summaryrefslogtreecommitdiff
authorGiulio Cesare Solaroli <giulio.cesare@clipperz.com>2014-05-30 14:10:13 (UTC)
committer Giulio Cesare Solaroli <giulio.cesare@clipperz.com>2014-05-30 14:15:51 (UTC)
commit7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (patch) (side-by-side diff)
tree33c05ee7329d9b8e5eff79942f254d6c680ad661
parented6b4edc82b0f65c77980713cd525053fcbc1dd2 (diff)
downloadclipperz-7fdb41fa2b1f621636882ad9059c1f3ecfb74083.zip
clipperz-7fdb41fa2b1f621636882ad9059c1f3ecfb74083.tar.gz
clipperz-7fdb41fa2b1f621636882ad9059c1f3ecfb74083.tar.bz2
Fixed vulnerability CLP-01-016
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--frontend/beta/js/Clipperz/Crypto/SRP.js67
-rw-r--r--frontend/delta/js/Clipperz/Crypto/SRP.js53
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/SRP.js53
3 files changed, 125 insertions, 48 deletions
diff --git a/frontend/beta/js/Clipperz/Crypto/SRP.js b/frontend/beta/js/Clipperz/Crypto/SRP.js
index 8cc80ba..8c522ad 100644
--- a/frontend/beta/js/Clipperz/Crypto/SRP.js
+++ b/frontend/beta/js/Clipperz/Crypto/SRP.js
@@ -1,326 +1,345 @@
/*
Copyright 2008-2013 Clipperz Srl
This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
* Clipperz is free software: you can redistribute it and/or modify it
under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
* Clipperz is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!";
}
try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.BigInt!";
}
try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.PRNG!";
}
if (typeof(Clipperz.Crypto.SRP) == 'undefined') { Clipperz.Crypto.SRP = {}; }
Clipperz.Crypto.SRP.VERSION = "0.1";
Clipperz.Crypto.SRP.NAME = "Clipperz.Crypto.SRP";
//#############################################################################
MochiKit.Base.update(Clipperz.Crypto.SRP, {
'_n': null,
'_g': null,
+ '_k': null,
+
//-------------------------------------------------------------------------
'n': function() {
if (Clipperz.Crypto.SRP._n == null) {
Clipperz.Crypto.SRP._n = new Clipperz.Crypto.BigInt("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16);
}
return Clipperz.Crypto.SRP._n;
},
//-------------------------------------------------------------------------
'g': function() {
if (Clipperz.Crypto.SRP._g == null) {
Clipperz.Crypto.SRP._g = new Clipperz.Crypto.BigInt(2); // eventually 5 (as suggested on the Diffi-Helmann documentation)
}
return Clipperz.Crypto.SRP._g;
},
+ 'k': function() {
+ if (Clipperz.Crypto.SRP._k == null) {
+// Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16);
+ Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16);
+ }
+
+ return Clipperz.Crypto.SRP._k;
+ },
+
//-----------------------------------------------------------------------------
'exception': {
'InvalidValue': new MochiKit.Base.NamedError("Clipperz.Crypto.SRP.exception.InvalidValue")
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
//
// S R P C o n n e c t i o n version 1.0
//
//=============================================================================
Clipperz.Crypto.SRP.Connection = function (args) {
args = args || {};
this._C = args.C;
this._P = args.P;
this.hash = args.hash;
this._a = null;
this._A = null;
this._s = null;
this._B = null;
this._x = null;
this._u = null;
this._K = null;
this._M1 = null;
this._M2 = null;
this._sessionKey = null;
return this;
}
Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
'toString': function () {
return "Clipperz.Crypto.SRP.Connection (username: " + this.username() + "). Status: " + this.statusDescription();
},
//-------------------------------------------------------------------------
'C': function () {
return this._C;
},
//-------------------------------------------------------------------------
'P': function () {
return this._P;
},
//-------------------------------------------------------------------------
'a': function () {
if (this._a == null) {
this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16);
// this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10);
-//MochiKit.Logging.logDebug("SRP a: " + this._a);
}
return this._a;
},
//-------------------------------------------------------------------------
'A': function () {
if (this._A == null) {
- // Warning: this value should be strictly greater than zero: how should we perform this check?
