b6ee77df3c9b3b6ba61023985562f2be4a6f1723282a2013160594565'.hex + m = 'a0c066844117ffe7a7999f84356f3a7c8dce38e4e936eca2b6979ab0fce6ff6d'.hex + m2 = '1f4a5ba9c5280b5b752465670f351bb1e61ff9ca06e02ad43c4418affeb3a1ef'.hex + session = SRP::Session.new(self, aa) + session.send(:initialize_server, aa, b) # seeding b to compare to py_srp + assert_equal bb.to_s(16), session.bb.to_s(16) + assert_equal m2, session.authenticate(m) + end + + +end -- cgit v1.2.3