Fixed authentication procedure for offline copy

author: Giulio Cesare Solaroli <giulio.cesare@clipperz.com> 2014-06-02 11:39:16 (UTC)
committer: Giulio Cesare Solaroli <giulio.cesare@clipperz.com> 2014-06-02 16:35:38 (UTC)
commit: 0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (unidiff)
tree: df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/gamma
parent: 7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff)
download: clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip
clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz
clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2
1 files changed, 25 insertions, 10 deletions
diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
index b806cb7..e5f68a8 100644
--- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
+++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -1,103 +1,103 @@
 /*
 Copyright 2008-2013 Clipperz Srl
 This file is part of Clipperz, the online password manager.
 For further information about its features and functionalities please
 refer to http://www.clipperz.com.
 * Clipperz is free software: you can redistribute it and/or modify it
  under the terms of the GNU Affero General Public License as published
  by the Free Software Foundation, either version 3 of the License, or 
  (at your option) any later version.
 * Clipperz is distributed in the hope that it will be useful, but 
  WITHOUT ANY WARRANTY; without even the implied warranty of 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  See the GNU Affero General Public License for more details.
 * You should have received a copy of the GNU Affero General Public
  License along with Clipperz. If not, see http://www.gnu.org/licenses/.
 */
 try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) {
        throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!";
 }  
 //=============================================================================
 Clipperz.PM.Proxy.Offline.DataStore = function(args) {
        args = args || {};
        
        this._data = args.data || (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);
        this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);
        this._shouldPayTolls = args.shouldPayTolls || false;
        this._tolls = {};
        this._currentStaticConnection = null;
-        
        return this;
 }
 Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
        //-------------------------------------------------------------------------
        'isReadOnly': function () {
                return this._isReadOnly;
        },
        
        //-------------------------------------------------------------------------
        'shouldPayTolls': function() {
                return this._shouldPayTolls;
        },
        //-------------------------------------------------------------------------
        'data': function () {
                return this._data;
        },
        //-------------------------------------------------------------------------
        'tolls': function () {
                return this._tolls;
        },
        //=========================================================================
        'resetData': function() {
                this._data = {
                        'users': {
                                'catchAllUser': {
                                        __masterkey_test_value__: 'masterkey',
                                        s: '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00',
                                        v: '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00'
                                }
                        }
                };
        },
        //-------------------------------------------------------------------------
        'setupWithEncryptedData': function(someData) {
                this._data = Clipperz.Base.deepClone(someData);
        },
        //-------------------------------------------------------------------------
        'setupWithData': function(someData) {
                var deferredResult;
                var resultData;
                var i, c;
 //Clipperz.log(">>> Proxy.Test.setupWithData");
                resultData = this._data;
                deferredResult = new Clipperz.Async.Deferred("Proxy.Test.seupWithData", {trace:false});
                c = someData['users'].length;
                for (i=0; i<c; i++) {
                                varnewConnection;
@@ -230,189 +230,204 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
        'processMessage': function (aFunctionName, someParameters) {
                var result;
                        varconnection;
                connection = this.getConnectionForRequest(aFunctionName, someParameters);
                switch(aFunctionName) {
                        case 'knock':
                                result = this._knock(connection, someParameters);
                                break;
                        case 'registration':
                                this.checkToll(aFunctionName, someParameters);
                                result = this._registration(connection, someParameters.parameters);
                                break;
                        case 'handshake':
                                this.checkToll(aFunctionName, someParameters);
                                result = this._handshake(connection, someParameters.parameters);
                                break;
                        case 'message':
                                this.checkToll(aFunctionName, someParameters);
                                result = this._message(connection, someParameters.parameters);
                                break;
                        case 'logout':
                                this._currentStaticConnection = null;
                                result = this._logout(connection, someParameters.parameters);
                                break;
                }
                this.storeConnectionForRequestWithConnectionAndResponse(aFunctionName, someParameters, connection, result);
                return MochiKit.Async.succeed(result);
        },
        //=========================================================================
        '_knock': function(aConnection, someParameters) {
                var result;
                
                result = {
                        toll: this.getTollForRequestType(someParameters['requestType'])
                }
                