+ // Warning: this value should be strictly greater than zero
this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n());
-
- if (this._A.equals(0)) {
-MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
+ if (this._A.equals(0) || negative(this._A)) {
+ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
throw Clipperz.Crypto.SRP.exception.InvalidValue;
}
-//MochiKit.Logging.logDebug("SRP A: " + this._A);
}
return this._A;
},
//-------------------------------------------------------------------------
's': function () {
return this._s;
-//MochiKit.Logging.logDebug("SRP s: " + this._S);
},
'set_s': function(aValue) {
this._s = aValue;
},
//-------------------------------------------------------------------------
'B': function () {
return this._B;
},
'set_B': function(aValue) {
- // Warning: this value should be strictly greater than zero: how should we perform this check?
- if (! aValue.equals(0)) {
- this._B = aValue;
-//MochiKit.Logging.logDebug("SRP B: " + this._B);
- } else {
-MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
+ // Warning: this value should be strictly greater than zero
+ this._B = aValue;
+ if (this._B.equals(0) || negative(this._B)) {
+ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
throw Clipperz.Crypto.SRP.exception.InvalidValue;
}
},
//-------------------------------------------------------------------------
'x': function () {
if (this._x == null) {
this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16);
-//MochiKit.Logging.logDebug("SRP x: " + this._x);
}
return this._x;
},
//-------------------------------------------------------------------------
'u': function () {
if (this._u == null) {
- this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16);
-//MochiKit.Logging.logDebug("SRP u: " + this._u);
+ this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16);
}
return this._u;
},
//-------------------------------------------------------------------------
'S': function () {
if (this._S == null) {
var bigint;
var srp;
bigint = Clipperz.Crypto.BigInt;
srp = Clipperz.Crypto.SRP;
this._S = bigint.powerModule(
- bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())),
- bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
- srp.n()
+ bigint.subtract(
+ this.B(),
+ bigint.multiply(
+ Clipperz.Crypto.SRP.k(),
+ bigint.powerModule(srp.g(), this.x(), srp.n())
+ )
+ ),
+ bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
+ srp.n()
)
-//MochiKit.Logging.logDebug("SRP S: " + this._S);
}
return this._S;
},
//-------------------------------------------------------------------------
'K': function () {
if (this._K == null) {
this._K = this.stringHash(this.S().asString());
-//MochiKit.Logging.logDebug("SRP K: " + this._K);
}
return this._K;
},
//-------------------------------------------------------------------------
'M1': function () {
if (this._M1 == null) {
- this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
-//MochiKit.Logging.logDebug("SRP M1: " + this._M1);
+// this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+
+ // http://srp.stanford.edu/design.html
+ // User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K)
+
+ this._M1 = this.stringHash(
+ "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+ this.stringHash(this.C()) +
+ this.s().asString() +
+ this.A().asString() +
+ this.B().asString() +
+ this.K()
+ );
+//console.log("M1", this._M1);
}
return this._M1;
},
//-------------------------------------------------------------------------
'M2': function () {
if (this._M2 == null) {
this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K());
-//MochiKit.Logging.logDebug("SRP M2: " + this._M2);
+//console.log("M2", this._M2);
}
return this._M2;
},
//=========================================================================
'serverSideCredentialsWithSalt': function(aSalt) {
var result;
var s, x, v;
s = aSalt;
x = this.stringHash(s + this.P());
v = Clipperz.Crypto.SRP.g().powerModule(new Clipperz.Crypto.BigInt(x, 16), Clipperz.Crypto.SRP.n());
result = {};
result['C'] = this.C();
result['s'] = s;
result['v'] = v.asString(16);
return result;
},
'serverSideCredentials': function() {
var result;
var s;
s = Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2);
result = this.serverSideCredentialsWithSalt(s);
return result;
},
//=========================================================================
/*
'computeServerSide_S': function(b) {
var result;
var v;
var bigint;
var srp;
bigint = Clipperz.Crypto.BigInt;
srp = Clipperz.Crypto.SRP;
v = new Clipperz.Crypto.BigInt(srpConnection.serverSideCredentialsWithSalt(this.s().asString(16, 64)).v, 16);
// _S = (this.A().multiply(this.v().modPow(this.u(), this.n()))).modPow(this.b(), this.n());
