danog/fast-srp
1
0
Fork 0
mirror of https://github.com/danog/fast-srp.git synced 2024-11-26 20:04:49 +01:00
Code Issues Projects Releases Wiki Activity

HAP Modification.

Browse Source
This commit is contained in:
Khaos Tian 2016-11-01 16:36:40 -07:00
parent 3ca4cef4f2
commit 24a32ff313
2 changed files with 44 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/params.js
View File

@ -79,7 +79,7 @@ module.exports = {
+'BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC' +'BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC'
+'E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF'), +'E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF'),
g: hex('05'), g: hex('05'),
hash: 'sha256'}, hash: 'sha512'},
4096: { 4096: {
N_length_bits: 4096, N_length_bits: 4096,

66
lib/srp.js
View File

@ -301,49 +301,57 @@ function getK(params, S_buf) {
.digest(); .digest();
}; };
function getM1(params, A_buf, B_buf, S_buf) { function getM1(params, u_buf, s_buf, A_buf, B_buf, K_buf) {
assertIsBuffer(u_buf, params, "identity (I)");
assertIsBuffer(s_buf, params, "salt (s)")
assertIsNBuffer(A_buf, params, "A"); assertIsNBuffer(A_buf, params, "A");
assertIsNBuffer(B_buf, params, "B"); assertIsNBuffer(B_buf, params, "B");
assertIsNBuffer(S_buf, params, "S"); assertIsBuffer(K_buf, params, "K");
var hN = crypto.createHash(params.hash).update(params.N.toBuffer()).digest();
var hG = crypto.createHash(params.hash).update(params.g.toBuffer()).digest();
for (var i = 0; i < hN.length; i++)
hN[i] ^= hG[i];
var hU = crypto.createHash(params.hash).update(u_buf).digest();
return crypto.createHash(params.hash) return crypto.createHash(params.hash)
.update(A_buf).update(B_buf).update(S_buf) .update(hN).update(hU).update(s_buf)
.update(A_buf).update(B_buf).update(K_buf)
.digest(); .digest();
} }
function getM2(params, A_buf, M_buf, K_buf) { function getM2(params, A_buf, M1_buf, K_buf) {
assertIsNBuffer(A_buf, params, "A"); assertIsNBuffer(A_buf, params, "A");
assertIsBuffer(M_buf, "M"); assertIsBuffer(M1_buf, params, "M1");
assertIsBuffer(K_buf, "K"); assertIsBuffer(K_buf, params, "K");
return crypto.createHash(params.hash) return crypto.createHash(params.hash)
.update(A_buf).update(M_buf).update(K_buf) .update(A_buf).update(M1_buf).update(K_buf)
.digest(); .digest();
} }
function equal(buf1, buf2) { function equal(buf1, buf2) {
// constant-time comparison. A drop in the ocean compared to our // constant-time comparison. A drop in the ocean compared to our
// non-constant-time modexp operations, but still good practice. // non-constant-time modexp operations, but still good practice.
var mismatch = buf1.length - buf2.length; return buf1.toString('hex') === buf2.toString('hex');
if (mismatch) {
return false;
}
for (var i = 0; i < buf1.length; i++) {
mismatch |= buf1[i] ^ buf2[i];
}
return mismatch === 0;
} }
function Client(params, salt_buf, identity_buf, password_buf, secret1_buf) { function Client(params, salt_buf, identity_buf, password_buf, secret1_buf) {
if (!(this instanceof Client)) { if (!(this instanceof Client)) {
return new Client(params, salt_buf, identity_buf, password_buf, secret1_buf); return new Client(params, salt_buf, identity_buf, password_buf, secret1_buf);
} }
assertIsBuffer(salt_buf, "salt (salt)"); assertIsBuffer(salt_buf, "salt (s)");
assertIsBuffer(identity_buf, "identity (I)"); assertIsBuffer(identity_buf, "identity (I)");
assertIsBuffer(password_buf, "password (P)"); assertIsBuffer(password_buf, "password (P)");
assertIsBuffer(secret1_buf, "secret1"); assertIsBuffer(secret1_buf, "secret1");
this._private = { params: params, this._private = { params: params,
k_num: getk(params), k_num: getk(params),