                return result;
        },
        //-------------------------------------------------------------------------
        '_registration': function(aConnection, someParameters) {
                if (this.isReadOnly() == false) {
                        if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') {
                                this.data()['users'][someParameters['credentials']['C']] = {
                                                's':    someParameters['credentials']['s'],
                                                'v':    someParameters['credentials']['v'],
                                                'version':someParameters['credentials']['version'],
        //                                      'lock':         Clipperz.Crypto.Base.generateRandomSeed(),
                                                'userDetails':          someParameters['user']['header'],
                                                'statistics':           someParameters['user']['statistics'],
                                                'userDetailsVersion':someParameters['user']['version'],
                                                'records':{}
                                }
                        } else {
                                throw "user already exists";
                        }
                } else {
-                        throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
+                throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
                }
                result = {
                        result: {
                                        'lock':         this.data()['users'][someParameters['credentials']['C']]['lock'],
                                        'result':'done'
-                        },
+        },
                        toll:   this.getTollForRequestType('CONNECT')
                }
                return result;
        },
        //-------------------------------------------------------------------------
        '_handshake': function(aConnection, someParameters) {
                var result;
                        varnextTollRequestType;
                result = {};
                if (someParameters.message == "connect") {
                        var userData;
                        var randomBytes;
                        var v;
                        userData = this.data()['users'][someParameters.parameters.C];
                        
                        if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {
                                aConnection['userData'] = userData;
                                aConnection['C'] = someParameters.parameters.C;
                        } else {
                                aConnection['userData'] = this.data()['users']['catchAllUser'];
                        }
                        randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
                        aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);
                        v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
-                        aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
+                        aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
                        
                        aConnection['A'] = someParameters.parameters.A;
                        
                        result['s'] = aConnection['userData']['s'];
                        result['B'] = aConnection['B'].asString(16);
                        
                        nextTollRequestType = 'CONNECT';
                } else if (someParameters.message == "credentialCheck") {
-                        var v, u, S, A, K, M1;
+                        var v, u, s, S, A, K, M1;
-                        
+                        var stringHash = function (aValue) {
+                                return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
+                        };
                        v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
-                        u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16);
                        A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);
+                        u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16);
+                        s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16);
                        S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());
-                        K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2);
+                        K = stringHash(S.asString(10));
-                        M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2);
+                        M1 = stringHash(
+                                "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+                                stringHash(aConnection['C']) +
+                                s.asString(10) +
+                                A.asString(10) +
+                                aConnection['B'].asString(10) +
+                                K
+                        );
                        if (someParameters.parameters.M1 == M1) {
                                var M2;
                                
-                                M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2);
+                                M2 = stringHash(
+                                        A.asString(10) +
+                                        someParameters.parameters.M1 +
+                                        K
+                                );
                                result['M2'] = M2;
                        } else {
                                throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");
                        }
                        nextTollRequestType = 'MESSAGE';
                } else if (someParameters.message == "oneTimePassword") {
                        var otpData;
                        
                        otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];
                        try {
                                if (typeof(otpData) != 'undefined') {
                                        if (otpData['status'] == 'ACTIVE') {
                                                if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {
                                                        result = {
                                                                        'data':         otpData['data'],
                                                                        'version':otpData['version']
                                                        }
                                                        otpData['status'] = 'REQUESTED';
                                                } else {
                                                        otpData['status'] = 'DISABLED';
                                                        throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";
                                                }
                                        } else {
                                                throw "The requested One Time Password was not active";
                                        }
                                } else {
                                        throw "The requested One Time Password has not been found"
                                }
                        } catch (exception) {
                                result = {
                                                'data':         Clipperz.PM.Crypto.randomKey(),
                                                'version':Clipperz.PM.Connection.communicationProtocol.currentVersion
                                }
                        }
                        nextTollRequestType = 'CONNECT';
                } else {
                        Clipperz.logError("Clipperz.PM.Proxy.Test.handshake - unhandled message: " + someParameters.message);
                }
                result = {
                        result: result,
                        toll:   this.getTollForRequestType(nextTollRequestType)
                }
                return result;
        },
        //-------------------------------------------------------------------------
        '_message': function(aConnection, someParameters) {
                var result;
                result = {};
                //=====================================================================
                //
                        //              R       E       A       D       -       O       N       L       Y       M e t h o d s
                //
                //=====================================================================
                if (someParameters.message == 'getUserDetails') {
                        var recordsStats;
author	Giulio Cesare Solaroli <giulio.cesare@clipperz.com>	2014-06-02 11:39:16 (UTC)
committer	Giulio Cesare Solaroli <giulio.cesare@clipperz.com>	2014-06-02 16:35:38 (UTC)
commit	0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (unidiff)
tree	df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/gamma
parent	7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff)
download	clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2

diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index b806cb7..e5f68a8 100644 --- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -1,103 +1,103 @@
1	/*	1	/*
2		2
3	Copyright 2008-2013 Clipperz Srl	3	Copyright 2008-2013 Clipperz Srl
4		4
5	This file is part of Clipperz, the online password manager.	5	This file is part of Clipperz, the online password manager.
6	For further information about its features and functionalities please	6	For further information about its features and functionalities please
7	refer to http://www.clipperz.com.	7	refer to http://www.clipperz.com.
8		8
9	* Clipperz is free software: you can redistribute it and/or modify it	9	* Clipperz is free software: you can redistribute it and/or modify it
10	under the terms of the GNU Affero General Public License as published	10	under the terms of the GNU Affero General Public License as published
11	by the Free Software Foundation, either version 3 of the License, or	11	by the Free Software Foundation, either version 3 of the License, or
12	(at your option) any later version.	12	(at your option) any later version.
13		13
14	* Clipperz is distributed in the hope that it will be useful, but	14	* Clipperz is distributed in the hope that it will be useful, but
15	WITHOUT ANY WARRANTY; without even the implied warranty of	15	WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
17	See the GNU Affero General Public License for more details.	17	See the GNU Affero General Public License for more details.
18		18
19	* You should have received a copy of the GNU Affero General Public	19	* You should have received a copy of the GNU Affero General Public
20	License along with Clipperz. If not, see http://www.gnu.org/licenses/.	20	License along with Clipperz. If not, see http://www.gnu.org/licenses/.
21		21
22	*/	22	*/
23		23
24	try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) {	24	try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) {
25	throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!";	25	throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!";
26	}	26	}
27		27
28	//=============================================================================	28	//=============================================================================
29		29
30	Clipperz.PM.Proxy.Offline.DataStore = function(args) {	30	Clipperz.PM.Proxy.Offline.DataStore = function(args) {
31	args = args \|\| {};	31	args = args \|\| {};
32		32
33	this._data = args.data \|\| (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);	33	this._data = args.data \|\| (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);
34	this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);	34	this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);
35	this._shouldPayTolls = args.shouldPayTolls \|\| false;	35	this._shouldPayTolls = args.shouldPayTolls \|\| false;
36		36
37	this._tolls = {};	37	this._tolls = {};
38	this._currentStaticConnection = null;	38	this._currentStaticConnection = null;
39		39
40	return this;	40	return this;
41	}	41	}
42		42
43	Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {	43	Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
44		44
45	//-------------------------------------------------------------------------	45	//-------------------------------------------------------------------------
46		46
47	'isReadOnly': function () {	47	'isReadOnly': function () {
48	return this._isReadOnly;	48	return this._isReadOnly;
49	},	49	},
50		50
51	//-------------------------------------------------------------------------	51	//-------------------------------------------------------------------------
52		52
53	'shouldPayTolls': function() {	53	'shouldPayTolls': function() {
54	return this._shouldPayTolls;	54	return this._shouldPayTolls;
55	},	55	},
56		56
57	//-------------------------------------------------------------------------	57	//-------------------------------------------------------------------------
58		58
59	'data': function () {	59	'data': function () {
60	return this._data;	60	return this._data;
61	},	61	},
62		62
63	//-------------------------------------------------------------------------	63	//-------------------------------------------------------------------------
64		64
65	'tolls': function () {	65	'tolls': function () {
66	return this._tolls;	66	return this._tolls;
67	},	67	},
68		68
69	//=========================================================================	69	//=========================================================================
70		70
71	'resetData': function() {	71	'resetData': function() {
72	this._data = {	72	this._data = {
73	'users': {	73	'users': {
