1 files changed, 386 insertions, 0 deletions

diff --git a/srp/srp.js b/srp/srp.js
new file mode 100644
index 0000000..6af54ea
--- /dev/null
+++ b/srp/srp.js
@@ -0,0 +1,386 @@
+function SRP()
+{
+  // Variables that will be used in the SRP protocol
+  var Nstr = "115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3";
+  var N = new BigInteger(Nstr, 16);
+  var g = new BigInteger("2");
+  var k = new BigInteger("c46d46600d87fef149bd79b81119842f3c20241fda67d06ef412d8f6d9479c58", 16);
+  var rng = new SecureRandom();
+  var a = new BigInteger(32, rng);
+  var A = g.modPow(a, N);
+  while(A.mod(N) == 0)
+  {
+    a = new BigInteger(32, rng);
+    A = g.modPow(a, N);
+  }
+  var Astr = A.toString(16);
+  var S = null;
+  var K = null;
+  var M = null;
+  var M2 = null;
+  var url = document.getElementById("srp_url").value;
+  var server = document.getElementById("srp_server").value;
+  var that = this;
+  var authenticated = false;
+  var I = document.getElementById("srp_username").value;
+  var p = document.getElementById("srp_password").value;
+  var xhr = null;
+
+  // *** Accessor methods ***
+
+  // allows setting the random number A for testing
+
+  this.calculateAndSetA = function(_a)
+  {
+    a = new BigInteger(_a, 16);
+    A = g.modPow(a, N);
+    Astr = A.toString(16);
+    return Astr;
+  };
+
+  // Returns the user's identity
+  this.getI = function()
+  {
+    return I;
+  };
+
+  // Returns the XMLHttpRequest object
+  this.getxhr = function()
+  {
+    return xhr;
+  };
+
+  // Returns the base URL
+  this.geturl = function()
+  {
+    return url;
+  };
+  // Returns the BigInteger, g
+  this.getg = function()
+  {
+    return g;
+  };
+
+  // Returns the BigInteger, N
+  this.getN = function()
+  {
+    return N;
+  };
+
+  // Calculates the X value and return it as a BigInteger
+  this.calcX = function(s)
+  {
+    return new BigInteger(SHA256(s + SHA256(I + ":" + p)), 16);
+  };
+
+  // Translates the django path to PHP and ASP.NET paths
+  this.paths = function(str)
+  {
+    // For now, str will be the django path
+    // This function will translate for other backends.
+    if(server == "django")
+    {
+      return str;
+    }
+  };
+
+  // Check whether or not a variable is defined
+  function isdefined ( variable)
+  {
+    return (typeof(window[variable]) != "undefined");
+  };    
+
+  // *** Actions ***
+
+  // Perform ajax requests at the specified url, with the specified parameters
+  // Calling back the specified function.
+  this.ajaxRequest = function(full_url, params, callback)
+  {
+    if( window.XMLHttpRequest)
+      xhr = new XMLHttpRequest();
+    else if (window.ActiveXObject){
+      try{
+        xhr = new ActiveXObject("Microsoft.XMLHTTP");
+      }catch (e){}
+    }
+    else
+    {
+      that.error_message("Ajax not supported.");
+      return;
+    }
+    if(xhr){
+      xhr.onreadystatechange = function() {
+        if(xhr.readyState == 4 && xhr.status == 200) {
+          callback(parseResponse());
+        }
+      };
+      xhr.open("POST", full_url, true);
+      xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+      xhr.setRequestHeader("Content-length", params.length);
+      xhr.send(params);
+    }
+    else
+    {
+      that.error_message("Ajax failed.");
+    }        
+  };
+
+  function parseResponse() {
+    if (responseIsXML()) {
+      return parseXML(xhr.responseXML);
+    } else if (responseIsJSON()) {
+      return JSON.parse(xhr.responseText);
+    } 
+  };
+
+  function responseIsXML() {
+    return (xhr.responseType == 'document') || 
+           (xhr.getResponseHeader("Content-Type").indexOf('application/xml') >= 0)
+  }
+
+  function responseIsJSON() {
+    return (xhr.responseType == 'json') || 
+           (xhr.getResponseHeader("Content-Type").indexOf('application/json') >= 0)
+  }
+
+  function parseXML(xml) {
+    if (xml.getElementsByTagName("r").length > 0) {
