From 0461d76899379cb1e2ecd15456d2e6eb4fb8fa60 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 21 Aug 2012 17:59:11 +0200 Subject: moved srp-js files from lib to src --- lib/jqueryRest.js | 127 ------------------------------------------------ lib/plainXHR.js | 120 ---------------------------------------------- lib/srp.js | 76 ----------------------------- lib/srp_session.js | 138 ----------------------------------------------------- 4 files changed, 461 deletions(-) delete mode 100644 lib/jqueryRest.js delete mode 100644 lib/plainXHR.js delete mode 100644 lib/srp.js delete mode 100644 lib/srp_session.js (limited to 'lib') diff --git a/lib/jqueryRest.js b/lib/jqueryRest.js deleted file mode 100644 index 8c8163c..0000000 --- a/lib/jqueryRest.js +++ /dev/null @@ -1,127 +0,0 @@ -jqueryRest = function() { - - function getUrl() - { - return ""; - } - - function paths(path) - { - return path - } - - // Perform ajax requests at the specified path, with the specified parameters - // Calling back the specified function. - function ajaxRequest(relative_path, params, callback) - { - var full_url = this.geturl() + this.paths(relative_path); - if( window.XMLHttpRequest) - xhr = new XMLHttpRequest(); - else if (window.ActiveXObject){ - try{ - xhr = new ActiveXObject("Microsoft.XMLHTTP"); - }catch (e){} - } - else - { - session.error_message("Ajax not supported."); - return; - } - if(xhr){ - xhr.onreadystatechange = function() { - if(xhr.readyState == 4 && xhr.status == 200) { - callback(parseResponse()); - } - }; - xhr.open("POST", full_url, true); - xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); - xhr.setRequestHeader("Content-length", params.length); - xhr.send(params); - } - else - { - session.error_message("Ajax failed."); - } - }; - - function parseResponse() { - if (responseIsXML()) { - return parseXML(xhr.responseXML); - } else if (responseIsJSON()) { - return JSON.parse(xhr.responseText); - } - }; - - function responseIsXML() { - return (xhr.responseType == 'document') || - (xhr.getResponseHeader("Content-Type").indexOf('application/xml') >= 0) - } - - function responseIsJSON() { - return (xhr.responseType == 'json') || - (xhr.getResponseHeader("Content-Type").indexOf('application/json') >= 0) - } - - function parseXML(xml) { - if (xml.getElementsByTagName("r").length > 0) { - return parseAttributesOfElement(xml.getElementsByTagName("r")[0]); - } else { - return parseNodes(xml.childNodes); - } - }; - - function parseAttributesOfElement(elem) { - var response = {}; - for (var i = 0; i < elem.attributes.length; i++) { - var attrib = elem.attributes[i]; - if (attrib.specified) { - response[attrib.name] = attrib.value; - } - } - return response; - }; - - function parseNodes(nodes) { - var response = {}; - for (var i = 0; i < nodes.length; i++) { - var node = nodes[i]; - response[node.tagName] = node.textContent || true; - } - return response; - }; - - // we do not fetch the salt from the server - function register(session, callback) - { - sendVerifier(session, callback); - } - - function sendVerifier(session, callback) { - this.ajaxRequest("users", "user[login]=" + session.getI() + - "&user[password_salt]=" + session.getSalt() + - "&user[password_verifier]=" + session.getV().toString(16), callback); - } - - function handshake(I, Astr, callback) { - this.ajaxRequest("handshake/", "I="+I+"&A="+Astr, callback); - } - - function authenticate(M, callback) { - this.ajaxRequest("authenticate/", "M="+M, callback); - } - - function upgrade(M, callback) { - this.ajaxRequest("upgrade/authenticate/", "M="+M, callback); - } - - return { - geturl: getUrl, - paths: paths, - ajaxRequest: ajaxRequest, - register: register, - register_send_verifier: sendVerifier, - handshake: handshake, - authenticate: authenticate, - upgrade: upgrade - } -} diff --git a/lib/plainXHR.js b/lib/plainXHR.js deleted file mode 100644 index d07416b..0000000 --- a/lib/plainXHR.js +++ /dev/null @@ -1,120 +0,0 @@ -// -// SRP JS - Plain XHR module -// -// This is deprecated - unless you are using srp-js with the original drupal -// server side I recommend you use a different API such as restful.js -// -// This code has been largely refactored, tests are still passing but I did -// not test it with the server itself. - -SRP.prototype.Remote = function() { - - // Perform ajax requests at the specified path, with the specified parameters - // Calling back the specified function. - function ajaxRequest(url, params, callback) - { - if( window.XMLHttpRequest) - xhr = new XMLHttpRequest(); - else if (window.ActiveXObject){ - try{ - xhr = new ActiveXObject("Microsoft.XMLHTTP"); - }catch (e){} - } - else - { - session.error_message("Ajax not supported."); - return; - } - if(xhr){ - xhr.onreadystatechange = function() { - if(xhr.readyState == 4 && xhr.status == 200) { - callback(parseResponse()); - } - }; - xhr.open("POST", url, true); - xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); - xhr.setRequestHeader("Content-length", params.length); - xhr.send(params); - } - else - { - session.error_message("Ajax failed."); - } - }; - - function parseResponse() { - if (responseIsXML()) { - return parseXML(xhr.responseXML); - } else if (responseIsJSON()) { - return JSON.parse(xhr.responseText); - } - }; - - function responseIsXML() { - return (xhr.responseType == 'document') || - (xhr.getResponseHeader("Content-Type").indexOf('application/xml') >= 0) - } - - function responseIsJSON() { - return (xhr.responseType == 'json') || - (xhr.getResponseHeader("Content-Type").indexOf('application/json') >= 0) - } - - function parseXML(xml) { - if (xml.getElementsByTagName("r").length > 0) { - return parseAttributesOfElement(xml.getElementsByTagName("r")[0]); - } else { - return parseNodes(xml.childNodes); - } - }; - - function parseAttributesOfElement(elem) { - var response = {}; - for (var i = 0; i < elem.attributes.length; i++) { - var attrib = elem.attributes[i]; - if (attrib.specified) { - response[attrib.name] = attrib.value; - } - } - return response; - }; - - function parseNodes(nodes) { - var response = {}; - for (var i = 0; i < nodes.length; i++) { - var node = nodes[i]; - response[node.tagName] = node.textContent || true; - } - return response; - }; - - // Drupal version fetches the salt from the server. No idea why but this - // should still do it. - this.register = function(session, callback) - { - var that = this; - ajaxRequest("register/salt/", "I="+session.getI(), receive_salt); - - function receive_salt(response) - { - if(response.salt) - { - var s = response.salt; - var v = session.getV(s); - that.sendVerifier(session, callback); - } - }; - } - - this.sendVerifier = function(session, callback) { - ajaxRequest("register/user/", "v="+session.getV().toString(16), callback); - } - - this.handshake = function(session, callback) { - ajaxRequest("handshake/", "I="+session.getI()+"&A="+session.getAstr(), callback); - } - - this.authenticate = function(session, callback) { - ajaxRequest("authenticate/", "M="+session.getM(), callback); - } -} diff --git a/lib/srp.js b/lib/srp.js deleted file mode 100644 index 0482a06..0000000 --- a/lib/srp.js +++ /dev/null @@ -1,76 +0,0 @@ -function SRP(remote, session) -{ - var srp = this; - session = session || new this.Session(); - remote = remote || new this.Remote(); - remote.onError = remote.onError || this.error; - session.onError = session.onError || this.error; - this.remote = remote; - this.session = session; - - // Start the login process by identifying the user - this.identify = function() - { - remote.handshake(session, receive_salts); - - // Receive login salts from the server, start calculations - function receive_salts(response) - { - // B = 0 will make the algorithm always succeed - // -> refuse such a server answer - if(response.B == 0) { - srp.error("Server send random number 0 - this is not allowed"); - } else { - session.calculations(response.s, response.B); - remote.authenticate(session, confirm_authentication) - } - }; - - // Receive M2 from the server and verify it - // If an error occurs, raise it as an alert. - function confirm_authentication(response) - { - if (session.validate(response.M)) - srp.success(); - else - srp.error("Server key does not match"); - }; - }; - - // Initiate the registration process - this.register = function() - { - remote.register(session, srp.registered_user); - }; - - // The user has been registered successfully, now login - this.registered_user = function(response) - { - if(response.ok) - { - srp.identify(); - } - }; - - // Minimal