74	'catchAllUser': {	74	'catchAllUser': {
75	__masterkey_test_value__: 'masterkey',	75	__masterkey_test_value__: 'masterkey',
76	s: '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00',	76	s: '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00',
77	v: '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00'	77	v: '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00'
78	}	78	}
79	}	79	}
80	};	80	};
81	},	81	},
82		82
83	//-------------------------------------------------------------------------	83	//-------------------------------------------------------------------------
84		84
85	'setupWithEncryptedData': function(someData) {	85	'setupWithEncryptedData': function(someData) {
86	this._data = Clipperz.Base.deepClone(someData);	86	this._data = Clipperz.Base.deepClone(someData);
87	},	87	},
88		88
89	//-------------------------------------------------------------------------	89	//-------------------------------------------------------------------------
90		90
91	'setupWithData': function(someData) {	91	'setupWithData': function(someData) {
92	var deferredResult;	92	var deferredResult;
93	var resultData;	93	var resultData;
94	var i, c;	94	var i, c;
95		95
96	//Clipperz.log(">>> Proxy.Test.setupWithData");	96	//Clipperz.log(">>> Proxy.Test.setupWithData");
97	resultData = this._data;	97	resultData = this._data;
98		98
99	deferredResult = new Clipperz.Async.Deferred("Proxy.Test.seupWithData", {trace:false});	99	deferredResult = new Clipperz.Async.Deferred("Proxy.Test.seupWithData", {trace:false});
100	c = someData['users'].length;	100	c = someData['users'].length;
101		101
102	for (i=0; i<c; i++) {	102	for (i=0; i<c; i++) {
103	varnewConnection;	103	varnewConnection;
@@ -230,189 +230,204 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
230	'processMessage': function (aFunctionName, someParameters) {	230	'processMessage': function (aFunctionName, someParameters) {
231	var result;	231	var result;
232	varconnection;	232	varconnection;
233		233
234	connection = this.getConnectionForRequest(aFunctionName, someParameters);	234	connection = this.getConnectionForRequest(aFunctionName, someParameters);
235		235
236	switch(aFunctionName) {	236	switch(aFunctionName) {
237	case 'knock':	237	case 'knock':
238	result = this._knock(connection, someParameters);	238	result = this._knock(connection, someParameters);
239	break;	239	break;
240	case 'registration':	240	case 'registration':
241	this.checkToll(aFunctionName, someParameters);	241	this.checkToll(aFunctionName, someParameters);
242	result = this._registration(connection, someParameters.parameters);	242	result = this._registration(connection, someParameters.parameters);
243	break;	243	break;
244	case 'handshake':	244	case 'handshake':
245	this.checkToll(aFunctionName, someParameters);	245	this.checkToll(aFunctionName, someParameters);
246	result = this._handshake(connection, someParameters.parameters);	246	result = this._handshake(connection, someParameters.parameters);
247	break;	247	break;
248	case 'message':	248	case 'message':
249	this.checkToll(aFunctionName, someParameters);	249	this.checkToll(aFunctionName, someParameters);
250	result = this._message(connection, someParameters.parameters);	250	result = this._message(connection, someParameters.parameters);
251	break;	251	break;
252	case 'logout':	252	case 'logout':
253	this._currentStaticConnection = null;	253	this._currentStaticConnection = null;
254	result = this._logout(connection, someParameters.parameters);	254	result = this._logout(connection, someParameters.parameters);
255	break;	255	break;
256	}	256	}
257		257
258	this.storeConnectionForRequestWithConnectionAndResponse(aFunctionName, someParameters, connection, result);	258	this.storeConnectionForRequestWithConnectionAndResponse(aFunctionName, someParameters, connection, result);
259		259
260	return MochiKit.Async.succeed(result);	260	return MochiKit.Async.succeed(result);
261	},	261	},
262		262
263	//=========================================================================	263	//=========================================================================
264		264
265	'_knock': function(aConnection, someParameters) {	265	'_knock': function(aConnection, someParameters) {
266	var result;	266	var result;
267		267
268	result = {	268	result = {
269	toll: this.getTollForRequestType(someParameters['requestType'])	269	toll: this.getTollForRequestType(someParameters['requestType'])
270	}	270	}
271		271
272	return result;	272	return result;
273	},	273	},
274		274
275	//-------------------------------------------------------------------------	275	//-------------------------------------------------------------------------
