From 9ba81783b999bfb3c126112af4dcabad75b7d6c5 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 22 Jun 2013 14:53:13 +0200 Subject: refactor: separate calculations from session --- src/srp_constants.js | 101 ++++++++++++++++++++++++++++++++++++++++ src/srp_session.js | 129 ++++++++++----------------------------------------- 2 files changed, 125 insertions(+), 105 deletions(-) create mode 100644 src/srp_constants.js (limited to 'src') diff --git a/src/srp_constants.js b/src/srp_constants.js new file mode 100644 index 0000000..3d7ec85 --- /dev/null +++ b/src/srp_constants.js @@ -0,0 +1,101 @@ +srp.Constants = function() { + + // Variables used in the SRP protocol + var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3"; + var N = new BigInteger(Nstr, 16); + var g = new BigInteger("2"); + var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16); + var rng = new SecureRandom(); + + this.calcA = function(_a) { + a = new BigInteger(_a, 16); + return g.modPow(a, N).toString(16); + }; + + // Calculates the X value + // x = H(s, H(I:p)) + this.calcX = function(login, password, salt) { + var salted = salt + SHA256(login + ":" + password) + return SHA256(hex2a(salted)); + }; + + this.calcV = this.calcA; + + // u = H(A,B) + this.calcU = function(A, B) { + return SHA256(hex2a(A + B)); + }; + + //S = (B - kg^x) ^ (a + ux) + this.calcS = function(_a, _A, _B, _x) { + var a = new BigInteger(_a, 16); + var x = new BigInteger(_x, 16); + var u = new BigInteger(this.calcU(_A, _B), 16); + var B = new BigInteger(_B, 16); + + var kgx = k.multiply(g.modPow(x, N)); + var aux = a.add(u.multiply(x)); + + return B.subtract(kgx).modPow(aux, N).toString(16); + } + + this.calcK = function(_S) { + return SHA256(hex2a(_S)); + } + + this.nXorG = function() { + var hashN = SHA256(hex2a(Nstr)); + var hashG = SHA256(hex2a(g.toString(16))); + return hexXor(hashN, hashG); + }; + + this.hash = function(hexString) { + return removeLeading0(SHA256(hex2a(hexString))); + }; + + this.isInvalidEphemeral = function(a) { + return (g.modPow(a, N) == 0); + }; + + this.randomEphemeral = function() { + var a = new BigInteger(32, rng); + while(this.isInvalidEphemeral(a)) + { + a = new BigInteger(32, rng); + } + return a.toString(16); + }; + + // some 16 byte random number + this.randomSalt = function() { + return new BigInteger(64, rng).toString(16); + } + + function hex2a(hex) { + var str = ''; + if(hex.length % 2) { + hex = "0" + hex; + } + for (var i = 0; i < hex.length; i += 2) + str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); + return str; + } + + function removeLeading0(hex) { + if (hex[0] == "0") { + return hex.substr(1); + } else { + return hex; + } + } + + function hexXor(a, b) { + var str = ''; + for (var i = 0; i < a.length; i += 2) { + var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16) + xor = xor.toString(16); + str += (xor.length == 1) ? ("0" + xor) : xor + } + return str; + } +}; diff --git a/src/srp_session.js b/src/srp_session.js index f895f4a..babb96a 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -1,20 +1,9 @@ -srp.Session = function(login, password) { +srp.Session = function(login, password, constants) { - // Variables session will be used in the SRP protocol - var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3"; - var N = new BigInteger(Nstr, 16); - var g = new BigInteger("2"); - var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16); - - var rng = new SecureRandom(); - var a = new BigInteger(32, rng); - var A = g.modPow(a, N); - while(A.mod(N) == 0) - { - a = new BigInteger(32, rng); - A = g.modPow(a, N); - } - var Astr = A.toString(16); + + var constants = constants || new