sirp 2.0.0.pre

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,72 @@
1
+ module SIRP
2
+ class Verifier
3
+ attr_reader :N, :g, :k, :A, :B, :b, :S, :K, :M, :H_AMK, :hash
4
+
5
+ def initialize(group = 2048)
6
+ # select modulus (N) and generator (g)
7
+ @N, @g, @hash = SIRP.Ng(group)
8
+ @k = SIRP.calc_k(@N, @g, hash)
9
+ end
10
+
11
+ # Initial user creation for the persistance layer.
12
+ # Not part of the authentication process.
13
+ # Returns { <username>, <password verifier>, <salt> }
14
+ def generate_userauth(username, password)
15
+ @salt ||= SecureRandom.hex(10)
16
+ x = SIRP.calc_x(username, password, @salt, hash)
17
+ v = SIRP.calc_v(x, @N, @g)
18
+ { username: username, verifier: SIRP.num_to_hex(v), salt: @salt }
19
+ end
20
+
21
+ # Authentication phase 1 - create challenge.
22
+ # Returns Hash with challenge for client and proof to be stored on server.
23
+ # Parameters should be given in hex.
24
+ def get_challenge_and_proof(username, xverifier, xsalt, xaa)
25
+ # SRP-6a safety check
26
+ return false if (xaa.to_i(16) % @N) == 0
27
+ generate_B(xverifier)
28
+
29
+ {
30
+ challenge: { B: @B, salt: xsalt },
31
+ proof: { A: xaa, B: @B, b: SIRP.num_to_hex(@b), I: username, s: xsalt, v: xverifier }
32
+ }
33
+ end
34
+
35
+ # returns H_AMK on success, false on failure
36
+ # User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K)
37
+ # Host -> User: H(A, M, K)
38
+ def verify_session(proof, client_M)
39
+ @A = proof[:A]
40
+ @B = proof[:B]
41
+ @b = proof[:b].to_i(16)
42
+ v = proof[:v].to_i(16)
43
+
44
+ u = SIRP.calc_u(@A, @B, @N, hash)
45
+
46
+ # SRP-6a safety check
47
+ return false if u == 0
48
+
49
+ # calculate session key
50
+ @S = SIRP.num_to_hex(SIRP.calc_server_S(@A.to_i(16), @b, v, u, @N))
51
+ @K = SIRP.sha_hex(@S, hash)
52
+
53
+ # calculate match
54
+ @M = SIRP.calc_M(@A, @B, @K, hash)
55
+
56
+ if @M == client_M
57
+ # authentication succeeded
58
+ @H_AMK = SIRP.num_to_hex(SIRP.calc_H_AMK(@A, @M, @K, hash))
59
+ else
60
+ false
61
+ end
62
+ end
63
+
64
+ # generates challenge
65
+ # input verifier in hex
66
+ def generate_B(xverifier)
67
+ v = xverifier.to_i(16)
68
+ @b ||= SecureRandom.hex(32).hex
69
+ @B = SIRP.num_to_hex(SIRP.calc_B(@b, k, v, @N, @g))
70
+ end
71
+ end
72
+ end
@@ -0,0 +1,3 @@
1
+ module SIRP
2
+ VERSION = '2.0.0.pre'.freeze
3
+ end
@@ -0,0 +1,48 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'sirp/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = 'sirp'
8
+ spec.version = SIRP::VERSION
9
+ spec.authors = ['Glenn Rempe', 'lamikae']
10
+ spec.email = ['glenn@rempe.us']
11
+
12
+ spec.required_ruby_version = '>= 2.1.0'
13
+
14
+ cert = File.expand_path('~/.gem-certs/gem-private_key_grempe.pem')
15
+ if cert && File.exist?(cert)
16
+ spec.signing_key = cert
17
+ spec.cert_chain = ['certs/gem-public_cert_grempe.pem']
18
+ end
19
+
20
+ spec.summary = 'Secure (interoperable) Remote Password Auth (SRP-6a)'
21
+ spec.description = <<-EOF
22
+ A Ruby implementation of the Secure Remote Password protocol (SRP-6a).
