1 files changed, 25 insertions, 10 deletions
diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
index b806cb7..e5f68a8 100644
--- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
+++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -7,65 +7,65 @@ For further information about its features and functionalities please
 refer to http://www.clipperz.com.
 * Clipperz is free software: you can redistribute it and/or modify it
  under the terms of the GNU Affero General Public License as published
  by the Free Software Foundation, either version 3 of the License, or 
  (at your option) any later version.
 * Clipperz is distributed in the hope that it will be useful, but 
  WITHOUT ANY WARRANTY; without even the implied warranty of 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  See the GNU Affero General Public License for more details.
 * You should have received a copy of the GNU Affero General Public
  License along with Clipperz. If not, see http://www.gnu.org/licenses/.
 */
 try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) {
        throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!";
 }  
 //=============================================================================
 Clipperz.PM.Proxy.Offline.DataStore = function(args) {
        args = args || {};
        
        this._data = args.data || (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);
        this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);
        this._shouldPayTolls = args.shouldPayTolls || false;
        this._tolls = {};
        this._currentStaticConnection = null;
-        
        return this;
 }
 Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
        //-------------------------------------------------------------------------
        'isReadOnly': function () {
                return this._isReadOnly;
        },
        
        //-------------------------------------------------------------------------
        'shouldPayTolls': function() {
                return this._shouldPayTolls;
        },
        //-------------------------------------------------------------------------
        'data': function () {
                return this._data;
        },
        //-------------------------------------------------------------------------
        'tolls': function () {
                return this._tolls;
        },
        //=========================================================================
        'resetData': function() {
@@ -262,125 +262,140 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
        //=========================================================================
        '_knock': function(aConnection, someParameters) {
                var result;
                
                result = {
                        toll: this.getTollForRequestType(someParameters['requestType'])
                }
                
                return result;
        },
        //-------------------------------------------------------------------------
        '_registration': function(aConnection, someParameters) {
                if (this.isReadOnly() == false) {
                        if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') {
                                this.data()['users'][someParameters['credentials']['C']] = {
                                                's':    someParameters['credentials']['s'],
                                                'v':    someParameters['credentials']['v'],
                                                'version':someParameters['credentials']['version'],
        //                                      'lock':         Clipperz.Crypto.Base.generateRandomSeed(),
                                                'userDetails':          someParameters['user']['header'],
                                                'statistics':           someParameters['user']['statistics'],
                                                'userDetailsVersion':someParameters['user']['version'],
                                                'records':{}
                                }
                        } else {
                                throw "user already exists";
                        }
                } else {
-                        throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
+                throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
                }
                result = {
                        result: {
                                        'lock':         this.data()['users'][someParameters['credentials']['C']]['lock'],
                                        'result':'done'
-                        },
+        },
                        toll:   this.getTollForRequestType('CONNECT')
                }
                return result;
        },
        //-------------------------------------------------------------------------
        '_handshake': function(aConnection, someParameters) {
                var result;
                        varnextTollRequestType;
                result = {};
                if (someParameters.message == "connect") {
                        var userData;
                        var randomBytes;
                        var v;
                        userData = this.data()['users'][someParameters.parameters.C];
                        
                        if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {
                                aConnection['userData'] = userData;
                                aConnection['C'] = someParameters.parameters.C;
                        } else {
                                aConnection['userData'] = this.data()['users']['catchAllUser'];
                        }
                        randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
                        aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);
                        v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
-                        aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
+                        aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
                        
                        aConnection['A'] = someParameters.parameters.A;
                        
                        result['s'] = aConnection['userData']['s'];
                        result['B'] = aConnection['B'].asString(16);
                        
