| author | Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 2014-05-30 14:10:13 (UTC) |
|---|---|---|
| committer | Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 2014-05-30 14:15:51 (UTC) |
| commit | 7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (patch) (unidiff) | |
| tree | 33c05ee7329d9b8e5eff79942f254d6c680ad661 | |
| parent | ed6b4edc82b0f65c77980713cd525053fcbc1dd2 (diff) | |
| download | clipperz-7fdb41fa2b1f621636882ad9059c1f3ecfb74083.zip clipperz-7fdb41fa2b1f621636882ad9059c1f3ecfb74083.tar.gz clipperz-7fdb41fa2b1f621636882ad9059c1f3ecfb74083.tar.bz2 | |
Fixed vulnerability CLP-01-016
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/SRP.js | 67 | ||||
| -rw-r--r-- | frontend/delta/js/Clipperz/Crypto/SRP.js | 53 | ||||
| -rw-r--r-- | frontend/gamma/js/Clipperz/Crypto/SRP.js | 53 |
3 files changed, 125 insertions, 48 deletions
diff --git a/frontend/beta/js/Clipperz/Crypto/SRP.js b/frontend/beta/js/Clipperz/Crypto/SRP.js index 8cc80ba..8c522ad 100644 --- a/frontend/beta/js/Clipperz/Crypto/SRP.js +++ b/frontend/beta/js/Clipperz/Crypto/SRP.js | |||
| @@ -44,6 +44,8 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, { | |||
| 44 | 44 | ||
| 45 | '_n': null, | 45 | '_n': null, |
| 46 | '_g': null, | 46 | '_g': null, |
| 47 | '_k': null, | ||
| 48 | |||
| 47 | //------------------------------------------------------------------------- | 49 | //------------------------------------------------------------------------- |
| 48 | 50 | ||
| 49 | 'n': function() { | 51 | 'n': function() { |
| @@ -64,6 +66,15 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, { | |||
| 64 | return Clipperz.Crypto.SRP._g; | 66 | return Clipperz.Crypto.SRP._g; |
| 65 | }, | 67 | }, |
| 66 | 68 | ||
| 69 | 'k': function() { | ||
| 70 | if (Clipperz.Crypto.SRP._k == null) { | ||
| 71 | // Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16); | ||
| 72 | Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16); | ||
| 73 | } | ||
| 74 | |||
| 75 | return Clipperz.Crypto.SRP._k; | ||
| 76 | }, | ||
| 77 | |||
| 67 | //----------------------------------------------------------------------------- | 78 | //----------------------------------------------------------------------------- |
| 68 | 79 | ||
| 69 | 'exception': { | 80 | 'exception': { |
| @@ -129,7 +140,6 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 129 | if (this._a == null) { | 140 | if (this._a == null) { |
| 130 | this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); | 141 | this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); |
| 131 | // this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10); | 142 | // this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10); |
| 132 | //MochiKit.Logging.logDebug("SRP a: " + this._a); | ||
| 133 | } | 143 | } |
| 134 | 144 | ||
| 135 | return this._a; | 145 | return this._a; |
| @@ -139,14 +149,12 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 139 | 149 | ||
| 140 | 'A': function () { | 150 | 'A': function () { |
| 141 | if (this._A == null) { | 151 | if (this._A == null) { |
| 142 | //Warning: this value should be strictly greater than zero: how should we perform this check? | 152 | //Warning: this value should be strictly greater than zero |
| 143 | this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n()); | 153 | this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n()); |
| 144 | 154 | if (this._A.equals(0) || negative(this._A)) { | |
| 145 | if (this._A.equals(0)) { | 155 | MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0."); |
| 146 | MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0."); | ||
| 147 | throw Clipperz.Crypto.SRP.exception.InvalidValue; | 156 | throw Clipperz.Crypto.SRP.exception.InvalidValue; |
| 148 | } | 157 | } |
| 149 | //MochiKit.Logging.logDebug("SRP A: " + this._A); | ||
| 150 | } | 158 | } |
| 151 | 159 | ||
| 152 | return this._A; | 160 | return this._A; |
| @@ -156,7 +164,6 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to | |||
| 156 | 164 | ||
| 157 | 's': function () { | 165 | 's': function () { |
| 158 | return this._s; | 166 | return this._s; |