23
+ SiRP is a cryptographically strong authentication protocol for
24
+ password-based, mutual authentication over an insecure network connection.
25
+ EOF
26
+
27
+ spec.homepage = 'https://github.com/grempe/sirp'
28
+
29
+ # http://spdx.org/licenses/BSD-3-Clause.html
30
+ spec.license = 'BSD-3-Clause'
31
+
32
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
33
+ spec.bindir = 'exe'
34
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
35
+ spec.require_paths = ['lib']
36
+
37
+ # See : https://bugs.ruby-lang.org/issues/9569
38
+ spec.add_runtime_dependency 'rbnacl-libsodium', '~> 1.0'
39
+ spec.add_runtime_dependency 'securer_randomer', '~> 0.1.0'
40
+
41
+ spec.add_development_dependency 'bundler', '~> 1.12'
42
+ spec.add_development_dependency 'rake', '~> 11.0'
43
+ spec.add_development_dependency 'rspec', '~> 3.4'
44
+ spec.add_development_dependency 'pry', '~> 0.10'
45
+ spec.add_development_dependency 'coveralls', '~> 0.8'
46
+ spec.add_development_dependency 'coco', '~> 0.14'
47
+ spec.add_development_dependency 'wwtd', '~> 1.3'
48
+ end
metadata ADDED
@@ -0,0 +1,226 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sirp
3
+ version: !ruby/object:Gem::Version
4
+ version: 2.0.0.pre
5
+ platform: ruby
6
+ authors:
7
+ - Glenn Rempe
8
+ - lamikae
9
+ autorequire:
10
+ bindir: exe
11
+ cert_chain:
12
+ - |
13
+ -----BEGIN CERTIFICATE-----
14
+ MIIDYDCCAkigAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQ4wDAYDVQQDDAVnbGVu
15
+ bjEVMBMGCgmSJomT8ixkARkWBXJlbXBlMRIwEAYKCZImiZPyLGQBGRYCdXMwHhcN
16
+ MTYwNDExMDI0NTU0WhcNMTcwNDExMDI0NTU0WjA7MQ4wDAYDVQQDDAVnbGVubjEV
17
+ MBMGCgmSJomT8ixkARkWBXJlbXBlMRIwEAYKCZImiZPyLGQBGRYCdXMwggEiMA0G
18
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZqTH5Jf+D/W2B4BIiL49CpHa86rK/
19
+ oT+v3xZwuEE92lJea+ygn3IAsidVTW47AKE6Lt3UqUkGQGKxsqH/Dhir08BqjLlD
20
+ gBUozGZpM3B6uWZnD6QXLbOmZeGVDnwB/QDfzaawN1i3smlYxYT+KNLjl80aN3we
21
+ /cHAWG7JG47AF/S91mYcg1WgZnDgZt9+RyVR1AsfYbM+SidOSoXEOHPCbuUxLKJb
22
+ gj5ieCFhm5GNWEugvgiX/ruas+VHV0fF3fzjYlU2fZPTuQyB4UD5FWX4UqdsBf3w
23
+ jB94TDBsJ3FVGPbggEhLGKd8pbQmBIOqXolGaqhs7dnuf5imu5mAXHC1AgMBAAGj
24
+ bzBtMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBRfxEyosUbKjfFa
25
+ j+gae2CcT3aFCTAZBgNVHREEEjAQgQ5nbGVubkByZW1wZS51czAZBgNVHRIEEjAQ
26
+ gQ5nbGVubkByZW1wZS51czANBgkqhkiG9w0BAQUFAAOCAQEAzgK20+MNOknR9Kx6
27
+ RisI3DsioCADjGldxY+INrwoTfPDVmNm4GdTYC+V+/BvxJw1RqHjEbuXSg0iibQC
28
+ 4vN+th0Km7dnas/td1i+EKfGencfyQyecIaG9l3kbCkCWnldRtZ+BS5EfP2ML2u8
29
+ fyCtze/Piovu8IwXL1W5kGZMnvzLmWxdqI3VPUou40n8F+EiMMLgd53kpzjtNOau
30
+ 4W+mqVGOwlEGVSgI5+0SIsD8pvc62PlPWTv0kn1bcufKKCZmoVmpfbe3j4JpBInq
31
+ zieXiXZSAojfFx9g91fKdIrlPbInHU/BaCxXSLBwvOM0drE+c2ue9X8gB55XAhzX
32
+ 37oBiw==
33
