3 files changed, 75 insertions, 18 deletions
diff --git a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index 1a5caff..b0b9b63 100644 --- a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js @@ -16,48 +16,49 @@ refer to http://www.clipperz.com. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!"; } //============================================================================= Clipperz.PM.Proxy.Offline.DataStore = function(args) { args = args || {}; this._data = args.data || (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null); this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly); this._shouldPayTolls = args.shouldPayTolls || false; this._tolls = {}; this._connections = {}; + this._C = null; this._b = null; this._B = null; this._A = null; this._userData = null; return this; } //Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { //------------------------------------------------------------------------- 'isReadOnly': function () { return this._isReadOnly; }, //------------------------------------------------------------------------- 'shouldPayTolls': function() { return this._shouldPayTolls; }, //------------------------------------------------------------------------- @@ -123,48 +124,58 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { 'v': aUserSerializationContext['credentials']['v'], 'version': aUserSerializationContext['data']['connectionVersion'], 'userDetails': aUserSerializationContext['encryptedData']['user']['header'], 'userDetailsVersion': aUserSerializationContext['encryptedData']['user']['version'], 'statistics': aUserSerializationContext['encryptedData']['user']['statistics'], 'lock': aUserSerializationContext['encryptedData']['user']['lock'], 'records': this.rearrangeRecordsData(aUserSerializationContext['encryptedData']['records']) } }, this)); } deferredResult.addCallback(MochiKit.Base.bind(function() { //console.log("this._data", resultData); this._data = resultData; }, this)); deferredResult.callback(); //Clipperz.log("<<< Proxy.Test.setupWithData"); return deferredResult; }, //========================================================================= + 'C': function() { + return this._C; + }, + + 'set_C': function(aValue) { + this._C = aValue; + }, + + //------------------------------------------------------------------------- + 'b': function() { return this._b; }, 'set_b': function(aValue) { this._b = aValue; }, //------------------------------------------------------------------------- 'B': function() { return this._B; }, 'set_B': function(aValue) { this._B = aValue; }, //------------------------------------------------------------------------- 'A': function() { return this._A; }, @@ -319,74 +330,90 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { //------------------------------------------------------------------------- '_handshake': function(someParameters) { var result; var nextTollRequestType; //Clipperz.log(">>> Proxy.Offline.DataStore._handshake"); result = {}; if (someParameters.message == "connect") { var userData; var randomBytes; var b, B, v; //console.log(">>> Proxy.Offline.DataStore._handshake.connect", someParameters); userData = this.data()['users'][someParameters.parameters.C]; if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) { this.setUserData(userData); } else { this.setUserData(this.data()['users']['catchAllUser']); } randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); + this.set_C(someParameters.parameters.C); this.set_b(new Clipperz.Crypto.BigInt(randomBytes, 16)); v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); - this.set_B(v.add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); + this.set_B((Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); this.set_A(someParameters.parameters.A); result['s'] = this.userData()['s']; result['B'] = this.B().asString(16); nextTollRequestType = 'CONNECT'; } else if (someParameters.message == "credentialCheck") { - var v, u, S, A, K, M1; + var v, u, s, S, A, K, M1; + var stringHash = function (aValue) { + return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); + }; //console.log(">>> Proxy.Offline.DataStore._handshake.credentialCheck", someParameters); v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); - u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(this.B().asString(10))).toHexString(), 16); A = new Clipperz.Crypto.BigInt(this.A(), 16); + u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10))).toHexString(), 16); + s = new Clipperz.Crypto.BigInt(this.userData()['s'], 16); S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(this.b(), Clipperz.Crypto.SRP.n()); - K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); + K = stringHash(S.asString(10)); - M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10) + K)).toHexString().slice(2); + M1 = stringHash( + "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + + stringHash(this.C()) + + s.asString(10) + + A.asString(10) + + this.B().asString(10) + + K + ); if (someParameters.parameters.M1 == M1) { var M2; - M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); + M2 = stringHash( + A.asString(10) + + someParameters.parameters.M1 + + K + ); result['M2'] = M2; } else { throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); } nextTollRequestType = 'MESSAGE'; } else if (someParameters.message == "oneTimePassword") { var otpData; //console.log("HANDSHAKE WITH OTP", someParameters.parameters.oneTimePasswordKey); //console.log("someParameters", someParameters); //console.log("data.OTP", Clipperz.Base.serializeJSON(this.data()['onetimePasswords'])); otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey]; try { if (typeof(otpData) != 'undefined') { if (otpData['status'] == 'ACTIVE') { if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) { result = { 'data': otpData['data'], 'version': otpData['version'] } otpData['status'] = 