sirp 2.0.0.pre → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/.gitignore +2 -0
  5. data/.rubocop.yml +4 -0
  6. data/.yardopts +1 -0
  7. data/CHANGELOG.md +4 -0
  8. data/CODE_OF_CONDUCT.md +49 -0
  9. data/README.md +170 -36
  10. data/lib/sirp.rb +3 -1
  11. data/lib/sirp/client.rb +67 -21
  12. data/lib/sirp/parameters.rb +171 -0
  13. data/lib/sirp/sirp.rb +141 -261
  14. data/lib/sirp/verifier.rb +87 -36
  15. data/lib/sirp/version.rb +1 -1
  16. data/sirp.gemspec +4 -3
  17. metadata +32 -24
  18. metadata.gz.sig +0 -0
  19. data/examples/Gemfile +0 -6
  20. data/examples/README.md +0 -34
  21. data/examples/clients/javascript/.gitignore +0 -1
  22. data/examples/clients/javascript/app.js +0 -59
  23. data/examples/clients/javascript/index.html +0 -23
  24. data/examples/clients/javascript/package.json +0 -15
  25. data/examples/clients/ruby/client.rb +0 -48
  26. data/examples/server.rb +0 -88
data/examples/clients/ruby/client.rb DELETED
@@ -1,48 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # encoding: utf-8
3
-
4
- require 'rubygems'
5
- require 'bundler/setup'
6
- require 'http'
7
- require 'json'
8
- require 'sirp'
9
- require 'logger'
10
- logger = Logger.new $stdout
11
-
12
- server_addr = 'http://localhost:4567/authenticate'
13
- username = 'leonardo'
14
- password = 'capricciosa'
15
- prime_length = 4096
16
-
17
- # The salt and verifier should be stored on the server database.
18
- # In this example code these values are hard-coded in server.rb
19
- # @auth = SIRP::Verifier.new(prime_length).generate_userauth(username, password)
20
- # @auth is a hash containing :username, :verifier and :salt
21
-
22
- logger.info 'Start authentication'
23
-
24
- client = SIRP::Client.new(prime_length)
25
- A = client.start_authentication
26
-
27
- logger.info "Sending username: '#{username}' and A: '#{A}' to server"
28
-
29
- # Client => Server: username, A
30
- # Server => Client: salt, B
31
- response = HTTP.post(server_addr, form: { username: username, A: A }).parse
32
- logger.info "Server responded with: '#{response}'"
33
-
34
- logger.info 'Client is calculating M, from B and salt, as a response to the challenge'
35
- client_M = client.process_challenge(username, password, response['salt'], response['B'])
36
-
37
- # Client => Server: username, M
38
- # Server => Client: H(AMK)
39
- logger.info "Client is sending M: '#{client_M}' to server"
40
- response = HTTP.post(server_addr, form: { username: username, M: client_M }).parse
41
- logger.info "Server responded with: #{response}"
42
-
43
- if client.verify(response['H_AMK'])
44
- logger.info 'Client verification of server H_AMK has succeeded! Authenticated!'
45
- logger.info "Client and server have negotiated shared secret K: '#{client.K}'"
46
- else
47
- logger.error 'Client verification of server H_AMK has failed!'
48
- end
data/examples/server.rb DELETED
@@ -1,88 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # encoding: utf-8
3
-
4
- require 'rubygems'
5
- require 'bundler/setup'
6
- require 'sinatra'
7
- require 'json'
8
- require 'sirp'
9
- require 'logger'
10
- logger = Logger.new $stdout
11
-
12
- # Sinatra : Use Puma
13
- configure { set :server, :puma }
14
-
15
- # Set prime N length - client has to use the same value!
16
- prime_length = 4096
17
-
18
- # Simulated DB
19
- users = {
20
- leonardo: 'capricciosa',
21
- raphael: 'quattro formaggi',
22
- donatello: 'margherita',
23
- michelangelo: 'tropicana'
24
- }
25
-
26
- user_verifiers = users.map do |username, password|
27
- { username => SIRP::Verifier.new(prime_length).generate_userauth(username, password) }
28
- end
29
-
30
- user_verifiers.each { |h| users.update h }
31
-
32
- before do
33
- content_type 'application/json'
34
- response['Access-Control-Allow-Origin'] = '*'
35
- end
36
-
37
- post '/authenticate' do
38
- username = params[:username]
39
- user = users[username.to_sym]
40
-
41
- unless user
42
- logger.warn "User #{username} not found"
43
- halt 401
44
- end
45
-
46
- if params[:A]
47
- logger.info 'P1 : Starting'
48
- logger.info "P1 : Server received username '#{username}' and A"
49
- logger.info "P1 : Client A : #{params[:A]}"
50
- aa = params[:A]
51
- v = user[:verifier]
52
- salt = user[:salt]
53
-
54
- # Server generates B, saves A and B to database
55
- verifier = SIRP::Verifier.new(prime_length)
56
- session = verifier.get_challenge_and_proof(username, v, salt, aa)
57
-
58
- logger.info 'P1 : Server persisting user verifier (proof)'
59
- user[:session_proof] = session[:proof]
60
-
61
- logger.info 'P1 : Server sending salt and B'
62
- logger.info "P1 : Server salt : #{session[:challenge][:salt].length} : #{session[:challenge][:salt]}"
63
- logger.info "P1 : Server B : #{session[:challenge][:B].length} : #{session[:challenge][:B]}"
64
- return JSON.generate(session[:challenge])
65
- elsif params[:M]
66
- logger.info 'P2 : Starting'
67
- logger.info "P2 : Server received username '#{username}' and client M"
68
- client_M = params[:M]
69
- logger.info "P2 : Client M : #{client_M.length} : #{client_M}"
70
-
71
- logger.info 'P2 : Retrieving verifier from the database'
72
- proof = user[:session_proof]
73
-
74
- logger.info 'P2 : Verifying client/server M match, generating H_AMK'
75
- verifier = SIRP::Verifier.new(prime_length)
76
- server_H_AMK = verifier.verify_session(proof, client_M)
77
- logger.info "P2 : server M: #{verifier.M}"
78
-
79
- if server_H_AMK
80
- logger.info "P2 : #{username} Authenticated!"
81
- logger.info "P2 : Client and server negotiated shared key K : #{verifier.K}"
82
- logger.info "P2 : Server sending final H_AMK : #{server_H_AMK.length} : #{server_H_AMK}"
83
- return JSON.generate(H_AMK: server_H_AMK)
84
- end
85
- end
86
-
87
- halt 401
88
- end