diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/jqueryRest.js | 78 | ||||
-rw-r--r-- | src/srp_session.js | 59 |
2 files changed, 61 insertions, 76 deletions
diff --git a/src/jqueryRest.js b/src/jqueryRest.js index 9e7f72b..f50080b 100644 --- a/src/jqueryRest.js +++ b/src/jqueryRest.js @@ -1,50 +1,5 @@ jqueryRest = function() { - function getUrl() - { - return ""; - } - - function paths(path) - { - return path; - } - - // Perform ajax requests at the specified path, with the specified parameters - // Calling back the specified function. - function ajaxRequest(relative_path, params, callback) - { - var full_url = this.geturl() + this.paths(relative_path); - if( window.XMLHttpRequest) { - xhr = new XMLHttpRequest(); - } - else if (window.ActiveXObject){ - try { - xhr = new ActiveXObject("Microsoft.XMLHTTP"); - } catch (e){} - } - else - { - session.error_message("Ajax not supported."); - return; - } - if(xhr){ - xhr.onreadystatechange = function() { - if(xhr.readyState == 4 && xhr.status == 200) { - callback(parseResponse()); - } - }; - xhr.open("POST", full_url, true); - xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); - xhr.setRequestHeader("Content-length", params.length); - xhr.send(params); - } - else - { - session.error_message("Ajax failed."); - } - } - function parseResponse() { if (responseIsXML()) { return parseXML(xhr.responseXML); @@ -98,31 +53,32 @@ jqueryRest = function() { } function sendVerifier(session, callback) { - this.ajaxRequest("users", "user[login]=" + session.getI() + - "&user[password_salt]=" + session.getSalt() + - "&user[password_verifier]=" + session.getV().toString(16), callback); - } - - function handshake(I, Astr, callback) { - this.ajaxRequest("handshake/", "I="+I+"&A="+Astr, callback); + var salt = session.getSalt(); + $.post("users", { user: + { login: session.getI(), + password_salt: salt, + password_verifier: session.getV(salt).toString(16)} + }, callback); } - function authenticate(M, callback) { - this.ajaxRequest("authenticate/", "M="+M, callback); + function handshake(session, callback) { + $.post("sessions", { login: session.getI(), + A: session.getAstr()}, callback); } - function upgrade(M, callback) { - this.ajaxRequest("upgrade/authenticate/", "M="+M, callback); + function authenticate(session, success) { + $.ajax({ + url: "sessions/" + session.getI(), + type: 'PUT', + data: {client_auth: session.getM()}, + success: success + }); } return { - geturl: getUrl, - paths: paths, - ajaxRequest: ajaxRequest, register: register, register_send_verifier: sendVerifier, handshake: handshake, - authenticate: authenticate, - upgrade: upgrade + authenticate: authenticate }; }; diff --git a/src/srp_session.js b/src/srp_session.js index 93bfbe5..07c1e25 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -1,10 +1,10 @@ SRP.prototype.Session = function() { // Variables session will be used in the SRP protocol - var Nstr = "115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3"; + var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3"; var N = new BigInteger(Nstr, 16); var g = new BigInteger("2"); - var k = new BigInteger("c46d46600d87fef149bd79b81119842f3c20241fda67d06ef412d8f6d9479c58", 16); + var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16); var rng = new SecureRandom(); var a = new BigInteger(32, rng); @@ -66,9 +66,9 @@ SRP.prototype.Session = function() { }; // Calculates the X value and return it as a BigInteger - this.calcX = function(s) + this.calcX = function(salt) { - return new BigInteger(SHA256(s + SHA256(I + ":" + pass)), 16); + return new BigInteger(SHA256(hex2a(salt + SHA256(I + ":" + pass))), 16); }; this.getV = function(salt) @@ -85,18 +85,30 @@ SRP.prototype.Session = function() { var B = new BigInteger(ephemeral, 16); var Bstr = ephemeral; // u = H(A,B) - var u = new BigInteger(SHA256(Astr + Bstr), 16); + var u = new BigInteger(SHA256(hex2a(Astr + Bstr)), 16); // x = H(s, H(I:p)) - var x = new BigInteger(SHA256(salt + SHA256(I + ":" + pass)), 16); + var x = this.calcX(salt); //S = (B - kg^x) ^ (a + ux) var kgx = k.multiply(g.modPow(x, N)); var aux = a.add(u.multiply(x)); S = B.subtract(kgx).modPow(aux, N); - // M = H(H(N) xor H(g), H(I), s, A, B, K) - var Mstr = A.toString(16) + B.toString(16) + S.toString(16); - M = SHA256(Mstr); - M2 = SHA256(A.toString(16) + M + S.toString(16)); + K = SHA256(hex2a(S.toString(16))); + this.calcM(salt, A.toString(16), B.toString(16)); + }; + + // M = H(H(N) xor H(g), H(I), s, A, B, K) + this.calcM = function(salt, Astr, Bstr) { + var hashN = SHA256(hex2a(N.toString(16))) + var hashG = SHA256(hex2a(g.toString(16))) + var hexString = hexXor(hashN, hashG); + hexString += SHA256(I); + hexString += salt; + hexString += Astr; + hexString += Bstr; + hexString += K + M = SHA256(hex2a(hexString)); //M2 = H(A, M, K) + M2 = SHA256(hex2a(Astr + M + K)); }; this.getM = function() { @@ -112,13 +124,11 @@ SRP.prototype.Session = function() { // access the key with this function. this.key = function() { - if(K) return K; - if(authenticated) { - K = SHA256(S.toString(16)); + if(K) { return K; - } - else + } else { this.onError("User has not been authenticated."); + } }; // Encrypt plaintext using slowAES @@ -135,4 +145,23 @@ SRP.prototype.Session = function() { retstring = retstring.replace("+", "_"); return retstring; }; + + function hex2a(hex) { + var str = ''; + for (var i = 0; i < hex.length; i += 2) + str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); + return str; + } + + function hexXor(a, b) { + var str = ''; + for (var i = 0; i < a.length; i += 2) { + var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16) + xor = xor.toString(16); + str += (xor.length == 1) ? ("0" + xor) : xor + } + return str; + } + + } |