sirp 2.0.0.pre → 2.0.0

data/lib/sirp/verifier.rb

@@ -1,72 +1,123 @@
 module SIRP
   class Verifier
+    include SIRP
     attr_reader :N, :g, :k, :A, :B, :b, :S, :K, :M, :H_AMK, :hash
 
+    # Select modulus (N), generator (g), and one-way hash function (SHA1 or SHA256)
+    #
+    # @param group [Integer] the group size in bits
     def initialize(group = 2048)
-      # select modulus (N) and generator (g)
-      @N, @g, @hash = SIRP.Ng(group)
-      @k = SIRP.calc_k(@N, @g, hash)
+      raise ArgumentError, 'must be an Integer' unless group.is_a?(Integer)
+      raise ArgumentError, 'must be a known group size' unless [1024, 1536, 2048, 3072, 4096, 6144, 8192].include?(group)
+
+      @N, @g, @hash = Ng(group)
+      @k = calc_k(@N, @g, hash)
     end
 
-    # Initial user creation for the persistance layer.
-    # Not part of the authentication process.
-    # Returns { <username>, <password verifier>, <salt> }
+    # Phase 0 ; Generate a verifier and salt client-side. This should only be
+    # used during the initial user registration process. All three values
+    # should be provided as attributes in the user registration process. The
+    # verifier and salt should be persisted server-side. The verifier
+    # should be protected and never made public or given to any user.
+    # The salt should be returned to any user requesting it to start
+    # Phase 1 of the authentication process.
+    #
+    # @param username [String] the authentication username
+    # @param password [String] the authentication password
+    # @return [Hash] a Hash of the username, verifier, and salt
     def generate_userauth(username, password)
+      raise ArgumentError, 'username must be a string' unless username.is_a?(String) && !username.empty?
+      raise ArgumentError, 'password must be a string' unless password.is_a?(String) && !password.empty?
+
       @salt ||= SecureRandom.hex(10)
-      x = SIRP.calc_x(username, password, @salt, hash)
-      v = SIRP.calc_v(x, @N, @g)
-      { username: username, verifier: SIRP.num_to_hex(v), salt: @salt }
+      x = calc_x(username, password, @salt, hash)
+      v = calc_v(x, @N, @g)
+      { username: username, verifier: num_to_hex(v), salt: @salt }
     end
 
-    # Authentication phase 1 - create challenge.
-    # Returns Hash with challenge for client and proof to be stored on server.
-    # Parameters should be given in hex.
+    # Phase 1 : Step 2 : Create a challenge for the client, and a proof to be stored
+    # on the server for later use when verifying the client response.
+    #
+    # @param username [String] the client provided authentication username
+    # @param xverifier [String] the server stored verifier for the username in hex
+    # @param xsalt [String] the server stored salt for the username in hex
+    # @param xaa [String] the client provided 'A' value in hex
+    # @return [Hash] a Hash with the challenge for the client and a proof for the server
     def get_challenge_and_proof(username, xverifier, xsalt, xaa)
+      raise ArgumentError, 'username must be a string' unless username.is_a?(String) && !username.empty?
+      raise ArgumentError, 'xverifier must be a string' unless xverifier.is_a?(String)
+      raise ArgumentError, 'xverifier must be a hex string' unless xverifier =~ /^[a-fA-F0-9]+$/
+      raise ArgumentError, 'xsalt must be a string' unless xsalt.is_a?(String)
+      raise ArgumentError, 'xsalt must be a hex string' unless xsalt =~ /^[a-fA-F0-9]+$/
+      raise ArgumentError, 'xaa must be a string' unless xaa.is_a?(String)
+      raise ArgumentError, 'xaa must be a hex string' unless xaa =~ /^[a-fA-F0-9]+$/
+
       # SRP-6a safety check
-      return false if (xaa.to_i(16) % @N) == 0
-      generate_B(xverifier)
+      return false if (xaa.to_i(16) % @N).zero?
+
+      # Generate b and B
+      v = xverifier.to_i(16)
+      @b ||= SecureRandom.hex(32).hex
+      @B = num_to_hex(calc_B(@b, k, v, @N, @g))
 
       {
         challenge: { B: @B, salt: xsalt },
-        proof: { A: xaa, B: @B, b: SIRP.num_to_hex(@b), I: username, s: xsalt, v: xverifier }
+        proof: { A: xaa, B: @B, b: num_to_hex(@b), I: username, s: xsalt, v: xverifier }
       }
     end
 
