From 394f9377e3a0686625225f8e58d74a682096310b Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 20 Jun 2013 17:28:55 +0200 Subject: fix bug wrt zero padding of hashes --- src/srp_session.js | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'src/srp_session.js') diff --git a/src/srp_session.js b/src/srp_session.js index b1b6014..f895f4a 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -121,11 +121,15 @@ srp.Session = function(login, password) { hexString += Astr; hexString += Bstr; hexString += K - M = SHA256(hex2a(hexString)); + M = removeLeading0(SHA256(hex2a(hexString))); //M2 = H(A, M, K) - M2 = SHA256(hex2a(Astr + M + K)); + M2 = removeLeading0(SHA256(hex2a(Astr + M + K))); }; + this.getS = function() { + return S; + } + this.getM = function() { return M; } @@ -161,8 +165,19 @@ srp.Session = function(login, password) { return retstring; }; + function removeLeading0(hex) { + if (hex[0] == "0") { + return hex.substr(1); + } else { + return hex; + } + } + function hex2a(hex) { var str = ''; + if(hex.length % 2) { + hex = "0" + hex; + } for (var i = 0; i < hex.length; i += 2) str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); return str; -- cgit v1.2.3 From 9ba81783b999bfb3c126112af4dcabad75b7d6c5 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 22 Jun 2013 14:53:13 +0200 Subject: refactor: separate calculations from session --- src/srp_session.js | 129 ++++++++++------------------------------------------- 1 file changed, 24 insertions(+), 105 deletions(-) (limited to 'src/srp_session.js') diff --git a/src/srp_session.js b/src/srp_session.js index f895f4a..babb96a 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -1,20 +1,9 @@ -srp.Session = function(login, password) { +srp.Session = function(login, password, constants) { - // Variables session will be used in the SRP protocol - var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3"; - var N = new BigInteger(Nstr, 16); - var g = new BigInteger("2"); - var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16); - - var rng = new SecureRandom(); - var a = new BigInteger(32, rng); - var A = g.modPow(a, N); - while(A.mod(N) == 0) - { - a = new BigInteger(32, rng); - A = g.modPow(a, N); - } - var Astr = A.toString(16); + + var constants = constants || new srp.Constants(); + var a = constants.randomEphemeral(); + var A = constants.calcA(a); var S = null; var K = null; var M = null; @@ -28,30 +17,30 @@ srp.Session = function(login, password) { // allows setting the random number A for testing this.calculateAndSetA = function(_a) { - a = new BigInteger(_a, 16); - A = g.modPow(a, N); - Astr = A.toString(16); - return Astr; + a = _a; + A = constants.calcA(_a); + return A; }; this.signup = function() { - var salt = this.getSalt(); + var salt = constants.randomSalt(); + var x = constants.calcX(this.getI(), this.getPass(), salt); return { login: this.getI(), password_salt: salt, - password_verifier: this.getV(salt).toString(16) + password_verifier: constants.calcV(x) }; }; this.handshake = function() { return { login: this.getI(), - A: this.getAstr() + A: this.getA() }; }; - this.getAstr = function() { - return Astr; + this.getA = function() { + return A; } // Returns the user's identity @@ -66,66 +55,24 @@ srp.Session = function(login, password) { return pass; }; - // some 16 byte random number - this.getSalt = function() { - return new BigInteger(64, rng).toString(16); - } - - // Returns the BigInteger, g - this.getg = function() { - return g; - }; - - // Returns the BigInteger, N - this.getN = function() { - return N; - }; - - // Calculates the X value and return it as a BigInteger - this.calcX = function(salt) { - var inner = salt + SHA256(this.getI() + ":" + this.getPass()) - return new BigInteger(SHA256(hex2a(inner)), 16); - }; - - this.getV = function(salt) - { - return this.getg().modPow(this.calcX(salt), this.getN()); - } - // Calculate S, M, and M2 // This is the client side of the SRP specification this.calculations = function(salt, ephemeral) { //S -> C: s | B - var B = new BigInteger(ephemeral, 16); - var Bstr = ephemeral; - // u = H(A,B) - var u = new BigInteger(SHA256(hex2a(Astr + Bstr)), 16); - // x = H(s, H(I:p)) - var x = this.calcX(salt); - //S = (B - kg^x) ^ (a + ux) - var kgx = k.multiply(g.modPow(x, N)); - var aux = a.add(u.multiply(x)); - S = B.subtract(kgx).modPow(aux, N); - K = SHA256(hex2a(S.toString(16))); - this.calcM(salt, A.toString(16), B.toString(16)); - }; - - // M = H(H(N) xor H(g), H(I), s, A, B, K) - this.calcM = function(salt, Astr, Bstr) { - var hashN = SHA256(hex2a(N.toString(16))) - var hashG = SHA256(hex2a(g.toString(16))) - var hexString = hexXor(hashN, hashG); - hexString += SHA256(I); - hexString += salt; - hexString += Astr; - hexString += Bstr; - hexString += K - M = removeLeading0(SHA256(hex2a(hexString))); + var B = ephemeral; + var x = constants.calcX(this.getI(), this.getPass(), salt); + S = constants.calcS(a, A, B, x); + K = constants.calcK(S); + + // M = H(H(N) xor H(g), H(I), s, A, B, K) + var xor = constants.nXorG(); + M = constants.hash(xor + SHA256(I) + salt + A + B + K); //M2 = H(A, M, K) - M2 = removeLeading0(SHA256(hex2a(Astr + M + K))); + M2 = constants.hash(A + M + K); }; + this.getS = function() { return S; } @@ -164,33 +111,5 @@ srp.Session = function(login, password) { retstring = retstring.replace("+", "_"); return retstring; }; - - function removeLeading0(hex) { - if (hex[0] == "0") { - return hex.substr(1); - } else { - return hex; - } - } - - function hex2a(hex) { - var str = ''; - if(hex.length % 2) { - hex = "0" + hex; - } - for (var i = 0; i < hex.length; i += 2) - str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); - return str; - } - - function hexXor(a, b) { - var str = ''; - for (var i = 0; i < a.length; i += 2) { - var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16) - xor = xor.toString(16); - str += (xor.length == 1) ? ("0" + xor) : xor - } - return str; - } }; -- cgit v1.2.3 From f1ad0b7e428205a76f6176f44100eac39bb80310 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 22 Jun 2013 15:14:14 +0200 Subject: refactor: rename constants to calculate and clean up hash usage --- src/srp_session.js | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'src/srp_session.js') diff --git a/src/srp_session.js b/src/srp_session.js index babb96a..ccade72 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -1,9 +1,10 @@ -srp.Session = function(login, password, constants) { - +srp.Session = function(login, password, calculate) { - var constants = constants || new srp.Constants(); - var a = constants.randomEphemeral(); - var A = constants.calcA(a); + // default for injected dependency + calculate = calculate || new srp.Calculate(); + + var a = calculate.randomEphemeral(); + var A = calculate.A(a); var S = null; var K = null; var M = null; @@ -18,17 +19,17 @@ srp.Session = function(login, password, constants) { this.calculateAndSetA = function(_a) { a = _a; - A = constants.calcA(_a); + A = calculate.A(_a); return A; }; this.signup = function() { - var salt = constants.randomSalt(); - var x = constants.calcX(this.getI(), this.getPass(), salt); + var salt = calculate.randomSalt(); + var x = calculate.X(this.getI(), this.getPass(), salt); return { login: this.getI(), password_salt: salt, - password_verifier: constants.calcV(x) + password_verifier: calculate.V(x) }; }; @@ -61,15 +62,16 @@ srp.Session = function(login, password, constants) { { //S -> C: s | B var B = ephemeral; - var x = constants.calcX(this.getI(), this.getPass(), salt); - S = constants.calcS(a, A, B, x); - K = constants.calcK(S); + var x = calculate.X(this.getI(), this.getPass(), salt); + S = calculate.S(a, A, B, x); + K = calculate.K(S); // M = H(H(N) xor H(g), H(I), s, A, B, K) - var xor = constants.nXorG(); - M = constants.hash(xor + SHA256(I) + salt + A + B + K); + var xor = calculate.nXorG(); + var hash_i = calculate.hash(I) + M = calculate.hashHex(xor + hash_i + salt + A + B + K); //M2 = H(A, M, K) - M2 = constants.hash(A + M + K); + M2 = calculate.hashHex(A + M + K); }; -- cgit v1.2.3 From 0c5369fd9299eb9bf7295e3925ce803c5473e2b8 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 22 Jun 2013 16:17:45 +0200 Subject: refactor: separate account from session --- src/srp_session.js | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) (limited to 'src/srp_session.js') diff --git a/src/srp_session.js b/src/srp_session.js index ccade72..5d1f829 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -1,6 +1,7 @@ -srp.Session = function(login, password, calculate) { +srp.Session = function(account, calculate) { // default for injected dependency + account = account || new srp.Account(); calculate = calculate || new srp.Calculate(); var a = calculate.randomEphemeral(); @@ -10,8 +11,6 @@ srp.Session = function(login, password, calculate) { var M = null; var M2 = null; var authenticated = false; - var I = login; - var pass = password; // *** Accessor methods *** @@ -25,9 +24,9 @@ srp.Session = function(login, password, calculate) { this.signup = function() { var salt = calculate.randomSalt(); - var x = calculate.X(this.getI(), this.getPass(), salt); + var x = calculate.X(account.login(), account.password(), salt); return { - login: this.getI(), + login: account.login(), password_salt: salt, password_verifier: calculate.V(x) }; @@ -35,7 +34,7 @@ srp.Session = function(login, password, calculate) { this.handshake = function() { return { - login: this.getI(), + login: account.login(), A: this.getA() }; }; @@ -44,17 +43,8 @@ srp.Session = function(login, password, calculate) { return A; } - // Returns the user's identity - this.getI = function() { - I = login || document.getElementById("srp_username").value; - return I; - }; - - // Returns the password currently typed in - this.getPass = function() { - pass = password || document.getElementById("srp_password").value; - return pass; - }; + // Delegate login so it can be used when talking to the remote + this.login = account.login; // Calculate S, M, and M2 // This is the client side of the SRP specification @@ -62,13 +52,13 @@ srp.Session = function(login, password, calculate) { { //S -> C: s | B var B = ephemeral; - var x = calculate.X(this.getI(), this.getPass(), salt); + var x = calculate.X(account.login(), account.password(), salt); S = calculate.S(a, A, B, x); K = calculate.K(S); // M = H(H(N) xor H(g), H(I), s, A, B, K) var xor = calculate.nXorG(); - var hash_i = calculate.hash(I) + var hash_i = calculate.hash(account.login()) M = calculate.hashHex(xor + hash_i + salt + A + B + K); //M2 = H(A, M, K) M2 = calculate.hashHex(A + M + K); -- cgit v1.2.3