From 0c42ee2e76268490624f408095e4c5fff2b5f51f Mon Sep 17 00:00:00 2001 From: aunxx Date: Mon, 30 May 2016 12:15:43 +0100 Subject: [PATCH] Update changes --- backend/php/src/index.php | 34 ++++++++++--- frontend/beta/js/Clipperz/Crypto/SRP.js | 57 ++++++++++++++-------- frontend/delta/js/Clipperz/Crypto/SRP.js | 61 +++++++++++++++--------- frontend/gamma/js/Clipperz/Crypto/SRP.js | 57 ++++++++++++++-------- 4 files changed, 142 insertions(+), 67 deletions(-) diff --git a/backend/php/src/index.php b/backend/php/src/index.php index da7c60c..977591d 100644 --- a/backend/php/src/index.php +++ b/backend/php/src/index.php @@ -107,7 +107,8 @@ function digits($base) { //----------------------------------------------------------------------------- function clipperz_hash($value) { - return hash("sha256", hash("sha256", $value, true)); + //return hash("sha256", hash("sha256", $value, true)); + return hash("sha256", $value, false); } //----------------------------------------------------------------------------- @@ -251,6 +252,8 @@ error_log("registration"); error_log("handshake"); $srp_g = "2"; $srp_n = base2dec("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16); + // Define k: k = H(N, g) in SRP-6a + $srp_k = base2dec(clipperz_hash($srp_n . $srp_g), 16); $message = $parameters["message"]; @@ -287,9 +290,12 @@ error_log("handshake"); $_SESSION["v"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00"; } - $_SESSION["b"] = clipperz_randomSeed(); +// This should now work with a random seed. Need to check. +// $_SESSION["b"] = clipperz_randomSeed(); // $_SESSION["b"] = "5761e6c84d22ea3c5649de01702d60f674ccfe79238540eb34c61cd020230c53"; - $_SESSION["B"] = dec2base(bcadd(base2dec($_SESSION["v"], 16), bcpowmod($srp_g, base2dec($_SESSION["b"], 16), $srp_n)), 16); + $_SESSION["b"] = "23309839184091712110293815740584558132927982490099443826709662564655631314481"; + + $_SESSION["B"] = dec2base(bcmod( bcadd( bcmod( bcmul( $srp_k, base2dec($_SESSION["v"], 16)), $srp_n), bcpowmod( $srp_g, $_SESSION["b"], $srp_n) ), $srp_n), 16); $result["s"] = $_SESSION["s"]; $result["B"] = $_SESSION["B"]; @@ -297,11 +303,13 @@ error_log("handshake"); //============================================================= } else if ($message == "credentialCheck") { error_log("credentialCheck"); - $u = clipperz_hash(base2dec($_SESSION["B"],16)); $A = base2dec($_SESSION["A"], 16); - $S = bcpowmod(bcmul($A, bcpowmod(base2dec($_SESSION["v"], 16), base2dec($u, 16), $srp_n)), base2dec($_SESSION["b"], 16), $srp_n); + // u = H(A, B) + $u = base2dec(clipperz_hash($A . base2dec($_SESSION["B"],16)), 16); + // S = (Av^u) ^ b + $S = bcpowmod( bcmul( $A, bcpowmod( base2dec($_SESSION["v"], 16), $u, $srp_n) ), $_SESSION["b"], $srp_n ); $K = clipperz_hash($S); - $M1 = clipperz_hash($A.base2dec($_SESSION["B"],16).$K); + $M1 = clipperz_hash("597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" . clipperz_hash($_SESSION['C']) . base2dec($_SESSION["s"],16) . base2dec($_SESSION['A'],16) . base2dec($_SESSION['B'],16) . base2dec($K,16)); //$result["B"] = $_SESSION["B"]; //$result["u"] = $u; @@ -310,6 +318,20 @@ error_log("credentialCheck"); //$result["K"] = $K; //$result["M1"] = $M1; //$result["_M1"] = $parameters["parameters"]["M1"]; + +// error_log("credentialCheck calculated: ". $M1); +// error_log("credentialCheck S: ". $S); +// error_log("credentialCheck A: ". $A); +// error_log("credentialCheck B: ". $_SESSION["B"]); +// error_log("credentialCheck base2dec: ". base2dec($_SESSION["B"],16)); +// error_log("credentialCheck K: ". base2dec($K,16)); +// error_log("credentialCheck n: ". $srp_n); +// error_log("credentialCheck u: ". $u); +// error_log("credentialCheck v: ". base2dec($_SESSION['v'],16)); +// error_log("credentialCheck expected: ". $parameters["parameters"]["M1"]); + + +//User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K) if ($M1 == $parameters["parameters"]["M1"]) { $_SESSION["K"] = $K; diff --git a/frontend/beta/js/Clipperz/Crypto/SRP.js b/frontend/beta/js/Clipperz/Crypto/SRP.js index 4015b2a..0c3fc8e 100644 --- a/frontend/beta/js/Clipperz/Crypto/SRP.js +++ b/frontend/beta/js/Clipperz/Crypto/SRP.js @@ -138,8 +138,10 