                        nextTollRequestType = 'CONNECT';
                } else if (someParameters.message == "credentialCheck") {
-                        var v, u, S, A, K, M1;
+                        var v, u, s, S, A, K, M1;
-                        
+                        var stringHash = function (aValue) {
+                                return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
+                        };
                        v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
-                        u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16);
                        A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);
+                        u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16);
+                        s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16);
                        S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());
-                        K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2);
+                        K = stringHash(S.asString(10));
-                        M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2);
+                        M1 = stringHash(
+                                "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+                                stringHash(aConnection['C']) +
+                                s.asString(10) +
+                                A.asString(10) +
+                                aConnection['B'].asString(10) +
+                                K
+                        );
                        if (someParameters.parameters.M1 == M1) {
                                var M2;
                                
-                                M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2);
+                                M2 = stringHash(
+                                        A.asString(10) +
+                                        someParameters.parameters.M1 +
+                                        K
+                                );
                                result['M2'] = M2;
                        } else {
                                throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");
                        }
                        nextTollRequestType = 'MESSAGE';
                } else if (someParameters.message == "oneTimePassword") {
                        var otpData;
                        
                        otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];
                        try {
                                if (typeof(otpData) != 'undefined') {
                                        if (otpData['status'] == 'ACTIVE') {
                                                if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {
                                                        result = {
                                                                        'data':         otpData['data'],
                                                                        'version':otpData['version']
                                                        }
                                                        otpData['status'] = 'REQUESTED';
                                                } else {
                                                        otpData['status'] = 'DISABLED';
                                                        throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";
                                                }
                                        } else {
                                                throw "The requested One Time Password was not active";
                                        }
                                } else {
                                        throw "The requested One Time Password has not been found"
                                }
                        } catch (exception) {

diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index b806cb7..e5f68a8 100644 --- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -7,65 +7,65 @@ For further information about its features and functionalities please
7	refer to http://www.clipperz.com.	7	refer to http://www.clipperz.com.
8		8
9	* Clipperz is free software: you can redistribute it and/or modify it	9	* Clipperz is free software: you can redistribute it and/or modify it
10	under the terms of the GNU Affero General Public License as published	10	under the terms of the GNU Affero General Public License as published
11	by the Free Software Foundation, either version 3 of the License, or	11	by the Free Software Foundation, either version 3 of the License, or
12	(at your option) any later version.	12	(at your option) any later version.
13		13
14	* Clipperz is distributed in the hope that it will be useful, but	14	* Clipperz is distributed in the hope that it will be useful, but
15	WITHOUT ANY WARRANTY; without even the implied warranty of	15	WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
17	See the GNU Affero General Public License for more details.	17	See the GNU Affero General Public License for more details.
18		18
19	* You should have received a copy of the GNU Affero General Public	19	* You should have received a copy of the GNU Affero General Public
20	License along with Clipperz. If not, see http://www.gnu.org/licenses/.	20	License along with Clipperz. If not, see http://www.gnu.org/licenses/.
21		21
22	*/	22	*/
23		23
24	try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) {	24	try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) {
25	throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!";	25	throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!";
26	}	26	}
27		27
28	//=============================================================================	28	//=============================================================================
29		29
30	Clipperz.PM.Proxy.Offline.DataStore = function(args) {	30	Clipperz.PM.Proxy.Offline.DataStore = function(args) {
31	args = args \|\| {};	31	args = args \|\| {};
32		32
33	this._data = args.data \|\| (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);	33	this._data = args.data \|\| (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);
34	this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);	34	this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);
35	this._shouldPayTolls = args.shouldPayTolls \|\| false;	35	this._shouldPayTolls = args.shouldPayTolls \|\| false;
36		36
37	this._tolls = {};	37	this._tolls = {};
38	this._currentStaticConnection = null;	38	this._currentStaticConnection = null;
39		39
40	return this;	40	return this;
41	}	41	}
42		42
43	Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {	43	Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
44		44
45	//-------------------------------------------------------------------------	45	//-------------------------------------------------------------------------
46		46
47	'isReadOnly': function () {	47	'isReadOnly': function () {
48	return this._isReadOnly;	48	return this._isReadOnly;
49	},	49	},
50		50
51	//-------------------------------------------------------------------------	51	//-------------------------------------------------------------------------
52		52
53	'shouldPayTolls': function() {	53	'shouldPayTolls': function() {
54	return this._shouldPayTolls;	54	return this._shouldPayTolls;
55	},	55	},
56		56
57	//-------------------------------------------------------------------------	57	//-------------------------------------------------------------------------
58		58
59	'data': function () {	59	'data': function () {
60	return this._data;	60	return this._data;
61	},	61	},
62		62
63	//-------------------------------------------------------------------------	63	//-------------------------------------------------------------------------
64		64
65	'tolls': function () {	65	'tolls': function () {
66	return this._tolls;	66	return this._tolls;
67	},	67	},
68		68
69	//=========================================================================	69	//=========================================================================
70		70
71	'resetData': function() {	71	'resetData': function() {
@@ -262,125 +262,140 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
262		262
263	//=========================================================================	263	//=========================================================================
264		264
265	'_knock': function(aConnection, someParameters) {	265	'_knock': function(aConnection, someParameters) {
266	var result;	266	var result;
267		267
268	result = {	268	result = {
269	toll: this.getTollForRequestType(someParameters['requestType'])	269	toll: this.getTollForRequestType(someParameters['requestType'])
270	}	270	}
271		271
272	return result;	272	return result;
273	},	273	},
274		274
275	//-------------------------------------------------------------------------	275	//-------------------------------------------------------------------------
276		276
277	'_registration': function(aConnection, someParameters) {	277	'_registration': function(aConnection, someParameters) {
278	if (this.isReadOnly() == false) {	278	if (this.isReadOnly() == false) {
279	if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') {	279	if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') {
280	this.data()['users'][someParameters['credentials']['C']] = {	280	this.data()['users'][someParameters['credentials']['C']] = {
281	's': someParameters['credentials']['s'],	281	's': someParameters['credentials']['s'],
282	'v': someParameters['credentials']['v'],	282	'v': someParameters['credentials']['v'],
283	'version':someParameters['credentials']['version'],	283	'version':someParameters['credentials']['version'],
284	// 'lock': Clipperz.Crypto.Base.generateRandomSeed(),	284	// 'lock': Clipperz.Crypto.Base.generateRandomSeed(),
285	'userDetails': someParameters['user']['header'],	285	'userDetails': someParameters['user']['header'],
286	'statistics': someParameters['user']['statistics'],	286	'statistics': someParameters['user']['statistics'],
287	'userDetailsVersion':someParameters['user']['version'],	287	'userDetailsVersion':someParameters['user']['version'],