+      return parseAttributesOfElement(xml.getElementsByTagName("r")[0]);
+    } else {
+      return parseNodes(xml.childNodes);
+    }
+  };
+
+  function parseAttributesOfElement(elem) {
+    var response = {};
+    for (var i = 0; i < elem.attributes.length; i++) {
+      var attrib = elem.attributes[i];
+      if (attrib.specified) {
+        response[attrib.name] = attrib.value;
+      }
+    }
+    return response;
+  };
+
+  function parseNodes(nodes) {
+    var response = {};
+    for (var i = 0; i < nodes.length; i++) {
+      var node = nodes[i];
+      response[node.tagName] = node.textContent || true;
+    }
+    return response;
+  };
+
+  // Start the login process by identifying the user
+  this.identify = function()
+  {
+    var handshake_url = url + that.paths("handshake/");
+    var params = "I="+I+"&A="+Astr;
+    that.ajaxRequest(handshake_url, params, receive_salts);
+  };
+
+  // Receive login salts from the server, start calculations
+  function receive_salts(response)
+  {
+    if(response.error) {
+      that.error_message(response.error);
+    }
+    // B = 0 will make the algorithm always succeed - refuse such a server
+    // answer
+    else if(response.B == 0) {
+      that.error_message("Server send random number 0 - this is not allowed");
+    }
+    // If there is no algorithm specified, calculate M given s, B, and P
+    else if(!response.a)
+    {
+      calculations(response.s, response.B, p);
+      that.ajaxRequest(url+that.paths("authenticate/"), "M="+M, confirm_authentication);
+    }
+    // If there is an algorithm specified, start the login process
+    else {
+      upgrade(response.s, response.B, response.a, response.d);
+    } 
+  };
+  // Calculate S, M, and M2
+  // This is the client side of the SRP specification
+  function calculations(s, ephemeral, pass)
+  {    
+    //S -> C: s | B
+    var B = new BigInteger(ephemeral, 16); 
+    var Bstr = ephemeral;
+    // u = H(A,B)
+    var u = new BigInteger(SHA256(Astr + Bstr), 16); 
+    // x = H(s, H(I:p))
+    var x = new BigInteger(SHA256(s + SHA256(I + ":" + pass)), 16);
+    //S = (B - kg^x) ^ (a + ux)
+    var kgx = k.multiply(g.modPow(x, N));  
+    var aux = a.add(u.multiply(x)); 
+    S = B.subtract(kgx).modPow(aux, N); 
+    // M = H(H(N) xor H(g), H(I), s, A, B, K)
+    var Mstr = A.toString(16) + B.toString(16) + S.toString(16); 
+    M = SHA256(Mstr);
+    M2 = SHA256(A.toString(16) + M + S.toString(16)); 
+    //M2 = H(A, M, K)
+  };
+
+  // Receive M2 from the server and verify it
+  function confirm_authentication(response)
+  {
+    if(response.M)
+    {
+      if(response.M == M2)
+      {
+        authenticated = true;
+        that.success();
+      }
+      else
+        that.error_message("Server key does not match");
+    }
+    else if (response.error)
+      that.error_message(response.error);
+  };
+
+  // *** Upgrades ***
+
+  // Start the process to upgrade the user's account
+  function upgrade(s,ephemeral,algo,dsalt)
+  {
+    // First we need to import the hash functions
+    import_hashes();
+
+    // Once the hash functions are imported, do the calculations using the hashpass as the password
+    function do_upgrade()
+    {
+      // If sha1 and md5 are still undefined, sleep again
+      if(!isdefined("SHA1") || !isdefined("MD5"))
+      {
+        window.setTimeout(do_upgrade, 10);
+        return;
+      }
+      if(algo == "sha1")
+        hashfun = SHA1;
+      else if(algo == "md5")
+        hashfun = MD5;
+      //alert(hashfun(dsalt+p));
+      calculations(s, ephemeral, hashfun(dsalt+p));
+      that.ajaxRequest(url+that.paths("upgrade/authenticate/"), "M="+M, confirm_upgrade);
+    };
+    window.setTimeout(do_upgrade,10);
+  };
+
+  // Encrypt plaintext using slowAES
+  function encrypt(plaintext)
+  {
+    var key = cryptoHelpers.toNumbers(that.key());
+    var byteMessage = cryptoHelpers.convertStringToByteArray(plaintext);
