ruby_home-srp 1.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 01aa88f20f9d30e522a70b7b9b5fb46c0a88c72e17ed8497508673a49e3f4c81
+  data.tar.gz: be1162da69b86dbc69ac9a54f878ff10ff825691549058028e110c8f174f9e8d
+SHA512:
+  metadata.gz: be13ad8ed43883b4c1bda4362481edcfe4ea1873afba34942157bf2a44b114672db9f783d7aa96dd6b5a0a640590b3b89b055381b2cb2e2bdcc63a53111fd4ce
+  data.tar.gz: ffffd98cda85809b6da6b921d39093acd974f379d9c6b877a5ab3a97b3fffebc3ade15179309ec837f82ec0203950c5793fbcc1759cea491972f1532109e4be6

data/lib/ruby_home-srp.rb

@@ -0,0 +1,180 @@
+require 'securerandom'
+require 'srp'
+
+module RubyHome
+  module SRP
+    class << self
+      ::SRP.singleton_methods.each do |m|
+        define_method m, ::SRP.method(m).to_proc
+      end
+    end
+
+    class << self
+      def sha512_hex(h)
+        OpenSSL::Digest::SHA512.hexdigest([h].pack('H*'))
+      end
+
+      def sha512_str(s)
+        OpenSSL::Digest::SHA512.hexdigest(s)
+      end
+
+      # hashing function with padding.
+      # Input is prefixed with 0 to meet N hex width.
+      def H(n, *a)
+        nlen = 2 * ((('%x' % [n]).length * 4 + 7) >> 3)
+        hashin = a.map {|s|
+          next unless s
+          shex = s.class == String ? s : '%x' % s
+          if shex.length > nlen
+              raise 'Bit width does not match - client uses different prime'
+          end
+          '0' * (nlen - shex.length) + shex
+        }.join('')
+        sha512_hex(hashin).hex % n
+      end
+
+      # Multiplier parameter
+      # k = H(N, g)   (in SRP-6a)
+      def calc_k(n, g)
+        H(n, n, g)
+      end
+
+      # Private key (derived from username, raw password and salt)
+      # x = H(salt || H(username || ':' || password))
+      def calc_x(username, password, salt)
+        sha512_hex(salt + sha512_str([username, password].join(':'))).hex
+      end
+
+      # Random scrambling parameter
+      # u = H(A, B)
+      def calc_u(xaa, xbb, n)
+        H(n, xaa, xbb)
+      end
+
+      # M = H(H(N) xor H(g), H(I), s, A, B, K)
+      def calc_M(username, xsalt, xaa, xbb, xkk, n, g)
+        hn = sha512_hex('%x' % n).hex
+        hg = sha512_hex(g).hex
+        hxor = '%x' % (hn ^ hg)
+        hi = sha512_str(username)
+
+        hashin = [hxor, hi, xsalt, xaa, xbb, xkk].join
+        sha512_hex(hashin).hex % n
+      end
+
+      # H(A, M, K)
+      def calc_H_AMK(xaa, xmm, xkk, n, g)
+        hashin = [xaa, xmm, xkk].join()
+        sha512_hex(hashin).hex % n
+      end
+
+      def Ng(group)
+        case group
+        when 3072
+          @N = %w{
+            FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08
+            8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B
+            302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9
+            A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6
+            49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8
+            FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
+            670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C
+            180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718
+            3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D
+            04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D
+            B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226
+            1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C
+            BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC
+            E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF
+          }.join.hex
+          @g = '05'
+        else
+          raise NotImplementedError
+        end
+        return [@N, @g]
+      end
+    end
+
+    class Verifier < ::SRP::Verifier
+      attr_reader :u
+      attr_writer :salt
+
+      def initialize group=3072
+        # select modulus (N) and generator (g)
+        @N, @g = SRP.Ng group
+        @k = SRP.calc_k(@N, @g)
+      end
+
+      # Initial user creation for the persistance layer.
+      # Not part of the authentication process.
+      # Returns { <username>, <password verifier>, <salt> }
+      def generate_userauth username, password
+        @salt ||= random_salt
+        x = SRP.calc_x(username, password, @salt)
+        v = SRP.calc_v(x, @N, @g.hex)
+        return {:username => username, :verifier => '%x' % v, :salt => @salt}
+      end
+
+      # Authentication phase 1 - create challenge.
+      # Returns Hash with challenge for client and proof to be stored on server.
+      # Parameters should be given in hex.
+      def get_challenge_and_proof username, xverifier, xsalt
+        generate_B(xverifier)
+        return {
+          :challenge => {:B => @B, :salt => xsalt},
+          :proof     => {:B => @B, :b => '%x' % @b, :I => username, :s => xsalt, :v => xverifier}
+        }
+      end
+
+      # returns H_AMK on success, None on failure
+      # User -> Host:  M = H(H(N) xor H(g), H(I), s, A, B, K)
+      # Host -> User:  H(A, M, K)
+      def verify_session proof, client_M
+        @A = proof[:A]
+        @B = proof[:B]
+        @b = proof[:b].to_i(16)
+        username = proof[:I]
+        xsalt = proof[:s]
+        v = proof[:v].to_i(16)
+
+        @u = SRP.calc_u(@A, @B, @N)
+        # SRP-6a safety check
+        return false if @u == 0
+
+        # calculate session key
+        @S = '%x' % SRP.calc_server_S(@A.to_i(16), @b, v, @u, @N)
+        @K = SRP.sha512_hex(@S)
+
+        # calculate match
+        @M = '%x' % SRP.calc_M(username, xsalt, @A, @B, @K, @N, @g)
+
+        if @M == client_M
+          # authentication succeeded
+          @H_AMK = '%x' % SRP.calc_H_AMK(@A, @M, @K, @N, @g)
+          return @H_AMK
+        end
+        return false
+      end
+
+      def random_salt
+        SecureRandom.hex(16)
+      end
+
+      def random_bignum
+        SecureRandom.hex(32).hex
+      end
+
+      def u
+        '%x' % @u
+      end
+
+      # generates challenge
+      # input verifier in hex
+      def generate_B xverifier
+        v = xverifier.to_i(16)
+        @b ||= random_bignum
+        @B = '%x' % SRP.calc_B(@b, k, v, @N, @g.hex)
+      end
+    end
+  end
+end

data/lib/ruby_home-srp/version.rb

@@ -0,0 +1,5 @@
+module RubyHome
+  module SRP
+    VERSION = '1.1.1'
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,13 @@
+require 'bundler/setup'
+require 'rspec'
+
+RSpec.configure do |config|
+  # Disable RSpec exposing methods globally on `Module` and `main`
+  config.disable_monkey_patching!
+
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+
+  config.order = :random
+end

metadata

@@ -0,0 +1,91 @@
+--- !ruby/object:Gem::Specification
+name: ruby_home-srp
+version: !ruby/object:Gem::Version
+  version: 1.1.1
+platform: ruby
+authors:
+- Karl Entwistle
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-03-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: srp-rb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: 'Secure Remote Password protocol (SRP-6a) with HAP modifications
+
+'
+email:
+- karl@entwistle.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/ruby_home-srp.rb
+- lib/ruby_home-srp/version.rb
+- spec/spec_helper.rb
+homepage: https://github.com/karlentwistle/ruby_home-srp
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.5
+signing_key: 
+specification_version: 4
+summary: Secure Remote Password protocol SRP-6a-HAP
+test_files:
+- spec/spec_helper.rb