Fixed authentication procedure for offline copy

author: Giulio Cesare Solaroli <giulio.cesare@clipperz.com> 2014-06-02 11:39:16 (UTC)
committer: Giulio Cesare Solaroli <giulio.cesare@clipperz.com> 2014-06-02 16:35:38 (UTC)
commit: 0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (unidiff)
tree: df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/gamma/js
parent: 7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff)
download: clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip
clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz
clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2
1 files changed, 25 insertions, 10 deletions
diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
index b806cb7..e5f68a8 100644
--- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
+++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -36,7 +36,7 @@ Clipperz.PM.Proxy.Offline.DataStore = function(args) {
        this._tolls = {};
        this._currentStaticConnection = null;
-        
        return this;
 }
@@ -291,14 +291,14 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
                                throw "user already exists";
                        }
                } else {
-                        throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
+                throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
                }
                result = {
                        result: {
                                        'lock':         this.data()['users'][someParameters['credentials']['C']]['lock'],
                                        'result':'done'
-                        },
+        },
                        toll:   this.getTollForRequestType('CONNECT')
                }
@@ -329,7 +329,7 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
                        randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
                        aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);
                        v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
-                        aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
+                        aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
                        
                        aConnection['A'] = someParameters.parameters.A;
                        
@@ -338,20 +338,35 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
                        
                        nextTollRequestType = 'CONNECT';
                } else if (someParameters.message == "credentialCheck") {
-                        var v, u, S, A, K, M1;
+                        var v, u, s, S, A, K, M1;
-                        
+                        var stringHash = function (aValue) {
+                                return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
+                        };
                        v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
-                        u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16);
                        A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);
+                        u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16);
+                        s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16);
                        S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());
-                        K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2);
+                        K = stringHash(S.asString(10));
-                        M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2);
+                        M1 = stringHash(
+                                "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+                                stringHash(aConnection['C']) +
+                                s.asString(10) +
+                                A.asString(10) +
+                                aConnection['B'].asString(10) +
+                                K
+                        );
                        if (someParameters.parameters.M1 == M1) {
                                var M2;
                                
-                                M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2);
+                                M2 = stringHash(
+                                        A.asString(10) +
+                                        someParameters.parameters.M1 +
+                                        K
+                                );
                                result['M2'] = M2;
                        } else {
                                throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");
author	Giulio Cesare Solaroli <giulio.cesare@clipperz.com>	2014-06-02 11:39:16 (UTC)
committer	Giulio Cesare Solaroli <giulio.cesare@clipperz.com>	2014-06-02 16:35:38 (UTC)
commit	0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (unidiff)
tree	df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/gamma/js
parent	7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff)
download	clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2

diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index b806cb7..e5f68a8 100644 --- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -36,7 +36,7 @@ Clipperz.PM.Proxy.Offline.DataStore = function(args) {
36		36
37	this._tolls = {};	37	this._tolls = {};
38	this._currentStaticConnection = null;	38	this._currentStaticConnection = null;
39		39
40	return this;	40	return this;
41	}	41	}
42		42
@@ -291,14 +291,14 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
291	throw "user already exists";	291	throw "user already exists";
292	}	292	}
293	} else {	293	} else {
294	throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;	294	throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
295	}	295	}
296		296
297	result = {	297	result = {
298	result: {	298	result: {
299	'lock': this.data()['users'][someParameters['credentials']['C']]['lock'],	299	'lock': this.data()['users'][someParameters['credentials']['C']]['lock'],
300	'result':'done'	300	'result':'done'
301	},	301	},
302	toll: this.getTollForRequestType('CONNECT')	302	toll: this.getTollForRequestType('CONNECT')
303	}	303	}
304		304
@@ -329,7 +329,7 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
329	randomBytes = Clipperz.Crypto.Base.generateRandomSeed();	329	randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
330	aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);	330	aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);
331	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);	331	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
332	aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));	332	aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
333		333
334	aConnection['A'] = someParameters.parameters.A;	334	aConnection['A'] = someParameters.parameters.A;
335		335
@@ -338,20 +338,35 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
338		338
339	nextTollRequestType = 'CONNECT';	339	nextTollRequestType = 'CONNECT';
340	} else if (someParameters.message == "credentialCheck") {	340	} else if (someParameters.message == "credentialCheck") {
341	var v, u, S, A, K, M1;	341	var v, u, s, S, A, K, M1;
342		342	var stringHash = function (aValue) {
		343	return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
		344	};
		345
343	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);	346	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
344	u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16);
345	A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);	347	A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);
		348	u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16);
		349	s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16);
346	S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());	350	S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());
347		351
348	K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2);	352	K = stringHash(S.asString(10));
349		353
350	M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2);	354	M1 = stringHash(
		355	"597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
		356	stringHash(aConnection['C']) +
		357	s.asString(10) +
		358	A.asString(10) +
		359	aConnection['B'].asString(10) +
		360	K
		361	);
351	if (someParameters.parameters.M1 == M1) {	362	if (someParameters.parameters.M1 == M1) {
352	var M2;	363	var M2;
353		364
354	M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2);	365	M2 = stringHash(
		366	A.asString(10) +
		367	someParameters.parameters.M1 +
		368	K
		369	);
355	result['M2'] = M2;	370	result['M2'] = M2;
356	} else {	371	} else {
357	throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");	372	throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");