| 159 | //MochiKit.Logging.logDebug("SRP s: " + this._S); | ||
| 160 | }, | 167 | }, |
| 161 | 168 | ||
| 162 | 'set_s': function(aValue) { | 169 | 'set_s': function(aValue) { |
| @@ -170,12 +177,10 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to | |||
| 170 | }, | 177 | }, |
| 171 | 178 | ||
| 172 | 'set_B': function(aValue) { | 179 | 'set_B': function(aValue) { |
| 173 | //Warning: this value should be strictly greater than zero: how should we perform this check? | 180 | //Warning: this value should be strictly greater than zero |
| 174 | if (! aValue.equals(0)) { | 181 | this._B = aValue; |
| 175 | this._B = aValue; | 182 | if (this._B.equals(0) || negative(this._B)) { |
| 176 | //MochiKit.Logging.logDebug("SRP B: " + this._B); | 183 | MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0."); |
| 177 | } else { | ||
| 178 | MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0."); | ||
| 179 | throw Clipperz.Crypto.SRP.exception.InvalidValue; | 184 | throw Clipperz.Crypto.SRP.exception.InvalidValue; |
| 180 | } | 185 | } |
| 181 | }, | 186 | }, |
| @@ -185,7 +190,6 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to | |||
| 185 | 'x': function () { | 190 | 'x': function () { |
| 186 | if (this._x == null) { | 191 | if (this._x == null) { |
| 187 | this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16); | 192 | this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16); |
| 188 | //MochiKit.Logging.logDebug("SRP x: " + this._x); | ||
| 189 | } | 193 | } |
| 190 | 194 | ||
| 191 | return this._x; | 195 | return this._x; |
| @@ -195,8 +199,7 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to | |||
| 195 | 199 | ||
| 196 | 'u': function () { | 200 | 'u': function () { |
| 197 | if (this._u == null) { | 201 | if (this._u == null) { |
| 198 | this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16); | 202 | this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16); |
| 199 | //MochiKit.Logging.logDebug("SRP u: " + this._u); | ||
| 200 | } | 203 | } |
| 201 | 204 | ||
| 202 | return this._u; | 205 | return this._u; |
| @@ -213,11 +216,16 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to | |||
| 213 | srp = Clipperz.Crypto.SRP; | 216 | srp = Clipperz.Crypto.SRP; |
| 214 | 217 | ||
| 215 | this._S =bigint.powerModule( | 218 | this._S =bigint.powerModule( |
| 216 | bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())), | 219 | bigint.subtract( |
| 217 | bigint.add(this.a(), bigint.multiply(this.u(), this.x())), | 220 | this.B(), |
| 218 | srp.n() | 221 | bigint.multiply( |
| 222 | Clipperz.Crypto.SRP.k(), | ||
| 223 | bigint.powerModule(srp.g(), this.x(), srp.n()) | ||
| 224 | ) | ||
| 225 | ), | ||
| 226 | bigint.add(this.a(), bigint.multiply(this.u(), this.x())), | ||
| 227 | srp.n() | ||
| 219 | ) | 228 | ) |
| 220 | //MochiKit.Logging.logDebug("SRP S: " + this._S); | ||
| 221 | } | 229 | } |
| 222 | 230 | ||
| 223 | return this._S; | 231 | return this._S; |
| @@ -228,7 +236,6 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to | |||
| 228 | 'K': function () { | 236 | 'K': function () { |
| 229 | if (this._K == null) { | 237 | if (this._K == null) { |
| 230 | this._K = this.stringHash(this.S().asString()); | 238 | this._K = this.stringHash(this.S().asString()); |
| 231 | //MochiKit.Logging.logDebug("SRP K: " + this._K); | ||
| 232 | } | 239 | } |
| 233 | 240 | ||
| 234 | return this._K; | 241 | return this._K; |
| @@ -238,8 +245,20 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to | |||
| 238 | 245 | ||
| 239 | 'M1': function () { | 246 | 'M1': function () { |
| 240 | if (this._M1 == null) { | 247 | if (this._M1 == null) { |
| 241 | this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K()); | 248 | // this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K()); |
| 242 | //MochiKit.Logging.logDebug("SRP M1: " + this._M1); | 249 | |
| 250 | //http://srp.stanford.edu/design.html | ||
| 251 | //User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K) | ||
| 252 | |||
| 253 | this._M1 = this.stringHash( | ||
| 254 | "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + | ||
