From 7de7a78668a83eaab58597ce655ba613d4b477fb Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 26 Jul 2012 10:51:42 +0200 Subject: turned server class into authentication module - test green, example broken The example seems to be broken due to changes in srp-js --- example/http-srp.rb | 12 ++++++------ example/models/user.rb | 11 ++++++----- example/views/signup.erb | 2 +- lib/srp.rb | 2 +- lib/srp/authentication.rb | 43 +++++++++++++++++++++++++++++++++++++++++++ lib/srp/server.rb | 47 ----------------------------------------------- test/auth_test.rb | 14 +++++++++++++- 7 files changed, 70 insertions(+), 61 deletions(-) create mode 100644 lib/srp/authentication.rb delete mode 100644 lib/srp/server.rb diff --git a/example/http-srp.rb b/example/http-srp.rb index 2e50cc8..ed07896 100644 --- a/example/http-srp.rb +++ b/example/http-srp.rb @@ -2,9 +2,9 @@ require 'sinatra' require 'pp' require 'json' +require '../lib/srp' require 'models/user' require 'models/log' -require '../lib/srp' get '/' do @user = User.current @@ -24,7 +24,7 @@ post '/register/salt/' do { :salt => @user.salt.to_s(16) }.to_json end -post '/register/user/' do +post '/register/user' do User.current.verifier = params.delete('v').hex content_type :json { :ok => true }.to_json @@ -35,19 +35,19 @@ get '/login' do erb :login end -post '/handshake/' do +post '/handshake' do @user = User.current Log.log(:handshake, params) - @handshake = @user.initialize_auth(params) + @handshake = @user.handshake(params) Log.log(:init_auth, @handshake) content_type :json @handshake.to_json end -post '/authenticate/' do +post '/authenticate' do @user = User.current Log.log(:authenticate, params) - @auth = @user.authenticate(params) + @auth = @user.validate(params) Log.log(:confirm_authentication, @auth) content_type :json @auth.to_json diff --git a/example/models/user.rb b/example/models/user.rb index 91bbffc..81104f4 100644 --- a/example/models/user.rb +++ b/example/models/user.rb @@ -1,5 +1,7 @@ class User + include SRP::Authentication + def self.current @current end @@ -22,14 +24,13 @@ class User User.current = self end - def initialize_auth(params) - self.srp = SRP::Server.new(self.salt, self.verifier) - bb, u = self.srp.initialize_auth(params.delete('A').hex) + def handshake(params) + bb, u = initialize_auth(params.delete('A').hex) return {:s => self.salt.to_s(16), :B => bb.to_s(16)} end - def authenticate(params) - if m2 = self.srp.authenticate(params.delete('M').hex) + def validate(params) + if m2 = authenticate(params.delete('M').hex) self.active = true return {:M => m2.to_s(16)} else diff --git a/example/views/signup.erb b/example/views/signup.erb index 6e1bbf3..2b26820 100644 --- a/example/views/signup.erb +++ b/example/views/signup.erb @@ -1,6 +1,6 @@

1. Signup

-
+ Signup to test secure remote passwords
diff --git a/lib/srp.rb b/lib/srp.rb index 999f9b6..a008b82 100644 --- a/lib/srp.rb +++ b/lib/srp.rb @@ -9,5 +9,5 @@ $:.unshift File.dirname(__FILE__) module SRP autoload :Client, 'srp/client' - autoload :Server, 'srp/server' + autoload :Authentication, 'srp/authentication' end diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb new file mode 100644 index 0000000..1f36dd7 --- /dev/null +++ b/lib/srp/authentication.rb @@ -0,0 +1,43 @@ +require File.expand_path(File.dirname(__FILE__) + '/util') + +module SRP + module Authentication + + include Util + + + def initialize_auth(aa) + @aa = aa + @b = bigrand(32).hex + # B = g^b + k v (mod N) + @bb = (modpow(GENERATOR, @b, PRIME_N) + multiplier * verifier) % PRIME_N + u = calculate_u(@aa, @bb, PRIME_N) + return @bb, u + end + + def authenticate(m) + u = calculate_u(@aa, @bb, PRIME_N) + base = (modpow(verifier, u, PRIME_N) * @aa) % PRIME_N + server_s = modpow(base, @b, PRIME_N) + if(m == calculate_m(@aa, @bb, server_s)) + return calculate_m(@aa, m, server_s) + end + end + + + protected + + def calculate_u(aa, bb, n) + nlen = 2 * ((('%x' % [n]).length * 4 + 7) >> 3) + aahex = '%x' % [aa] + bbhex = '%x' % [bb] + return sha256_str("%x%x" % [aa, bb]).hex + hashin = '0' * (nlen - aahex.length) + aahex \ + + '0' * (nlen - bbhex.length) + bbhex + sha256_str(hashin).hex + end + end + +end + + diff --git a/lib/srp/server.rb b/lib/srp/server.rb deleted file mode 100644 index 30f5088..0000000 --- a/lib/srp/server.rb +++ /dev/null @@ -1,47 +0,0 @@ -require File.expand_path(File.dirname(__FILE__) + '/util') - -module SRP - class Server - - include Util - - def initialize(salt, verifier) - @salt = salt - @verifier = verifier - end - - def initialize_auth(aa) - @aa = aa - @b = bigrand(32).hex - # B = g^b + k v (mod N) - @bb = (modpow(GENERATOR, @b, PRIME_N) + multiplier * @verifier) % PRIME_N - u = calculate_u(@aa, @bb, PRIME_N) - return @bb, u - end - - def authenticate(m) - u = calculate_u(@aa, @bb, PRIME_N) - base = (modpow(@verifier, u, PRIME_N) * @aa) % PRIME_N - server_s = modpow(base, @b, PRIME_N) - if(m == calculate_m(@aa, @bb, server_s)) - return calculate_m(@aa, m, server_s) - end - end - - - protected - - def calculate_u(aa, bb, n) - nlen = 2 * ((('%x' % [n]).length * 4 + 7) >> 3) - aahex = '%x' % [aa] - bbhex = '%x' % [bb] - return sha256_str("%x%x" % [aa, bb]).hex - hashin = '0' * (nlen - aahex.length) + aahex \ - + '0' * (nlen - bbhex.length) + bbhex - sha256_str(hashin).hex - end - - end -end - - diff --git a/test/auth_test.rb b/test/auth_test.rb index f93445f..b8c3c05 100644 --- a/test/auth_test.rb +++ b/test/auth_test.rb @@ -1,12 +1,24 @@ require File.expand_path(File.dirname(__FILE__) + '/test_helper') +class User + + include SRP::Authentication + + attr_accessor :salt, :verifier + + def initialize(salt, verifier) + @salt = salt + @verifier = verifier + end +end + class AuthTest < Test::Unit::TestCase def setup @username = 'user' @password = 'opensesami' @client = SRP::Client.new(@username, @password) - @server = SRP::Server.new(@client.salt, @client.verifier) + @server = User.new(@client.salt, @client.verifier) end def test_successful_auth -- cgit v1.2.3