result = bigint.powerModule(
bigint.multiply(
this.A(),
bigint.powerModule(v, this.u(), srp.n())
), new Clipperz.Crypto.BigInt(b, 10), srp.n()
);
return result;
},
*/
//=========================================================================
'stringHash': function(aValue) {
var result;
result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
return result;
},
//=========================================================================
__syntaxFix__: "syntax fix"
});
//#############################################################################
diff --git a/frontend/delta/js/Clipperz/Crypto/SRP.js b/frontend/delta/js/Clipperz/Crypto/SRP.js
index 597e72d..6898dfb 100644
--- a/frontend/delta/js/Clipperz/Crypto/SRP.js
+++ b/frontend/delta/js/Clipperz/Crypto/SRP.js
@@ -1,316 +1,345 @@
/*
Copyright 2008-2013 Clipperz Srl
This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
* Clipperz is free software: you can redistribute it and/or modify it
under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
* Clipperz is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!";
}
try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.BigInt!";
}
try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.PRNG!";
}
if (typeof(Clipperz.Crypto.SRP) == 'undefined') { Clipperz.Crypto.SRP = {}; }
Clipperz.Crypto.SRP.VERSION = "0.1";
Clipperz.Crypto.SRP.NAME = "Clipperz.Crypto.SRP";
//#############################################################################
MochiKit.Base.update(Clipperz.Crypto.SRP, {
'_n': null,
'_g': null,
+ '_k': null,
+
//-------------------------------------------------------------------------
'n': function() {
if (Clipperz.Crypto.SRP._n == null) {
Clipperz.Crypto.SRP._n = new Clipperz.Crypto.BigInt("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16);
}
return Clipperz.Crypto.SRP._n;
},
//-------------------------------------------------------------------------
'g': function() {
if (Clipperz.Crypto.SRP._g == null) {
Clipperz.Crypto.SRP._g = new Clipperz.Crypto.BigInt(2); // eventually 5 (as suggested on the Diffi-Helmann documentation)
}
return Clipperz.Crypto.SRP._g;
},
+ 'k': function() {
+ if (Clipperz.Crypto.SRP._k == null) {
+// Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16);
+ Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16);
+ }
+
+ return Clipperz.Crypto.SRP._k;
+ },
+
//-----------------------------------------------------------------------------
'exception': {
'InvalidValue': new MochiKit.Base.NamedError("Clipperz.Crypto.SRP.exception.InvalidValue")
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
//
// S R P C o n n e c t i o n version 1.0
//
//=============================================================================
Clipperz.Crypto.SRP.Connection = function (args) {
args = args || {};
this._C = args.C;
this._P = args.P;
this.hash = args.hash;
this._a = null;
this._A = null;
this._s = null;
this._B = null;
this._x = null;
this._u = null;
this._K = null;
this._M1 = null;
this._M2 = null;
this._sessionKey = null;
return this;
}
Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
'toString': function () {
return "Clipperz.Crypto.SRP.Connection (username: " + this.username() + "). Status: " + this.statusDescription();
},
//-------------------------------------------------------------------------
'C': function () {
return this._C;
},
//-------------------------------------------------------------------------
'P': function () {
return this._P;
},
//-------------------------------------------------------------------------
'a': function () {
if (this._a == null) {
this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16);
// this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10);
}
return this._a;
},
//-------------------------------------------------------------------------
'A': function () {
if (this._A == null) {
- // Warning: this value should be strictly greater than zero: how should we perform this check?
+ // Warning: this value should be strictly greater than zero
this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n());
-
- if (this._A.equals(0)) {
+ if (this._A.equals(0) || negative(this._A)) {
Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
throw Clipperz.Crypto.SRP.exception.InvalidValue;
}
}
return this._A;
},
//-------------------------------------------------------------------------
's': function () {
return this._s;
},
'set_s': function(aValue) {
this._s = aValue;
},
//-------------------------------------------------------------------------
'B': function () {
return this._B;
},
'set_B': function(aValue) {
- // Warning: this value should be strictly greater than zero: how should we perform this check?
