sirp 2.0.0.pre

data/lib/sirp/verifier.rb

@@ -0,0 +1,72 @@
+module SIRP
+  class Verifier
+    attr_reader :N, :g, :k, :A, :B, :b, :S, :K, :M, :H_AMK, :hash
+
+    def initialize(group = 2048)
+      # select modulus (N) and generator (g)
+      @N, @g, @hash = SIRP.Ng(group)
+      @k = SIRP.calc_k(@N, @g, hash)
+    end
+
+    # Initial user creation for the persistance layer.
+    # Not part of the authentication process.
+    # Returns { <username>, <password verifier>, <salt> }
+    def generate_userauth(username, password)
+      @salt ||= SecureRandom.hex(10)
+      x = SIRP.calc_x(username, password, @salt, hash)
+      v = SIRP.calc_v(x, @N, @g)
+      { username: username, verifier: SIRP.num_to_hex(v), salt: @salt }
+    end
+
+    # Authentication phase 1 - create challenge.
+    # Returns Hash with challenge for client and proof to be stored on server.
+    # Parameters should be given in hex.
+    def get_challenge_and_proof(username, xverifier, xsalt, xaa)
+      # SRP-6a safety check
+      return false if (xaa.to_i(16) % @N) == 0
+      generate_B(xverifier)
+
+      {
+        challenge: { B: @B, salt: xsalt },
+        proof: { A: xaa, B: @B, b: SIRP.num_to_hex(@b), I: username, s: xsalt, v: xverifier }
+      }
+    end
+
+    # returns H_AMK on success, false on failure
+    # User -> Host:  M = H(H(N) xor H(g), H(I), s, A, B, K)
+    # Host -> User:  H(A, M, K)
+    def verify_session(proof, client_M)
+      @A = proof[:A]
+      @B = proof[:B]
+      @b = proof[:b].to_i(16)
+      v = proof[:v].to_i(16)
+
+      u = SIRP.calc_u(@A, @B, @N, hash)
+
+      # SRP-6a safety check
+      return false if u == 0
+
+      # calculate session key
+      @S = SIRP.num_to_hex(SIRP.calc_server_S(@A.to_i(16), @b, v, u, @N))
+      @K = SIRP.sha_hex(@S, hash)
+
+      # calculate match
+      @M = SIRP.calc_M(@A, @B, @K, hash)
+
+      if @M == client_M
+        # authentication succeeded
+        @H_AMK = SIRP.num_to_hex(SIRP.calc_H_AMK(@A, @M, @K, hash))
+      else
+        false
+      end
+    end
+
+    # generates challenge
+    # input verifier in hex
+    def generate_B(xverifier)
+      v = xverifier.to_i(16)
+      @b ||= SecureRandom.hex(32).hex
+      @B = SIRP.num_to_hex(SIRP.calc_B(@b, k, v, @N, @g))
+    end
+  end
+end

data/lib/sirp/version.rb

@@ -0,0 +1,3 @@
+module SIRP
+  VERSION = '2.0.0.pre'.freeze
+end

data/sirp.gemspec

@@ -0,0 +1,48 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sirp/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'sirp'
+  spec.version       = SIRP::VERSION
+  spec.authors       = ['Glenn Rempe', 'lamikae']
+  spec.email         = ['glenn@rempe.us']
+
+  spec.required_ruby_version = '>= 2.1.0'
+
+  cert = File.expand_path('~/.gem-certs/gem-private_key_grempe.pem')
+  if cert && File.exist?(cert)
+    spec.signing_key = cert
+    spec.cert_chain = ['certs/gem-public_cert_grempe.pem']
+  end
+
+  spec.summary       = 'Secure (interoperable) Remote Password Auth (SRP-6a)'
+  spec.description   = <<-EOF
+    A Ruby implementation of the Secure Remote Password protocol (SRP-6a).
+    SiRP is a cryptographically strong authentication protocol for
+    password-based, mutual authentication over an insecure network connection.
+  EOF
+
+  spec.homepage      = 'https://github.com/grempe/sirp'
+
+  # http://spdx.org/licenses/BSD-3-Clause.html
+  spec.license       = 'BSD-3-Clause'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  # See : https://bugs.ruby-lang.org/issues/9569
+  spec.add_runtime_dependency 'rbnacl-libsodium', '~> 1.0'
+  spec.add_runtime_dependency 'securer_randomer', '~> 0.1.0'
+
+  spec.add_development_dependency 'bundler', '~> 1.12'
+  spec.add_development_dependency 'rake', '~> 11.0'
+  spec.add_development_dependency 'rspec', '~> 3.4'
+  spec.add_development_dependency 'pry', '~> 0.10'
+  spec.add_development_dependency 'coveralls', '~> 0.8'
+  spec.add_development_dependency 'coco', '~> 0.14'
+  spec.add_development_dependency 'wwtd', '~> 1.3'
+end