| 255 | this.stringHash(this.C()) + | ||
| 256 | this.s().asString() + | ||
| 257 | this.A().asString() + | ||
| 258 | this.B().asString() + | ||
| 259 | this.K() | ||
| 260 | ); | ||
| 261 | //console.log("M1", this._M1); | ||
| 243 | } | 262 | } |
| 244 | 263 | ||
| 245 | return this._M1; | 264 | return this._M1; |
| @@ -250,7 +269,7 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to | |||
| 250 | 'M2': function () { | 269 | 'M2': function () { |
| 251 | if (this._M2 == null) { | 270 | if (this._M2 == null) { |
| 252 | this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K()); | 271 | this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K()); |
| 253 | //MochiKit.Logging.logDebug("SRP M2: " + this._M2); | 272 | //console.log("M2", this._M2); |
| 254 | } | 273 | } |
| 255 | 274 | ||
| 256 | return this._M2; | 275 | return this._M2; |
diff --git a/frontend/delta/js/Clipperz/Crypto/SRP.js b/frontend/delta/js/Clipperz/Crypto/SRP.js index 597e72d..6898dfb 100644 --- a/frontend/delta/js/Clipperz/Crypto/SRP.js +++ b/frontend/delta/js/Clipperz/Crypto/SRP.js | |||
| @@ -44,6 +44,8 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, { | |||
| 44 | 44 | ||
| 45 | '_n': null, | 45 | '_n': null, |
| 46 | '_g': null, | 46 | '_g': null, |
| 47 | '_k': null, | ||
| 48 | |||
| 47 | //------------------------------------------------------------------------- | 49 | //------------------------------------------------------------------------- |
| 48 | 50 | ||
| 49 | 'n': function() { | 51 | 'n': function() { |
| @@ -64,6 +66,15 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, { | |||
| 64 | return Clipperz.Crypto.SRP._g; | 66 | return Clipperz.Crypto.SRP._g; |
| 65 | }, | 67 | }, |
| 66 | 68 | ||
| 69 | 'k': function() { | ||
| 70 | if (Clipperz.Crypto.SRP._k == null) { | ||
| 71 | // Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16); | ||
| 72 | Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16); | ||
| 73 | } | ||
| 74 | |||
| 75 | return Clipperz.Crypto.SRP._k; | ||
| 76 | }, | ||
| 77 | |||
| 67 | //----------------------------------------------------------------------------- | 78 | //----------------------------------------------------------------------------- |
| 68 | 79 | ||
| 69 | 'exception': { | 80 | 'exception': { |
| @@ -138,10 +149,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 138 | 149 | ||
| 139 | 'A': function () { | 150 | 'A': function () { |
| 140 | if (this._A == null) { | 151 | if (this._A == null) { |
| 141 | //Warning: this value should be strictly greater than zero: how should we perform this check? | 152 | //Warning: this value should be strictly greater than zero |
| 142 | this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n()); | 153 | this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n()); |
| 143 | 154 | if (this._A.equals(0) || negative(this._A)) { | |
| 144 | if (this._A.equals(0)) { | ||
| 145 | Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0."); | 155 | Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0."); |
| 146 | throw Clipperz.Crypto.SRP.exception.InvalidValue; | 156 | throw Clipperz.Crypto.SRP.exception.InvalidValue; |
| 147 | } | 157 | } |
| @@ -167,10 +177,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 167 | }, | 177 | }, |
| 168 | 178 | ||
| 169 | 'set_B': function(aValue) { | 179 | 'set_B': function(aValue) { |
| 170 | //Warning: this value should be strictly greater than zero: how should we perform this check? | 180 | //Warning: this value should be strictly greater than zero |
| 171 | if (! aValue.equals(0)) { | 181 | this._B = aValue; |
| 172 | this._B = aValue; | 182 | if (this._B.equals(0) || negative(this._B)) { |
| 173 | } else { | ||
| 174 | Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0."); | 183 | Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0."); |
| 175 | throw Clipperz.Crypto.SRP.exception.InvalidValue; | 184 | throw Clipperz.Crypto.SRP.exception.InvalidValue; |
| 176 | } | 185 | } |
| @@ -190,7 +199,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 190 | 199 | ||
