From 29ebc6162738dd4edb6032b1d00aecc3f7672f00 Mon Sep 17 00:00:00 2001 From: Graham Eades Date: Wed, 28 Nov 2018 14:48:07 +0000 Subject: [PATCH] Fix offline password authentication --- .../js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js | 13 ++++++++----- .../js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js | 13 ++++++++----- .../js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js | 13 ++++++++----- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index 93f14cf..9a45e39 100644 --- a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js @@ -354,7 +354,8 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { this.set_C(someParameters.parameters.C); this.set_b(new Clipperz.Crypto.BigInt(randomBytes, 16)); v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); - this.set_B((Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); + //this.set_B((Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); + this.set_B((Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n())).module(Clipperz.Crypto.SRP.n())); this.set_A(someParameters.parameters.A); @@ -363,7 +364,7 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { nextTollRequestType = 'CONNECT'; } else if (someParameters.message == "credentialCheck") { - var v, u, s, S, A, K, M1; + var v, u, s, S, A, K, M1, KK; var stringHash = function (aValue) { return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); }; @@ -373,9 +374,11 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { A = new Clipperz.Crypto.BigInt(this.A(), 16); u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10))).toHexString(), 16); s = new Clipperz.Crypto.BigInt(this.userData()['s'], 16); - S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(this.b(), Clipperz.Crypto.SRP.n()); + //S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(this.b(), Clipperz.Crypto.SRP.n()); + S = v.powerModule(u, Clipperz.Crypto.SRP.n()).multiply(A).module(Clipperz.Crypto.SRP.n()).powerModule(this.b(), Clipperz.Crypto.SRP.n()) K = stringHash(S.asString(10)); + KK = new Clipperz.Crypto.BigInt(K,16); M1 = stringHash( "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + @@ -383,7 +386,7 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { s.asString(10) + A.asString(10) + this.B().asString(10) + - K + KK.asString(10) ); if (someParameters.parameters.M1 == M1) { var M2; @@ -823,4 +826,4 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { Clipperz.PM.Proxy.Offline.DataStore['exception'] = { 'ReadOnly': new MochiKit.Base.NamedError("Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly") -}; \ No newline at end of file +}; diff --git a/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index cbb02ce..3015218 100644 --- a/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js @@ -434,7 +434,8 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); - aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); + //aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); + aConnection['B'] = ((Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())).module(Clipperz.Crypto.SRP.n())); aConnection['A'] = someParameters.parameters.A; @@ -443,7 +444,7 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { nextTollRequestType = 'CONNECT'; } else if (someParameters.message == "credentialCheck") { - var v, u, s, S, A, K, M1; + var v, u, s, S, A, K, M1, KK; var stringHash = function (aValue) { return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); }; @@ -452,9 +453,11 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16); s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16); - S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); + //S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); + S = v.powerModule(u, Clipperz.Crypto.SRP.n()).multiply(A).module(Clipperz.Crypto.SRP.n()).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); K = stringHash(S.asString(10)); + KK = new Clipperz.Crypto.BigInt(K,16); M1 = stringHash( "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + @@ -462,7 +465,7 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { s.asString(10) + A.asString(10) + aConnection['B'].asString(10) + - K + KK.asString(10) ); if (someParameters.parameters.M1 == M1) { var M2; @@ -1047,4 +1050,4 @@ Clipperz.PM.Proxy.Offline.DataStore.defaultAccountInfo = { 'referenceDate': 'Fri, 03 April 2015 08:17:46 UTC', 'isExpired': false, 'expirationDate': 'Mon, 01 January 4001 00:00:00 UTC' -}; \ No newline at end of file +}; diff --git a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index cd0f1b7..0e9c648 100644 --- a/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/gamma/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js @@ -329,7 +329,8 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); - aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); + //aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); + aConnection['B'] = ((Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())).module(Clipperz.Crypto.SRP.n())); aConnection['A'] = someParameters.parameters.A; @@ -338,7 +339,7 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { nextTollRequestType = 'CONNECT'; } else if (someParameters.message == "credentialCheck") { - var v, u, s, S, A, K, M1; + var v, u, s, S, A, K, M1, KK; var stringHash = function (aValue) { return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); }; @@ -347,9 +348,11 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16); s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16); - S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); + //S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); + S = v.powerModule(u, Clipperz.Crypto.SRP.n()).multiply(A).module(Clipperz.Crypto.SRP.n()).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); K = stringHash(S.asString(10)); + KK = new Clipperz.Crypto.BigInt(K,16); M1 = stringHash( "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + @@ -357,7 +360,7 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { s.asString(10) + A.asString(10) + aConnection['B'].asString(10) + - K + KK.asString(10) ); if (someParameters.parameters.M1 == M1) { var M2; @@ -800,4 +803,4 @@ Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { Clipperz.PM.Proxy.Offline.DataStore['exception'] = { 'ReadOnly': new MochiKit.Base.NamedError("Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly") -}; \ No newline at end of file +};