Fixed vulnerability CLP-01-016

1 files changed, 38 insertions, 9 deletions

diff --git a/frontend/delta/js/Clipperz/Crypto/SRP.js b/frontend/delta/js/Clipperz/Crypto/SRP.js
index 597e72d..6898dfb 100644
--- a/frontend/delta/js/Clipperz/Crypto/SRP.js
+++ b/frontend/delta/js/Clipperz/Crypto/SRP.js
@@ -46,2 +46,4 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, {
 	'_g': null,
+	'_k': null,
+	
 	//-------------------------------------------------------------------------
@@ -66,2 +68,11 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, {
 
+	'k': function() {
+		if (Clipperz.Crypto.SRP._k == null) {
+//			Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16);
+			Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16);
+		}
+		
+		return Clipperz.Crypto.SRP._k;
+	},
+	
 	//-----------------------------------------------------------------------------
@@ -140,6 +151,5 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 		if (this._A == null) {
-			//	Warning: this value should be strictly greater than zero: how should we perform this check?
+			//	Warning: this value should be strictly greater than zero
 			this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n());
-			
-			if (this._A.equals(0)) {
+			if (this._A.equals(0) || negative(this._A)) {
 				Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
@@ -169,6 +179,5 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 	'set_B': function(aValue) {
-		//	Warning: this value should be strictly greater than zero: how should we perform this check?
-		if (! aValue.equals(0)) {
+		//	Warning: this value should be strictly greater than zero
 			this._B = aValue;
-		} else {
+		if (this._B.equals(0) || negative(this._B)) {
 			Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
@@ -192,3 +201,3 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 		if (this._u == null) {
-			this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16);
+			this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16);
 		}
@@ -209,3 +218,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 			this._S =	bigint.powerModule(
-								bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())),
+							bigint.subtract(
+								this.B(),
+								bigint.multiply(
+									Clipperz.Crypto.SRP.k(),
+									bigint.powerModule(srp.g(), this.x(), srp.n())
+								)
+							),
 								bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
@@ -232,3 +247,16 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 		if (this._M1 == null) {
-			this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+//			this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+
+			//	http://srp.stanford.edu/design.html
+			//	User -> Host:  M = H(H(N) xor H(g), H(I), s, A, B, K)
+
+			this._M1 = this.stringHash(
+				"597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+				this.stringHash(this.C()) +
+				this.s().asString() +
+				this.A().asString() +
+				this.B().asString() +
+				this.K()
+			);
+//console.log("M1", this._M1);
 		}
@@ -243,2 +271,3 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 			this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K());
+//console.log("M2", this._M2);
 		}