From 4c8e593b7b03abb19b451b6be999f10e0fed5ff4 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Mon, 14 Oct 2013 11:43:34 +0200
Subject: properly treat utf8 chars in password

utf-8 encoding used to be bundled with the SHA256 library. However we
only want to utf8 encode strings that are actual user input. We do not
want to encode the bytearrays that are used when hashing the hex values
calculated during for SRP.

So I separated the utf-8 encoding and the sha256 hashing.
---
 src/srp_calculate.js | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/srp_calculate.js b/src/srp_calculate.js
index a1cbe51..e32def8 100644
--- a/src/srp_calculate.js
+++ b/src/srp_calculate.js
@@ -50,14 +50,13 @@ srp.Calculate = function() {
   };
 
   this.hashHex = function(hexString) {
-    return this.hash(hex2a(hexString));
+    return SHA256(hex2a(hexString));
   };
 
   this.hash = function(string) {
-    return SHA256(string);
+    return SHA256(utf8Encode(string));
   };
 
-
   this.isInvalidEphemeral = function(a) {
     return (g.modPow(a, N) == 0);
   };
@@ -117,4 +116,26 @@ srp.Calculate = function() {
     }
     return str;
   }
+  
+  function utf8Encode(string) {
+    string = string.replace(/\r\n/g,"\n");
+    var utftext = "";
+
+    for (var n = 0; n < string.length; n++) {
+      var c = string.charCodeAt(n);
+      if (c < 128) {
+        utftext += String.fromCharCode(c);
+      }
+      else if((c > 127) && (c < 2048)) {
+        utftext += String.fromCharCode((c >> 6) | 192);
+        utftext += String.fromCharCode((c & 63) | 128);
+      }
+      else {
+        utftext += String.fromCharCode((c >> 12) | 224);
+        utftext += String.fromCharCode(((c >> 6) & 63) | 128);
+        utftext += String.fromCharCode((c & 63) | 128);
+      }
+    }
+    return utftext;
+  }
 };
-- 
cgit v1.2.3