-    # returns H_AMK on success, false on failure
-    # User -> Host:  M = H(H(N) xor H(g), H(I), s, A, B, K)
-    # Host -> User:  H(A, M, K)
+    #
+    # Phase 2 : Step 1 : See Client#start_authentication
+    #
+
+    # Phase 2 : Step 2 : Use the server stored proof and the client provided 'M' value.
+    # Calculates a server 'M' value and compares it to the client provided one,
+    # and if they match the client and server have negotiated equal secrets.
+    # Returns a H(A, M, K) value on success and false on failure.
+    #
+    # Sets the @K value, which is the client and server negotiated secret key
+    # if verification succeeds. This can be used to derive strong encryption keys
+    # for later use. The client independently calculates the same @K value as well.
+    #
+    # If authentication fails the H_AMK value must not be provided to the client.
+    #
+    # @param proof [Hash] the server stored proof Hash with keys A, B, b, I, s, v
+    # @param client_M [String] the client provided 'M' value in hex
+    # @return [String, false] the H_AMK value in hex for the client, or false if verification failed
     def verify_session(proof, client_M)
+      raise ArgumentError, 'proof must be a hash' unless proof.is_a?(Hash)
+      # gracefully handle string or symbol keys
+      Hashie.symbolize_keys!(proof)
+      raise ArgumentError, 'proof must have required hash keys' unless proof.keys == [:A, :B, :b, :I, :s, :v]
+      raise ArgumentError, 'client_M must be a string' unless client_M.is_a?(String)
+      raise ArgumentError, 'client_M must be a hex string' unless client_M =~ /^[a-fA-F0-9]+$/
+
       @A = proof[:A]
       @B = proof[:B]
       @b = proof[:b].to_i(16)
       v = proof[:v].to_i(16)
 
-      u = SIRP.calc_u(@A, @B, @N, hash)
+      u = calc_u(@A, @B, @N, hash)
 
       # SRP-6a safety check
-      return false if u == 0
+      return false if u.zero?
 
-      # calculate session key
-      @S = SIRP.num_to_hex(SIRP.calc_server_S(@A.to_i(16), @b, v, u, @N))
-      @K = SIRP.sha_hex(@S, hash)
+      # Calculate session key 'S' and secret key 'K'
+      @S = num_to_hex(calc_server_S(@A.to_i(16), @b, v, u, @N))
+      @K = sha_hex(@S, hash)
 
-      # calculate match
-      @M = SIRP.calc_M(@A, @B, @K, hash)
+      # Calculate the 'M' matcher
+      @M = calc_M(@A, @B, @K, hash)
 
-      if @M == client_M
-        # authentication succeeded
-        @H_AMK = SIRP.num_to_hex(SIRP.calc_H_AMK(@A, @M, @K, hash))
+      # Secure constant time comparison, hash the params to ensure
+      # that both strings being compared are equal length 32 Byte strings.
+      if secure_compare(Digest::SHA256.hexdigest(@M), Digest::SHA256.hexdigest(client_M))
+        # Authentication succeeded, Calculate the H(A,M,K) verifier
+        @H_AMK = num_to_hex(calc_H_AMK(@A, @M, @K, hash))
       else
+        # Authentication failed
         false
       end
     end
-
-    # generates challenge
-    # input verifier in hex
-    def generate_B(xverifier)
-      v = xverifier.to_i(16)
-      @b ||= SecureRandom.hex(32).hex
-      @B = SIRP.num_to_hex(SIRP.calc_B(@b, k, v, @N, @g))
-    end
   end
 end

data/lib/sirp/version.rb

@@ -1,3 +1,3 @@
 module SIRP
-  VERSION = '2.0.0.pre'.freeze
+  VERSION = '2.0.0'.freeze
 end

data/sirp.gemspec

@@ -36,10 +36,11 @@ Gem::Specification.new do |spec|
 
   # See : https://bugs.ruby-lang.org/issues/9569
   spec.add_runtime_dependency 'rbnacl-libsodium', '~> 1.0'
-  spec.add_runtime_dependency 'securer_randomer', '~> 0.1.0'
+  spec.add_runtime_dependency 'sysrandom', '~> 1.0'
+  spec.add_runtime_dependency 'hashie', '~> 3.4'
 
-  spec.add_development_dependency 'bundler', '~> 1.12'
-  spec.add_development_dependency 'rake', '~> 11.0'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec', '~> 3.4'
   spec.add_development_dependency 'pry', '~> 0.10'
   spec.add_development_dependency 'coveralls', '~> 0.8'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sirp
 version: !ruby/object:Gem::Version
-  version: 2.0.0.pre
+  version: 2.0.0
 platform: ruby
 authors:
 - Glenn Rempe
@@ -31,7 +31,7 @@ cert_chain:
   zieXiXZSAojfFx9g91fKdIrlPbInHU/BaCxXSLBwvOM0drE+c2ue9X8gB55XAhzX
   37oBiw==
   -----END CERTIFICATE-----
-date: 2016-05-13 00:00:00.000000000 Z
+date: 2016-09-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rbnacl-libsodium
@@ -48,47 +48,61 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: securer_randomer
+  name: sysrandom
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: hashie
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.12'
-  type: :development
+        version: '3.4'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -173,7 +187,9 @@ files:
 - ".gitignore"
 - ".rubocop.yml"
 - ".travis.yml"
+- ".yardopts"
 - CHANGELOG.md
+- CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -184,16 +200,9 @@ files:
 - certs/gem-public_cert_grempe.pem
 - docs/rfc2945.txt
 - docs/rfc5054.txt
-- examples/Gemfile
-- examples/README.md
-- examples/clients/javascript/.gitignore
-- examples/clients/javascript/app.js
-- examples/clients/javascript/index.html
-- examples/clients/javascript/package.json
-- examples/clients/ruby/client.rb
-- examples/server.rb
 - lib/sirp.rb
 - lib/sirp/client.rb
+- lib/sirp/parameters.rb
 - lib/sirp/sirp.rb
 - lib/sirp/verifier.rb
 - lib/sirp/version.rb
@@ -213,9 +222,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.5.1
@@ -223,4 +232,3 @@ signing_key:
 specification_version: 4
 summary: Secure (interoperable) Remote Password Auth (SRP-6a)
 test_files: []
-has_rdoc: 