+ -----END CERTIFICATE-----
34
+ date: 2016-05-13 00:00:00.000000000 Z
35
+ dependencies:
36
+ - !ruby/object:Gem::Dependency
37
+ name: rbnacl-libsodium
38
+ requirement: !ruby/object:Gem::Requirement
39
+ requirements:
40
+ - - "~>"
41
+ - !ruby/object:Gem::Version
42
+ version: '1.0'
43
+ type: :runtime
44
+ prerelease: false
45
+ version_requirements: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - "~>"
48
+ - !ruby/object:Gem::Version
49
+ version: '1.0'
50
+ - !ruby/object:Gem::Dependency
51
+ name: securer_randomer
52
+ requirement: !ruby/object:Gem::Requirement
53
+ requirements:
54
+ - - "~>"
55
+ - !ruby/object:Gem::Version
56
+ version: 0.1.0
57
+ type: :runtime
58
+ prerelease: false
59
+ version_requirements: !ruby/object:Gem::Requirement
60
+ requirements:
61
+ - - "~>"
62
+ - !ruby/object:Gem::Version
63
+ version: 0.1.0
64
+ - !ruby/object:Gem::Dependency
65
+ name: bundler
66
+ requirement: !ruby/object:Gem::Requirement
67
+ requirements:
68
+ - - "~>"
69
+ - !ruby/object:Gem::Version
70
+ version: '1.12'
71
+ type: :development
72
+ prerelease: false
73
+ version_requirements: !ruby/object:Gem::Requirement
74
+ requirements:
75
+ - - "~>"
76
+ - !ruby/object:Gem::Version
77
+ version: '1.12'
78
+ - !ruby/object:Gem::Dependency
79
+ name: rake
80
+ requirement: !ruby/object:Gem::Requirement
81
+ requirements:
82
+ - - "~>"
83
+ - !ruby/object:Gem::Version
84
+ version: '11.0'
85
+ type: :development
86
+ prerelease: false
87
+ version_requirements: !ruby/object:Gem::Requirement
88
+ requirements:
89
+ - - "~>"
90
+ - !ruby/object:Gem::Version
91
+ version: '11.0'
92
+ - !ruby/object:Gem::Dependency
93
+ name: rspec
94
+ requirement: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - "~>"
97
+ - !ruby/object:Gem::Version
98
+ version: '3.4'
99
+ type: :development
100
+ prerelease: false
101
+ version_requirements: !ruby/object:Gem::Requirement
102
+ requirements:
103
+ - - "~>"
104
+ - !ruby/object:Gem::Version
105
+ version: '3.4'
106
+ - !ruby/object:Gem::Dependency
107
+ name: pry
108
+ requirement: !ruby/object:Gem::Requirement
109
+ requirements:
110
+ - - "~>"
111
+ - !ruby/object:Gem::Version
112
+ version: '0.10'
113
+ type: :development
114
+ prerelease: false
115
+ version_requirements: !ruby/object:Gem::Requirement
116
+ requirements:
117
+ - - "~>"
118
+ - !ruby/object:Gem::Version
119
+ version: '0.10'
120
+ - !ruby/object:Gem::Dependency
121
+ name: coveralls
122
+ requirement: !ruby/object:Gem::Requirement
123
+ requirements:
124
+ - - "~>"
125
+ - !ruby/object:Gem::Version
126
+ version: '0.8'
127
+ type: :development
128
+ prerelease: false
129
+ version_requirements: !ruby/object:Gem::Requirement
130
+ requirements:
131
+ - - "~>"
132
