From 20bf14939fbd75e3ee0206c2bf14737e2c7ac2c2 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 28 Jun 2012 19:43:40 +0200
Subject: adopted srp algo to srp-js way of doing things.

all large integers are now send as hex strings.
Using sha256_str all over the place.

This finally gives me successful logins. Needs a log of cleanup never the less.
---
 lib/srp/client.rb | 10 +++++++---
 lib/srp/server.rb | 19 ++++++++++++-------
 lib/srp/util.rb   |  2 +-
 3 files changed, 20 insertions(+), 11 deletions(-)

(limited to 'lib/srp')

diff --git a/lib/srp/client.rb b/lib/srp/client.rb
index 9a27174..24d0c70 100644
--- a/lib/srp/client.rb
+++ b/lib/srp/client.rb
@@ -10,7 +10,8 @@ module SRP
     def initialize(username, password)
       @username = username
       @password = password
-      @salt = bigrand(10).hex
+      @salt = "5d3055e0acd3ddcfc15".hex # bigrand(10).hex
+      puts "salt = %i" %@salt
       @multiplier = multiplier # let's cache it
       calculate_verifier
     end
@@ -27,13 +28,16 @@ module SRP
     protected
     def calculate_verifier
       x = calculate_x(@username, @password, @salt)
+      puts "x = %i" % x
       @verifier = modpow(GENERATOR, x, PRIME_N)
+      puts "verifier = %i" % @verifier
+      @verifier
     end
 
     def calculate_x(username, password, salt)
       shex = '%x' % [salt]
-      spad = if shex.length.odd? then '0' else '' end
-      sha256_hex(spad + shex + sha256_str([username, password].join(':'))).hex
+      spad = "" # if shex.length.odd? then '0' else '' end
+      sha256_str(spad + shex + sha256_str([username, password].join(':'))).hex
     end
 
     def calculate_client_s(x, a, bb, u)
diff --git a/lib/srp/server.rb b/lib/srp/server.rb
index 02d5d8b..cf213c9 100644
--- a/lib/srp/server.rb
+++ b/lib/srp/server.rb
@@ -11,19 +11,23 @@ module SRP
     end
 
     def initialize_auth(aa)
+      @aa = aa
       @b = bigrand(32).hex
       # B = g^b + k v (mod N)
       @bb = (modpow(GENERATOR, @b, PRIME_N) + multiplier * @verifier) % PRIME_N
-      u = calculate_u(aa, @bb, PRIME_N)
+      u = calculate_u(@aa, @bb, PRIME_N)
       return @bb, u
     end
 
-    def authenticate(aa, m)
-      u = calculate_u(aa, @bb, PRIME_N)
-      base = (modpow(@verifier, u, PRIME_N) * aa) % PRIME_N
+    def authenticate(m)
+      u = calculate_u(@aa, @bb, PRIME_N)
+      base = (modpow(@verifier, u, PRIME_N) * @aa) % PRIME_N
       server_s = modpow(base, @b, PRIME_N)
-      if(m == calculate_m(aa, @bb, server_s))
-        return calculate_m(aa, m, server_s)
+      if(m == calculate_m(@aa, @bb, server_s))
+        puts "A = %x" % [@aa]
+        puts "M = %x" % [m]
+        puts "s = %x" % [server_s]
+        return calculate_m(@aa, m, server_s)
       end
     end
 
@@ -34,9 +38,10 @@ module SRP
       nlen = 2 * ((('%x' % [n]).length * 4 + 7) >> 3)
       aahex = '%x' % [aa]
       bbhex = '%x' % [bb]
+      return sha256_str("%x%x" % [aa, bb]).hex
       hashin = '0' * (nlen - aahex.length) + aahex \
         + '0' * (nlen - bbhex.length) + bbhex
-      sha256_hex(hashin).hex
+      sha256_str(hashin).hex
     end
 
   end
diff --git a/lib/srp/util.rb b/lib/srp/util.rb
index 4325537..efbecaa 100644
--- a/lib/srp/util.rb
+++ b/lib/srp/util.rb
@@ -63,7 +63,7 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
     def calculate_m(aa, bb, s)
       # todo: we might want to 0fill this like for u
       hashin = '%x%x%x' % [aa, bb, s]
-      sha256_hex(hashin).hex
+      sha256_str(hashin).hex
     end
 
   end
-- 
cgit v1.2.3