author | Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 2014-06-02 11:39:16 (UTC) |
---|---|---|
committer | Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 2014-06-02 16:35:38 (UTC) |
commit | 0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (unidiff) | |
tree | df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/gamma/js/Clipperz | |
parent | 7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff) | |
download | clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2 |
Fixed authentication procedure for offline copy
-rw-r--r-- | frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index b806cb7..e5f68a8 100644 --- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js | |||
@@ -284,119 +284,134 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { | |||
284 | // 'lock': Clipperz.Crypto.Base.generateRandomSeed(), | 284 | // 'lock': Clipperz.Crypto.Base.generateRandomSeed(), |
285 | 'userDetails': someParameters['user']['header'], | 285 | 'userDetails': someParameters['user']['header'], |
286 | 'statistics': someParameters['user']['statistics'], | 286 | 'statistics': someParameters['user']['statistics'], |
287 | 'userDetailsVersion':someParameters['user']['version'], | 287 | 'userDetailsVersion':someParameters['user']['version'], |
288 | 'records':{} | 288 | 'records':{} |
289 | } | 289 | } |
290 | } else { | 290 | } else { |
291 | throw "user already exists"; | 291 | throw "user already exists"; |
292 | } | 292 | } |
293 | } else { | 293 | } else { |
294 | throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; | 294 | throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; |
295 | } | 295 | } |
296 | 296 | ||
297 | result = { | 297 | result = { |
298 | result: { | 298 | result: { |
299 | 'lock': this.data()['users'][someParameters['credentials']['C']]['lock'], | 299 | 'lock': this.data()['users'][someParameters['credentials']['C']]['lock'], |
300 | 'result':'done' | 300 | 'result':'done' |
301 | }, | 301 | }, |
302 | toll: this.getTollForRequestType('CONNECT') | 302 | toll: this.getTollForRequestType('CONNECT') |
303 | } | 303 | } |
304 | 304 | ||
305 | return result; | 305 | return result; |
306 | }, | 306 | }, |
307 | 307 | ||
308 | //------------------------------------------------------------------------- | 308 | //------------------------------------------------------------------------- |
309 | 309 | ||
310 | '_handshake': function(aConnection, someParameters) { | 310 | '_handshake': function(aConnection, someParameters) { |
311 | var result; | 311 | var result; |
312 | varnextTollRequestType; | 312 | varnextTollRequestType; |
313 | 313 | ||
314 | result = {}; | 314 | result = {}; |
315 | if (someParameters.message == "connect") { | 315 | if (someParameters.message == "connect") { |
316 | var userData; | 316 | var userData; |
317 | var randomBytes; | 317 | var randomBytes; |
318 | var v; | 318 | var v; |
319 | 319 | ||
320 | userData = this.data()['users'][someParameters.parameters.C]; | 320 | userData = this.data()['users'][someParameters.parameters.C]; |
321 | 321 | ||
322 | if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) { | 322 | if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) { |
323 | aConnection['userData'] = userData; | 323 | aConnection['userData'] = userData; |
324 | aConnection['C'] = someParameters.parameters.C; | 324 | aConnection['C'] = someParameters.parameters.C; |
325 | } else { | 325 | } else { |
326 | aConnection['userData'] = this.data()['users']['catchAllUser']; | 326 | aConnection['userData'] = this.data()['users']['catchAllUser']; |
327 | } | 327 | } |
328 | 328 | ||
329 | randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); | 329 | randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); |
330 | aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); | 330 | aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); |
331 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); | 331 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); |
332 | aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); | 332 | aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); |
333 | 333 | ||
334 | aConnection['A'] = someParameters.parameters.A; | 334 | aConnection['A'] = someParameters.parameters.A; |
335 | 335 | ||
336 | result['s'] = aConnection['userData']['s']; | 336 | result['s'] = aConnection['userData']['s']; |
337 | result['B'] = aConnection['B'].asString(16); | 337 | result['B'] = aConnection['B'].asString(16); |
338 | 338 | ||
339 | nextTollRequestType = 'CONNECT'; | 339 | nextTollRequestType = 'CONNECT'; |
340 | } else if (someParameters.message == "credentialCheck") { | 340 | } else if (someParameters.message == "credentialCheck") { |
