author | Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 2014-06-02 11:39:16 (UTC) |
---|---|---|
committer | Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 2014-06-02 16:35:38 (UTC) |
commit | 0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (unidiff) | |
tree | df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend | |
parent | 7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff) | |
download | clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2 |
Fixed authentication procedure for offline copy
3 files changed, 83 insertions, 26 deletions
diff --git a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index 1a5caff..b0b9b63 100644 --- a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js | |||
@@ -38,4 +38,5 @@ Clipperz.PM.Proxy.Offline.DataStore = function(args) { | |||
38 | this._connections = {}; | 38 | this._connections = {}; |
39 | 39 | ||
40 | this._C = null; | ||
40 | this._b = null; | 41 | this._b = null; |
41 | this._B = null; | 42 | this._B = null; |
@@ -145,4 +146,14 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { | |||
145 | //========================================================================= | 146 | //========================================================================= |
146 | 147 | ||
148 | 'C': function() { | ||
149 | return this._C; | ||
150 | }, | ||
151 | |||
152 | 'set_C': function(aValue) { | ||
153 | this._C = aValue; | ||
154 | }, | ||
155 | |||
156 | //------------------------------------------------------------------------- | ||
157 | |||
147 | 'b': function() { | 158 | 'b': function() { |
148 | return this._b; | 159 | return this._b; |
@@ -237,6 +248,6 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { | |||
237 | 248 | ||
238 | //========================================================================= | 249 | //========================================================================= |
239 | 250 | ||
240 | 'processMessage': function(aFunctionName, someParameters) { | 251 | 'processMessage': function (aFunctionName, someParameters) { |
241 | var result; | 252 | var result; |
242 | 253 | ||
@@ -304,5 +315,5 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { | |||
304 | } | 315 | } |
305 | } else { | 316 | } else { |
306 | throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; | 317 | throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; |
307 | } | 318 | } |
308 | 319 | ||
@@ -311,5 +322,5 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { | |||
311 | 'lock': this.data()['users'][someParameters['credentials']['C']]['lock'], | 322 | 'lock': this.data()['users'][someParameters['credentials']['C']]['lock'], |
312 | 'result':'done' | 323 | 'result':'done' |
313 | }, | 324 | }, |
314 | toll: this.getTollForRequestType('CONNECT') | 325 | toll: this.getTollForRequestType('CONNECT') |
315 | } | 326 | } |
@@ -341,7 +352,8 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { | |||
341 | 352 | ||
342 | randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); | 353 | randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); |
354 | this.set_C(someParameters.parameters.C); | ||
343 | this.set_b(new Clipperz.Crypto.BigInt(randomBytes, 16)); | 355 | this.set_b(new Clipperz.Crypto.BigInt(randomBytes, 16)); |
344 | v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); | 356 | v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); |
345 | this.set_B(v.add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); | 357 | this.set_B((Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); |
346 | 358 | ||
347 | this.set_A(someParameters.parameters.A); | 359 | this.set_A(someParameters.parameters.A); |
@@ -352,19 +364,34 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { | |||
352 | nextTollRequestType = 'CONNECT'; | 364 | nextTollRequestType = 'CONNECT'; |
353 | } else if (someParameters.message == "credentialCheck") { | 365 | } else if (someParameters.message == "credentialCheck") { |
354 | var v, u, S, A, K, M1; | 366 | var v, u, s, S, A, K, M1; |
367 | var stringHash = function (aValue) { | ||
368 | return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); | ||
369 | }; | ||
355 | 370 | ||
356 | //console.log(">>> Proxy.Offline.DataStore._handshake.credentialCheck", someParameters); | 371 | //console.log(">>> Proxy.Offline.DataStore._handshake.credentialCheck", someParameters); |
357 | v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); | 372 | v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); |
358 | u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(this.B().asString(10))).toHexString(), 16); | ||
359 | A = new Clipperz.Crypto.BigInt(this.A(), 16); | 373 | A = new Clipperz.Crypto.BigInt(this.A(), 16); |
374 | u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10))).toHexString(), 16); | ||
375 | s = new Clipperz.Crypto.BigInt(this.userData()['s'], 16); | ||
360 | S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(this.b(), Clipperz.Crypto.SRP.n()); | 376 | S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(this.b(), Clipperz.Crypto.SRP.n()); |
361 | 377 | ||
362 | K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); | 378 | K = stringHash(S.asString(10)); |
363 | 379 | ||
364 | M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10) + K)).toHexString().slice(2); | 380 | M1 = stringHash( |
381 | "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + | ||
382 | stringHash(this.C()) + | ||
383 | s.asString(10) + | ||
384 | A.asString(10) + | ||
385 | this.B().asString(10) + | ||
386 | K | ||
387 | ); | ||
365 | if (someParameters.parameters.M1 == M1) { | 388 | if (someParameters.parameters.M1 == M1) { |
366 | var M2; | 389 | var M2; |
367 | 390 | ||
368 | M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); | 391 | M2 = stringHash( |
392 | A.asString(10) + | ||
393 | someParameters.parameters.M1 + | ||
394 | K | ||
395 | ); | ||
369 | result['M2'] = M2; | 396 | result['M2'] = M2; |
370 | } else { | 397 | } else { |
diff --git a/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js b/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js index 3f16f70..d03f873 100644 --- a/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js +++ b/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js | |||
@@ -89,5 +89,5 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.LocalStorageDataStore, Clipperz.P | |||