'REQUESTED'; diff --git a/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js b/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js index 3f16f70..d03f873 100644 --- a/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js +++ b/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js @@ -67,71 +67,86 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.LocalStorageDataStore, Clipperz.P //------------------------------------------------------------------------- '_handshake': function(aConnection, someParameters) { var result; var nextTollRequestType; result = {}; if (someParameters.message == "connect") { var userData; var randomBytes; var v; userData = this.data()['users'][someParameters.parameters.C]; if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) { aConnection['userData'] = userData; aConnection['C'] = someParameters.parameters.C; } else { aConnection['userData'] = this.data()['users']['catchAllUser']; } randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); - aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); + aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); aConnection['A'] = someParameters.parameters.A; result['s'] = aConnection['userData']['s']; result['B'] = aConnection['B'].asString(16); nextTollRequestType = 'CONNECT'; } else if (someParameters.message == "credentialCheck") { - var v, u, S, A, K, M1; + var v, u, s, S, A, K, M1; + var stringHash = function (aValue) { + return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); + }; v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); - u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16); A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); + u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16); + s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16); S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); - K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); + K = stringHash(S.asString(10)); - M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2); + M1 = stringHash( + "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + + stringHash(aConnection['C']) + + s.asString(10) + + A.asString(10) + + aConnection['B'].asString(10) + + K + ); if (someParameters.parameters.M1 == M1) { var M2; - M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); + M2 = stringHash( + A.asString(10) + + someParameters.parameters.M1 + + K + ); result['M2'] = M2; } else { throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); } nextTollRequestType = 'MESSAGE'; } else if (someParameters.message == "oneTimePassword") { var otpData; otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey]; try { if (typeof(otpData) != 'undefined') { if (otpData['status'] == 'ACTIVE') { if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) { result = { 'data': otpData['data'], 'version': otpData['version'] } otpData['status'] = 'REQUESTED'; } else { otpData['status'] = 'DISABLED'; throw "The requested One Time Password has been disabled, due to a wrong keyChecksum"; diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index b806cb7..e5f68a8 100644 --- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js @@ -308,71 +308,86 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { //------------------------------------------------------------------------- '_handshake': function(aConnection, someParameters) { var result; var nextTollRequestType; result = {}; if (someParameters.message == "connect") { var userData; var randomBytes; var v; userData = this.data()['users'][someParameters.parameters.C]; if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) { aConnection['userData'] = userData; aConnection['C'] = someParameters.parameters.C; } else { aConnection['userData'] = this.data()['users']['catchAllUser']; } randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); - aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); + aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); aConnection['A'] = someParameters.parameters.A; result['s'] = aConnection['userData']['s']; result['B'] = aConnection['B'].asString(16); nextTollRequestType = 'CONNECT'; } else if (someParameters.message == "credentialCheck") { - var v, u, S, A, K, M1; + var v, u, s, S, A, K, M1; + var stringHash = function (aValue) { + return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); + }; v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); - u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16); A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); + u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16); + s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16); S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); - K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); + K = stringHash(S.asString(10)); - M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2); + M1 = stringHash( + "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + + stringHash(aConnection['C']) + + s.asString(10) + + A.asString(10) + + aConnection['B'].asString(10) + + K + ); if (someParameters.parameters.M1 == M1) { var M2; - M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); + M2 = stringHash( + A.asString(10) + + someParameters.parameters.M1 + + K + ); result['M2'] = M2; } else { throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); } nextTollRequestType = 'MESSAGE'; } else if (someParameters.message == "oneTimePassword") { var otpData; otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey]; try { if (typeof(otpData) != 'undefined') { if (otpData['status'] == 'ACTIVE') { if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) { result = { 'data': otpData['data'], 'version': otpData['version'] } otpData['status'] = 'REQUESTED'; } else { otpData['status'] = 'DISABLED'; throw "The requested One Time Password has been disabled, due to a wrong keyChecksum"; |