341 | var v, u, S, A, K, M1; | 341 | var v, u, s, S, A, K, M1; |
342 | var stringHash = function (aValue) { | ||
343 | return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); | ||
344 | }; | ||
342 | 345 | ||
343 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); | 346 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); |
344 | u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16); | ||
345 | A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); | 347 | A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); |
348 | u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16); | ||
349 | s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16); | ||
346 | S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); | 350 | S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); |
347 | 351 | ||
348 | K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); | 352 | K = stringHash(S.asString(10)); |
349 | 353 | ||
350 | M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2); | 354 | M1 = stringHash( |
355 | "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + | ||
356 | stringHash(aConnection['C']) + | ||
357 | s.asString(10) + | ||
358 | A.asString(10) + | ||
359 | aConnection['B'].asString(10) + | ||
360 | K | ||
361 | ); | ||
351 | if (someParameters.parameters.M1 == M1) { | 362 | if (someParameters.parameters.M1 == M1) { |
352 | var M2; | 363 | var M2; |
353 | 364 | ||
354 | M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); | 365 | M2 = stringHash( |
366 | A.asString(10) + | ||
367 | someParameters.parameters.M1 + | ||
368 | K | ||
369 | ); | ||
355 | result['M2'] = M2; | 370 | result['M2'] = M2; |
356 | } else { | 371 | } else { |
357 | throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); | 372 | throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); |
358 | } | 373 | } |
359 | 374 | ||
360 | nextTollRequestType = 'MESSAGE'; | 375 | nextTollRequestType = 'MESSAGE'; |
361 | } else if (someParameters.message == "oneTimePassword") { | 376 | } else if (someParameters.message == "oneTimePassword") { |
362 | var otpData; | 377 | var otpData; |
363 | 378 | ||
364 | otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey]; | 379 | otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey]; |
365 | 380 | ||
366 | try { | 381 | try { |
367 | if (typeof(otpData) != 'undefined') { | 382 | if (typeof(otpData) != 'undefined') { |
368 | if (otpData['status'] == 'ACTIVE') { | 383 | if (otpData['status'] == 'ACTIVE') { |
369 | if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) { | 384 | if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) { |
370 | result = { | 385 | result = { |
371 | 'data': otpData['data'], | 386 | 'data': otpData['data'], |
372 | 'version':otpData['version'] | 387 | 'version':otpData['version'] |
373 | } | 388 | } |
374 | 389 | ||
375 | otpData['status'] = 'REQUESTED'; | 390 | otpData['status'] = 'REQUESTED'; |
376 | } else { | 391 | } else { |
377 | otpData['status'] = 'DISABLED'; | 392 | otpData['status'] = 'DISABLED'; |
378 | throw "The requested One Time Password has been disabled, due to a wrong keyChecksum"; | 393 | throw "The requested One Time Password has been disabled, due to a wrong keyChecksum"; |
379 | } | 394 | } |
380 | } else { | 395 | } else { |
381 | throw "The requested One Time Password was not active"; | 396 | throw "The requested One Time Password was not active"; |
382 | } | 397 | } |
383 | } else { | 398 | } else { |
384 | throw "The requested One Time Password has not been found" | 399 | throw "The requested One Time Password has not been found" |
385 | } | 400 | } |
386 | } catch (exception) { | 401 | } catch (exception) { |
387 | result = { | 402 | result = { |
388 | 'data': Clipperz.PM.Crypto.randomKey(), | 403 | 'data': Clipperz.PM.Crypto.randomKey(), |
389 | 'version':Clipperz.PM.Connection.communicationProtocol.currentVersion | 404 | 'version':Clipperz.PM.Connection.communicationProtocol.currentVersion |
390 | } | 405 | } |
391 | } | 406 | } |
392 | nextTollRequestType = 'CONNECT'; | 407 | nextTollRequestType = 'CONNECT'; |
393 | } else { | 408 | } else { |
394 | Clipperz.logError("Clipperz.PM.Proxy.Test.handshake - unhandled message: " + someParameters.message); | 409 | Clipperz.logError("Clipperz.PM.Proxy.Test.handshake - unhandled message: " + someParameters.message); |
395 | } | 410 | } |
396 | 411 | ||
397 | result = { | 412 | result = { |
398 | result: result, | 413 | result: result, |
399 | toll: this.getTollForRequestType(nextTollRequestType) | 414 | toll: this.getTollForRequestType(nextTollRequestType) |
400 | } | 415 | } |
401 | 416 | ||
402 | return result; | 417 | return result; |