Fixed vulnerability CLP-01-016

frontend/beta/js/Clipperz/Crypto/SRP.js

@@ -44,6 +44,8 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, {
 
 	'_n': null,
 	'_g': null,
+	'_k': null,
+	
 	//-------------------------------------------------------------------------
 
 	'n': function() {
@@ -64,6 +66,15 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, {
 		return Clipperz.Crypto.SRP._g;
 	},
 
+	'k': function() {
+		if (Clipperz.Crypto.SRP._k == null) {
+//			Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16);
+			Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16);
+		}
+		
+		return Clipperz.Crypto.SRP._k;
+	},
+	
 	//-----------------------------------------------------------------------------
 
 	'exception': {
@@ -129,7 +140,6 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 		if (this._a == null) {
 			this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16);
 //			this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10);
-//MochiKit.Logging.logDebug("SRP a: " + this._a);
 		}
 		
 		return this._a;
@@ -139,14 +149,12 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 
 	'A': function () {
 		if (this._A == null) {
-			//	Warning: this value should be strictly greater than zero: how should we perform this check?
+			//	Warning: this value should be strictly greater than zero
 			this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n());
-			
-			if (this._A.equals(0)) {
-MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
+			if (this._A.equals(0) || negative(this._A)) {
+				MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
 				throw Clipperz.Crypto.SRP.exception.InvalidValue;
 			}
-//MochiKit.Logging.logDebug("SRP A: " + this._A);
 		}
 		
 		return this._A;
@@ -156,7 +164,6 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to
 
 	's': function () {
 		return this._s;
-//MochiKit.Logging.logDebug("SRP s: " + this._S);
 	},
 
 	'set_s': function(aValue) {
@@ -170,12 +177,10 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to
 	},
 
 	'set_B': function(aValue) {
-		//	Warning: this value should be strictly greater than zero: how should we perform this check?
-		if (! aValue.equals(0)) {
-			this._B = aValue;
-//MochiKit.Logging.logDebug("SRP B: " + this._B);
-		} else {
-MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
+		//	Warning: this value should be strictly greater than zero
+		this._B = aValue;
+		if (this._B.equals(0) || negative(this._B)) {
+			MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
 			throw Clipperz.Crypto.SRP.exception.InvalidValue;
 		}
 	},
@@ -185,7 +190,6 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to
 	'x': function () {
 		if (this._x == null) {
 			this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16);
-//MochiKit.Logging.logDebug("SRP x: " + this._x);
 		}
 		
 		return this._x;
@@ -195,8 +199,7 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to
 
 	'u': function () {
 		if (this._u == null) {
-			this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16);
-//MochiKit.Logging.logDebug("SRP u: " + this._u);
+			this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16);
 		}
 		
 		return this._u;
@@ -213,11 +216,16 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to
 			srp = 	 Clipperz.Crypto.SRP;
 
 			this._S =	bigint.powerModule(
-								bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())),
-								bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
-								srp.n()
+							bigint.subtract(
+								this.B(),
+								bigint.multiply(
+									Clipperz.Crypto.SRP.k(),
+									bigint.powerModule(srp.g(), this.x(), srp.n())
+								)
+							),
+							bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
+							srp.n()
 						)
-//MochiKit.Logging.logDebug("SRP S: " + this._S);
 		}
 		
 		return this._S;
@@ -228,7 +236,6 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to
 	'K': function () {
 		if (this._K == null) {
 			this._K = this.stringHash(this.S().asString());
-//MochiKit.Logging.logDebug("SRP K: " + this._K);
 		}
 		
 		return this._K;
@@ -238,8 +245,20 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to
 
 	'M1': function () {
 		if (this._M1 == null) {
-			this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
-//MochiKit.Logging.logDebug("SRP M1: " + this._M1);
+//			this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+
+			//	http://srp.stanford.edu/design.html
+			//	User -> Host:  M = H(H(N) xor H(g), H(I), s, A, B, K)
+
+			this._M1 = this.stringHash(
+				"597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+				this.stringHash(this.C()) +
+				this.s().asString() +
+				this.A().asString() +
+				this.B().asString() +
+				this.K()
+			);
+//console.log("M1", this._M1);
 		}
 		
 		return this._M1;
@@ -250,7 +269,7 @@ MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to
 	'M2': function () {
 		if (this._M2 == null) {
 			this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K());
-//MochiKit.Logging.logDebug("SRP M2: " + this._M2);
+//console.log("M2", this._M2);
 		}
 		
 		return this._M2;

frontend/delta/js/Clipperz/Crypto/SRP.js

@@ -44,6 +44,8 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, {
 
 	'_n': null,
 	'_g': null,
+	'_k': null,
+	
 	//-------------------------------------------------------------------------
 
 	'n': function() {
@@ -64,6 +66,15 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, {
 		return Clipperz.Crypto.SRP._g;
 	},
 
+	'k': function() {
+		if (Clipperz.Crypto.SRP._k == null) {
+//			Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16);
+			Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16);
+		}
+		
+		return Clipperz.Crypto.SRP._k;
+	},
+	
 	//-----------------------------------------------------------------------------
 
