From 777254f7ba10a0dd8fbee433e6a631d96e9d76f0 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 11:48:38 +0200 Subject: moved all server side auth stuff into session so i can remove the authentication module --- lib/srp/authentication.rb | 68 ----------------------------------------------- lib/srp/session.rb | 14 ++++------ test/auth_test.rb | 18 +++++++------ 3 files changed, 15 insertions(+), 85 deletions(-) delete mode 100644 lib/srp/authentication.rb diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb deleted file mode 100644 index c87fe1d..0000000 --- a/lib/srp/authentication.rb +++ /dev/null @@ -1,68 +0,0 @@ -require File.expand_path(File.dirname(__FILE__) + '/util') - -module SRP - module Authentication - - include Util - - class Session - include Util - attr_accessor :aa, :bb - - def initialize(aa, verifier) - @aa = aa - @b = bigrand(32).hex - # B = g^b + k v (mod N) - @bb = (modpow(GENERATOR, @b) + multiplier * verifier) % BIG_PRIME_N - end - - def u - @u ||= calculate_u - end - - # do not cache this - it's secret and someone might store the - # session in a CookieStore - def secret(verifier) - base = (modpow(verifier, u) * aa) % BIG_PRIME_N - modpow(base, @b) - end - - def m1(verifier) - calculate_m(secret(verifier)) - end - - def m2(m1, verifier) - sha256_int(@aa, m1, secret(verifier)).hex - end - - protected - def calculate_u - sha256_int(@aa, @bb).hex - end - - def calculate_m(s) - sha256_int(@aa, @bb, s).hex - end - - end - - def initialize_auth(aa) - return Session.new(aa, verifier) - end - - def authenticate!(m, session) - authenticate(m, session) || raise(SRP::WrongPassword) - end - - def authenticate(m, session) - if(m == session.m1(verifier)) - return session.m2(m, verifier) - end - end - - - end - -end - - diff --git a/lib/srp/session.rb b/lib/srp/session.rb index b61058b..367f5e2 100644 --- a/lib/srp/session.rb +++ b/lib/srp/session.rb @@ -27,7 +27,7 @@ module SRP def authenticate(m) if(m == calculate_m(server_secret)) - return m2 + return calculate_m2(m, server_secret) end end @@ -63,20 +63,16 @@ module SRP modpow(base, @b) end - def m1 - calculate_m(server_secret) - end - - def m2 - sha256_int(@aa, m1, server_secret).hex - end - # this is outdated - SRP 6a uses # M = H(H(N) xor H(g), H(I), s, A, B, K) def calculate_m(s) sha256_int(@aa, @bb, s).hex end + def calculate_m2(m, secret) + sha256_int(@aa, m, secret).hex + end + def calculate_u sha256_int(@aa, @bb).hex end diff --git a/test/auth_test.rb b/test/auth_test.rb index c1bffd0..24bc42f 100644 --- a/test/auth_test.rb +++ b/test/auth_test.rb @@ -1,23 +1,25 @@ require File.expand_path(File.dirname(__FILE__) + '/test_helper') -class User +# single user test server. +# You obviously want sth. different for real life. +class Server - include SRP::Authentication + attr_accessor :salt, :verifier, :username - attr_accessor :salt, :verifier - - def initialize(salt, verifier) + def initialize(salt, verifier, username) @salt = salt @verifier = verifier + @username = username end def handshake(login, aa) - @session = initialize_auth(aa) + # this can be serialized and needs to be persisted between requests + @session = SRP::Session.new(self, aa) return @session.bb end def validate(m) - authenticate(m, @session) + @session.authenticate(m) end end @@ -28,7 +30,7 @@ class AuthTest < Test::Unit::TestCase @username = 'user' @password = 'opensesami' @client = SRP::Client.new(@username, @password) - @server = User.new(@client.salt, @client.verifier) + @server = Server.new(@client.salt, @client.verifier, @username) end def test_successful_auth -- cgit v1.2.3