+    var iv = new Array(16);
+    rng.nextBytes(iv);
+    var paddedByteMessage = slowAES.getPaddedBlock(byteMessage, 0, byteMessage.length, slowAES.modeOfOperation.CFB);
+    var ciphertext = slowAES.encrypt(paddedByteMessage, slowAES.modeOfOperation.CFB, key, key.length, iv).cipher;
+    var retstring = cryptoHelpers.base64.encode(iv.concat(ciphertext));
+    while(retstring.indexOf("+",0) > -1)
+      retstring = retstring.replace("+", "_");
+    return retstring;
+  };
+
+  // Receive the server's M, confirming that the server has HASH(p)
+  // Next, send P in plaintext (this is the **only** time it should ever be sent plain text)
+  function confirm_upgrade(response)
+  {
+    if(response.M)
+    {
+      if(response.M == M2)
+      {
+        K = SHA256(S.toString(16));
+        var auth_url = url + that.paths("upgrade/verifier/");
+        that.ajaxRequest(auth_url, "p="+encrypt(p)+"&l="+p.length, confirm_verifier);
+      }
+      else
+        that.error_message("Server key does not match");
+    }
+    else if (response.error)
+    {
+      that.error_message(response.error);
+    }
+  };
+
+  // After sending the password, check that the response is OK, then reidentify
+  function confirm_verifier(response)
+  {
+    K = null;
+    if(response.ok)
+      that.identify();
+    else
+      that.error_message("Verifier could not be confirmed");
+  };
+
+  // This loads javascript libraries. Fname is the path to the library to be imported
+  function import_file(fname)
+  {
+    var scriptElt = document.createElement('script');
+    scriptElt.type = 'text/javascript';
+    scriptElt.src = fname;
+    document.getElementsByTagName('head')[0].appendChild(scriptElt);
+  };
+  // If we need SHA1 or MD5, we need to load the javascript files
+  function import_hashes()
+  {
+    // First check that the functions aren't already loaded
+    if(isdefined("SHA1") && isdefined("MD5")) return;
+    // Get the directory that this javascript file was loaded from
+    var arr=that.srpPath.split("/");
+    var path = arr.slice(0, arr.length-1).join("/");
+    // If this file is called srp.min.js, we will load the packed hash file
+    if(arr[arr.length-1] == "srp.min.js")
+      import_file(path+"/crypto.min.js");
+    // Otherwise, this file is presumably srp.js, and we will load individual hash files
+    else
+    {
+      import_file(path+"/MD5.js");
+      import_file(path+"/SHA1.js");
+      import_file(path+"/cryptoHelpers.js");
+      import_file(path+"/aes.js");
+    }        
+  }
+
+  // This function is called when authentication is successful.
+  // Developers can set this to other functions in specific implementations
+  // and change the functionality.
+  this.success = function()
+  {
+    var forward_url = document.getElementById("srp_forward").value;
+    if(forward_url.charAt(0) != "#")
+      window.location = forward_url;
+    else
+    {
+      window.location = forward_url;
+      alert("Login successful.");
+    }
+  };
+  // If someone wants to use the session key for encrypting traffic, they can
+  // access the key with this function.
+  this.key = function()
+  {
+    if(K == null)
+      if(authenticated)
+    {
+      K = SHA256(S.toString(16));
+      return K;
+    }
+    else
+      that.error_message("User has not been authenticated.");
+    else
+      return K;
+  };
+
+    // If an error occurs, raise it as an alert.
+    // Developers can set this to an alternative function to handle erros differently.
+    this.error_message = function(t)
+    {
+      alert(t);
+    };
+  };
+  // This line is run while the document is loading
+  // It gets a list of all <script> tags and finds the last instance.
+  // The path to this script is the "src" attribute of that tag.
+  SRP.prototype.srpPath = document.getElementsByTagName('script')[document.getElementsByTagName('script').length-1].getAttribute("src");