From f1ad0b7e428205a76f6176f44100eac39bb80310 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 22 Jun 2013 15:14:14 +0200 Subject: refactor: rename constants to calculate and clean up hash usage --- src/srp_calculate.js | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/srp_constants.js | 101 ------------------------------------------------ src/srp_session.js | 32 ++++++++-------- 3 files changed, 123 insertions(+), 116 deletions(-) create mode 100644 src/srp_calculate.js delete mode 100644 src/srp_constants.js (limited to 'src') diff --git a/src/srp_calculate.js b/src/srp_calculate.js new file mode 100644 index 0000000..8928114 --- /dev/null +++ b/src/srp_calculate.js @@ -0,0 +1,106 @@ +srp.Calculate = function() { + + // Variables used in the SRP protocol + var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3"; + var N = new BigInteger(Nstr, 16); + var g = new BigInteger("2"); + var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16); + var rng = new SecureRandom(); + + this.A = function(_a) { + a = new BigInteger(_a, 16); + return g.modPow(a, N).toString(16); + }; + + // Calculates the X value + // x = H(s, H(I:p)) + this.X = function(login, password, salt) { + var salted = salt + this.hash(login + ":" + password) + return this.hashHex(salted); + }; + + this.V = this.A; + + // u = H(A,B) + this.U = function(A, B) { + return this.hashHex(A + B); + }; + + //S = (B - kg^x) ^ (a + ux) + this.S = function(_a, _A, _B, _x) { + var a = new BigInteger(_a, 16); + var x = new BigInteger(_x, 16); + var u = new BigInteger(this.U(_A, _B), 16); + var B = new BigInteger(_B, 16); + + var kgx = k.multiply(g.modPow(x, N)); + var aux = a.add(u.multiply(x)); + + return B.subtract(kgx).modPow(aux, N).toString(16); + } + + this.K = function(_S) { + return this.hashHex(_S); + } + + this.nXorG = function() { + var hashN = this.hashHex(Nstr); + var hashG = this.hashHex(g.toString(16)); + return hexXor(hashN, hashG); + }; + + this.hashHex = function(hexString) { + return this.hash(hex2a(hexString)); + }; + + this.hash = function(string) { + return removeLeading0(SHA256(string)); + }; + + + this.isInvalidEphemeral = function(a) { + return (g.modPow(a, N) == 0); + }; + + this.randomEphemeral = function() { + var a = new BigInteger(32, rng); + while(this.isInvalidEphemeral(a)) + { + a = new BigInteger(32, rng); + } + return a.toString(16); + }; + + // some 16 byte random number + this.randomSalt = function() { + return new BigInteger(64, rng).toString(16); + } + + function hex2a(hex) { + var str = ''; + if(hex.length % 2) { + hex = "0" + hex; + } + for (var i = 0; i < hex.length; i += 2) + str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); + return str; + } + + function removeLeading0(hex) { + if (hex[0] == "0") { + return hex.substr(1); + } else { + return hex; + } + } + + function hexXor(a, b) { + var str = ''; + for (var i = 0; i < a.length; i += 2) { + var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16) + xor = xor.toString(16); + str += (xor.length == 1) ? ("0" + xor) : xor + } + return str; + } +}; diff --git a/src/srp_constants.js b/src/srp_constants.js deleted file mode 100644 index 3d7ec85..0000000 --- a/src/srp_constants.js +++ /dev/null @@ -1,101 +0,0 @@ -srp.Constants = function() { - - // Variables used in the SRP protocol - var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3"; - var N = new BigInteger(Nstr, 16); - var g = new BigInteger("2"); - var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16); - var rng = new SecureRandom(); - - this.calcA = function(_a) { - a = new BigInteger(_a, 16); - return g.modPow(a, N).toString(16); - }; - - // Calculates the X value - // x = H(s, H(I:p)) - this.calcX = function(login, password, salt) { - var salted = salt + SHA256(login + ":" + password) - return SHA256(hex2a(salted)); - }; - - this.calcV = this.calcA; - - // u = H(A,B) - this.calcU = function(A, B) { - return SHA256(hex2a(A + B)); - }; - - //S = (B - kg^x) ^ (a + ux) - this.calcS = function(_a, _A, _B, _x) { - var a = new BigInteger(_a, 16); - var x = new BigInteger(_x, 16); - var u = new BigInteger(this.calcU(_A, _B), 16); - var B = new BigInteger(_B, 16); - - var kgx = k.multiply(g.modPow(x, N)); - var aux = a.add(u.multiply(x)); - - return B.subtract(kgx).modPow(aux, N).toString(16); - } - - this.calcK = function(_S) { - return SHA256(hex2a(_S)); - } - - this.nXorG = function() { - var hashN = SHA256(hex2a(Nstr)); - var hashG = SHA256(hex2a(g.toString(16))); - return hexXor(hashN, hashG); - }; - - this.hash = function(hexString) { - return removeLeading0(SHA256(hex2a(hexString))); - }; - - this.isInvalidEphemeral = function(a) { - return (g.modPow(a, N) == 0); - }; - - this.randomEphemeral = function() { - var a = new BigInteger(32, rng); - while(this.isInvalidEphemeral(a)) - { - a = new BigInteger(32, rng); - } - return a.toString(16); - }; - - // some 16 byte random number - this.randomSalt = function() { - return new BigInteger(64, rng).toString(16); - } - - function hex2a(hex) { - var str = ''; - if(hex.length % 2) { - hex = "0" + hex; - } - for (var i = 0; i < hex.length; i += 2) - str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); - return str; - } - - function removeLeading0(hex) { - if (hex[0] == "0") { - return hex.substr(1); - } else { - return hex; - } - } - - function hexXor(a, b) { - var str = ''; - for (var i = 0; i < a.length; i += 2) { - var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16) - xor = xor.toString(16); - str += (xor.length == 1) ? ("0" + xor) : xor - } - return str; - } -}; diff --git a/src/srp_session.js b/src/srp_session.js index babb96a..ccade72 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -1,9 +1,10 @@ -srp.Session = function(login, password, constants) { - +srp.Session = function(login, password, calculate) { - var constants = constants || new srp.Constants(); - var a = constants.randomEphemeral(); - var A = constants.calcA(a); + // default for injected dependency + calculate = calculate || new srp.Calculate(); + + var a = calculate.randomEphemeral(); + var A = calculate.A(a); var S = null; var K = null; var M = null; @@ -18,17 +19,17 @@ srp.Session = function(login, password, constants) { this.calculateAndSetA = function(_a) { a = _a; - A = constants.calcA(_a); + A = calculate.A(_a); return A; }; this.signup = function() { - var salt = constants.randomSalt(); - var x = constants.calcX(this.getI(), this.getPass(), salt); + var salt = calculate.randomSalt(); + var x = calculate.X(this.getI(), this.getPass(), salt); return { login: this.getI(), password_salt: salt, - password_verifier: constants.calcV(x) + password_verifier: calculate.V(x) }; }; @@ -61,15 +62,16 @@ srp.Session = function(login, password, constants) { { //S -> C: s | B var B = ephemeral; - var x = constants.calcX(this.getI(), this.getPass(), salt); - S = constants.calcS(a, A, B, x); - K = constants.calcK(S); + var x = calculate.X(this.getI(), this.getPass(), salt); + S = calculate.S(a, A, B, x); + K = calculate.K(S); // M = H(H(N) xor H(g), H(I), s, A, B, K) - var xor = constants.nXorG(); - M = constants.hash(xor + SHA256(I) + salt + A + B + K); + var xor = calculate.nXorG(); + var hash_i = calculate.hash(I) + M = calculate.hashHex(xor + hash_i + salt + A + B + K); //M2 = H(A, M, K) - M2 = constants.hash(A + M + K); + M2 = calculate.hashHex(A + M + K); }; -- cgit v1.2.3