summaryrefslogtreecommitdiff
path: root/frontend/gamma/js/Clipperz
authorGiulio Cesare Solaroli <giulio.cesare@clipperz.com>2014-06-02 11:39:16 (UTC)
committer Giulio Cesare Solaroli <giulio.cesare@clipperz.com>2014-06-02 16:35:38 (UTC)
commit0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (unidiff)
treedf7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/gamma/js/Clipperz
parent7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff)
downloadclipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip
clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz
clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2
Fixed authentication procedure for offline copy
Diffstat (limited to 'frontend/gamma/js/Clipperz') (more/less context) (show whitespace changes)
-rw-r--r--frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js27
1 files changed, 21 insertions, 6 deletions
diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
index b806cb7..e5f68a8 100644
--- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
+++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -308,71 +308,86 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
308 //------------------------------------------------------------------------- 308 //-------------------------------------------------------------------------
309 309
310 '_handshake': function(aConnection, someParameters) { 310 '_handshake': function(aConnection, someParameters) {
311 var result; 311 var result;
312 varnextTollRequestType; 312 varnextTollRequestType;
313 313
314 result = {}; 314 result = {};
315 if (someParameters.message == "connect") { 315 if (someParameters.message == "connect") {
316 var userData; 316 var userData;
317 var randomBytes; 317 var randomBytes;
318 var v; 318 var v;
319 319
320 userData = this.data()['users'][someParameters.parameters.C]; 320 userData = this.data()['users'][someParameters.parameters.C];
321 321
322 if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) { 322 if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {
323 aConnection['userData'] = userData; 323 aConnection['userData'] = userData;
324 aConnection['C'] = someParameters.parameters.C; 324 aConnection['C'] = someParameters.parameters.C;
325 } else { 325 } else {
326 aConnection['userData'] = this.data()['users']['catchAllUser']; 326 aConnection['userData'] = this.data()['users']['catchAllUser'];
327 } 327 }
328 328
329 randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); 329 randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
330 aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); 330 aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);
331 v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); 331 v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
332 aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); 332 aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
333 333
334 aConnection['A'] = someParameters.parameters.A; 334 aConnection['A'] = someParameters.parameters.A;
335 335
336 result['s'] = aConnection['userData']['s']; 336 result['s'] = aConnection['userData']['s'];
337 result['B'] = aConnection['B'].asString(16); 337 result['B'] = aConnection['B'].asString(16);
338 338
339 nextTollRequestType = 'CONNECT'; 339 nextTollRequestType = 'CONNECT';
340 } else if (someParameters.message == "credentialCheck") { 340 } else if (someParameters.message == "credentialCheck") {
341 var v, u, S, A, K, M1; 341 var v, u, s, S, A, K, M1;
342 var stringHash = function (aValue) {
343 return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
344 };
342 345
343 v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); 346 v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
344 u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16);
345 A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); 347 A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);
348 u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16);
349 s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16);
346 S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); 350 S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());
347 351
348 K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); 352 K = stringHash(S.asString(10));
349 353
350 M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2); 354 M1 = stringHash(
355 "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
356 stringHash(aConnection['C']) +
357 s.asString(10) +
358 A.asString(10) +
359 aConnection['B'].asString(10) +
360 K
361 );
351 if (someParameters.parameters.M1 == M1) { 362 if (someParameters.parameters.M1 == M1) {
352 var M2; 363 var M2;
353 364
354 M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); 365 M2 = stringHash(
366 A.asString(10) +
367 someParameters.parameters.M1 +
368 K
369 );
355 result['M2'] = M2; 370 result['M2'] = M2;
356 } else { 371 } else {
357 throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); 372 throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");
358 } 373 }
359 374
360 nextTollRequestType = 'MESSAGE'; 375 nextTollRequestType = 'MESSAGE';
361 } else if (someParameters.message == "oneTimePassword") { 376 } else if (someParameters.message == "oneTimePassword") {
362 var otpData; 377 var otpData;
363 378
364 otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey]; 379 otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];
365 380
366 try { 381 try {
367 if (typeof(otpData) != 'undefined') { 382 if (typeof(otpData) != 'undefined') {
368 if (otpData['status'] == 'ACTIVE') { 383 if (otpData['status'] == 'ACTIVE') {
369 if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) { 384 if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {
370 result = { 385 result = {
371 'data': otpData['data'], 386 'data': otpData['data'],
372 'version':otpData['version'] 387 'version':otpData['version']
373 } 388 }
374 389
375 otpData['status'] = 'REQUESTED'; 390 otpData['status'] = 'REQUESTED';
376 } else { 391 } else {
377 otpData['status'] = 'DISABLED'; 392 otpData['status'] = 'DISABLED';
378 throw "The requested One Time Password has been disabled, due to a wrong keyChecksum"; 393 throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";