 	'exception': {
@@ -138,10 +149,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 
 	'A': function () {
 		if (this._A == null) {
-			//	Warning: this value should be strictly greater than zero: how should we perform this check?
+			//	Warning: this value should be strictly greater than zero
 			this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n());
-			
-			if (this._A.equals(0)) {
+			if (this._A.equals(0) || negative(this._A)) {
 				Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
 				throw Clipperz.Crypto.SRP.exception.InvalidValue;
 			}
@@ -167,10 +177,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 	},
 
 	'set_B': function(aValue) {
-		//	Warning: this value should be strictly greater than zero: how should we perform this check?
-		if (! aValue.equals(0)) {
-			this._B = aValue;
-		} else {
+		//	Warning: this value should be strictly greater than zero
+		this._B = aValue;
+		if (this._B.equals(0) || negative(this._B)) {
 			Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
 			throw Clipperz.Crypto.SRP.exception.InvalidValue;
 		}
@@ -190,7 +199,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 
 	'u': function () {
 		if (this._u == null) {
-			this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16);
+			this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16);
 		}
 		
 		return this._u;
@@ -207,9 +216,15 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 			srp = 	 Clipperz.Crypto.SRP;
 
 			this._S =	bigint.powerModule(
-								bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())),
-								bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
-								srp.n()
+							bigint.subtract(
+								this.B(),
+								bigint.multiply(
+									Clipperz.Crypto.SRP.k(),
+									bigint.powerModule(srp.g(), this.x(), srp.n())
+								)
+							),
+							bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
+							srp.n()
 						)
 		}
 		
@@ -230,7 +245,20 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 
 	'M1': function () {
 		if (this._M1 == null) {
-			this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+//			this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+
+			//	http://srp.stanford.edu/design.html
+			//	User -> Host:  M = H(H(N) xor H(g), H(I), s, A, B, K)
+
+			this._M1 = this.stringHash(
+				"597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+				this.stringHash(this.C()) +
+				this.s().asString() +
+				this.A().asString() +
+				this.B().asString() +
+				this.K()
+			);
+//console.log("M1", this._M1);
 		}
 		
 		return this._M1;
@@ -241,6 +269,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 	'M2': function () {
 		if (this._M2 == null) {
 			this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K());
+//console.log("M2", this._M2);
 		}
 		
 		return this._M2;

frontend/gamma/js/Clipperz/Crypto/SRP.js

@@ -44,6 +44,8 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, {
 
 	'_n': null,
 	'_g': null,
+	'_k': null,
+	
 	//-------------------------------------------------------------------------
 
 	'n': function() {
@@ -64,6 +66,15 @@ MochiKit.Base.update(Clipperz.Crypto.SRP, {
 		return Clipperz.Crypto.SRP._g;
 	},
 
+	'k': function() {
+		if (Clipperz.Crypto.SRP._k == null) {
+//			Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16);
+			Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16);
+		}
+		
+		return Clipperz.Crypto.SRP._k;
+	},
+	
 	//-----------------------------------------------------------------------------
 
 	'exception': {
@@ -138,10 +149,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 
 	'A': function () {
 		if (this._A == null) {
-			//	Warning: this value should be strictly greater than zero: how should we perform this check?
+			//	Warning: this value should be strictly greater than zero
 			this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n());
-			
-			if (this._A.equals(0)) {
+			if (this._A.equals(0) || negative(this._A)) {
 				Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
 				throw Clipperz.Crypto.SRP.exception.InvalidValue;
 			}
@@ -167,10 +177,9 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 	},
 
 	'set_B': function(aValue) {
-		//	Warning: this value should be strictly greater than zero: how should we perform this check?
-		if (! aValue.equals(0)) {
-			this._B = aValue;
-		} else {
+		//	Warning: this value should be strictly greater than zero
+		this._B = aValue;
+		if (this._B.equals(0) || negative(this._B)) {
 			Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
 			throw Clipperz.Crypto.SRP.exception.InvalidValue;
 		}
@@ -190,7 +199,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 
 	'u': function () {
 		if (this._u == null) {
-			this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16);
+			this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16);
 		}
 		
 		return this._u;
@@ -207,9 +216,15 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 			srp = 	 Clipperz.Crypto.SRP;
 
 			this._S =	bigint.powerModule(
-								bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())),
-								bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
-								srp.n()
+							bigint.subtract(
+								this.B(),
+								bigint.multiply(
+									Clipperz.Crypto.SRP.k(),
+									bigint.powerModule(srp.g(), this.x(), srp.n())
+								)
+							),
+							bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
+							srp.n()
 						)
 		}
 		
@@ -230,7 +245,20 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 
 	'M1': function () {
 		if (this._M1 == null) {
-			this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+//			this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
+
+			//	http://srp.stanford.edu/design.html
+			//	User -> Host:  M = H(H(N) xor H(g), H(I), s, A, B, K)
+
+			this._M1 = this.stringHash(
+				"597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
+				this.stringHash(this.C()) +
+				this.s().asString() +
+				this.A().asString() +
+				this.B().asString() +
+				this.K()
+			);
+//console.log("M1", this._M1);
 		}
 		
 		return this._M1;
@@ -241,6 +269,7 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
 	'M2': function () {
 		if (this._M2 == null) {
 			this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K());
+//console.log("M2", this._M2);
 		}
 		
 		return this._M2;