error handling - set remote.onError to sth better to overwrite. - this.error = function(text) - { - alert(text); - }; - - // This function is called when authentication is successful. - // Developers can set this to other functions in specific implementations - // and change the functionality. - this.success = function() - { - var forward_url = document.getElementById("srp_forward").value; - if(forward_url.charAt(0) != "#") - window.location = forward_url; - else - { - window.location = forward_url; - alert("Login successful."); - } - }; -}; - diff --git a/lib/srp_session.js b/lib/srp_session.js deleted file mode 100644 index 93bfbe5..0000000 --- a/lib/srp_session.js +++ /dev/null @@ -1,138 +0,0 @@ -SRP.prototype.Session = function() { - - // Variables session will be used in the SRP protocol - var Nstr = "115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3"; - var N = new BigInteger(Nstr, 16); - var g = new BigInteger("2"); - var k = new BigInteger("c46d46600d87fef149bd79b81119842f3c20241fda67d06ef412d8f6d9479c58", 16); - - var rng = new SecureRandom(); - var a = new BigInteger(32, rng); - var A = g.modPow(a, N); - while(A.mod(N) == 0) - { - a = new BigInteger(32, rng); - A = g.modPow(a, N); - } - var Astr = A.toString(16); - var S = null; - var K = null; - var M = null; - var M2 = null; - var authenticated = false; - var I = document.getElementById("srp_username").value; - var pass = document.getElementById("srp_password").value; - var V; - var salt; - - // *** Accessor methods *** - - // allows setting the random number A for testing - - this.calculateAndSetA = function(_a) - { - a = new BigInteger(_a, 16); - A = g.modPow(a, N); - Astr = A.toString(16); - return Astr; - }; - - this.getAstr = function() { - return Astr; - } - - // Returns the user's identity - this.getI = function() - { - return I; - }; - - // some 16 byte random number - this.getSalt = function() { - salt = salt || new BigInteger(64, rng).toString(16); - return salt - } - - // Returns the BigInteger, g - this.getg = function() - { - return g; - }; - - // Returns the BigInteger, N - this.getN = function() - { - return N; - }; - - // Calculates the X value and return it as a BigInteger - this.calcX = function(s) - { - return new BigInteger(SHA256(s + SHA256(I + ":" + pass)), 16); - }; - - this.getV = function(salt) - { - V = V || this.getg().modPow(this.calcX(salt), this.getN()); - return V; - } - - // Calculate S, M, and M2 - // This is the client side of the SRP specification - this.calculations = function(salt, ephemeral) - { - //S -> C: s | B - var B = new BigInteger(ephemeral, 16); - var Bstr = ephemeral; - // u = H(A,B) - var u = new BigInteger(SHA256(Astr + Bstr), 16); - // x = H(s, H(I:p)) - var x = new BigInteger(SHA256(salt + SHA256(I + ":" + pass)), 16); - //S = (B - kg^x) ^ (a + ux) - var kgx = k.multiply(g.modPow(x, N)); - var aux = a.add(u.multiply(x)); - S = B.subtract(kgx).modPow(aux, N); - // M = H(H(N) xor H(g), H(I), s, A, B, K) - var Mstr = A.toString(16) + B.toString(16) + S.toString(16); - M = SHA256(Mstr); - M2 = SHA256(A.toString(16) + M + S.toString(16)); - //M2 = H(A, M, K) - }; - - this.getM = function() { - return M; - } - - this.validate = function(serverM2) { - authenticated = (serverM2 && serverM2 == M2) - return authenticated; - } - - // If someone wants to use the session key for encrypting traffic, they can - // access the key with this function. - this.key = function() - { - if(K) return K; - if(authenticated) { - K = SHA256(S.toString(16)); - return K; - } - else - this.onError("User has not been authenticated."); - }; - - // Encrypt plaintext using slowAES - this.encrypt = function(plaintext) - { - var key = cryptoHelpers.toNumbers(session.key()); - var byteMessage = cryptoHelpers.convertStringToByteArray(plaintext); - var iv = new Array(16); - rng.nextBytes(iv); - var paddedByteMessage = slowAES.getPaddedBlock(byteMessage, 0, byteMessage.length, slowAES.modeOfOperation.CFB); - var ciphertext = slowAES.encrypt(paddedByteMessage, slowAES.modeOfOperation.CFB, key, key.length, iv).cipher; - var retstring = cryptoHelpers.base64.encode(iv.concat(ciphertext)); - while(retstring.indexOf("+",0) > -1) - retstring = retstring.replace("+", "_"); - return retstring; - }; -} -- cgit v1.2.3