metadata

@@ -0,0 +1,226 @@
+--- !ruby/object:Gem::Specification
+name: sirp
+version: !ruby/object:Gem::Version
+  version: 2.0.0.pre
+platform: ruby
+authors:
+- Glenn Rempe
+- lamikae
+autorequire: 
+bindir: exe
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDYDCCAkigAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQ4wDAYDVQQDDAVnbGVu
+  bjEVMBMGCgmSJomT8ixkARkWBXJlbXBlMRIwEAYKCZImiZPyLGQBGRYCdXMwHhcN
+  MTYwNDExMDI0NTU0WhcNMTcwNDExMDI0NTU0WjA7MQ4wDAYDVQQDDAVnbGVubjEV
+  MBMGCgmSJomT8ixkARkWBXJlbXBlMRIwEAYKCZImiZPyLGQBGRYCdXMwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZqTH5Jf+D/W2B4BIiL49CpHa86rK/
+  oT+v3xZwuEE92lJea+ygn3IAsidVTW47AKE6Lt3UqUkGQGKxsqH/Dhir08BqjLlD
+  gBUozGZpM3B6uWZnD6QXLbOmZeGVDnwB/QDfzaawN1i3smlYxYT+KNLjl80aN3we
+  /cHAWG7JG47AF/S91mYcg1WgZnDgZt9+RyVR1AsfYbM+SidOSoXEOHPCbuUxLKJb
+  gj5ieCFhm5GNWEugvgiX/ruas+VHV0fF3fzjYlU2fZPTuQyB4UD5FWX4UqdsBf3w
+  jB94TDBsJ3FVGPbggEhLGKd8pbQmBIOqXolGaqhs7dnuf5imu5mAXHC1AgMBAAGj
+  bzBtMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBRfxEyosUbKjfFa
+  j+gae2CcT3aFCTAZBgNVHREEEjAQgQ5nbGVubkByZW1wZS51czAZBgNVHRIEEjAQ
+  gQ5nbGVubkByZW1wZS51czANBgkqhkiG9w0BAQUFAAOCAQEAzgK20+MNOknR9Kx6
+  RisI3DsioCADjGldxY+INrwoTfPDVmNm4GdTYC+V+/BvxJw1RqHjEbuXSg0iibQC
+  4vN+th0Km7dnas/td1i+EKfGencfyQyecIaG9l3kbCkCWnldRtZ+BS5EfP2ML2u8
+  fyCtze/Piovu8IwXL1W5kGZMnvzLmWxdqI3VPUou40n8F+EiMMLgd53kpzjtNOau
+  4W+mqVGOwlEGVSgI5+0SIsD8pvc62PlPWTv0kn1bcufKKCZmoVmpfbe3j4JpBInq
+  zieXiXZSAojfFx9g91fKdIrlPbInHU/BaCxXSLBwvOM0drE+c2ue9X8gB55XAhzX
+  37oBiw==
+  -----END CERTIFICATE-----
+date: 2016-05-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rbnacl-libsodium
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: securer_randomer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: coco
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.14'
+- !ruby/object:Gem::Dependency
+  name: wwtd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+description: |2
+      A Ruby implementation of the Secure Remote Password protocol (SRP-6a).
+      SiRP is a cryptographically strong authentication protocol for
+      password-based, mutual authentication over an insecure network connection.
+email:
+- glenn@rempe.us
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".coco.yml"
+- ".gitignore"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- RELEASE.md
+- Rakefile
+- bin/console
+- bin/setup
+- certs/gem-public_cert_grempe.pem
+- docs/rfc2945.txt
+- docs/rfc5054.txt
+- examples/Gemfile
+- examples/README.md
+- examples/clients/javascript/.gitignore
+- examples/clients/javascript/app.js
+- examples/clients/javascript/index.html
+- examples/clients/javascript/package.json
+- examples/clients/ruby/client.rb
+- examples/server.rb
+- lib/sirp.rb
+- lib/sirp/client.rb
+- lib/sirp/sirp.rb
+- lib/sirp/verifier.rb
+- lib/sirp/version.rb
+- sirp.gemspec
+homepage: https://github.com/grempe/sirp
+licenses:
+- BSD-3-Clause
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Secure (interoperable) Remote Password Auth (SRP-6a)
+test_files: []
+has_rdoc: