From d508b7eb1f372f8c8175cc16e7669435d1fe995f Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Sun, 14 Jul 2013 14:01:04 +0200
Subject: first take on a hex based api

---
 lib/srp/session.rb | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

(limited to 'lib')

diff --git a/lib/srp/session.rb b/lib/srp/session.rb
index abf91cc..30ff15e 100644
--- a/lib/srp/session.rb
+++ b/lib/srp/session.rb
@@ -3,9 +3,12 @@ module SRP
     include SRP::Util
     attr_accessor :user
 
+    # params:
+    # user: user object that represents and account (username, salt, verifier)
+    # aa: SRPs A ephemeral value. encoded as a hex string.
     def initialize(user, aa=nil)
       @user = user
-      aa ? initialize_server(aa) : initialize_client
+      aa ? initialize_server(aa.hex) : initialize_client
     end
 
     # client -> server: I, A = g^a
@@ -31,7 +34,7 @@ module SRP
 
     def to_hash
       if @authenticated
-        { :M2 => m2.to_s(16) }
+        { :M2 => m2 }
       else
         { :B => bb.to_s(16),
 #         :b => @b.to_s(16),    # only use for debugging
@@ -53,9 +56,9 @@ module SRP
         aa: aa.to_s(16),
         bb: bb.to_s(16),
         s: secret.to_s(16),
-        k: k.to_s(16),
-        m: m.to_s(16),
-        m2: m2.to_s(16)
+        k: k,
+        m: m,
+        m2: m2
       }
     end
 
@@ -107,23 +110,23 @@ module SRP
     # SRP 6a uses
     # M = H(H(N) xor H(g), H(I), s, A, B, K)
     def m
-      @m ||= sha256_int(n_xor_g_long, login_hash, @user.salt, aa, bb, k).hex
+      @m ||= sha256_hex(n_xor_g_long, login_hash, @user.salt.to_s(16), aa.to_s(16), bb.to_s(16), k)
     end
 
     def m2
-      @m2 ||= sha256_int(aa, m, k).hex
+      @m2 ||= sha256_hex(aa.to_s(16), m, k)
     end
 
     def k
-      @k ||= sha256_int(secret).hex
+      @k ||= sha256_int(secret)
     end
 
     def n_xor_g_long
-      @n_xor_g_long ||= hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join.hex
+      @n_xor_g_long ||= hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join
     end
 
     def login_hash
-      @login_hash ||= sha256_str(@user.username).hex
+      @login_hash ||= sha256_str(@user.username)
     end
 
     def u
-- 
cgit v1.2.3


From e4a577e45f36b3ed93d85fc466ae13217cca955c Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Sun, 14 Jul 2013 14:22:31 +0200
Subject: store aa, bb and u as hex by default

---
 lib/srp/session.rb | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

(limited to 'lib')

diff --git a/lib/srp/session.rb b/lib/srp/session.rb
index 30ff15e..53d9a33 100644
--- a/lib/srp/session.rb
+++ b/lib/srp/session.rb
@@ -8,7 +8,7 @@ module SRP
     # aa: SRPs A ephemeral value. encoded as a hex string.
     def initialize(user, aa=nil)
       @user = user
-      aa ? initialize_server(aa.hex) : initialize_client
+      aa ? initialize_server(aa) : initialize_client
     end
 
     # client -> server: I, A = g^a
@@ -36,7 +36,7 @@ module SRP
       if @authenticated
         { :M2 => m2 }
       else
-        { :B => bb.to_s(16),
+        { :B => bb,
 #         :b => @b.to_s(16),    # only use for debugging
           :salt => @user.salt.to_s(16)
         }
@@ -53,8 +53,8 @@ module SRP
         username: @user.username,
         salt: @user.salt.to_s(16),
         verifier: @user.verifier.to_s(16),
-        aa: aa.to_s(16),
-        bb: bb.to_s(16),
+        aa: aa,
+        bb: bb,
         s: secret.to_s(16),
         k: k,
         m: m,
@@ -63,16 +63,19 @@ module SRP
     end
 
     def aa
-      @aa ||= modpow(GENERATOR, @a) # A = g^a (mod N)
+      @aa ||= modpow(GENERATOR, @a).to_s(16) # A = g^a (mod N)
     end
 
     # B = g^b + k v (mod N)
     def bb
-      @bb ||= (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N
+      @bb ||= calculate_bb.to_s(16)
     end
 
     protected
 
+    def calculate_bb
+      (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N
+    end
 
     # only seed b for testing purposes.
     def initialize_server(aa, ephemeral = nil)
@@ -92,29 +95,29 @@ module SRP
 
     # client: K = H( (B - kg^x) ^ (a + ux) )
     def client_secret
-      base = bb
+      base = bb.hex
       # base += BIG_PRIME_N * @multiplier
       base -= modpow(GENERATOR, @user.private_key) * multiplier
       base = base % BIG_PRIME_N
-      modpow(base, @user.private_key * u + @a)
+      modpow(base, @user.private_key * u.hex + @a)
     end
 
     # server: K = H( (Av^u) ^ b )
     # do not cache this - it's secret and someone might store the
     # session in a CookieStore
     def server_secret
-      base = (modpow(@user.verifier, u) * aa) % BIG_PRIME_N
+      base = (modpow(@user.verifier, u.hex) * aa.hex) % BIG_PRIME_N
       modpow(base, @b)
     end
 
     # SRP 6a uses
     # M = H(H(N) xor H(g), H(I), s, A, B, K)
     def m
-      @m ||= sha256_hex(n_xor_g_long, login_hash, @user.salt.to_s(16), aa.to_s(16), bb.to_s(16), k)
+      @m ||= sha256_hex(n_xor_g_long, login_hash, @user.salt.to_s(16), aa, bb, k)
     end
 
     def m2
-      @m2 ||= sha256_hex(aa.to_s(16), m, k)
+      @m2 ||= sha256_hex(aa, m, k)
     end
 
     def k
@@ -130,7 +133,7 @@ module SRP
     end
 
     def u
-      @u ||= sha256_int(aa, bb).hex
+      @u ||= sha256_hex(aa, bb)
     end
 
   end
-- 
cgit v1.2.3