srp.Constants(); + var a = constants.randomEphemeral(); + var A = constants.calcA(a); var S = null; var K = null; var M = null; @@ -28,30 +17,30 @@ srp.Session = function(login, password) { // allows setting the random number A for testing this.calculateAndSetA = function(_a) { - a = new BigInteger(_a, 16); - A = g.modPow(a, N); - Astr = A.toString(16); - return Astr; + a = _a; + A = constants.calcA(_a); + return A; }; this.signup = function() { - var salt = this.getSalt(); + var salt = constants.randomSalt(); + var x = constants.calcX(this.getI(), this.getPass(), salt); return { login: this.getI(), password_salt: salt, - password_verifier: this.getV(salt).toString(16) + password_verifier: constants.calcV(x) }; }; this.handshake = function() { return { login: this.getI(), - A: this.getAstr() + A: this.getA() }; }; - this.getAstr = function() { - return Astr; + this.getA = function() { + return A; } // Returns the user's identity @@ -66,66 +55,24 @@ srp.Session = function(login, password) { return pass; }; - // some 16 byte random number - this.getSalt = function() { - return new BigInteger(64, rng).toString(16); - } - - // Returns the BigInteger, g - this.getg = function() { - return g; - }; - - // Returns the BigInteger, N - this.getN = function() { - return N; - }; - - // Calculates the X value and return it as a BigInteger - this.calcX = function(salt) { - var inner = salt + SHA256(this.getI() + ":" + this.getPass()) - return new BigInteger(SHA256(hex2a(inner)), 16); - }; - - this.getV = function(salt) - { - return this.getg().modPow(this.calcX(salt), this.getN()); - } - // Calculate S, M, and M2 // This is the client side of the SRP specification this.calculations = function(salt, ephemeral) { //S -> C: s | B - var B = new BigInteger(ephemeral, 16); - var Bstr = ephemeral; - // u = H(A,B) - var u = new BigInteger(SHA256(hex2a(Astr + Bstr)), 16); - // x = H(s, H(I:p)) - var x = this.calcX(salt); - //S = (B - kg^x) ^ (a + ux) - var kgx = k.multiply(g.modPow(x, N)); - var aux = a.add(u.multiply(x)); - S = B.subtract(kgx).modPow(aux, N); - K = SHA256(hex2a(S.toString(16))); - this.calcM(salt, A.toString(16), B.toString(16)); - }; - - // M = H(H(N) xor H(g), H(I), s, A, B, K) - this.calcM = function(salt, Astr, Bstr) { - var hashN = SHA256(hex2a(N.toString(16))) - var hashG = SHA256(hex2a(g.toString(16))) - var hexString = hexXor(hashN, hashG); - hexString += SHA256(I); - hexString += salt; - hexString += Astr; - hexString += Bstr; - hexString += K - M = removeLeading0(SHA256(hex2a(hexString))); + var B = ephemeral; + var x = constants.calcX(this.getI(), this.getPass(), salt); + S = constants.calcS(a, A, B, x); + K = constants.calcK(S); + + // M = H(H(N) xor H(g), H(I), s, A, B, K) + var xor = constants.nXorG(); + M = constants.hash(xor + SHA256(I) + salt + A + B + K); //M2 = H(A, M, K) - M2 = removeLeading0(SHA256(hex2a(Astr + M + K))); + M2 = constants.hash(A + M + K); }; + this.getS = function() { return S; } @@ -164,33 +111,5 @@ srp.Session = function(login, password) { retstring = retstring.replace("+", "_"); return retstring; }; - - function removeLeading0(hex) { - if (hex[0] == "0") { - return hex.substr(1); - } else { - return hex; - } - } - - function hex2a(hex) { - var str = ''; - if(hex.length % 2) { - hex = "0" + hex; - } - for (var i = 0; i < hex.length; i += 2) - str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); - return str; - } - - function hexXor(a, b) { - var str = ''; - for (var i = 0; i < a.length; i += 2) { - var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16) - xor = xor.toString(16); - str += (xor.length == 1) ? ("0" + xor) : xor - } - return str; - } }; -- cgit v1.2.3