From 4f57d8010a90fe1221c351f695d15d29a9cdc37f Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 3 Oct 2012 16:59:46 +0200 Subject: calculate verifiers and multiplier just like in py srp Some other parts are still missing. Main issue was using hashes of hex representation rather that hashes of byte arrays --- test/client_test.rb | 29 +++++++++++++++++++++++++++++ test/util_test.rb | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 test/client_test.rb create mode 100644 test/util_test.rb (limited to 'test') diff --git a/test/client_test.rb b/test/client_test.rb new file mode 100644 index 0000000..8ef53aa --- /dev/null +++ b/test/client_test.rb @@ -0,0 +1,29 @@ +require File.expand_path(File.dirname(__FILE__) + '/test_helper') + +class ClientTest < Test::Unit::TestCase + + def setup + @login = "testuser" + @password = "password" + @salt = "7686acb8" + @client = SRP::Client.new("testuser", "password", "7686acb8") + end + + def test_calculation_of_x + assert_equal "84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398", + "%x" % @client.send(:calculate_x) + end + + # using python srp: + # s,V = pysrp.create_salted_verification_key("testuser", "password", pysrp.SHA256, pysrp.NG_1024) + + def test_verifier + s = '4c78c3f8' + v = '474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c' + @client = SRP::Client.new(@login, @password, s) + assert_equal v, "%x" % @client.verifier + end +end + + + diff --git a/test/util_test.rb b/test/util_test.rb new file mode 100644 index 0000000..9b1d09b --- /dev/null +++ b/test/util_test.rb @@ -0,0 +1,33 @@ +require File.expand_path(File.dirname(__FILE__) + '/test_helper') + +class UtilTest < Test::Unit::TestCase + + include SRP::Util + + # comparing to the hash created with python srp lib to make sure + # we use the same constants and hash the same way. + def test_sha256_of_prime + n = BIG_PRIME_N + nhex = '%x' % [n] + assert_equal "494b6a801b379f37c9ee25d5db7cd70ffcfe53d01b7c9e4470eaca46bda24b39", + sha256_hex(nhex) + end + + def test_hashing + x = sha256_str("testuser:password") + assert_equal 'a5376a27a385bcd791d76cbd6484e1bde130129210e4647a4583e49f45de107f', + x + end + + def test_packing_hex_to_byte_string + shex = "7686acb8" + assert_equal [118, 134, 172, 184].pack('C*'), [shex].pack('H*') + end + + def test_multiplier + # >>> "%x" % pysrp.H(sha, N, g) + assert_equal 'bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0', + "%x" % multiplier + end + +end -- cgit v1.2.3 From 693b6d1e36828fa17915a9297595f65c739b611a Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 09:54:47 +0200 Subject: using BIG_PRIME_N and hashing the byte array - tests pass We still calculate M differently than in SRP 6a --- test/auth_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/auth_test.rb b/test/auth_test.rb index 4311683..559403a 100644 --- a/test/auth_test.rb +++ b/test/auth_test.rb @@ -35,7 +35,7 @@ class AuthTest < Test::Unit::TestCase assert @client.authenticate(@server, @username, @password) end - def test_wrong_password + def test_a_wrong_password assert !@client.authenticate(@server, @username, "wrong password") end -- cgit v1.2.3 From 66c3ed01eb012cae84193b4864c7c48eb77c2a8c Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 10:47:19 +0200 Subject: more cleanup - no more duplicate password and username in Client A client has a set of pwd and login and tries to auth with this. --- test/auth_test.rb | 8 +++++--- test/client_test.rb | 10 ++++------ 2 files changed, 9 insertions(+), 9 deletions(-) (limited to 'test') diff --git a/test/auth_test.rb b/test/auth_test.rb index 559403a..c1bffd0 100644 --- a/test/auth_test.rb +++ b/test/auth_test.rb @@ -32,15 +32,17 @@ class AuthTest < Test::Unit::TestCase end def test_successful_auth - assert @client.authenticate(@server, @username, @password) + assert @client.authenticate(@server) end def test_a_wrong_password - assert !@client.authenticate(@server, @username, "wrong password") + client = SRP::Client.new(@username, "wrong password", @client.salt) + assert !client.authenticate(@server) end def test_wrong_username - assert !