x_num: getx(params, salt_buf, identity_buf, password_buf), x_num: getx(params, salt_buf, identity_buf, password_buf),
a_num: new BigInteger(secret1_buf) }; a_num: new BigInteger(secret1_buf),
u_buf: identity_buf,
s_buf: salt_buf };
this._private.A_buf = getA(params, this._private.a_num); this._private.A_buf = getA(params, this._private.a_num);
} }
@ -361,6 +369,9 @@ Client.prototype = {
p.M2_buf = getM2(p.params, p.A_buf, p.M1_buf, p.K_buf); p.M2_buf = getM2(p.params, p.A_buf, p.M1_buf, p.K_buf);
p.u_num = u_num; // only for tests p.u_num = u_num; // only for tests
p.S_buf = S_buf_x; // only for tests p.S_buf = S_buf_x; // only for tests
p.B_buf = B_buf;
p.M1_buf = getM1(p.params, p.u_buf, p.s_buf, p.A_buf, p.B_buf, p.K_buf);
p.M2_buf = getM2(p.params, p.A_buf, p.M1_buf, p.K_buf);
}, },
computeM1: function computeM1() { computeM1: function computeM1() {
if (this._private.M1_buf === undefined) if (this._private.M1_buf === undefined)
@ -378,16 +389,20 @@ Client.prototype = {
} }
}; };
function Server(params, verifier_buf, secret2_buf) { function Server(params, salt_buf, identity_buf, password_buf, secret2_buf) {
if (!(this instanceof Server)) { if (!(this instanceof Server)) {
return new Server(params, verifier_buf, secret2_buf); return new Server(params, salt_buf, identity_buf, password_buf, secret2_buf);
} }
assertIsBuffer(verifier_buf, "verifier"); assertIsBuffer(salt_buf, "salt (salt)");
assertIsBuffer(identity_buf, "identity (I)");
assertIsBuffer(password_buf, "password (P)");
assertIsBuffer(secret2_buf, "secret2"); assertIsBuffer(secret2_buf, "secret2");
this._private = { params: params, this._private = { params: params,
k_num: getk(params), k_num: getk(params),
b_num: new BigInteger(secret2_buf), b_num: new BigInteger(secret2_buf),
v_num: new BigInteger(verifier_buf) }; v_num: new BigInteger(computeVerifier(params, salt_buf, identity_buf, password_buf)),
u_buf: identity_buf,
s_buf: salt_buf };
this._private.B_buf = getB(params, this._private.k_num, this._private.B_buf = getB(params, this._private.k_num,
this._private.v_num, this._private.b_num); this._private.v_num, this._private.b_num);
@ -403,7 +418,7 @@ Server.prototype = {
var u_num = getu(p.params, A_buf, p.B_buf); var u_num = getu(p.params, A_buf, p.B_buf);
var S_buf = server_getS(p.params, p.v_num, A_num, p.b_num, u_num); var S_buf = server_getS(p.params, p.v_num, A_num, p.b_num, u_num);
p.K_buf = getK(p.params, S_buf); p.K_buf = getK(p.params, S_buf);
p.M1_buf = getM1(p.params, A_buf, p.B_buf, S_buf); p.M1_buf = getM1(p.params, p.u_buf, p.s_buf, A_buf, p.B_buf, p.K_buf);
p.M2_buf = getM2(p.params, A_buf, p.M1_buf, p.K_buf); p.M2_buf = getM2(p.params, A_buf, p.M1_buf, p.K_buf);
p.u_num = u_num; // only for tests p.u_num = u_num; // only for tests
p.S_buf = S_buf; // only for tests p.S_buf = S_buf; // only for tests
@ -413,12 +428,17 @@ Server.prototype = {
throw new Error("incomplete protocol"); throw new Error("incomplete protocol");
if (!equal(this._private.M1_buf, clientM1_buf)) if (!equal(this._private.M1_buf, clientM1_buf))
throw new Error("client did not use the same password"); throw new Error("client did not use the same password");
return this._private.M2_buf; // return this._private.M2_buf;
}, },
computeK: function computeK() { computeK: function computeK() {
if (this._private.K_buf === undefined) if (this._private.K_buf === undefined)
throw new Error("incomplete protocol"); throw new Error("incomplete protocol");
return this._private.K_buf; return this._private.K_buf;
},
computeM2: function computeM2() {
if (this._private.M2_buf === undefined)
throw new Error("incomplete protocol");
return this._private.M2_buf;
} }
}; };