- if (! aValue.equals(0)) {
- this._B = aValue;
- } else {
+ // Warning: this value should be strictly greater than zero
+ this._B = aValue;
+ if (this._B.equals(0) || negative(this._B)) {
Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
throw Clipperz.Crypto.SRP.exception.InvalidValue;
}
},
//-------------------------------------------------------------------------
'x': function () {
if (this._x == null) {
this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16);
}
return this._x;
},
//-------------------------------------------------------------------------
'u': function () {
if (this._u == null) {
- this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16);
+ this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16);
}
return this._u;
},
//-------------------------------------------------------------------------
'S': function () {
if (this._S == null) {
var bigint;
var srp;
bigint = Clipperz.Crypto.BigInt;
srp = Clipperz.Crypto.SRP;
this._S = bigint.powerModule(
- bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())),
- bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
- srp.n()
+ bigint.subtract(
+ this.B(),
+ bigint.multiply(
+ Clipperz.Crypto.SRP.k(),
+ bigint.powerModule(srp.g(), this.x(), srp.n())
+ )
+ ),
+ bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
+ srp.n()
)
}
return this._S;
},
//-------------------------------------------------------------------------
'K': function () {
if (this._K == null) {
this._K = this.stringHash(this.S().asString());
}
return this._K;
},
//-------------------------------------------------------------------------
'M1': function () {
if (this._M1 == null) {
- this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+// this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+
+ // http://srp.stanford.edu/design.html
+ // User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K)
+
+ this._M1 = this.stringHash(
+ "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+ this.stringHash(this.C()) +
+ this.s().asString() +
+ this.A().asString() +
+ this.B().asString() +
+ this.K()
+ );
+//console.log("M1", this._M1);
}
return this._M1;
},
//-------------------------------------------------------------------------
'M2': function () {
if (this._M2 == null) {
this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K());
+//console.log("M2", this._M2);
}
return this._M2;
},
//=========================================================================
'serverSideCredentialsWithSalt': function(aSalt) {
var result;
var s, x, v;
s = aSalt;
x = this.stringHash(s + this.P());
v = Clipperz.Crypto.SRP.g().powerModule(new Clipperz.Crypto.BigInt(x, 16), Clipperz.Crypto.SRP.n());
result = {};
result['C'] = this.C();
result['s'] = s;
result['v'] = v.asString(16);
return result;
},
'serverSideCredentials': function() {
var result;
var s;
s = Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2);
result = this.serverSideCredentialsWithSalt(s);
return result;
},
//=========================================================================
/*
'computeServerSide_S': function(b) {
var result;
var v;
var bigint;
var srp;
bigint = Clipperz.Crypto.BigInt;
srp = Clipperz.Crypto.SRP;
v = new Clipperz.Crypto.BigInt(srpConnection.serverSideCredentialsWithSalt(this.s().asString(16, 64)).v, 16);
// _S = (this.A().multiply(this.v().modPow(this.u(), this.n()))).modPow(this.b(), this.n());
result = bigint.powerModule(
bigint.multiply(
this.A(),
bigint.powerModule(v, this.u(), srp.n())
), new Clipperz.Crypto.BigInt(b, 10), srp.n()
);
return result;
},
*/
//=========================================================================
'stringHash': function(aValue) {
var result;
result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
return result;
},
//=========================================================================
__syntaxFix__: "syntax fix"
});
//#############################################################################
diff --git a/frontend/gamma/js/Clipperz/Crypto/SRP.js b/frontend/gamma/js/Clipperz/Crypto/SRP.js
index 597e72d..6898dfb 100644
--- a/frontend/gamma/js/Clipperz/Crypto/SRP.js
+++ b/frontend/gamma/js/Clipperz/Crypto/SRP.js
@@ -1,316 +1,345 @@
/*
Copyright 2008-2013 Clipperz Srl
This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
* Clipperz is free software: you can redistribute it and/or modify it
under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
* Clipperz is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!";
}
try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.BigInt!";
}
try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.PRNG!";
}
if (typeof(Clipperz.Crypto.SRP) == 'undefined') { Clipperz.Crypto.SRP = {}; }
Clipperz.Crypto.SRP.VERSION = "0.1";
Clipperz.Crypto.SRP.NAME = "Clipperz.Crypto.SRP";
//#############################################################################
MochiKit.Base.update(Clipperz.Crypto.SRP, {
'_n': null,
'_g': null,
+ '_k': null,
+
//-------------------------------------------------------------------------
'n': function() {
if (Clipperz.Crypto.SRP._n == null) {
Clipperz.Crypto.SRP._n = new Clipperz.Crypto.BigInt("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16);
}
return Clipperz.Crypto.SRP._n;
},
//-------------------------------------------------------------------------
'g': function() {
if (Clipperz.Crypto.SRP._g == null) {
Clipperz.Crypto.SRP._g = new Clipperz.Crypto.BigInt(2); // eventually 5 (as suggested on the Diffi-Helmann documentation)
}
return Clipperz.Crypto.SRP._g;
},
+ 'k': function() {
+ if (Clipperz.Crypto.SRP._k == null) {
+// Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16);
+ Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16);
+ }
+
+ return Clipperz.Crypto.SRP._k;
+ },
+
//-----------------------------------------------------------------------------
'exception': {
'InvalidValue': new MochiKit.Base.NamedError("Clipperz.Crypto.SRP.exception.InvalidValue")
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
//
// S R P C o n n e c t i o n version 1.0
//
//=============================================================================
Clipperz.Crypto.SRP.Connection = function (args) {
args = args || {};
this._C = args.C;
this._P = args.P;
this.hash = args.hash;
this._a = null;
this._A = null;
this._s = null;
this._B = null;
this._x = null;
this._u = null;
this._K = null;
this._M1 = null;
this._M2 = null;
this._sessionKey = null;
return this;
}
Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
'toString': function () {
return "Clipperz.Crypto.SRP.Connection (username: " + this.username() + "). Status: " + this.statusDescription();
},
//-------------------------------------------------------------------------
'C': function () {
return this._C;
},
//-------------------------------------------------------------------------
'P': function () {
return this._P;
},
//-------------------------------------------------------------------------
'a': function () {
if (this._a == null) {
this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16);
// this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10);
}
return this._a;
},
//-------------------------------------------------------------------------
'A': function () {
if (this._A == null) {
- // Warning: this value should be strictly greater than zero: how should we perform this check?