+ - !ruby/object:Gem::Version
133
+ version: '0.8'
134
+ - !ruby/object:Gem::Dependency
135
+ name: coco
136
+ requirement: !ruby/object:Gem::Requirement
137
+ requirements:
138
+ - - "~>"
139
+ - !ruby/object:Gem::Version
140
+ version: '0.14'
141
+ type: :development
142
+ prerelease: false
143
+ version_requirements: !ruby/object:Gem::Requirement
144
+ requirements:
145
+ - - "~>"
146
+ - !ruby/object:Gem::Version
147
+ version: '0.14'
148
+ - !ruby/object:Gem::Dependency
149
+ name: wwtd
150
+ requirement: !ruby/object:Gem::Requirement
151
+ requirements:
152
+ - - "~>"
153
+ - !ruby/object:Gem::Version
154
+ version: '1.3'
155
+ type: :development
156
+ prerelease: false
157
+ version_requirements: !ruby/object:Gem::Requirement
158
+ requirements:
159
+ - - "~>"
160
+ - !ruby/object:Gem::Version
161
+ version: '1.3'
162
+ description: |2
163
+ A Ruby implementation of the Secure Remote Password protocol (SRP-6a).
164
+ SiRP is a cryptographically strong authentication protocol for
165
+ password-based, mutual authentication over an insecure network connection.
166
+ email:
167
+ - glenn@rempe.us
168
+ executables: []
169
+ extensions: []
170
+ extra_rdoc_files: []
171
+ files:
172
+ - ".coco.yml"
173
+ - ".gitignore"
174
+ - ".rubocop.yml"
175
+ - ".travis.yml"
176
+ - CHANGELOG.md
177
+ - Gemfile
178
+ - LICENSE.txt
179
+ - README.md
180
+ - RELEASE.md
181
+ - Rakefile
182
+ - bin/console
183
+ - bin/setup
184
+ - certs/gem-public_cert_grempe.pem
185
+ - docs/rfc2945.txt
186
+ - docs/rfc5054.txt
187
+ - examples/Gemfile
188
+ - examples/README.md
189
+ - examples/clients/javascript/.gitignore
190
+ - examples/clients/javascript/app.js
191
+ - examples/clients/javascript/index.html
192
+ - examples/clients/javascript/package.json
193
+ - examples/clients/ruby/client.rb
194
+ - examples/server.rb
195
+ - lib/sirp.rb
196
+ - lib/sirp/client.rb
197
+ - lib/sirp/sirp.rb
198
+ - lib/sirp/verifier.rb
199
+ - lib/sirp/version.rb
200
+ - sirp.gemspec
201
+ homepage: https://github.com/grempe/sirp
202
+ licenses:
203
+ - BSD-3-Clause
204
+ metadata: {}
205
+ post_install_message:
206
+ rdoc_options: []
207
+ require_paths:
208
+ - lib
209
+ required_ruby_version: !ruby/object:Gem::Requirement
210
+ requirements:
211
+ - - ">="
212
+ - !ruby/object:Gem::Version
213
+ version: 2.1.0
214
+ required_rubygems_version: !ruby/object:Gem::Requirement
215
+ requirements:
216
+ - - ">"
217
+ - !ruby/object:Gem::Version
218
+ version: 1.3.1
219
+ requirements: []
220
+ rubyforge_project:
221
+ rubygems_version: 2.5.1
222
+ signing_key:
223
+ specification_version: 4
224
+ summary: Secure (interoperable) Remote Password Auth (SRP-6a)
225
+ test_files: []
226
+ has_rdoc:
Binary file