| 191 | 'u': function () { | 200 | 'u': function () { |
| 192 | if (this._u == null) { | 201 | if (this._u == null) { |
| 193 | this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16); | 202 | this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16); |
| 194 | } | 203 | } |
| 195 | 204 | ||
| 196 | return this._u; | 205 | return this._u; |
| @@ -207,9 +216,15 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 207 | srp = Clipperz.Crypto.SRP; | 216 | srp = Clipperz.Crypto.SRP; |
| 208 | 217 | ||
| 209 | this._S =bigint.powerModule( | 218 | this._S =bigint.powerModule( |
| 210 | bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())), | 219 | bigint.subtract( |
| 211 | bigint.add(this.a(), bigint.multiply(this.u(), this.x())), | 220 | this.B(), |
| 212 | srp.n() | 221 | bigint.multiply( |
| 222 | Clipperz.Crypto.SRP.k(), | ||
| 223 | bigint.powerModule(srp.g(), this.x(), srp.n()) | ||
| 224 | ) | ||
| 225 | ), | ||
| 226 | bigint.add(this.a(), bigint.multiply(this.u(), this.x())), | ||
| 227 | srp.n() | ||
| 213 | ) | 228 | ) |
| 214 | } | 229 | } |
| 215 | 230 | ||
| @@ -230,7 +245,20 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 230 | 245 | ||
| 231 | 'M1': function () { | 246 | 'M1': function () { |
| 232 | if (this._M1 == null) { | 247 | if (this._M1 == null) { |
| 233 | this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K()); | 248 | // this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K()); |
| 249 | |||
| 250 | //http://srp.stanford.edu/design.html | ||
| 251 | //User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K) | ||
| 252 | |||
| 253 | this._M1 = this.stringHash( | ||
| 254 | "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + | ||
| 255 | this.stringHash(this.C()) + | ||
| 256 | this.s().asString() + | ||
| 257 | this.A().asString() + | ||
| 258 | this.B().asString() + | ||
| 259 | this.K() | ||
| 260 | ); | ||
| 261 | //console.log("M1", this._M1); | ||
| 234 | } | 262 | } |
| 235 | 263 | ||
| 236 | return this._M1; | 264 | return this._M1; |
| @@ -241,6 +269,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 241 | 'M2': function () { | 269 | 'M2': function () { |
| 242 | if (this._M2 == null) { | 270 | if (this._M2 == null) { |
| 243 | this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K()); | 271 | this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K()); |
| 272 | //console.log("M2", this._M2); | ||
| 244 | } | 273 | } |
| 245 | 274 | ||
| 246 | return this._M2; | 275 | return this._M2; |
diff --git a/frontend/gamma/js/Clipperz/Crypto/SRP.js b/frontend/gamma/js/Clipperz/Crypto/SRP.js index 597e72d..6898dfb 100644 --- a/frontend/gamma/js/Clipperz/Crypto/SRP.js +++ b/frontend/gamma/js/Clipperz/Crypto/SRP.js | |||
| @@ -44,6 +44,8 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, { | |||
| 44 | 44 | ||
| 45 | '_n': null, | 45 | '_n': null, |
| 46 | '_g': null, | 46 | '_g': null, |
| 47 | '_k': null, | ||
| 48 | |||
| 47 | //------------------------------------------------------------------------- | 49 | //------------------------------------------------------------------------- |
| 48 | 50 | ||
| 49 | 'n': function() { | 51 | 'n': function() { |
| @@ -64,6 +66,15 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, { | |||
| 64 | return Clipperz.Crypto.SRP._g; | 66 | return Clipperz.Crypto.SRP._g; |
| 65 | }, | 67 | }, |
| 66 | 68 | ||
| 69 | 'k': function() { | ||
| 70 | if (Clipperz.Crypto.SRP._k == null) { | ||
| 71 | // Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16); | ||
| 72 | Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16); | ||
| 73 | } | ||
| 74 | |||
| 75 | return Clipperz.Crypto.SRP._k; | ||
| 76 | }, | ||
| 77 | |||
| 67 | //----------------------------------------------------------------------------- | 78 | //----------------------------------------------------------------------------- |
| 68 | 79 | ||
| 69 | 'exception': { | 80 | 'exception': { |
| @@ -138,10 +149,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 138 | 149 | ||
| 139 | 'A': function () { | 150 | 'A': function () { |
| 140 | if (this._A == null) { | 151 | if (this._A == null) { |