+ // Warning: this value should be strictly greater than zero
this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n());
-
- if (this._A.equals(0)) {
+ if (this._A.equals(0) || negative(this._A)) {
Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
throw Clipperz.Crypto.SRP.exception.InvalidValue;
}
}
return this._A;
},
//-------------------------------------------------------------------------
's': function () {
return this._s;
},
'set_s': function(aValue) {
this._s = aValue;
},
//-------------------------------------------------------------------------
'B': function () {
return this._B;
},
'set_B': function(aValue) {
- // Warning: this value should be strictly greater than zero: how should we perform this check?
- if (! aValue.equals(0)) {
- this._B = aValue;
- } else {
+ // Warning: this value should be strictly greater than zero
+ this._B = aValue;
+ if (this._B.equals(0) || negative(this._B)) {
Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
throw Clipperz.Crypto.SRP.exception.InvalidValue;
}
},
//-------------------------------------------------------------------------
'x': function () {
if (this._x == null) {
this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16);
}
return this._x;
},
//-------------------------------------------------------------------------
'u': function () {
if (this._u == null) {
- this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16);
+ this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16);
}
return this._u;
},
//-------------------------------------------------------------------------
'S': function () {
if (this._S == null) {
var bigint;
var srp;
bigint = Clipperz.Crypto.BigInt;
srp = Clipperz.Crypto.SRP;
this._S = bigint.powerModule(
- bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())),
- bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
- srp.n()
+ bigint.subtract(
+ this.B(),
+ bigint.multiply(
+ Clipperz.Crypto.SRP.k(),
+ bigint.powerModule(srp.g(), this.x(), srp.n())
+ )
+ ),
+ bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
+ srp.n()
)
}
return this._S;
},
//-------------------------------------------------------------------------
'K': function () {
if (this._K == null) {
this._K = this.stringHash(this.S().asString());
}
return this._K;
},
//-------------------------------------------------------------------------
'M1': function () {
if (this._M1 == null) {
- this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+// this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+
+ // http://srp.stanford.edu/design.html
+ // User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K)
+
+ this._M1 = this.stringHash(
+ "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+ this.stringHash(this.C()) +
+ this.s().asString() +
+ this.A().asString() +
+ this.B().asString() +
+ this.K()
+ );
+//console.log("M1", this._M1);
}
return this._M1;
},
//-------------------------------------------------------------------------
'M2': function () {
if (this._M2 == null) {
this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K());
+//console.log("M2", this._M2);
}
return this._M2;
},
//=========================================================================
'serverSideCredentialsWithSalt': function(aSalt) {
var result;
var s, x, v;
s = aSalt;
x = this.stringHash(s + this.P());
v = Clipperz.Crypto.SRP.g().powerModule(new Clipperz.Crypto.BigInt(x, 16), Clipperz.Crypto.SRP.n());
result = {};
result['C'] = this.C();
result['s'] = s;
result['v'] = v.asString(16);
return result;
},
'serverSideCredentials': function() {
var result;
var s;
s = Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2);
result = this.serverSideCredentialsWithSalt(s);
return result;
},
//=========================================================================
/*
'computeServerSide_S': function(b) {
var result;
var v;
var bigint;
var srp;
bigint = Clipperz.Crypto.BigInt;
srp = Clipperz.Crypto.SRP;
v = new Clipperz.Crypto.BigInt(srpConnection.serverSideCredentialsWithSalt(this.s().asString(16, 64)).v, 16);
// _S = (this.A().multiply(this.v().modPow(this.u(), this.n()))).modPow(this.b(), this.n());
result = bigint.powerModule(
bigint.multiply(
this.A(),
bigint.powerModule(v, this.u(), srp.n())
), new Clipperz.Crypto.BigInt(b, 10), srp.n()
);
return result;
},
*/
//=========================================================================
'stringHash': function(aValue) {
var result;
result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
return result;
},
//=========================================================================
__syntaxFix__: "syntax fix"
});
//#############################################################################