288	'records':{}	288	'records':{}
289	}	289	}
290	} else {	290	} else {
291	throw "user already exists";	291	throw "user already exists";
292	}	292	}
293	} else {	293	} else {
294	throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;	294	throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
295	}	295	}
296		296
297	result = {	297	result = {
298	result: {	298	result: {
299	'lock': this.data()['users'][someParameters['credentials']['C']]['lock'],	299	'lock': this.data()['users'][someParameters['credentials']['C']]['lock'],
300	'result':'done'	300	'result':'done'
301	},	301	},
302	toll: this.getTollForRequestType('CONNECT')	302	toll: this.getTollForRequestType('CONNECT')
303	}	303	}
304		304
305	return result;	305	return result;
306	},	306	},
307		307
308	//-------------------------------------------------------------------------	308	//-------------------------------------------------------------------------
309		309
310	'_handshake': function(aConnection, someParameters) {	310	'_handshake': function(aConnection, someParameters) {
311	var result;	311	var result;
312	varnextTollRequestType;	312	varnextTollRequestType;
313		313
314	result = {};	314	result = {};
315	if (someParameters.message == "connect") {	315	if (someParameters.message == "connect") {
316	var userData;	316	var userData;
317	var randomBytes;	317	var randomBytes;
318	var v;	318	var v;
319		319
320	userData = this.data()['users'][someParameters.parameters.C];	320	userData = this.data()['users'][someParameters.parameters.C];
321		321
322	if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {	322	if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {
323	aConnection['userData'] = userData;	323	aConnection['userData'] = userData;
324	aConnection['C'] = someParameters.parameters.C;	324	aConnection['C'] = someParameters.parameters.C;
325	} else {	325	} else {
326	aConnection['userData'] = this.data()['users']['catchAllUser'];	326	aConnection['userData'] = this.data()['users']['catchAllUser'];
327	}	327	}
328		328
329	randomBytes = Clipperz.Crypto.Base.generateRandomSeed();	329	randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
330	aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);	330	aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);
331	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);	331	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
332	aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));	332	aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
333		333
334	aConnection['A'] = someParameters.parameters.A;	334	aConnection['A'] = someParameters.parameters.A;
335		335
336	result['s'] = aConnection['userData']['s'];	336	result['s'] = aConnection['userData']['s'];
337	result['B'] = aConnection['B'].asString(16);	337	result['B'] = aConnection['B'].asString(16);
338		338
339	nextTollRequestType = 'CONNECT';	339	nextTollRequestType = 'CONNECT';
340	} else if (someParameters.message == "credentialCheck") {	340	} else if (someParameters.message == "credentialCheck") {
341	var v, u, S, A, K, M1;	341	var v, u, s, S, A, K, M1;
342		342	var stringHash = function (aValue) {
		343	return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
		344	};
		345
343	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);	346	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
344	u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16);
345	A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);	347	A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);
		348	u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16);
		349	s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16);
346	S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());	350	S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());
347		351
348	K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2);	352	K = stringHash(S.asString(10));
349		353
350	M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2);	354	M1 = stringHash(
		355	"597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
		356	stringHash(aConnection['C']) +
		357	s.asString(10) +
		358	A.asString(10) +
		359	aConnection['B'].asString(10) +
		360	K
		361	);
351	if (someParameters.parameters.M1 == M1) {	362	if (someParameters.parameters.M1 == M1) {
352	var M2;	363	var M2;
353		364
354	M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2);	365	M2 = stringHash(
		366	A.asString(10) +
		367	someParameters.parameters.M1 +
		368	K
		369	);
355	result['M2'] = M2;	370	result['M2'] = M2;
356	} else {	371	} else {
357	throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");	372	throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");
358	}	373	}
359		374
360	nextTollRequestType = 'MESSAGE';	375	nextTollRequestType = 'MESSAGE';
361	} else if (someParameters.message == "oneTimePassword") {	376	} else if (someParameters.message == "oneTimePassword") {
362	var otpData;	377	var otpData;
363		378
364	otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];	379	otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];
365		380
366	try {	381	try {
367	if (typeof(otpData) != 'undefined') {	382	if (typeof(otpData) != 'undefined') {
368	if (otpData['status'] == 'ACTIVE') {	383	if (otpData['status'] == 'ACTIVE') {
369	if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {	384	if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {
370	result = {	385	result = {
371	'data': otpData['data'],	386	'data': otpData['data'],
372	'version':otpData['version']	387	'version':otpData['version']
373	}	388	}
374		389
375	otpData['status'] = 'REQUESTED';	390	otpData['status'] = 'REQUESTED';
376	} else {	391	} else {
377	otpData['status'] = 'DISABLED';	392	otpData['status'] = 'DISABLED';
378	throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";	393	throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";
379	}	394	}
380	} else {	395	} else {
381	throw "The requested One Time Password was not active";	396	throw "The requested One Time Password was not active";
382	}	397	}
383	} else {	398	} else {
384	throw "The requested One Time Password has not been found"	399	throw "The requested One Time Password has not been found"
385	}	400	}
386	} catch (exception) {	401	} catch (exception) {