diff options
| author | jessib <jessib@riseup.net> | 2013-10-14 10:27:08 -0700 |
|---|---|---|
| committer | jessib <jessib@riseup.net> | 2013-10-14 10:27:08 -0700 |
| commit | 8f33d32d40b1e21ae7fb9a92c78a275422af4217 (patch) | |
| tree | f4ae8de3d30267443b0a242887d8e583fdb174d1 | |
| parent | 948898fd93dd90031602a445cfc5dd432ddc7f39 (diff) | |
| parent | 4c8e593b7b03abb19b451b6be999f10e0fed5ff4 (diff) | |
Merge pull request #4 from azul/bugfix/utf8-in-sha
properly treat utf8 chars in password
| -rw-r--r-- | lib/SHA256.js | 28 | ||||
| -rw-r--r-- | spec/calculate_spec.js | 19 | ||||
| -rw-r--r-- | src/srp_calculate.js | 27 |
3 files changed, 41 insertions, 33 deletions
diff --git a/lib/SHA256.js b/lib/SHA256.js index f79b07d..f47077b 100644 --- a/lib/SHA256.js +++ b/lib/SHA256.js @@ -85,32 +85,6 @@ function SHA256(s){ return bin; } - function Utf8Encode(string) { - string = string.replace(/\r\n/g,"\n"); - var utftext = ""; - - for (var n = 0; n < string.length; n++) { - - var c = string.charCodeAt(n); - - if (c < 128) { - utftext += String.fromCharCode(c); - } - else if((c > 127) && (c < 2048)) { - utftext += String.fromCharCode((c >> 6) | 192); - utftext += String.fromCharCode((c & 63) | 128); - } - else { - utftext += String.fromCharCode((c >> 12) | 224); - utftext += String.fromCharCode(((c >> 6) & 63) | 128); - utftext += String.fromCharCode((c & 63) | 128); - } - - } - - return utftext; - } - function binb2hex (binarray) { var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; var str = ""; @@ -120,7 +94,7 @@ function SHA256(s){ } return str; } - + return binb2hex(core_sha256(str2binb(s), s.length * chrsz)); } diff --git a/spec/calculate_spec.js b/spec/calculate_spec.js index be916c1..02bff1d 100644 --- a/spec/calculate_spec.js +++ b/spec/calculate_spec.js @@ -32,8 +32,21 @@ describe("Calculate", function() { }); it("calculates the right verifier", function() { - x = calculate.X(compare.username, compare.password, compare.salt) - expect(calculate.V(x)).toBe(compare.v); + calculate_and_compare_verifier(compare); }); - + + it("calculates the right verifier with umlauts", function() { + with_umlauts = { + username: "test_joakcq", + password: "fs5uofäöìfvqynn", + salt: "eec1ff4c", + v: "551e82de8d61a6575a3da7fbede61f6f38164ed52eb64db031c1ec2316b474745d3ff24408bfcca3c50fc53283f2f975feebf1564d197051c834a56bf8bd804f3696d81e579915141f306242f133db210cbd11385afff01c355ca8446d92d8a54ff147ebb0e1cd3d5c78750a0488f1453473e9449a946c7c9298c167cc5adafc" + } + calculate_and_compare_verifier(with_umlauts); + }); + + function calculate_and_compare_verifier(values) { + x = calculate.X(values.username, values.password, values.salt) + expect(calculate.V(x)).toBe(values.v); + } }); diff --git a/src/srp_calculate.js b/src/srp_calculate.js index a1cbe51..e32def8 100644 --- a/src/srp_calculate.js +++ b/src/srp_calculate.js @@ -50,14 +50,13 @@ srp.Calculate = function() { }; this.hashHex = function(hexString) { - return this.hash(hex2a(hexString)); + return SHA256(hex2a(hexString)); }; this.hash = function(string) { - return SHA256(string); + return SHA256(utf8Encode(string)); }; - this.isInvalidEphemeral = function(a) { return (g.modPow(a, N) == 0); }; @@ -117,4 +116,26 @@ srp.Calculate = function() { } return str; } + + function utf8Encode(string) { + string = string.replace(/\r\n/g,"\n"); + var utftext = ""; + + for (var n = 0; n < string.length; n++) { + var c = string.charCodeAt(n); + if (c < 128) { + utftext += String.fromCharCode(c); + } + else if((c > 127) && (c < 2048)) { + utftext += String.fromCharCode((c >> 6) | 192); + utftext += String.fromCharCode((c & 63) | 128); + } + else { + utftext += String.fromCharCode((c >> 12) | 224); + utftext += String.fromCharCode(((c >> 6) & 63) | 128); + utftext += String.fromCharCode((c & 63) | 128); + } + } + return utftext; + } }; |