From 20bf14939fbd75e3ee0206c2bf14737e2c7ac2c2 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 28 Jun 2012 19:43:40 +0200 Subject: adopted srp algo to srp-js way of doing things. all large integers are now send as hex strings. Using sha256_str all over the place. This finally gives me successful logins. Needs a log of cleanup never the less. --- example/http-srp.rb | 2 +- example/models/user.rb | 10 +++++----- example/public/srp-source | 1 + example/public/srp_register.min.js | 1 + example/views/authenticate.erb | 2 +- example/views/handshake.erb | 2 +- example/views/index.erb | 10 +++++----- example/views/layout.erb | 12 ++++++++++-- example/views/ok.erb | 2 ++ example/views/salt.erb | 2 ++ example/views/xml.erb | 2 ++ 11 files changed, 31 insertions(+), 15 deletions(-) create mode 120000 example/public/srp-source create mode 100644 example/public/srp_register.min.js create mode 100644 example/views/ok.erb create mode 100644 example/views/salt.erb create mode 100644 example/views/xml.erb (limited to 'example') diff --git a/example/http-srp.rb b/example/http-srp.rb index e83036f..ef43844 100644 --- a/example/http-srp.rb +++ b/example/http-srp.rb @@ -23,7 +23,7 @@ post '/register/salt/' do end post '/register/user/' do - User.current.verifier = params.delete('v').to_i + User.current.verifier = params.delete('v').hex erb :ok, :layout => false, :content_type => :xml end diff --git a/example/models/user.rb b/example/models/user.rb index af92300..d374d36 100644 --- a/example/models/user.rb +++ b/example/models/user.rb @@ -1,8 +1,7 @@ class User def self.current - # p "getting #{@current ? @current.login : 'nil'}" - @current ||= User.new + @current end def self.current=(user) @@ -17,19 +16,20 @@ class User def initialize(login) self.login = login - self.salt = OpenSSL::Random.random_bytes(10).unpack("H*")[0] + self.salt = "5d3055e0acd3ddcfc15".hex + # OpenSSL::Random.random_bytes(10).unpack("H*")[0] self.active = false User.current = self end def initialize_auth(params) self.srp = SRP::Server.new(self.salt, self.verifier) - bb, u = self.srp.initialize_auth(params.delete('A').to_i) + bb, u = self.srp.initialize_auth(params.delete('A').hex) return {:B => bb, :u => u} end def authenticate(params) - if m2 = self.srp.authenticate(params.delete('aa').to_i, params.delete('M').to_i) + if m2 = self.srp.authenticate(params.delete('M').hex) self.active = true return {:M2 => m2} else diff --git a/example/public/srp-source b/example/public/srp-source new file mode 120000 index 0000000..2b47f38 --- /dev/null +++ b/example/public/srp-source @@ -0,0 +1 @@ +/oldvar/src/srp-js/javascript/ \ No newline at end of file diff --git a/example/public/srp_register.min.js b/example/public/srp_register.min.js new file mode 100644 index 0000000..6c5a1d5 --- /dev/null +++ b/example/public/srp_register.min.js @@ -0,0 +1 @@ +eval(function(p,a,c,k,e,d){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('9 g(){3 1;b.a.e=9(){1=5;3 w=5.p()+5.o("e/f/");3 c="I="+5.K();5.n(w,c,5.u)};b.a.u=9(){3 2=1.k();8(2.j==4&&2.i==h){8(2.7.6("f").d>0){3 s=1.t(2.7.6("f")[0]);3 x=1.J(s);3 v=1.H().G(x,1.F());1.q(v.E(D))}C 8(2.7.6("r").d>0){1.B(1.t(2.7.6("r")[0]))}}};b.a.q=9(v){3 c="v="+v;3 m=1.p()+1.o("e/A/");1.n(m,c,1.l)};b.a.l=9(){3 2=1.k();8(2.j==4&&2.i==h){8(2.7.6("z").d>0){1.y()}}}};g();',47,47,'|that|xhr|var||this|getElementsByTagName|responseXML|if|function|prototype|SRP|params|length|register|salt|SRP_REGISTER|200|status|readyState|getxhr|register_user|auth_url|ajaxRequest|paths|geturl|register_send_verifier|error||innerxml|register_receive_salt||handshake_url||identify|ok|user|error_message|else|16|toString|getN|modPow|getg||calcX|getI'.split('|'),0,{})) diff --git a/example/views/authenticate.erb b/example/views/authenticate.erb index 7d6e39f..a6bf80d 100644 --- a/example/views/authenticate.erb +++ b/example/views/authenticate.erb @@ -1,6 +1,6 @@ <% if @auth[:M2] %> - <%=@auth[:M2]%> + <%="%x" % [@auth[:M2]]%> <% end %> <% if @auth[:error] %> <%=@auth[:error]%> diff --git a/example/views/handshake.erb b/example/views/handshake.erb index 66fac73..49eca91 100644 --- a/example/views/handshake.erb +++ b/example/views/handshake.erb @@ -1,2 +1,2 @@ - +<%= %Q() % [@user.salt, @auth[:B]] %> diff --git a/example/views/index.erb b/example/views/index.erb index 48d9f71..24d2501 100644 --- a/example/views/index.erb +++ b/example/views/index.erb @@ -21,12 +21,12 @@
- <% if @user.login %> + <% if @user %>

You are signed up as <%= @user.login %>.

<% end %>
- <% if @user.active %> + <% if @user && @user.active %>

You are logged in.

<% end %>
@@ -35,13 +35,13 @@
- <%= button_link(:signup, :primary => !@user.login) %> + <%= button_link(:signup, :primary => !@user) %>
- <%= button_link(:login, :primary => @user.login && !@user.active) %> + <%= button_link(:login, :primary => @user && !@user.active) %>
- <%= button_link(:verify, :primary => @user.active) %> + <%= button_link(:verify, :primary => @user && @user.active) %>
diff --git a/example/views/layout.erb b/example/views/layout.erb index f4eae0a..fc0eaf1 100644 --- a/example/views/layout.erb +++ b/example/views/layout.erb @@ -22,8 +22,16 @@ <%= yield %> - - + + + + + + + + + diff --git a/example/views/ok.erb b/example/views/ok.erb new file mode 100644 index 0000000..b0d4f93 --- /dev/null +++ b/example/views/ok.erb @@ -0,0 +1,2 @@ + + diff --git a/example/views/salt.erb b/example/views/salt.erb new file mode 100644 index 0000000..5b34b93 --- /dev/null +++ b/example/views/salt.erb @@ -0,0 +1,2 @@ + +<%="%x" % @user.salt %> diff --git a/example/views/xml.erb b/example/views/xml.erb new file mode 100644 index 0000000..0e2dcc2 --- /dev/null +++ b/example/views/xml.erb @@ -0,0 +1,2 @@ + +<%= yield %> -- cgit v1.2.3