Fixed authentication procedure for offline copy

author: Giulio Cesare Solaroli <giulio.cesare@clipperz.com> 2014-06-02 11:39:16 (UTC)
committer: Giulio Cesare Solaroli <giulio.cesare@clipperz.com> 2014-06-02 16:35:38 (UTC)
commit: 0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (unidiff)
tree: df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/gamma/js/Clipperz
parent: 7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff)
download: clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip
clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz
clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2
1 files changed, 25 insertions, 10 deletions
diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
index b806cb7..e5f68a8 100644
--- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
+++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -15,49 +15,49 @@ refer to http://www.clipperz.com.
  WITHOUT ANY WARRANTY; without even the implied warranty of 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  See the GNU Affero General Public License for more details.
 * You should have received a copy of the GNU Affero General Public
  License along with Clipperz. If not, see http://www.gnu.org/licenses/.
 */
 try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) {
        throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!";
 }  
 //=============================================================================
 Clipperz.PM.Proxy.Offline.DataStore = function(args) {
        args = args || {};
        
        this._data = args.data || (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);
        this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);
        this._shouldPayTolls = args.shouldPayTolls || false;
        this._tolls = {};
        this._currentStaticConnection = null;
-        
        return this;
 }
 Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
        //-------------------------------------------------------------------------
        'isReadOnly': function () {
                return this._isReadOnly;
        },
        
        //-------------------------------------------------------------------------
        'shouldPayTolls': function() {
                return this._shouldPayTolls;
        },
        //-------------------------------------------------------------------------
        'data': function () {
                return this._data;
        },
        //-------------------------------------------------------------------------
@@ -270,109 +270,124 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
                }
                
                return result;
        },
        //-------------------------------------------------------------------------
        '_registration': function(aConnection, someParameters) {
                if (this.isReadOnly() == false) {
                        if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') {
                                this.data()['users'][someParameters['credentials']['C']] = {
                                                's':    someParameters['credentials']['s'],
                                                'v':    someParameters['credentials']['v'],
                                                'version':someParameters['credentials']['version'],
        //                                      'lock':         Clipperz.Crypto.Base.generateRandomSeed(),
                                                'userDetails':          someParameters['user']['header'],
                                                'statistics':           someParameters['user']['statistics'],
                                                'userDetailsVersion':someParameters['user']['version'],
                                                'records':{}
                                }
                        } else {
                                throw "user already exists";
                        }
                } else {
-                        throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
+                throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
                }
                result = {
                        result: {
                                        'lock':         this.data()['users'][someParameters['credentials']['C']]['lock'],
                                        'result':'done'
-                        },
+        },
                        toll:   this.getTollForRequestType('CONNECT')
                }
                return result;
        },
        //-------------------------------------------------------------------------
        '_handshake': function(aConnection, someParameters) {
                var result;
                        varnextTollRequestType;
                result = {};
                if (someParameters.message == "connect") {
                        var userData;
                        var randomBytes;
                        var v;
                        userData = this.data()['users'][someParameters.parameters.C];
                        
                        if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {
                                aConnection['userData'] = userData;
                                aConnection['C'] = someParameters.parameters.C;
                        } else {
                                aConnection['userData'] = this.data()['users']['catchAllUser'];
                        }
                        randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
                        aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);
                        v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
-                        aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
+                        aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
                        
                        aConnection['A'] = someParameters.parameters.A;
                        
                        result['s'] = aConnection['userData']['s'];
                        result['B'] = aConnection['B'].asString(16);
                        
                        nextTollRequestType = 'CONNECT';
                } else if (someParameters.message == "credentialCheck") {
-                        var v, u, S, A, K, M1;
+                        var v, u, s, S, A, K, M1;
-                        
+                        var stringHash = function (aValue) {
+                                return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
+                        };
                        v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
-                        u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16);
                        A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);
+                        u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16);
+                        s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16);
                        S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());
-                        K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2);
+                        K = stringHash(S.asString(10));
-                        M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2);
+                        M1 = stringHash(
+                                "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+                                stringHash(aConnection['C']) +
+                                s.asString(10) +
+                                A.asString(10) +
+                                aConnection['B'].asString(10) +
+                                K
+                        );
                        if (someParameters.parameters.M1 == M1) {
                                var M2;
                                
-                                M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2);
+                                M2 = stringHash(
+                                        A.asString(10) +
+                                        someParameters.parameters.M1 +
+                                        K
+                                );
                                result['M2'] = M2;
                        } else {
                                throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");
                        }
                        nextTollRequestType = 'MESSAGE';
                } else if (someParameters.message == "oneTimePassword") {
                        var otpData;
                        
