1 files changed, 12 insertions, 5 deletions

diff --git a/backend/node/src/clipperz.js b/backend/node/src/clipperz.js
index 37b9cae..72b6c9f 100644
--- a/backend/node/src/clipperz.js
+++ b/backend/node/src/clipperz.js
@@ -26,48 +26,50 @@ function clipperz_store(PG) {
     "UPDATE clipperz.thesession SET s_data=$1, s_mtime=current_timestamp"
    +" WHERE s_id=$2",[d,sid], function(e,r) {
    if(e) return cb(e);
    if(r.rowCount) return cb();
    PG.Q("INSERT INTO clipperz.thesession (s_id,s_data) VALUES ($1,$2)",[sid,d],cb);
   });
  };
  rv.prototype.destroy = function(sid,cb) { PG.Q(
   "DELETE FROM clipperz.thesession WHERE s_id=$1",[sid],cb
  ) };
  rv.prototype.length = function(cb) { PG.Q(
   "SELECT count(*) AS c FROM clipperz.thesession", function(e,r) {
      cb(e,e?null:r.rows[0].c);
   }
  ) };
  rv.prototype.clear = function(cb) { PQ.Q(
   "TRUNCATE clipperz.thesession", cb
  ) };
  rv.prototype.__proto__ = express_store.prototype;
  return rv;
 }
 
 var srp_g = BIGNUM(2);
 var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16);
+var srp_k = BIGNUM("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e",16);
+var srp_hn = "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529";
 var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00';
 
 
 var CLIPPERZ = module.exports = function(CONFIG) {
 
  var LOGGER = CONFIG.logger||{trace:function(){}};
 
  var PG = {
   url: CONFIG.psql,
   PG: require('pg').native,
   Q: function(q,a,cb) {
    if('function'===typeof a) cb=a,a=[];
    LOGGER.trace({query:q,args:a},'SQL: %s',q);
    PG.PG.connect(PG.url,function(e,C,D) {
 	if(e) return cb(e);
 	var t0=new Date();
 	C.query(q,a,function(e,r) {
 	 var t1=new Date(), dt=t1-t0;
 	 D();
 	 LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt);
 	 cb(e,r);
 	});
    });
   },
@@ -154,61 +156,66 @@ var CLIPPERZ = module.exports = function(CONFIG) {
 	 +"  otps_id=CASE WHEN s.otps_code='REQUESTED' THEN ("
 	 +"   SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'"
 	 +"  ) ELSE otp.otps_id END,"
 	 +"  otp_utime=current_timestamp"
 	 +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"
 	 +" WHERE"
 	 +"  o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id"
 	 +"  AND otp.otp_id=$1 AND otp.u_id=$2"
 	 +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref",
 	 [ req.session.otp, req.session.u ],
 	 function(e,r) {
 	 if(e) return cb(e);
 	 if(!r.rowCount) return cb(new Error('no OTP found'));
 	 r=r.rows[0];
 	 if(!r.yes) return cb(new Error('OTP is in a sorry state'));
 	 cb(null,{ref:r.otp_ref});
 	});
        }]
       },function(e,r) {
        if(e) return cb(e);
        req.session.C = ppp.C; req.session.A = ppp.A;
        req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v;
        req.session.u = r.u.u_id;
        req.session.b = clipperz_random();
-       req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16);
+       req.session.B = srp_k.mul(BIGNUM(req.session.v,16)).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16);
        var rv = {s:req.session.s,B:req.session.B}
        if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref;
        res.res(rv);
       });
  
       case 'credentialCheck':
-       var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10));
+       var u = clipperz_hash(BIGNUM(req.session.A,16).toString(10)+BIGNUM(req.session.B,16).toString(10));
        var A = BIGNUM(req.session.A,16);
-       var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm(
-		BIGNUM(req.session.b,16), srp_n);
+       var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm(BIGNUM(req.session.b,16),srp_n);
        var K = clipperz_hash(S.toString(10));
-       var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16));
+       var M1 = clipperz_hash(
+                 srp_hn
+		 +clipperz_hash(req.session.C)
+		 +BIGNUM(req.session.s,16).toString(10)
+		 +A.toString(10)
+		 +BIGNUM(req.session.B,16).toString(10)
+		 +K );
        if(M1!=ppp.M1) return res.res({error:'?'});
        req.session.K = K;
        var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16));
        return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'});
 
       case 'oneTimePassword': return PG.Q(
 	"UPDATE clipperz.theotp AS otp"
        +" SET"
        +"  otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE ("
        +"   SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE"
        +"    WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'"
        +"    ELSE 'DISABLED' END"
        +"  ) END,"
        +"  otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END,"
        +"  otp_utime = current_timestamp,"
        +"  otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END"
        +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"
        +" WHERE"
        +"  o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1"
        +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version",
        [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ],
        function(e,r) {
        if(e) return cb(e);
        if(!r.rowCount) return cb(new Error('OTP not found'));