summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2013-06-22 14:53:13 +0200
committerAzul <azul@riseup.net>2013-06-22 14:53:13 +0200
commitfb20ef3060a4e2dc8065f46891ce3b9cd3ef463f (patch)
tree8d77e1a30cdc3b4cf171eb1ee58a0ff7223a6713
parent4c53d48b0df6754d03a2f0cfa5e1ac36410062c5 (diff)
refactor: separate calculations from session
-rw-r--r--spec/constants_spec.js35
-rw-r--r--spec/login_spec.js4
-rw-r--r--spec/runner.html2
-rw-r--r--spec/session_spec.js8
-rw-r--r--spec/signup_spec.js9
-rw-r--r--src/srp_constants.js101
-rw-r--r--src/srp_session.js129
7 files changed, 165 insertions, 123 deletions
diff --git a/spec/constants_spec.js b/spec/constants_spec.js
new file mode 100644
index 0000000..a8aa7fd
--- /dev/null
+++ b/spec/constants_spec.js
@@ -0,0 +1,35 @@
+describe("Constants", function() {
+
+ beforeEach(function() {
+ constants = new srp.Constants();
+ });
+
+ // login attempt with correct password that failed never the less:
+ var compare = {
+ username: "blues",
+ password: "justtest",
+ salt: "6a6ef9ce5cb998eb",
+ v: "a5da6d376d503e22d93385db0244c382d1413d9f721ad9866dfc5e895cf2a3331514ceec5f48aceab58b260651cc9ee1ba96d906f67a6b4a7414c82d1333607ebe96403ecc86050224dc4c17b1d30efdbb451a68d1b6a25cce10f0e844082329d3cb46e1c3d46298a0de2cd3b8c6acc1a80c206f0f10ec8cd3c050babdf338ba",
+ aa: "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868",
+ a: "d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71",
+ bb: "dee64fd54daafc18b338c5783ade3ff4275dfee8c97008e2d9fb445880a2e1d452c822a35e8e3f012bc6facaa28022f8de3fb1d632667d635abde0afc0ca4ed06c9197ea88f379042b10bc7b7f816a1ec14fefe6e9adef4ab904315b3a3f36749f3f6d1083b0eb0029173770f8e9342b098298389ba49a88d4ea6b78a7f576a4",
+ s: "50973f6e8134f95bd04f54f522e6e57d957d0640f91f0a989ff775712b81d5856ae3bdd2aa9c5eda8019e9db18065519c99c33a62c7f12f98e7aed60b153feee9ab73ba1272b4d76aa002da8cd47c6da733c88a0e70d4c3d6752fd366d66efe40870d26fd5d1755883b9489721e1881376628bf6ef89902f35e5e7e31227e2f",
+ k: "dd93e648abfe2ac6c6d46e062ded60b31ec043e55ceca1946ec29508f4c68461",
+ m: "ccf0c492f715484dc8343e22cd5967c2c5d01de743c5f0a9c5cfd017db1804c"
+ };
+
+ it("calculates the proper A", function() {
+ expect(constants.calcA(compare.a)).toBe(compare.aa);
+ });
+
+ it("calculates the right x", function() {
+ x = constants.calcX("testuser","password","7686acb8")
+ expect(x).toBe('84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398');
+ });
+
+ it("calculates the right verifier", function() {
+ x = constants.calcX(compare.username, compare.password, compare.salt)
+ expect(constants.calcV(x)).toBe(compare.v);
+ });
+
+});
diff --git a/spec/login_spec.js b/spec/login_spec.js
index 8f54a1e..7c47528 100644
--- a/spec/login_spec.js
+++ b/spec/login_spec.js
@@ -32,10 +32,6 @@ describe("Login with srp var", function() {
expect(A_).toBe(A);
});
- it("calculates the same verifier", function(){
- expect(srp.session.getV(salt).toString(16)).toBe(V);
- });
-
it("calculates the same key", function(){
srp.session.calculations(salt, B);
expect(srp.session.key()).toBe(K);
diff --git a/spec/runner.html b/spec/runner.html
index 5f4727c..e94cd24 100644
--- a/spec/runner.html
+++ b/spec/runner.html
@@ -23,12 +23,14 @@
<script type="text/javascript" src="../lib/jsbn2.js"></script>
<script type="text/javascript" src="../src/srp.js"></script>
<script type="text/javascript" src="../src/jqueryRest.js"></script>
+ <script type="text/javascript" src="../src/srp_constants.js"></script>
<script type="text/javascript" src="../src/srp_session.js"></script>
<!-- include spec files here... -->
<script type="text/javascript" src="helper.js"></script>
<script type="text/javascript" src="signup_spec.js"></script>
<script type="text/javascript" src="login_spec.js"></script>
+ <script type="text/javascript" src="constants_spec.js"></script>
<script type="text/javascript" src="session_spec.js"></script>
<script type="text/javascript">
diff --git a/spec/session_spec.js b/spec/session_spec.js
index acfe0be..5802283 100644
--- a/spec/session_spec.js
+++ b/spec/session_spec.js
@@ -36,14 +36,6 @@ describe("Session", function() {
expect(session.getI()).toBe(compare.username);
});
- it("calculates the proper verifier", function() {