276		276
277	'_registration': function(aConnection, someParameters) {	277	'_registration': function(aConnection, someParameters) {
278	if (this.isReadOnly() == false) {	278	if (this.isReadOnly() == false) {
279	if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') {	279	if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') {
280	this.data()['users'][someParameters['credentials']['C']] = {	280	this.data()['users'][someParameters['credentials']['C']] = {
281	's': someParameters['credentials']['s'],	281	's': someParameters['credentials']['s'],
282	'v': someParameters['credentials']['v'],	282	'v': someParameters['credentials']['v'],
283	'version':someParameters['credentials']['version'],	283	'version':someParameters['credentials']['version'],
284	// 'lock': Clipperz.Crypto.Base.generateRandomSeed(),	284	// 'lock': Clipperz.Crypto.Base.generateRandomSeed(),
285	'userDetails': someParameters['user']['header'],	285	'userDetails': someParameters['user']['header'],
286	'statistics': someParameters['user']['statistics'],	286	'statistics': someParameters['user']['statistics'],
287	'userDetailsVersion':someParameters['user']['version'],	287	'userDetailsVersion':someParameters['user']['version'],
288	'records':{}	288	'records':{}
289	}	289	}
290	} else {	290	} else {
291	throw "user already exists";	291	throw "user already exists";
292	}	292	}
293	} else {	293	} else {
294	throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;	294	throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly;
295	}	295	}
296		296
297	result = {	297	result = {
298	result: {	298	result: {
299	'lock': this.data()['users'][someParameters['credentials']['C']]['lock'],	299	'lock': this.data()['users'][someParameters['credentials']['C']]['lock'],
300	'result':'done'	300	'result':'done'
301	},	301	},
302	toll: this.getTollForRequestType('CONNECT')	302	toll: this.getTollForRequestType('CONNECT')
303	}	303	}
304		304
305	return result;	305	return result;
306	},	306	},
307		307
308	//-------------------------------------------------------------------------	308	//-------------------------------------------------------------------------
309		309
310	'_handshake': function(aConnection, someParameters) {	310	'_handshake': function(aConnection, someParameters) {
311	var result;	311	var result;
312	varnextTollRequestType;	312	varnextTollRequestType;
313		313
314	result = {};	314	result = {};
315	if (someParameters.message == "connect") {	315	if (someParameters.message == "connect") {
316	var userData;	316	var userData;
317	var randomBytes;	317	var randomBytes;
318	var v;	318	var v;
319		319
320	userData = this.data()['users'][someParameters.parameters.C];	320	userData = this.data()['users'][someParameters.parameters.C];
321		321
322	if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {	322	if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {
323	aConnection['userData'] = userData;	323	aConnection['userData'] = userData;
324	aConnection['C'] = someParameters.parameters.C;	324	aConnection['C'] = someParameters.parameters.C;
325	} else {	325	} else {
326	aConnection['userData'] = this.data()['users']['catchAllUser'];	326	aConnection['userData'] = this.data()['users']['catchAllUser'];
327	}	327	}
328		328
329	randomBytes = Clipperz.Crypto.Base.generateRandomSeed();	329	randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
330	aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);	330	aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16);
331	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);	331	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
332	aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));	332	aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()));
333		333
334	aConnection['A'] = someParameters.parameters.A;	334	aConnection['A'] = someParameters.parameters.A;
335		335
336	result['s'] = aConnection['userData']['s'];	336	result['s'] = aConnection['userData']['s'];
337	result['B'] = aConnection['B'].asString(16);	337	result['B'] = aConnection['B'].asString(16);
338		338
339	nextTollRequestType = 'CONNECT';	339	nextTollRequestType = 'CONNECT';
340	} else if (someParameters.message == "credentialCheck") {	340	} else if (someParameters.message == "credentialCheck") {
341	var v, u, S, A, K, M1;	341	var v, u, s, S, A, K, M1;
342		342	var stringHash = function (aValue) {
		343	return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
		344	};
		345
343	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);	346	v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16);
344	u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16);
