From 2263abad65b92ef26c8e67097bbcfeb6988ab8fd Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 14 Oct 2012 16:24:10 +0200 Subject: calculating the right M and M2! still missing some error handling, this in Django specs and the right http verbs --- spec/restful/login.js | 7 ++++++- src/srp_session.js | 47 ++++++++++++++++++++++++++++++++++------------- 2 files changed, 40 insertions(+), 14 deletions(-) diff --git a/spec/restful/login.js b/spec/restful/login.js index 8da6cfd..3bf9dda 100644 --- a/spec/restful/login.js +++ b/spec/restful/login.js @@ -16,6 +16,7 @@ describe("Login", function() { var b = '6aa5c88d1877af9907ccefad31083e1102a7121dc04706f681f66c8680fb7f05'; var B = 'd56a80aaafdf9f70598b5d1184f122f326a333fafd37ab76d6f7fba4a9c4ee59545be056335150bd64f04880bc8e76949469379fe9de17cf6f36f3ee11713d05f63050486bc73c545163169999ff01b55c0ca4e90d8856a6e3d3a6ffc70b70d993a5308a37a5c2399874344e083e72b3c9afa083d312dfe9096ea9a65023f135'; var salt = '628365a0'; + var K = 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b'; var M = '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26'; var M2 = '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e'; var A_, callback; @@ -38,6 +39,11 @@ describe("Login", function() { expect(A_).toBe(A); }); + it("calculates the right key", function(){ + this.srp.session.calculations(salt, B); + expect(this.srp.session.key()).toBe(K); + }); + it("works with JSON responses", function(){ this.srp.identify(); @@ -63,4 +69,3 @@ describe("Login", function() { }); - diff --git a/src/srp_session.js b/src/srp_session.js index afd653a..07c1e25 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -66,9 +66,9 @@ SRP.prototype.Session = function() { }; // Calculates the X value and return it as a BigInteger - this.calcX = function(s) + this.calcX = function(salt) { - return new BigInteger(SHA256(hex2a(s + SHA256(I + ":" + pass))), 16); + return new BigInteger(SHA256(hex2a(salt + SHA256(I + ":" + pass))), 16); }; this.getV = function(salt) @@ -85,18 +85,30 @@ SRP.prototype.Session = function() { var B = new BigInteger(ephemeral, 16); var Bstr = ephemeral; // u = H(A,B) - var u = new BigInteger(SHA256(Astr + Bstr), 16); + var u = new BigInteger(SHA256(hex2a(Astr + Bstr)), 16); // x = H(s, H(I:p)) - var x = new BigInteger(SHA256(salt + SHA256(I + ":" + pass)), 16); + var x = this.calcX(salt); //S = (B - kg^x) ^ (a + ux) var kgx = k.multiply(g.modPow(x, N)); var aux = a.add(u.multiply(x)); S = B.subtract(kgx).modPow(aux, N); - // M = H(H(N) xor H(g), H(I), s, A, B, K) - var Mstr = A.toString(16) + B.toString(16) + S.toString(16); - M = SHA256(Mstr); - M2 = SHA256(A.toString(16) + M + S.toString(16)); + K = SHA256(hex2a(S.toString(16))); + this.calcM(salt, A.toString(16), B.toString(16)); + }; + + // M = H(H(N) xor H(g), H(I), s, A, B, K) + this.calcM = function(salt, Astr, Bstr) { + var hashN = SHA256(hex2a(N.toString(16))) + var hashG = SHA256(hex2a(g.toString(16))) + var hexString = hexXor(hashN, hashG); + hexString += SHA256(I); + hexString += salt; + hexString += Astr; + hexString += Bstr; + hexString += K + M = SHA256(hex2a(hexString)); //M2 = H(A, M, K) + M2 = SHA256(hex2a(Astr + M + K)); }; this.getM = function() { @@ -112,13 +124,11 @@ SRP.prototype.Session = function() { // access the key with this function. this.key = function() { - if(K) return K; - if(authenticated) { - K = SHA256(S.toString(16)); + if(K) { return K; - } - else + } else { this.onError("User has not been authenticated."); + } }; // Encrypt plaintext using slowAES @@ -143,4 +153,15 @@ SRP.prototype.Session = function() { return str; } + function hexXor(a, b) { + var str = ''; + for (var i = 0; i < a.length; i += 2) { + var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16) + xor = xor.toString(16); + str += (xor.length == 1) ? ("0" + xor) : xor + } + return str; + } + + } -- cgit v1.2.3