- expect(session.getV(compare.salt).toString(16)).toBe(compare.v);
- });
-
- it("calculates the proper A", function() {
- expect(session.calculateAndSetA(compare.a)).toBe(compare.aa);
- });
-
it("calculates the proper M", function() {
session.calculateAndSetA(compare.a);
session.calculations(compare.salt, compare.bb);
diff --git a/spec/signup_spec.js b/spec/signup_spec.js
index 72689b1..70c6823 100644
--- a/spec/signup_spec.js
+++ b/spec/signup_spec.js
@@ -3,17 +3,15 @@ describe("Loading SRP", function() {
expect(typeof srp.signup).toBe('function');
});
- it("provides session which calculates the right x", function(){
- srp.session = new srp.Session();
- expect(srp.session.calcX("7686acb8").toString(16)).toBe('84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398');
- });
});
describe("Signup with srp var", function() {
beforeEach(function() {
specHelper.setupFakeXHR.apply(this);
- srp.session = new srp.Session();
+ constants = new srp.Constants();
+ constants.randomSalt = function() {return "4c78c3f8"};
+ srp.session = new srp.Session(undefined, undefined, constants);
});
afterEach(function() {
@@ -23,7 +21,6 @@ describe("Signup with srp var", function() {
it("identifies after successful registration (INTEGRATION)", function(){
var callback = sinon.spy();
srp.signedUp = callback;
- srp.session.getSalt = function() {return "4c78c3f8"};
srp.signup();
this.expectRequest('/users.json', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST')
this.respondJSON({password_salt: "4c78c3f8", login: "testuser", ok: "true"});
diff --git a/src/srp_constants.js b/src/srp_constants.js
new file mode 100644
index 0000000..3d7ec85
--- /dev/null
+++ b/src/srp_constants.js
@@ -0,0 +1,101 @@
+srp.Constants = function() {
+
+ // Variables used in the SRP protocol
+ var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3";
+ var N = new BigInteger(Nstr, 16);
+ var g = new BigInteger("2");
+ var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16);
+ var rng = new SecureRandom();
+
+ this.calcA = function(_a) {
+ a = new BigInteger(_a, 16);
+ return g.modPow(a, N).toString(16);
+ };
+
+ // Calculates the X value
+ // x = H(s, H(I:p))
+ this.calcX = function(login, password, salt) {
+ var salted = salt + SHA256(login + ":" + password)
+ return SHA256(hex2a(salted));
+ };
+
+ this.calcV = this.calcA;
+
+ // u = H(A,B)
+ this.calcU = function(A, B) {
+ return SHA256(hex2a(A + B));
+ };
+
+ //S = (B - kg^x) ^ (a + ux)
+ this.calcS = function(_a, _A, _B, _x) {
+ var a = new BigInteger(_a, 16);
+ var x = new BigInteger(_x, 16);
+ var u = new BigInteger(this.calcU(_A, _B), 16);
+ var B = new BigInteger(_B, 16);
+
+ var kgx = k.multiply(g.modPow(x, N));
+ var aux = a.add(u.multiply(x));
+
+ return B.subtract(kgx).modPow(aux, N).toString(16);
+ }
+
+ this.calcK = function(_S) {
+ return SHA256(hex2a(_S));
+ }
+
+ this.nXorG = function() {
+ var hashN = SHA256(hex2a(Nstr));
+ var hashG = SHA256(hex2a(g.toString(16)));
+ return hexXor(hashN, hashG);
+ };
+
+ this.hash = function(hexString) {
+ return removeLeading0(SHA256(hex2a(hexString)));
+ };
+
+ this.isInvalidEphemeral = function(a) {
+ return (g.modPow(a, N) == 0);
+ };
+
+ this.randomEphemeral = function() {
+ var a = new BigInteger(32, rng);
+ while(this.isInvalidEphemeral(a))
+ {
+ a = new BigInteger(32, rng);
+ }
+ return a.toString(16);
+ };
+
+ // some 16 byte random number
+ this.randomSalt = function() {
+ return new BigInteger(64, rng).toString(16);
+ }
+
+ function hex2a(hex) {
+ var str = '';
+ if(hex.length % 2) {
+ hex = "0" + hex;
+ }
+ for (var i = 0; i < hex.length; i += 2)
+ str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
+ return str;
+ }
+
+ function removeLeading0(hex) {
+ if (hex[0] == "0") {
+ return hex.substr(1);
+ } else {
+ return hex;
+ }
+ }
+
+ function hexXor(a, b) {
+ var str = '';
+ for (var i = 0; i < a.length; i += 2) {
+ var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16)
+ xor = xor.toString(16);
+ str += (xor.length == 1) ? ("0" + xor) : xor
+ }
+ return str;
+ }
+};
diff --git a/src/srp_session.js b/src/srp_session.js
index f895f4a..babb96a 100644
--- a/src/srp_session.js
+++ b/src/srp_session.js
@@ -1,20 +1,9 @@
-srp.Session = function(login, password) {