345	A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);	347	A = new Clipperz.Crypto.BigInt(aConnection['A'], 16);
		348	u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16);
		349	s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16);
346	S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());	350	S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n());
347		351
348	K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2);	352	K = stringHash(S.asString(10));
349		353
350	M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2);	354	M1 = stringHash(
		355	"597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
		356	stringHash(aConnection['C']) +
		357	s.asString(10) +
		358	A.asString(10) +
		359	aConnection['B'].asString(10) +
		360	K
		361	);
351	if (someParameters.parameters.M1 == M1) {	362	if (someParameters.parameters.M1 == M1) {
352	var M2;	363	var M2;
353		364
354	M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2);	365	M2 = stringHash(
		366	A.asString(10) +
		367	someParameters.parameters.M1 +
		368	K
		369	);
355	result['M2'] = M2;	370	result['M2'] = M2;
356	} else {	371	} else {
357	throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");	372	throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");
358	}	373	}
359		374
360	nextTollRequestType = 'MESSAGE';	375	nextTollRequestType = 'MESSAGE';
361	} else if (someParameters.message == "oneTimePassword") {	376	} else if (someParameters.message == "oneTimePassword") {
362	var otpData;	377	var otpData;
363		378
364	otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];	379	otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey];
365		380
366	try {	381	try {
367	if (typeof(otpData) != 'undefined') {	382	if (typeof(otpData) != 'undefined') {
368	if (otpData['status'] == 'ACTIVE') {	383	if (otpData['status'] == 'ACTIVE') {
369	if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {	384	if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) {
370	result = {	385	result = {
371	'data': otpData['data'],	386	'data': otpData['data'],
372	'version':otpData['version']	387	'version':otpData['version']
373	}	388	}
374		389
375	otpData['status'] = 'REQUESTED';	390	otpData['status'] = 'REQUESTED';
376	} else {	391	} else {
377	otpData['status'] = 'DISABLED';	392	otpData['status'] = 'DISABLED';
378	throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";	393	throw "The requested One Time Password has been disabled, due to a wrong keyChecksum";
379	}	394	}
380	} else {	395	} else {
381	throw "The requested One Time Password was not active";	396	throw "The requested One Time Password was not active";
382	}	397	}
383	} else {	398	} else {
384	throw "The requested One Time Password has not been found"	399	throw "The requested One Time Password has not been found"
385	}	400	}
386	} catch (exception) {	401	} catch (exception) {
387	result = {	402	result = {
388	'data': Clipperz.PM.Crypto.randomKey(),	403	'data': Clipperz.PM.Crypto.randomKey(),
389	'version':Clipperz.PM.Connection.communicationProtocol.currentVersion	404	'version':Clipperz.PM.Connection.communicationProtocol.currentVersion
390	}	405	}
391	}	406	}
392	nextTollRequestType = 'CONNECT';	407	nextTollRequestType = 'CONNECT';
393	} else {	408	} else {
394	Clipperz.logError("Clipperz.PM.Proxy.Test.handshake - unhandled message: " + someParameters.message);	409	Clipperz.logError("Clipperz.PM.Proxy.Test.handshake - unhandled message: " + someParameters.message);
395	}	410	}
396		411
397	result = {	412	result = {
398	result: result,	413	result: result,
399	toll: this.getTollForRequestType(nextTollRequestType)	414	toll: this.getTollForRequestType(nextTollRequestType)
400	}	415	}
401		416
402	return result;	417	return result;
403	},	418	},
404		419
405	//-------------------------------------------------------------------------	420	//-------------------------------------------------------------------------
406		421
407	'_message': function(aConnection, someParameters) {	422	'_message': function(aConnection, someParameters) {
408	var result;	423	var result;
409		424
410	result = {};	425	result = {};
411		426
412	//=====================================================================	427	//=====================================================================
413	//	428	//
414	// R E A D - O N L Y M e t h o d s	429	// R E A D - O N L Y M e t h o d s
415	//	430	//
416	//=====================================================================	431	//=====================================================================
417	if (someParameters.message == 'getUserDetails') {	432	if (someParameters.message == 'getUserDetails') {
418	var recordsStats;	433	var recordsStats;