                        otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];
                        try {
                                if (typeof(otpData) != 'undefined') {
                                        if (otpData['status'] == 'ACTIVE') {
                                                if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {
                                                        result = {
                                                                        'data':         otpData['data'],
                                                                        'version':otpData['version']
                                                        }
                                                        otpData['status'] = 'REQUESTED';
                                                } else {
                                                        otpData['status'] = 'DISABLED';
                                                        throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";
author	Giulio Cesare Solaroli <giulio.cesare@clipperz.com>	2014-06-02 11:39:16 (UTC)
committer	Giulio Cesare Solaroli <giulio.cesare@clipperz.com>	2014-06-02 16:35:38 (UTC)
commit	0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (unidiff)
tree	df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/gamma/js/Clipperz
parent	7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff)
download	clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2

diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index b806cb7..e5f68a8 100644 --- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -15,49 +15,49 @@ refer to http://www.clipperz.com.
15	WITHOUT ANY WARRANTY; without even the implied warranty of	15	WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
17	See the GNU Affero General Public License for more details.	17	See the GNU Affero General Public License for more details.
18		18
19	* You should have received a copy of the GNU Affero General Public	19	* You should have received a copy of the GNU Affero General Public
20	License along with Clipperz. If not, see http://www.gnu.org/licenses/.	20	License along with Clipperz. If not, see http://www.gnu.org/licenses/.
21		21
22	*/	22	*/
23		23
24	try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) {	24	try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) {
25	throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!";	25	throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!";
26	}	26	}
27		27
28	//=============================================================================	28	//=============================================================================
29		29
30	Clipperz.PM.Proxy.Offline.DataStore = function(args) {	30	Clipperz.PM.Proxy.Offline.DataStore = function(args) {
31	args = args \|\| {};	31	args = args \|\| {};
32		32
33	this._data = args.data \|\| (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);	33	this._data = args.data \|\| (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);
34	this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);	34	this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);
35	this._shouldPayTolls = args.shouldPayTolls \|\| false;	35	this._shouldPayTolls = args.shouldPayTolls \|\| false;
36		36
37	this._tolls = {};	37	this._tolls = {};
38	this._currentStaticConnection = null;	38	this._currentStaticConnection = null;
39		39
40	return this;	40	return this;
41	}	41	}
42		42
43	Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {	43	Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
44		44
45	//-------------------------------------------------------------------------	45	//-------------------------------------------------------------------------
46		46
47	'isReadOnly': function () {	47	'isReadOnly': function () {
48	return this._isReadOnly;	48	return this._isReadOnly;
49	},	49	},
50		50
51	//-------------------------------------------------------------------------	51	//-------------------------------------------------------------------------
52		52
53	'shouldPayTolls': function() {	53	'shouldPayTolls': function() {
54	return this._shouldPayTolls;	54	return this._shouldPayTolls;
55	},	55	},
56		56
57	//-------------------------------------------------------------------------	57	//-------------------------------------------------------------------------
58		58
59	'data': function () {	59	'data': function () {
60	return this._data;	60	return this._data;
61	},	61	},
62		62
63	//-------------------------------------------------------------------------	63	//-------------------------------------------------------------------------
@@ -270,109 +270,124 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
270	}	270	}
271		271
272	return result;	272	return result;
273	},	273	},
274		274
275	//-------------------------------------------------------------------------	275	//-------------------------------------------------------------------------
276		276
277	'_registration': function(aConnection, someParameters) {	277	'_registration': function(aConnection, someParameters) {
278	if (this.isReadOnly() == false) {	278	if (this.isReadOnly() == false) {
279	if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') {	279	if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') {
280	this.data()['users'][someParameters['credentials']['C']] = {	280	this.data()['users'][someParameters['credentials']['C']] = {
281	's': someParameters['credentials']['s'],	281	's': someParameters['credentials']['s'],
282	'v': someParameters['credentials']['v'],	282	'v': someParameters['credentials']['v'],
283	'version':someParameters['credentials']['version'],	283	'version':someParameters['credentials']['version'],
284	// 'lock': Clipperz.Crypto.Base.generateRandomSeed(),	284	// 'lock': Clipperz.Crypto.Base.generateRandomSeed(),
285	'userDetails': someParameters['user']['header'],	285	'userDetails': someParameters['user']['header'],
286	'statistics': someParameters['user']['statistics'],	286	'statistics': someParameters['user']['statistics'],