+srp.Session = function(login, password, constants) {
- // Variables session will be used in the SRP protocol
- var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3";
- var N = new BigInteger(Nstr, 16);
- var g = new BigInteger("2");
- var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16);
-
- var rng = new SecureRandom();
- var a = new BigInteger(32, rng);
- var A = g.modPow(a, N);
- while(A.mod(N) == 0)
- {
- a = new BigInteger(32, rng);
- A = g.modPow(a, N);
- }
- var Astr = A.toString(16);
+
+ var constants = constants || new srp.Constants();
+ var a = constants.randomEphemeral();
+ var A = constants.calcA(a);
var S = null;
var K = null;
var M = null;
@@ -28,30 +17,30 @@ srp.Session = function(login, password) {
// allows setting the random number A for testing
this.calculateAndSetA = function(_a) {
- a = new BigInteger(_a, 16);
- A = g.modPow(a, N);
- Astr = A.toString(16);
- return Astr;
+ a = _a;
+ A = constants.calcA(_a);
+ return A;
};
this.signup = function() {
- var salt = this.getSalt();
+ var salt = constants.randomSalt();
+ var x = constants.calcX(this.getI(), this.getPass(), salt);
return {
login: this.getI(),
password_salt: salt,
- password_verifier: this.getV(salt).toString(16)
+ password_verifier: constants.calcV(x)
};
};
this.handshake = function() {
return {
login: this.getI(),
- A: this.getAstr()
+ A: this.getA()
};
};
- this.getAstr = function() {
- return Astr;
+ this.getA = function() {
+ return A;
}
// Returns the user's identity
@@ -66,66 +55,24 @@ srp.Session = function(login, password) {
return pass;
};
- // some 16 byte random number
- this.getSalt = function() {
- return new BigInteger(64, rng).toString(16);
- }
-
- // Returns the BigInteger, g
- this.getg = function() {
- return g;
- };
-
- // Returns the BigInteger, N
- this.getN = function() {
- return N;
- };
-
- // Calculates the X value and return it as a BigInteger
- this.calcX = function(salt) {
- var inner = salt + SHA256(this.getI() + ":" + this.getPass())
- return new BigInteger(SHA256(hex2a(inner)), 16);
- };
-
- this.getV = function(salt)
- {
- return this.getg().modPow(this.calcX(salt), this.getN());
- }
-
// Calculate S, M, and M2
// This is the client side of the SRP specification
this.calculations = function(salt, ephemeral)
{
//S -> C: s | B
- var B = new BigInteger(ephemeral, 16);
- var Bstr = ephemeral;
- // u = H(A,B)
- var u = new BigInteger(SHA256(hex2a(Astr + Bstr)), 16);
- // x = H(s, H(I:p))
- var x = this.calcX(salt);
- //S = (B - kg^x) ^ (a + ux)
- var kgx = k.multiply(g.modPow(x, N));
- var aux = a.add(u.multiply(x));
- S = B.subtract(kgx).modPow(aux, N);
- K = SHA256(hex2a(S.toString(16)));
- this.calcM(salt, A.toString(16), B.toString(16));
- };
-
- // M = H(H(N) xor H(g), H(I), s, A, B, K)
- this.calcM = function(salt, Astr, Bstr) {
- var hashN = SHA256(hex2a(N.toString(16)))
- var hashG = SHA256(hex2a(g.toString(16)))
- var hexString = hexXor(hashN, hashG);
- hexString += SHA256(I);
- hexString += salt;
- hexString += Astr;
- hexString += Bstr;
- hexString += K
- M = removeLeading0(SHA256(hex2a(hexString)));
+ var B = ephemeral;
+ var x = constants.calcX(this.getI(), this.getPass(), salt);
+ S = constants.calcS(a, A, B, x);
+ K = constants.calcK(S);
+
+ // M = H(H(N) xor H(g), H(I), s, A, B, K)
+ var xor = constants.nXorG();
+ M = constants.hash(xor + SHA256(I) + salt + A + B + K);
//M2 = H(A, M, K)
- M2 = removeLeading0(SHA256(hex2a(Astr + M + K)));
+ M2 = constants.hash(A + M + K);
};
+
this.getS = function() {
return S;
}
@@ -164,33 +111,5 @@ srp.Session = function(login, password) {
retstring = retstring.replace("+", "_");
return retstring;
};
-
- function removeLeading0(hex) {
- if (hex[0] == "0") {
- return hex.substr(1);
- } else {
- return hex;
- }
- }
-
- function hex2a(hex) {
- var str = '';
- if(hex.length % 2) {
- hex = "0" + hex;
- }
- for (var i = 0; i < hex.length; i += 2)
- str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
- return str;
- }
-
- function hexXor(a, b) {
- var str = '';
- for (var i = 0; i < a.length; i += 2) {
- var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16)
- xor = xor.toString(16);
- str += (xor.length == 1) ? ("0" + xor) : xor
- }
- return str;
- }
};