summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2013-06-20 17:28:55 +0200
committerAzul <azul@riseup.net>2013-06-20 17:28:55 +0200
commit4c53d48b0df6754d03a2f0cfa5e1ac36410062c5 (patch)
treec184abec5ed1843c736b3fe060c525e637f5efc3
parentcc31045a9215ea255ab686040fce804859aadde7 (diff)
fix bug wrt zero padding of hashesdevelop
-rw-r--r--spec/login_spec.js4
-rw-r--r--spec/session_spec.js19
-rw-r--r--src/srp_session.js19
3 files changed, 37 insertions, 5 deletions
diff --git a/spec/login_spec.js b/spec/login_spec.js
index e806cff..8f54a1e 100644
--- a/spec/login_spec.js
+++ b/spec/login_spec.js
@@ -14,7 +14,7 @@ describe("Login with srp var", function() {
var K = 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b';
var M = '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26';
var M2 = '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e';
- var V = '6f5fb78184161f4191babaf1a700ff70e4d261054d002466d05f2ec2b45fc8807dbd7ce25dc3c882331eb8bf72a22caf2868e3438477be7ab151d3281d00aa1a9fc5cb6a725abd99e11882f77d52b56b83f95c0ba0b8fbbf4ee1fbb445c35adb5d1aaa48ba761c4a4417f6bb821fb61956c919e47740b316b960653303fe7190';
+ var V = '4277ddfdd111cc6a4cd27af570172a93ff4dddd9441ad89ecd78b08504812819d85712fbb6d2b487798ea0e19eeb960ce129725286d1c891314c0620abce02ac0a37fac823d0858553aed30ba99622ec9c66cc937016b96e82ef9e3b5d06e1db707293459c0aa8e082b528fd236cda347c45d8b022a9d4f3701c696e0397332a';
var A_, callback;
@@ -33,7 +33,7 @@ describe("Login with srp var", function() {
});
it("calculates the same verifier", function(){
- expect(srp.session.getV().toString(16)).toBe(V);
+ expect(srp.session.getV(salt).toString(16)).toBe(V);
});
it("calculates the same key", function(){
diff --git a/spec/session_spec.js b/spec/session_spec.js
index 643a717..acfe0be 100644
--- a/spec/session_spec.js
+++ b/spec/session_spec.js
@@ -1,7 +1,7 @@
describe("Session", function() {
// data gathered from py-srp and ruby-srp
- var compare = {
+ var old_compare = {
username: "UC6LTQ",
password: "PVSQ7DCEIR0B",
salt: "d6ed8dba",
@@ -12,6 +12,20 @@ describe("Session", function() {
m: "bc30b8781e67a657e93d0a6cf7e7847fc60f79e2b0641e9c26b3522bc8f974cc"
}
+ // login attempt with correct password that failed never the less:
+ var compare = {
+ username: "blues",
+ password: "justtest",
+ salt: "6a6ef9ce5cb998eb",
+ v: "a5da6d376d503e22d93385db0244c382d1413d9f721ad9866dfc5e895cf2a3331514ceec5f48aceab58b260651cc9ee1ba96d906f67a6b4a7414c82d1333607ebe96403ecc86050224dc4c17b1d30efdbb451a68d1b6a25cce10f0e844082329d3cb46e1c3d46298a0de2cd3b8c6acc1a80c206f0f10ec8cd3c050babdf338ba",
+ aa: "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868",
+ a: "d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71",
+ bb: "dee64fd54daafc18b338c5783ade3ff4275dfee8c97008e2d9fb445880a2e1d452c822a35e8e3f012bc6facaa28022f8de3fb1d632667d635abde0afc0ca4ed06c9197ea88f379042b10bc7b7f816a1ec14fefe6e9adef4ab904315b3a3f36749f3f6d1083b0eb0029173770f8e9342b098298389ba49a88d4ea6b78a7f576a4",
+ s: "50973f6e8134f95bd04f54f522e6e57d957d0640f91f0a989ff775712b81d5856ae3bdd2aa9c5eda8019e9db18065519c99c33a62c7f12f98e7aed60b153feee9ab73ba1272b4d76aa002da8cd47c6da733c88a0e70d4c3d6752fd366d66efe40870d26fd5d1755883b9489721e1881376628bf6ef89902f35e5e7e31227e2f",
+ k: "dd93e648abfe2ac6c6d46e062ded60b31ec043e55ceca1946ec29508f4c68461",
+ m: "ccf0c492f715484dc8343e22cd5967c2c5d01de743c5f0a9c5cfd017db1804c"
+ };
+
var session;
beforeEach(function() {
@@ -33,6 +47,9 @@ describe("Session", function() {
it("calculates the proper M", function() {
session.calculateAndSetA(compare.a);
session.calculations(compare.salt, compare.bb);
+ expect(session.getS().toString(16)).toBe(compare.s);
+ // failing from here on...
+ expect(session.key()).toBe(compare.k);
expect(session.getM()).toBe(compare.m);
});
});
diff --git a/src/srp_session.js b/src/srp_session.js
index b1b6014..f895f4a 100644
--- a/src/srp_session.js
+++ b/src/srp_session.js
@@ -121,11 +121,15 @@ srp.Session = function(login, password) {
hexString += Astr;
hexString += Bstr;
hexString += K
- M = SHA256(hex2a(hexString));
+ M = removeLeading0(SHA256(hex2a(hexString)));
//M2 = H(A, M, K)
- M2 = SHA256(hex2a(Astr + M + K));
+ M2 = removeLeading0(SHA256(hex2a(Astr + M + K)));
};
+ this.getS = function() {
+ return S;
+ }
+
this.getM = function() {
return M;
}
@@ -161,8 +165,19 @@ srp.Session = function(login, password) {
return retstring;
};
+ function removeLeading0(hex) {
+ if (hex[0] == "0") {
+ return hex.substr(1);
+ } else {
+ return hex;
+ }
+ }
+
function hex2a(hex) {
var str = '';
+ if(hex.length % 2) {
+ hex = "0" + hex;
+ }
for (var i = 0; i < hex.length; i += 2)
str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
return str;