| 141 | //Warning: this value should be strictly greater than zero: how should we perform this check? | 152 | //Warning: this value should be strictly greater than zero |
| 142 | this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n()); | 153 | this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n()); |
| 143 | 154 | if (this._A.equals(0) || negative(this._A)) { | |
| 144 | if (this._A.equals(0)) { | ||
| 145 | Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0."); | 155 | Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0."); |
| 146 | throw Clipperz.Crypto.SRP.exception.InvalidValue; | 156 | throw Clipperz.Crypto.SRP.exception.InvalidValue; |
| 147 | } | 157 | } |
| @@ -167,10 +177,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 167 | }, | 177 | }, |
| 168 | 178 | ||
| 169 | 'set_B': function(aValue) { | 179 | 'set_B': function(aValue) { |
| 170 | //Warning: this value should be strictly greater than zero: how should we perform this check? | 180 | //Warning: this value should be strictly greater than zero |
| 171 | if (! aValue.equals(0)) { | 181 | this._B = aValue; |
| 172 | this._B = aValue; | 182 | if (this._B.equals(0) || negative(this._B)) { |
| 173 | } else { | ||
| 174 | Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0."); | 183 | Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0."); |
| 175 | throw Clipperz.Crypto.SRP.exception.InvalidValue; | 184 | throw Clipperz.Crypto.SRP.exception.InvalidValue; |
| 176 | } | 185 | } |
| @@ -190,7 +199,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 190 | 199 | ||
| 191 | 'u': function () { | 200 | 'u': function () { |
| 192 | if (this._u == null) { | 201 | if (this._u == null) { |
| 193 | this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16); | 202 | this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16); |
| 194 | } | 203 | } |
| 195 | 204 | ||
| 196 | return this._u; | 205 | return this._u; |
| @@ -207,9 +216,15 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 207 | srp = Clipperz.Crypto.SRP; | 216 | srp = Clipperz.Crypto.SRP; |
| 208 | 217 | ||
| 209 | this._S =bigint.powerModule( | 218 | this._S =bigint.powerModule( |
| 210 | bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())), | 219 | bigint.subtract( |
| 211 | bigint.add(this.a(), bigint.multiply(this.u(), this.x())), | 220 | this.B(), |
| 212 | srp.n() | 221 | bigint.multiply( |
| 222 | Clipperz.Crypto.SRP.k(), | ||
| 223 | bigint.powerModule(srp.g(), this.x(), srp.n()) | ||
| 224 | ) | ||
| 225 | ), | ||
| 226 | bigint.add(this.a(), bigint.multiply(this.u(), this.x())), | ||
| 227 | srp.n() | ||
| 213 | ) | 228 | ) |
| 214 | } | 229 | } |
| 215 | 230 | ||
| @@ -230,7 +245,20 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 230 | 245 | ||
| 231 | 'M1': function () { | 246 | 'M1': function () { |
| 232 | if (this._M1 == null) { | 247 | if (this._M1 == null) { |
| 233 | this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K()); | 248 | // this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K()); |
| 249 | |||
| 250 | //http://srp.stanford.edu/design.html | ||
| 251 | //User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K) | ||
| 252 | |||
| 253 | this._M1 = this.stringHash( | ||
| 254 | "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + | ||
| 255 | this.stringHash(this.C()) + | ||
| 256 | this.s().asString() + | ||
| 257 | this.A().asString() + | ||
| 258 | this.B().asString() + | ||
| 259 | this.K() | ||
| 260 | ); | ||
| 261 | //console.log("M1", this._M1); | ||
| 234 | } | 262 | } |
| 235 | 263 | ||
| 236 | return this._M1; | 264 | return this._M1; |
| @@ -241,6 +269,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | |||
| 241 | 'M2': function () { | 269 | 'M2': function () { |
| 242 | if (this._M2 == null) { | 270 | if (this._M2 == null) { |
| 243 | this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K()); | 271 | this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K()); |
| 272 | //console.log("M2", this._M2); | ||
| 244 | } | 273 | } |
| 245 | 274 | ||
| 246 | return this._M2; | 275 | return this._M2; |