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { 'a': function () { if (this._a == null) { - this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); -// this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10); +// this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); + // Due to the problem with BigInt not handling signed numbers, this must be even. + // Possible generate any number, then bitwise shift right then left. + this._a = new Clipperz.Crypto.BigInt("33361134861037855263467252772741875431812790785257651194773534061185325245730", 10); } return this._a; @@ -191,7 +193,8 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { 'x': function () { if (this._x == null) { - this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16); + // Private key x = H(s, p) + this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s() + this.P()), 16); } return this._x; @@ -210,6 +213,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { //------------------------------------------------------------------------- 'S': function () { + // S = (B - kg^x) ^ (a + ux) if (this._S == null) { var bigint; var srp; @@ -217,17 +221,8 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { bigint = Clipperz.Crypto.BigInt; srp = Clipperz.Crypto.SRP; - this._S = bigint.powerModule( - bigint.subtract( - this.B(), - bigint.multiply( - Clipperz.Crypto.SRP.k(), - bigint.powerModule(srp.g(), this.x(), srp.n()) - ) - ), - bigint.add(this.a(), bigint.multiply(this.u(), this.x())), - srp.n() - ) + this._S = bigint.powerModule( bigint.subtract( bigint.multiply(Clipperz.Crypto.SRP.k(),bigint.powerModule(srp.g(), this.x(), srp.n())), this.B()), bigint.add(this.a(), bigint.multiply(this.u(), this.x())),srp.n() ); + } return this._S; @@ -258,9 +253,25 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { this.s().asString() + this.A().asString() + this.B().asString() + - this.K() + new Clipperz.Crypto.BigInt(this.K(),16).asString() ); //console.log("M1", this._M1); +//console.log("g", this.g().asString()); +//console.log("s", this.s().asString()); +//console.log("a", this.a().asString()); +//console.log("A", this.A().asString()); +//console.log("B", this.B().asString()); +//console.log("S", this.S().asString()); +//console.log("k", Clipperz.Crypto.SRP.k().asString()); +//console.log("K", this.K()); +//console.log("x", this.x().asString()); +//console.log("P", this.P()); +//console.log("u", this.u()); +//console.log("u", this.u().asString()); +//console.log("Test", this.stringHash(this.A().asString)); +//console.log("N", Clipperz.Crypto.SRP.n().asString()); +//console.log("g", Clipperz.Crypto.SRP.g().asString()); +//console.log("test", this.A().asString() + this.B().asString()); } return this._M1; @@ -283,15 +294,22 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { var result; var s, x, v; - s = aSalt; +//` s = aSalt; + s = new Clipperz.Crypto.BigInt(aSalt,16); + x = this.stringHash(s.asString() + this.P()); x = this.stringHash(s + this.P()); v = Clipperz.Crypto.SRP.g().powerModule(new Clipperz.Crypto.BigInt(x, 16), Clipperz.Crypto.SRP.n()); result = {}; result['C'] = this.C(); - result['s'] = s; + result['s'] = s.asString(16); result['v'] = v.asString(16); +//console.log("ServerSide C", result['C']); +//console.log("ServerSide s", result['s']); +//console.log("ServerSide v", result['v']); +//console.log("ServerSide P", this.P()); +//console.log("ServerSide x", ge.asString()); return result; }, @@ -334,8 +352,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { 'stringHash': function(aValue) { var result; - result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); - + //result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); + result = Clipperz.Crypto.SHA.sha256( new Clipperz.ByteArray(aValue)).toHexString().substring(2); + return result; }, diff --git a/frontend/delta/js/Clipperz/Crypto/SRP.js b/frontend/delta/js/Clipperz/Crypto/SRP.js index d3fd4dd..0d67efa 100644 --- a/frontend/delta/js/Clipperz/Crypto/SRP.js +++ b/frontend/delta/js/Clipperz/Crypto/SRP.js @@ -56,8 +56,6 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, { return Clipperz.Crypto.SRP._n; }, - //......................................................................... - 