sirp 2.0.0.pre → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (26) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/.gitignore +2 -0
  5. data/.rubocop.yml +4 -0
  6. data/.yardopts +1 -0
  7. data/CHANGELOG.md +4 -0
  8. data/CODE_OF_CONDUCT.md +49 -0
  9. data/README.md +170 -36
  10. data/lib/sirp.rb +3 -1
  11. data/lib/sirp/client.rb +67 -21
  12. data/lib/sirp/parameters.rb +171 -0
  13. data/lib/sirp/sirp.rb +141 -261
  14. data/lib/sirp/verifier.rb +87 -36
  15. data/lib/sirp/version.rb +1 -1
  16. data/sirp.gemspec +4 -3
  17. metadata +32 -24
  18. metadata.gz.sig +0 -0
  19. data/examples/Gemfile +0 -6
  20. data/examples/README.md +0 -34
  21. data/examples/clients/javascript/.gitignore +0 -1
  22. data/examples/clients/javascript/app.js +0 -59
  23. data/examples/clients/javascript/index.html +0 -23
  24. data/examples/clients/javascript/package.json +0 -15
  25. data/examples/clients/ruby/client.rb +0 -48
  26. data/examples/server.rb +0 -88
data/examples/clients/ruby/client.rb DELETED
@@ -1,48 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # encoding: utf-8
3
-
4
- require 'rubygems'
5
- require 'bundler/setup'
6
- require 'http'
7
- require 'json'
8
- require 'sirp'
9
- require 'logger'
10
- logger = Logger.new $stdout
11
-
12
- server_addr = 'http://localhost:4567/authenticate'
13
- username = 'leonardo'
14
- password = 'capricciosa'
15
- prime_length = 4096
16
-
17
- # The salt and verifier should be stored on the server database.
18
- # In this example code these values are hard-coded in server.rb
19
- # @auth = SIRP::Verifier.new(prime_length).generate_userauth(username, password)
20
- # @auth is a hash containing :username, :verifier and :salt
21
-
22
- logger.info 'Start authentication'
23
-
24
- client = SIRP::Client.new(prime_length)
25
- A = client.start_authentication
26
-
27
- logger.info "Sending username: '#{username}' and A: '#{A}' to server"
28
-
29
- # Client => Server: username, A
30
- # Server => Client: salt, B
31
- response = HTTP.post(server_addr, form: { username: username, A: A }).parse
32
- logger.info "Server responded with: '#{response}'"
33
-
34
- logger.info 'Client is calculating M, from B and salt, as a response to the challenge'
35
- client_M = client.process_challenge(username, password, response['salt'], response['B'])
36
-
37
- # Client => Server: username, M
38
- # Server => Client: H(AMK)
39
- logger.info "Client is sending M: '#{client_M}' to server"
40
- response = HTTP.post(server_addr, form: { username: username, M: client_M }).parse
41
- logger.info "Server responded with: #{response}"
42
-
43
- if client.verify(response['H_AMK'])
44
- logger.info 'Client verification of server H_AMK has succeeded! Authenticated!'
45
- logger.info "Client and server have negotiated shared secret K: '#{client.K}'"
46
- else
47
- logger.error 'Client verification of server H_AMK has failed!'
48
- end
data/examples/server.rb DELETED
@@ -1,88 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # encoding: utf-8
3
-
4
- require 'rubygems'
5
- require 'bundler/setup'
6
- require 'sinatra'
7
- require 'json'
8
- require 'sirp'
9
- require 'logger'
10
- logger = Logger.new $stdout
11
-
12
- # Sinatra : Use Puma
13
- configure { set :server, :puma }
14
-
15
- # Set prime N length - client has to use the same value!
16
- prime_length = 4096
17
-
18
- # Simulated DB
19
- users = {
20
- leonardo: 'capricciosa',
21
- raphael: 'quattro formaggi',
22
- donatello: 'margherita',
23
- michelangelo: 'tropicana'
24
- }
25
-
26
- user_verifiers = users.map do |username, password|
27
- { username => SIRP::Verifier.new(prime_length).generate_userauth(username, password) }
28
- end
29
-
30
- user_verifiers.each { |h| users.update h }
31
-
32
- before do
33
- content_type 'application/json'
34
- response['Access-Control-Allow-Origin'] = '*'
35
- end
36
-
37
- post '/authenticate' do
38
- username = params[:username]
39
- user = users[username.to_sym]
40
-
41
- unless user
42
- logger.warn "User #{username} not found"
43
- halt 401
44
- end
45
-
46
- if params[:A]
47
- logger.info 'P1 : Starting'
48
- logger.info "P1 : Server received username '#{username}' and A"
49
- logger.info "P1 : Client A : #{params[:A]}"
50
- aa = params[:A]
51
- v = user[:verifier]
52
- salt = user[:salt]
53
-
54
- # Server generates B, saves A and B to database
55
- verifier = SIRP::Verifier.new(prime_length)
56
- session = verifier.get_challenge_and_proof(username, v, salt, aa)
57
-
58
- logger.info 'P1 : Server persisting user verifier (proof)'
59
- user[:session_proof] = session[:proof]
60
-
61
- logger.info 'P1 : Server sending salt and B'
62
- logger.info "P1 : Server salt : #{session[:challenge][:salt].length} : #{session[:challenge][:salt]}"
63
- logger.info "P1 : Server B : #{session[:challenge][:B].length} : #{session[:challenge][:B]}"
64
- return JSON.generate(session[:challenge])
65
- elsif params[:M]
66
- logger.info 'P2 : Starting'
67
- logger.info "P2 : Server received username '#{username}' and client M"
68
- client_M = params[:M]
69
- logger.info "P2 : Client M : #{client_M.length} : #{client_M}"
70
-
71
- logger.info 'P2 : Retrieving verifier from the database'
72
- proof = user[:session_proof]
73
-
74
- logger.info 'P2 : Verifying client/server M match, generating H_AMK'
75
- verifier = SIRP::Verifier.new(prime_length)
76
- server_H_AMK = verifier.verify_session(proof, client_M)
77
- logger.info "P2 : server M: #{verifier.M}"
78
-
79
- if server_H_AMK
80
- logger.info "P2 : #{username} Authenticated!"
81
- logger.info "P2 : Client and server negotiated shared key K : #{verifier.K}"
82
- logger.info "P2 : Server sending final H_AMK : #{server_H_AMK.length} : #{server_H_AMK}"
83
- return JSON.generate(H_AMK: server_H_AMK)
84
- end
85
- end
86
-
87
- halt 401
88
- end