diff options
author | Azul <azul@riseup.net> | 2013-06-20 17:28:55 +0200 |
---|---|---|
committer | Azul <azul@riseup.net> | 2013-06-20 17:28:55 +0200 |
commit | 4c53d48b0df6754d03a2f0cfa5e1ac36410062c5 (patch) | |
tree | c184abec5ed1843c736b3fe060c525e637f5efc3 | |
parent | cc31045a9215ea255ab686040fce804859aadde7 (diff) |
fix bug wrt zero padding of hashesdevelop
-rw-r--r-- | spec/login_spec.js | 4 | ||||
-rw-r--r-- | spec/session_spec.js | 19 | ||||
-rw-r--r-- | src/srp_session.js | 19 |
3 files changed, 37 insertions, 5 deletions
diff --git a/spec/login_spec.js b/spec/login_spec.js index e806cff..8f54a1e 100644 --- a/spec/login_spec.js +++ b/spec/login_spec.js @@ -14,7 +14,7 @@ describe("Login with srp var", function() { var K = 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b'; var M = '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26'; var M2 = '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e'; - var V = '6f5fb78184161f4191babaf1a700ff70e4d261054d002466d05f2ec2b45fc8807dbd7ce25dc3c882331eb8bf72a22caf2868e3438477be7ab151d3281d00aa1a9fc5cb6a725abd99e11882f77d52b56b83f95c0ba0b8fbbf4ee1fbb445c35adb5d1aaa48ba761c4a4417f6bb821fb61956c919e47740b316b960653303fe7190'; + var V = '4277ddfdd111cc6a4cd27af570172a93ff4dddd9441ad89ecd78b08504812819d85712fbb6d2b487798ea0e19eeb960ce129725286d1c891314c0620abce02ac0a37fac823d0858553aed30ba99622ec9c66cc937016b96e82ef9e3b5d06e1db707293459c0aa8e082b528fd236cda347c45d8b022a9d4f3701c696e0397332a'; var A_, callback; @@ -33,7 +33,7 @@ describe("Login with srp var", function() { }); it("calculates the same verifier", function(){ - expect(srp.session.getV().toString(16)).toBe(V); + expect(srp.session.getV(salt).toString(16)).toBe(V); }); it("calculates the same key", function(){ diff --git a/spec/session_spec.js b/spec/session_spec.js index 643a717..acfe0be 100644 --- a/spec/session_spec.js +++ b/spec/session_spec.js @@ -1,7 +1,7 @@ describe("Session", function() { // data gathered from py-srp and ruby-srp - var compare = { + var old_compare = { username: "UC6LTQ", password: "PVSQ7DCEIR0B", salt: "d6ed8dba", @@ -12,6 +12,20 @@ describe("Session", function() { m: "bc30b8781e67a657e93d0a6cf7e7847fc60f79e2b0641e9c26b3522bc8f974cc" } + // login attempt with correct password that failed never the less: + var compare = { + username: "blues", + password: "justtest", + salt: "6a6ef9ce5cb998eb", + v: "a5da6d376d503e22d93385db0244c382d1413d9f721ad9866dfc5e895cf2a3331514ceec5f48aceab58b260651cc9ee1ba96d906f67a6b4a7414c82d1333607ebe96403ecc86050224dc4c17b1d30efdbb451a68d1b6a25cce10f0e844082329d3cb46e1c3d46298a0de2cd3b8c6acc1a80c206f0f10ec8cd3c050babdf338ba", + aa: "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868", + a: "d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", + bb: "dee64fd54daafc18b338c5783ade3ff4275dfee8c97008e2d9fb445880a2e1d452c822a35e8e3f012bc6facaa28022f8de3fb1d632667d635abde0afc0ca4ed06c9197ea88f379042b10bc7b7f816a1ec14fefe6e9adef4ab904315b3a3f36749f3f6d1083b0eb0029173770f8e9342b098298389ba49a88d4ea6b78a7f576a4", + s: "50973f6e8134f95bd04f54f522e6e57d957d0640f91f0a989ff775712b81d5856ae3bdd2aa9c5eda8019e9db18065519c99c33a62c7f12f98e7aed60b153feee9ab73ba1272b4d76aa002da8cd47c6da733c88a0e70d4c3d6752fd366d66efe40870d26fd5d1755883b9489721e1881376628bf6ef89902f35e5e7e31227e2f", + k: "dd93e648abfe2ac6c6d46e062ded60b31ec043e55ceca1946ec29508f4c68461", + m: "ccf0c492f715484dc8343e22cd5967c2c5d01de743c5f0a9c5cfd017db1804c" + }; + var session; beforeEach(function() { @@ -33,6 +47,9 @@ describe("Session", function() { it("calculates the proper M", function() { session.calculateAndSetA(compare.a); session.calculations(compare.salt, compare.bb); + expect(session.getS().toString(16)).toBe(compare.s); + // failing from here on... + expect(session.key()).toBe(compare.k); expect(session.getM()).toBe(compare.m); }); }); diff --git a/src/srp_session.js b/src/srp_session.js index b1b6014..f895f4a 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -121,11 +121,15 @@ srp.Session = function(login, password) { hexString += Astr; hexString += Bstr; hexString += K - M = SHA256(hex2a(hexString)); + M = removeLeading0(SHA256(hex2a(hexString))); //M2 = H(A, M, K) - M2 = SHA256(hex2a(Astr + M + K)); + M2 = removeLeading0(SHA256(hex2a(Astr + M + K))); }; + this.getS = function() { + return S; + } + this.getM = function() { return M; } @@ -161,8 +165,19 @@ srp.Session = function(login, password) { return retstring; }; + function removeLeading0(hex) { + if (hex[0] == "0") { + return hex.substr(1); + } else { + return hex; + } + } + function hex2a(hex) { var str = ''; + if(hex.length % 2) { + hex = "0" + hex; + } for (var i = 0; i < hex.length; i += 2) str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); return str; |