@client.authenticate(@server, "wrong username", @password) + client = SRP::Client.new("wrong username", @password, @client.salt) + assert !client.authenticate(@server) end end diff --git a/test/client_test.rb b/test/client_test.rb index 8ef53aa..3a191a8 100644 --- a/test/client_test.rb +++ b/test/client_test.rb @@ -5,22 +5,20 @@ class ClientTest < Test::Unit::TestCase def setup @login = "testuser" @password = "password" - @salt = "7686acb8" - @client = SRP::Client.new("testuser", "password", "7686acb8") end - def test_calculation_of_x + def test_calculation_of_private_key + @client = SRP::Client.new(@login, @password, "7686acb8".hex) assert_equal "84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398", - "%x" % @client.send(:calculate_x) + "%x" % @client.send(:private_key) end # using python srp: # s,V = pysrp.create_salted_verification_key("testuser", "password", pysrp.SHA256, pysrp.NG_1024) def test_verifier - s = '4c78c3f8' + @client = SRP::Client.new(@login, @password, '4c78c3f8'.hex) v = '474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c' - @client = SRP::Client.new(@login, @password, s) assert_equal v, "%x" % @client.verifier end end -- cgit v1.2.3 From 777254f7ba10a0dd8fbee433e6a631d96e9d76f0 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 11:48:38 +0200 Subject: moved all server side auth stuff into session so i can remove the authentication module --- test/auth_test.rb | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/test/auth_test.rb b/test/auth_test.rb index c1bffd0..24bc42f 100644 --- a/test/auth_test.rb +++ b/test/auth_test.rb @@ -1,23 +1,25 @@ require File.expand_path(File.dirname(__FILE__) + '/test_helper') -class User +# single user test server. +# You obviously want sth. different for real life. +class Server - include SRP::Authentication + attr_accessor :salt, :verifier, :username - attr_accessor :salt, :verifier - - def initialize(salt, verifier) + def initialize(salt, verifier, username) @salt = salt @verifier = verifier + @username = username end def handshake(login, aa) - @session = initialize_auth(aa) + # this can be serialized and needs to be persisted between requests + @session = SRP::Session.new(self, aa) return @session.bb end def validate(m) - authenticate(m, @session) + @session.authenticate(m) end end @@ -28,7 +30,7 @@ class AuthTest < Test::Unit::TestCase @username = 'user' @password = 'opensesami' @client = SRP::Client.new(@username, @password) - @server = User.new(@client.salt, @client.verifier) + @server = Server.new(@client.salt, @client.verifier, @username) end def test_successful_auth -- cgit v1.2.3 From 0c70bc88f14f9cc92a98a902a99b88a9b1f672e6 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 4 Oct 2012 13:08:21 +0200 Subject: using the SRP 6a algorithm for calculating M --- test/util_test.rb | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'test') diff --git a/test/util_test.rb b/test/util_test.rb index 9b1d09b..4dd6d86 100644 --- a/test/util_test.rb +++ b/test/util_test.rb @@ -30,4 +30,10 @@ class UtilTest < Test::Unit::TestCase "%x" % multiplier end + def test_hn_xor_hg + # >>> binascii.hexlify (pysrp.HNxorg(hashlib.sha256, N, g)) + assert_equal '928ade491bc87bba9eb578701d44d30ed9080e60e542ba0d3b9c20ded9f592bf', + hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join + end + end -- cgit v1.2.3 From ce246cb722f7f61b3a1ba7223857627f1bed4f4c Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 5 Oct 2012 12:44:22 +0200 Subject: made m and m2 calculation srp 6A compatible Also added session_test that tests agains values calculated with py_srp --- test/session_test.rb | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 test/session_test.rb (limited to 'test') diff --git a/test/session_test.rb b/test/session_test.rb new file mode 100644 index 0000000..f41b34b --- /dev/null +++ b/test/session_test.rb @@ -0,0 +1,28 @@ +require File.expand_path(File.dirname(__FILE__) + '/test_helper') + +class SessionTest < Test::Unit::TestCase + + attr_accessor :salt, :verifier, :username + + def setup + @username = "testuser" + @password = "password" + @salt = '4c78c3f8'.hex + @client = SRP::Client.new(@username, @password, @salt) + @verifier = @client.verifier + end + + def test_equivalance_to_py_srp + aa = '9ff9d176b37d9100ad4d788b94ef887df6c88786f5fa2419c9a964001e1c1fa5cd22ea39dcf27682dac6cd8861d9de88184653451fd47f5654845ed24e828d531f95c44377c9bc3f5dd83a669716257c7b975a3a032d4d8adb605553cf4d45c483d7aceb7e6a23c5bd4b0aeeb2ef138b7fc75b27d9d706851c3ab9c721710272'.hex + b = 'ce414b3b52d13a1f67416b7e00cdefb07c874291aed395efeab9435ec1ad6ac3'.hex + bb = 'b2e852fe7af02d7931186f4958844b829d2976dd58c7bc7928ba3102ff269a9029c707112ab0b7cafdaf86a760f7b50ddd9c847e0c97f564d53cfd52daf61982f06582d49bbb3ea4ad6be55d513028eaf400a6d5a9d26b47689d3438a552716d65680d1b6ee77df3c9b3b6ba61023985562f2be4a6f1723282a2013160594565'.hex + m = 'a0c066844117ffe7a7999f84356f3a7c8dce38e4e936eca2b6979ab0fce6ff6d'.hex + m2 = '1f4a5ba9c5280b5b752465670f351bb1e61ff9ca06e02ad43c4418affeb3a1ef'.hex + session = SRP::Session.new(self, aa) + session.send(:initialize_server, aa, b) # seeding b to compare to py_srp + assert_equal bb.to_s(16), session.bb.to_s(16) + assert_equal m2, session.authenticate(m) + end + + +end -- cgit v1.2.3