287	'userDetailsVersion':someParameters['user']['version'],	287	'userDetailsVersion':someParameters['user']['version'],
288	'records':{}	288	'records':{}
289	}	289	}
290	} else {	290	} else {
291	throw "user already exists";	291	throw "user already exists";
292	}	292	}
293	} else {	293	} else {
294	throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;	294	throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
295	}	295	}
296		296
297	result = {	297	result = {
298	result: {	298	result: {
299	'lock': this.data()['users'][someParameters['credentials']['C']]['lock'],	299	'lock': this.data()['users'][someParameters['credentials']['C']]['lock'],
300	'result':'done'	300	'result':'done'
301	},	301	},
302	toll: this.getTollForRequestType('CONNECT')	302	toll: this.getTollForRequestType('CONNECT')
303	}	303	}
304		304
305	return result;	305	return result;
306	},	306	},
307		307
308	//-------------------------------------------------------------------------	308	//-------------------------------------------------------------------------
309		309
310	'_handshake': function(aConnection, someParameters) {	310	'_handshake': function(aConnection, someParameters) {
311	var result;	311	var result;
312	varnextTollRequestType;	312	varnextTollRequestType;
313		313
314	result = {};	314	result = {};
315	if (someParameters.message == "connect") {	315	if (someParameters.message == "connect") {
316	var userData;	316	var userData;
317	var randomBytes;	317	var randomBytes;
318	var v;	318	var v;
319		319
320	userData = this.data()['users'][someParameters.parameters.C];	320	userData = this.data()['users'][someParameters.parameters.C];
321		321
322	if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {	322	if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {
323	aConnection['userData'] = userData;	323	aConnection['userData'] = userData;
324	aConnection['C'] = someParameters.parameters.C;	324	aConnection['C'] = someParameters.parameters.C;
325	} else {	325	} else {
326	aConnection['userData'] = this.data()['users']['catchAllUser'];	326	aConnection['userData'] = this.data()['users']['catchAllUser'];
327	}	327	}
328		328
329	randomBytes = Clipperz.Crypto.Base.generateRandomSeed();	329	randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
330	aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);	330	aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);
331	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);	331	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
332	aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));	332	aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
333		333
334	aConnection['A'] = someParameters.parameters.A;	334	aConnection['A'] = someParameters.parameters.A;
335		335
336	result['s'] = aConnection['userData']['s'];	336	result['s'] = aConnection['userData']['s'];
337	result['B'] = aConnection['B'].asString(16);	337	result['B'] = aConnection['B'].asString(16);
338		338
339	nextTollRequestType = 'CONNECT';	339	nextTollRequestType = 'CONNECT';
340	} else if (someParameters.message == "credentialCheck") {	340	} else if (someParameters.message == "credentialCheck") {
341	var v, u, S, A, K, M1;	341	var v, u, s, S, A, K, M1;
342		342	var stringHash = function (aValue) {
		343	return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
		344	};
		345
343	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);	346	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
344	u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16);
345	A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);	347	A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);
		348	u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16);
		349	s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16);
346	S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());	350	S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());
347		351
348	K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2);	352	K = stringHash(S.asString(10));
349		353
350	M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2);	354	M1 = stringHash(
		355	"597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
		356	stringHash(aConnection['C']) +
		357	s.asString(10) +
		358	A.asString(10) +
		359	aConnection['B'].asString(10) +
		360	K
		361	);
351	if (someParameters.parameters.M1 == M1) {	362	if (someParameters.parameters.M1 == M1) {
352	var M2;	363	var M2;
353		364
354	M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2);	365	M2 = stringHash(
		366	A.asString(10) +
		367	someParameters.parameters.M1 +
		368	K
		369	);
355	result['M2'] = M2;	370	result['M2'] = M2;
356	} else {	371	} else {
357	throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");	372	throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");
358	}	373	}
359		374
360	nextTollRequestType = 'MESSAGE';	375	nextTollRequestType = 'MESSAGE';
361	} else if (someParameters.message == "oneTimePassword") {	376	} else if (someParameters.message == "oneTimePassword") {
362	var otpData;	377	var otpData;
363		378
364	otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];	379	otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];
365		380
366	try {	381	try {
367	if (typeof(otpData) != 'undefined') {	382	if (typeof(otpData) != 'undefined') {
368	if (otpData['status'] == 'ACTIVE') {	383	if (otpData['status'] == 'ACTIVE') {
369	if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {	384	if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {
370	result = {	385	result = {
371	'data': otpData['data'],	386	'data': otpData['data'],
372	'version':otpData['version']	387	'version':otpData['version']
373	}	388	}
374		389
375	otpData['status'] = 'REQUESTED';	390	otpData['status'] = 'REQUESTED';
376	} else {	391	} else {
377	otpData['status'] = 'DISABLED';	392	otpData['status'] = 'DISABLED';
378	throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";	393	throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";