Fixed authentication procedure for offline copy

author: Giulio Cesare Solaroli <giulio.cesare@clipperz.com> 2014-06-02 11:39:16 (UTC)
committer: Giulio Cesare Solaroli <giulio.cesare@clipperz.com> 2014-06-02 16:35:38 (UTC)
commit: 0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (side-by-side diff)
tree: df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/gamma
parent: 7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff)
download: clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip
clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz
clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2
1 files changed, 25 insertions, 10 deletions
diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
index b806cb7..e5f68a8 100644
--- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
+++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -7,65 +7,65 @@ For further information about its features and functionalities please
 refer to http://www.clipperz.com.
 
 * Clipperz is free software: you can redistribute it and/or modify it
   under the terms of the GNU Affero General Public License as published
   by the Free Software Foundation, either version 3 of the License, or 
   (at your option) any later version.
 
 * Clipperz is distributed in the hope that it will be useful, but 
   WITHOUT ANY WARRANTY; without even the implied warranty of 
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
   See the GNU Affero General Public License for more details.
 
 * You should have received a copy of the GNU Affero General Public
   License along with Clipperz. If not, see http://www.gnu.org/licenses/.
 
 */
 
 try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) {
 	throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!";
 }  
 
 //=============================================================================
 
 Clipperz.PM.Proxy.Offline.DataStore = function(args) {
 	args = args || {};
 	
 	this._data = args.data || (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);
 	this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);
 	this._shouldPayTolls = args.shouldPayTolls || false;
 
 	this._tolls = {};
 	this._currentStaticConnection = null;
-	
+
 	return this;
 }
 
 Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
 
 	//-------------------------------------------------------------------------
 
 	'isReadOnly': function () {
 		return this._isReadOnly;
 	},
 	
 	//-------------------------------------------------------------------------
 
 	'shouldPayTolls': function() {
 		return this._shouldPayTolls;
 	},
 
 	//-------------------------------------------------------------------------
 
 	'data': function () {
 		return this._data;
 	},
 
 	//-------------------------------------------------------------------------
 
 	'tolls': function () {
 		return this._tolls;
 	},
 
 	//=========================================================================
 
 	'resetData': function() {
@@ -262,125 +262,140 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
 
 	//=========================================================================
 
 	'_knock': function(aConnection, someParameters) {
 		var result;
 		
 		result = {
 			toll: this.getTollForRequestType(someParameters['requestType'])
 		}
 		
 		return result;
 	},
 
 	//-------------------------------------------------------------------------
 
 	'_registration': function(aConnection, someParameters) {
 		if (this.isReadOnly() == false) {
 			if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') {
 				this.data()['users'][someParameters['credentials']['C']] = {
 					's':		someParameters['credentials']['s'],
 					'v':		someParameters['credentials']['v'],
 					'version':	someParameters['credentials']['version'],
 //					'lock':		Clipperz.Crypto.Base.generateRandomSeed(),
 					'userDetails':			someParameters['user']['header'],
 					'statistics':			someParameters['user']['statistics'],
 					'userDetailsVersion':	someParameters['user']['version'],
 					'records':	{}
 				}
 			} else {
 				throw "user already exists";
 			}
 		} else {
-			throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
+		throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
 		}
 
 		result = {
 			result: {
 				'lock':		this.data()['users'][someParameters['credentials']['C']]['lock'],
 				'result':	'done'
-			},
+	},
 			toll:   this.getTollForRequestType('CONNECT')
 		}
 
 		return result;
 	},
 
 	//-------------------------------------------------------------------------
 
 	'_handshake': function(aConnection, someParameters) {
 		var result;
 		var	nextTollRequestType;
 
 		result = {};
 		if (someParameters.message == "connect") {
 			var userData;
 			var randomBytes;
 			var v;
 
 			userData = this.data()['users'][someParameters.parameters.C];
 			
 			if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {
 				aConnection['userData'] = userData;
 				aConnection['C'] = someParameters.parameters.C;
 			} else {
 				aConnection['userData'] = this.data()['users']['catchAllUser'];
 			}
 
 			randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
 			aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);
 			v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
-			aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
+			aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
 			
 			aConnection['A'] = someParameters.parameters.A;
 			
 			result['s'] = aConnection['userData']['s'];
 			result['B'] = aConnection['B'].asString(16);
 			
 			nextTollRequestType = 'CONNECT';
 		} else if (someParameters.message == "credentialCheck") {
-			var v, u, S, A, K, M1;
-			
+			var v, u, s, S, A, K, M1;
+			var stringHash = function (aValue) {
+				return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
+			};
+
 			v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
-			u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16);
 			A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);
+			u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16);
+			s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16);
 			S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());
 
-			K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2);
+			K = stringHash(S.asString(10));
 
-			M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2);
+			M1 = stringHash(
+				"597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+				stringHash(aConnection['C']) +
+				s.asString(10) +
+				A.asString(10) +
+				aConnection['B'].asString(10) +
+				K
+			);
 			if (someParameters.parameters.M1 == M1) {
 				var M2;
 				
-				M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2);
+				M2 = stringHash(
+					A.asString(10) +
+					someParameters.parameters.M1 +
+					K
+				);
 				result['M2'] = M2;
 			} else {
 				throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");
 			}
 
 			nextTollRequestType = 'MESSAGE';
 		} else if (someParameters.message == "oneTimePassword") {
 			var otpData;
 			
 			otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];
 
 			try {
 				if (typeof(otpData) != 'undefined') {
 					if (otpData['status'] == 'ACTIVE') {
 						if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {
 							result = {
 								'data':		otpData['data'],
 								'version':	otpData['version']
 							}
 
 							otpData['status'] = 'REQUESTED';
 						} else {
 							otpData['status'] = 'DISABLED';
 							throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";
 						}
 					} else {
 						throw "The requested One Time Password was not active";
 					}
 				} else {
 					throw "The requested One Time Password has not been found"
 				}
 			} catch (exception) {
author	Giulio Cesare Solaroli <giulio.cesare@clipperz.com>	2014-06-02 11:39:16 (UTC)
committer	Giulio Cesare Solaroli <giulio.cesare@clipperz.com>	2014-06-02 16:35:38 (UTC)
commit	0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (side-by-side diff)
tree	df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/gamma
parent	7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff)
download	clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2