data/examples/Gemfile

@@ -1,6 +0,0 @@
-source 'https://rubygems.org'
-
-gem 'puma'
-gem 'sinatra'
-gem 'http'
-gem 'sirp', path: '../'

data/examples/README.md

@@ -1,34 +0,0 @@
-# SiRP : Secure (interoperable) Remote Password : Example
-
-## Install Ruby Dependencies
-
-```
-$ cd examples
-$ bundle install
-```
-
-## Run Server
-
-```sh
-# run this in the first terminal window
-$ ./server.rb
-```
-
-## Authenticate with Ruby Client
-
-```sh
-# run this in the second terminal window
-$ cd clients/ruby/
-$ ./client.rb
-```
-
-## Authenticate with JavaScript Client
-
-```sh
-# see the output of the JS client in the browser's JS console
-$ cd clients/javascript/
-$ npm install
-$ open index.html
-```
-
-You can find other username : password combinations in `server.rb`

data/examples/clients/javascript/.gitignore

@@ -1 +0,0 @@
-/node_modules/

data/examples/clients/javascript/app.js

@@ -1,59 +0,0 @@
-var client = new jsrp.client()
-var serverAddr = 'http://localhost:4567/authenticate'
-var username = 'leonardo'
-var password = 'capricciosa'
-
-$(document).ready(function () {
-  'use strict'
-
-  console.log('Starting Authentication')
-
-  $(document).ajaxError(function (event, request, settings) {
-    console.log(event)
-    console.log(request)
-    console.log(settings)
-  })
-
-  client.init({ username: username, password: password, length: 4096 }, function () {
-    client.createVerifier(function (err, result) {
-      // result will contain the necessary values the server needs to
-      // authenticate this user in the future.
-      // sendSaltToServer(result.salt)
-      // sendVerifierToServer(result.verifier)
-
-      if (err) {
-         console.log(err.stack);
-       }
-
-      var A = client.getPublicKey()
-
-      // Auth Phase 1
-      console.log('P1 : Sending username and A to server')
-      $.post(serverAddr, { username: username, A: A }, function (data) {
-        console.log('P1 : Received salt : ', data.salt)
-        console.log('P1 : Received B : ', data.B)
-        client.setSalt(data.salt)
-        client.setServerPublicKey(data.B)
-
-        var clientM = client.getProof()
-        console.log('P1 : calculated client M : ', clientM)
-
-        // Auth Phase 2
-        console.log('P2 : Sending username and M to server')
-        $.post(serverAddr, { username: username, M: clientM }, function (data) {
-          console.log('P2 : Received server H_AMK : ', data.H_AMK)
-          if (client.checkServerProof(data.H_AMK)) {
-            console.log('P2 : Client and server H_AMK match. Authenticated!')
-            console.log('P2 : Client and server negotiated shared key K : ', client.getSharedKey())
-            $('#status').html('Authenticated!')
-            $('#username').html(username)
-            $('#K').html(client.getSharedKey())
-          } else {
-            $('#status').html('Authenticated FAILED')
-            console.log('P2 : Client and server H_AMK DO NOT match. Authentication failed!')
-          }
-        }, 'json')
-      }, 'json')
-    })
-  })
-})

data/examples/clients/javascript/index.html

@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta charset="utf-8">
-    <title>Secure Remote Password JS Client Example</title>
-  </head>
-  <body>
-    <h1>Secure Remote Password JS Client Example</h1>
-
-    <p>
-      Open the JavaScript console to see more output. Any shared secret
-      negotiated on successful authentication will be displayed below.
-    </p>
-
-    <p id='status'></p>
-    <p id='username'></p>
-    <p id='K'></p>
-
-    <script type="text/javascript" src="node_modules/jquery/dist/jquery.min.js"></script>
-    <script type="text/javascript" src="node_modules/jsrp/jsrp-browser.js"></script>
-    <script type="text/javascript" src="app.js"></script>
-  </body>
-</html>

data/examples/clients/javascript/package.json

@@ -1,15 +0,0 @@
-{
-  "name": "javascript",
-  "version": "1.0.0",
-  "description": "",
-  "main": "app.js",
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
-  "author": "",
-  "license": "New BSD",
-  "dependencies": {
-    "jquery": "^2.2.3",
-    "jsrp": "^0.2.0"
-  }
-}