89 | aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); | 89 | aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); |
90 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); | 90 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); |
91 | aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); | 91 | aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); |
92 | 92 | ||
93 | aConnection['A'] = someParameters.parameters.A; | 93 | aConnection['A'] = someParameters.parameters.A; |
@@ -98,18 +98,33 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.LocalStorageDataStore, Clipperz.P | |||
98 | nextTollRequestType = 'CONNECT'; | 98 | nextTollRequestType = 'CONNECT'; |
99 | } else if (someParameters.message == "credentialCheck") { | 99 | } else if (someParameters.message == "credentialCheck") { |
100 | var v, u, S, A, K, M1; | 100 | var v, u, s, S, A, K, M1; |
101 | var stringHash = function (aValue) { | ||
102 | return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); | ||
103 | }; | ||
101 | 104 | ||
102 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); | 105 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); |
103 | u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16); | ||
104 | A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); | 106 | A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); |
107 | u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16); | ||
108 | s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16); | ||
105 | S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); | 109 | S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); |
106 | 110 | ||
107 | K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); | 111 | K = stringHash(S.asString(10)); |
108 | 112 | ||
109 | M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2); | 113 | M1 = stringHash( |
114 | "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + | ||
115 | stringHash(aConnection['C']) + | ||
116 | s.asString(10) + | ||
117 | A.asString(10) + | ||
118 | aConnection['B'].asString(10) + | ||
119 | K | ||
120 | ); | ||
110 | if (someParameters.parameters.M1 == M1) { | 121 | if (someParameters.parameters.M1 == M1) { |
111 | var M2; | 122 | var M2; |
112 | 123 | ||
113 | M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); | 124 | M2 = stringHash( |
125 | A.asString(10) + | ||
126 | someParameters.parameters.M1 + | ||
127 | K | ||
128 | ); | ||
114 | result['M2'] = M2; | 129 | result['M2'] = M2; |
115 | } else { | 130 | } else { |
diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index b806cb7..e5f68a8 100644 --- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js | |||
@@ -37,5 +37,5 @@ Clipperz.PM.Proxy.Offline.DataStore = function(args) { | |||
37 | this._tolls = {}; | 37 | this._tolls = {}; |
38 | this._currentStaticConnection = null; | 38 | this._currentStaticConnection = null; |
39 | 39 | ||
40 | return this; | 40 | return this; |
41 | } | 41 | } |
@@ -292,5 +292,5 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { | |||
292 | } | 292 | } |
293 | } else { | 293 | } else { |
294 | throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; | 294 | throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; |
295 | } | 295 | } |
296 | 296 | ||
@@ -299,5 +299,5 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { | |||
299 | 'lock': this.data()['users'][someParameters['credentials']['C']]['lock'], | 299 | 'lock': this.data()['users'][someParameters['credentials']['C']]['lock'], |
300 | 'result':'done' | 300 | 'result':'done' |
301 | }, | 301 | }, |
302 | toll: this.getTollForRequestType('CONNECT') | 302 | toll: this.getTollForRequestType('CONNECT') |
303 | } | 303 | } |
@@ -330,5 +330,5 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { | |||
330 | aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); | 330 | aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); |
331 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); | 331 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); |
332 | aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); | 332 | aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); |
333 | 333 | ||
334 | aConnection['A'] = someParameters.parameters.A; | 334 | aConnection['A'] = someParameters.parameters.A; |
@@ -339,18 +339,33 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { | |||
339 | nextTollRequestType = 'CONNECT'; | 339 | nextTollRequestType = 'CONNECT'; |
340 | } else if (someParameters.message == "credentialCheck") { | 340 | } else if (someParameters.message == "credentialCheck") { |
341 | var v, u, S, A, K, M1; | 341 | var v, u, s, S, A, K, M1; |
342 | 342 | var stringHash = function (aValue) { | |
343 | return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); | ||
344 | }; | ||
345 | |||
343 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); | 346 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); |
344 | u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16); | ||
345 | A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); | 347 | A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); |
348 | u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16); | ||
349 | s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16); | ||
346 | S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); | 350 | S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); |
347 | 351 | ||
348 | K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); | 352 | K = stringHash(S.asString(10)); |
349 | 353 | ||
350 | M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2); | 354 | M1 = stringHash( |
355 | "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + | ||
356 | stringHash(aConnection['C']) + | ||
357 | s.asString(10) + | ||
358 | A.asString(10) + | ||
359 | aConnection['B'].asString(10) + | ||
360 | K | ||
361 | ); | ||
351 | if (someParameters.parameters.M1 == M1) { | 362 | if (someParameters.parameters.M1 == M1) { |
352 | var M2; | 363 | var M2; |
353 | 364 | ||
354 | M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); | 365 | M2 = stringHash( |
366 | A.asString(10) + | ||
367 | someParameters.parameters.M1 + | ||
368 | K | ||
369 | ); | ||
355 | result['M2'] = M2; | 370 | result['M2'] = M2; |
356 | } else { | 371 | } else { |