diff options
author | Azul <azul@riseup.net> | 2013-10-14 11:43:34 +0200 |
---|---|---|
committer | Azul <azul@riseup.net> | 2013-10-14 11:52:44 +0200 |
commit | 4c8e593b7b03abb19b451b6be999f10e0fed5ff4 (patch) | |
tree | f4ae8de3d30267443b0a242887d8e583fdb174d1 /src/srp_calculate.js | |
parent | 948898fd93dd90031602a445cfc5dd432ddc7f39 (diff) |
properly treat utf8 chars in password
utf-8 encoding used to be bundled with the SHA256 library. However we
only want to utf8 encode strings that are actual user input. We do not
want to encode the bytearrays that are used when hashing the hex values
calculated during for SRP.
So I separated the utf-8 encoding and the sha256 hashing.
Diffstat (limited to 'src/srp_calculate.js')
-rw-r--r-- | src/srp_calculate.js | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/src/srp_calculate.js b/src/srp_calculate.js index a1cbe51..e32def8 100644 --- a/src/srp_calculate.js +++ b/src/srp_calculate.js @@ -50,14 +50,13 @@ srp.Calculate = function() { }; this.hashHex = function(hexString) { - return this.hash(hex2a(hexString)); + return SHA256(hex2a(hexString)); }; this.hash = function(string) { - return SHA256(string); + return SHA256(utf8Encode(string)); }; - this.isInvalidEphemeral = function(a) { return (g.modPow(a, N) == 0); }; @@ -117,4 +116,26 @@ srp.Calculate = function() { } return str; } + + function utf8Encode(string) { + string = string.replace(/\r\n/g,"\n"); + var utftext = ""; + + for (var n = 0; n < string.length; n++) { + var c = string.charCodeAt(n); + if (c < 128) { + utftext += String.fromCharCode(c); + } + else if((c > 127) && (c < 2048)) { + utftext += String.fromCharCode((c >> 6) | 192); + utftext += String.fromCharCode((c & 63) | 128); + } + else { + utftext += String.fromCharCode((c >> 12) | 224); + utftext += String.fromCharCode(((c >> 6) & 63) | 128); + utftext += String.fromCharCode((c & 63) | 128); + } + } + return utftext; + } }; |