From d508b7eb1f372f8c8175cc16e7669435d1fe995f Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 14 Jul 2013 14:01:04 +0200 Subject: first take on a hex based api --- lib/srp/session.rb | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'lib') diff --git a/lib/srp/session.rb b/lib/srp/session.rb index abf91cc..30ff15e 100644 --- a/lib/srp/session.rb +++ b/lib/srp/session.rb @@ -3,9 +3,12 @@ module SRP include SRP::Util attr_accessor :user + # params: + # user: user object that represents and account (username, salt, verifier) + # aa: SRPs A ephemeral value. encoded as a hex string. def initialize(user, aa=nil) @user = user - aa ? initialize_server(aa) : initialize_client + aa ? initialize_server(aa.hex) : initialize_client end # client -> server: I, A = g^a @@ -31,7 +34,7 @@ module SRP def to_hash if @authenticated - { :M2 => m2.to_s(16) } + { :M2 => m2 } else { :B => bb.to_s(16), # :b => @b.to_s(16), # only use for debugging @@ -53,9 +56,9 @@ module SRP aa: aa.to_s(16), bb: bb.to_s(16), s: secret.to_s(16), - k: k.to_s(16), - m: m.to_s(16), - m2: m2.to_s(16) + k: k, + m: m, + m2: m2 } end @@ -107,23 +110,23 @@ module SRP # SRP 6a uses # M = H(H(N) xor H(g), H(I), s, A, B, K) def m - @m ||= sha256_int(n_xor_g_long, login_hash, @user.salt, aa, bb, k).hex + @m ||= sha256_hex(n_xor_g_long, login_hash, @user.salt.to_s(16), aa.to_s(16), bb.to_s(16), k) end def m2 - @m2 ||= sha256_int(aa, m, k).hex + @m2 ||= sha256_hex(aa.to_s(16), m, k) end def k - @k ||= sha256_int(secret).hex + @k ||= sha256_int(secret) end def n_xor_g_long - @n_xor_g_long ||= hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join.hex + @n_xor_g_long ||= hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join end def login_hash - @login_hash ||= sha256_str(@user.username).hex + @login_hash ||= sha256_str(@user.username) end def u -- cgit v1.2.3 From e4a577e45f36b3ed93d85fc466ae13217cca955c Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 14 Jul 2013 14:22:31 +0200 Subject: store aa, bb and u as hex by default --- lib/srp/session.rb | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) (limited to 'lib') diff --git a/lib/srp/session.rb b/lib/srp/session.rb index 30ff15e..53d9a33 100644 --- a/lib/srp/session.rb +++ b/lib/srp/session.rb @@ -8,7 +8,7 @@ module SRP # aa: SRPs A ephemeral value. encoded as a hex string. def initialize(user, aa=nil) @user = user - aa ? initialize_server(aa.hex) : initialize_client + aa ? initialize_server(aa) : initialize_client end # client -> server: I, A = g^a @@ -36,7 +36,7 @@ module SRP if @authenticated { :M2 => m2 } else - { :B => bb.to_s(16), + { :B => bb, # :b => @b.to_s(16), # only use for debugging :salt => @user.salt.to_s(16) } @@ -53,8 +53,8 @@ module SRP username: @user.username, salt: @user.salt.to_s(16), verifier: @user.verifier.to_s(16), - aa: aa.to_s(16), - bb: bb.to_s(16), + aa: aa, + bb: bb, s: secret.to_s(16), k: k, m: m, @@ -63,16 +63,19 @@ module SRP end def aa - @aa ||= modpow(GENERATOR, @a) # A = g^a (mod N) + @aa ||= modpow(GENERATOR, @a).to_s(16) # A = g^a (mod N) end # B = g^b + k v (mod N) def bb - @bb ||= (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N + @bb ||= calculate_bb.to_s(16) end protected + def calculate_bb + (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N + end # only seed b for testing purposes. def initialize_server(aa, ephemeral = nil) @@ -92,29 +95,29 @@ module SRP # client: K = H( (B - kg^x) ^ (a + ux) ) def client_secret - base = bb + base = bb.hex # base += BIG_PRIME_N * @multiplier base -= modpow(GENERATOR, @user.private_key) * multiplier base = base % BIG_PRIME_N - modpow(base, @user.private_key * u + @a) + modpow(base, @user.private_key * u.hex + @a) end # server: K = H( (Av^u) ^ b ) # do not cache this - it's secret and someone might store the # session in a CookieStore def server_secret - base = (modpow(@user.verifier, u) * aa) % BIG_PRIME_N + base = (modpow(@user.verifier, u.hex) * aa.hex) % BIG_PRIME_N modpow(base, @b) end # SRP 6a uses # M = H(H(N) xor H(g), H(I), s, A, B, K) def m - @m ||= sha256_hex(n_xor_g_long, login_hash, @user.salt.to_s(16), aa.to_s(16), bb.to_s(16), k) + @m ||= sha256_hex(n_xor_g_long, login_hash, @user.salt.to_s(16), aa, bb, k) end def m2 - @m2 ||= sha256_hex(aa.to_s(16), m, k) + @m2 ||= sha256_hex(aa, m, k) end def k @@ -130,7 +133,7 @@ module SRP end def u - @u ||= sha256_int(aa, bb).hex + @u ||= sha256_hex(aa, bb) end end -- cgit v1.2.3