'g': function() { if (Clipperz.Crypto.SRP._g == null) { Clipperz.Crypto.SRP._g = new Clipperz.Crypto.BigInt(2); // eventually 5 (as suggested on the Diffi-Helmann documentation) @@ -66,8 +64,6 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, { return Clipperz.Crypto.SRP._g; }, - //......................................................................... - 'k': function() { if (Clipperz.Crypto.SRP._k == null) { // Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16); @@ -140,8 +136,10 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { 'a': function () { if (this._a == null) { - this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); -// this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10); +// this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); + // Due to the problem with BigInt not handling signed numbers, this must be even. + // Possible generate any number, then bitwise shift right then left. + this._a = new Clipperz.Crypto.BigInt("33361134861037855263467252772741875431812790785257651194773534061185325245730", 10); } return this._a; @@ -193,7 +191,8 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { 'x': function () { if (this._x == null) { - this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16); + // Private key x = H(s, p) + this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s() + this.P()), 16); } return this._x; @@ -212,6 +211,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { //------------------------------------------------------------------------- 'S': function () { + // S = (B - kg^x) ^ (a + ux) if (this._S == null) { var bigint; var srp; @@ -219,17 +219,8 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { bigint = Clipperz.Crypto.BigInt; srp = Clipperz.Crypto.SRP; - this._S = bigint.powerModule( - bigint.subtract( - this.B(), - bigint.multiply( - Clipperz.Crypto.SRP.k(), - bigint.powerModule(srp.g(), this.x(), srp.n()) - ) - ), - bigint.add(this.a(), bigint.multiply(this.u(), this.x())), - srp.n() - ) + this._S = bigint.powerModule( bigint.subtract( bigint.multiply(Clipperz.Crypto.SRP.k(),bigint.powerModule(srp.g(), this.x(), srp.n())), this.B()), bigint.add(this.a(), bigint.multiply(this.u(), this.x())),srp.n() ); + } return this._S; @@ -260,9 +251,25 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { this.s().asString() + this.A().asString() + this.B().asString() + - this.K() + new Clipperz.Crypto.BigInt(this.K(),16).asString() ); //console.log("M1", this._M1); +//console.log("g", this.g().asString()); +//console.log("s", this.s().asString()); +//console.log("a", this.a().asString()); +//console.log("A", this.A().asString()); +//console.log("B", this.B().asString()); +//console.log("S", this.S().asString()); +//console.log("k", Clipperz.Crypto.SRP.k().asString()); +//console.log("K", this.K()); +//console.log("x", this.x().asString()); +//console.log("P", this.P()); +//console.log("u", this.u()); +//console.log("u", this.u().asString()); +//console.log("Test", this.stringHash(this.A().asString)); +//console.log("N", Clipperz.Crypto.SRP.n().asString()); +//console.log("g", Clipperz.Crypto.SRP.g().asString()); +//console.log("test", this.A().asString() + this.B().asString()); } return this._M1; @@ -285,15 +292,22 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { var result; var s, x, v; - s = aSalt; +//` s = aSalt; + s = new Clipperz.Crypto.BigInt(aSalt,16); + x = this.stringHash(s.asString() + this.P()); x = this.stringHash(s + this.P()); v = Clipperz.Crypto.SRP.g().powerModule(new Clipperz.Crypto.BigInt(x, 16), Clipperz.Crypto.SRP.n()); result = {}; result['C'] = this.C(); - result['s'] = s; + result['s'] = s.asString(16); result['v'] = v.asString(16); +//console.log("ServerSide C", result['C']); +//console.log("ServerSide s", result['s']); +//console.log("ServerSide v", result['v']); +//console.log("ServerSide P", this.P()); +//console.log("ServerSide x", ge.asString()); return result; }, @@ -336,8 +350,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { 'stringHash': function(aValue) { var result; - result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); - + //result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); + result = Clipperz.Crypto.SHA.sha256( new Clipperz.ByteArray(aValue)).toHexString().substring(2); + return result; }, diff --git a/frontend/gamma/js/Clipperz/Crypto/SRP.js b/frontend/gamma/js/Clipperz/Crypto/SRP.js index 3b079d8..e2b31ed 100644 --- a/frontend/gamma/js/Clipperz/Crypto/SRP.js +++ b/frontend/gamma/js/Clipperz/Crypto/SRP.js @@ -138,8 +138,10 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { 'a': function () { if (this._a == null) { - this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); -// this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10); +// this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); + // Due to the problem with BigInt not handling signed numbers, this must be even. + // Possible generate any number, then bitwise shift right then left. + this._a = new Clipperz.Crypto.BigInt("33361134861037855263467252772741875431812790785257651194773534061185325245730", 10); } return this._a; @@ -191,7 +193,8 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { 'x': function () { if (this._x == null) { - this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16); + // Private key x = H(s, p) + this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s() + this.P()), 16); } return this._x; @@ -210,6 +213,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { //------------------------------------------------------------------------- 'S': function () { + // S = (B - kg^x) ^ (a + ux) if (this._S == null) { var bigint; var srp; @@ -217,17 +221,8 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { bigint = Clipperz.Crypto.BigInt; srp = Clipperz.Crypto.SRP; - this._S = bigint.powerModule( - bigint.subtract( - this.B(), - bigint.multiply( - Clipperz.Crypto.SRP.k(), - bigint.powerModule(srp.g(), this.x(), srp.n()) - ) - ), - bigint.add(this.a(), bigint.multiply(this.u(), this.x())), - srp.n() - ) + this._S = bigint.powerModule( bigint.subtract( bigint.multiply(Clipperz.Crypto.SRP.k(),bigint.powerModule(srp.g(), this.x(), srp.n())), this.B()), bigint.add(this.a(), bigint.multiply(this.u(), this.x())),srp.n() ); + } return this._S; @@ -258,9 +253,25 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { this.s().asString() + this.A().asString() + this.B().asString() + - this.K() + new Clipperz.Crypto.BigInt(this.K(),16).asString() ); //console.log("M1", this._M1); +//console.log("g", this.g().asString()); +//console.log("s", this.s().asString()); +//console.log("a", this.a().asString()); +//console.log("A", this.A().asString()); +//console.log("B", this.B().asString()); +//console.log("S", this.S().asString()); +//console.log("k", Clipperz.Crypto.SRP.k().asString()); +//console.log("K", this.K()); +//console.log("x", this.x().asString()); +//console.log("P", this.P()); +//console.log("u", this.u()); +//console.log("u", this.u().asString()); +//console.log("Test", this.stringHash(this.A().asString)); +//console.log("N", Clipperz.Crypto.SRP.n().asString()); +//console.log("g", Clipperz.Crypto.SRP.g().asString()); +//console.log("test", this.A().asString() + this.B().asString()); } return this._M1; @@ -283,15 +294,22 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { var result; var s, x, v; - s = aSalt; +//` s = aSalt; + s = new Clipperz.Crypto.BigInt(aSalt,16); + x = this.stringHash(s.asString() + this.P()); x = this.stringHash(s + this.P()); v = Clipperz.Crypto.SRP.g().powerModule(new Clipperz.Crypto.BigInt(x, 16), Clipperz.Crypto.SRP.n()); result = {}; result['C'] = this.C(); - result['s'] = s; + result['s'] = s.asString(16); result['v'] = v.asString(16); +//console.log("ServerSide C", result['C']); +//console.log("ServerSide s", result['s']); +//console.log("ServerSide v", result['v']); +//console.log("ServerSide P", this.P()); +//console.log("ServerSide x", ge.asString()); return result; }, @@ -334,8 +352,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { 'stringHash': function(aValue) { var result; - result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); - + //result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); + result = Clipperz.Crypto.SHA.sha256( new Clipperz.ByteArray(aValue)).toHexString().substring(2); + return result; },