Class: RubyHome::SRP::Verifier

Inherits:

SRP::Verifier

• Object
• SRP::Verifier
• RubyHome::SRP::Verifier

Defined in:

lib/ruby_home/srp.rb

Instance Attribute Summary

• #b ⇒ Object writeonly

  Sets the attribute b.

• #salt ⇒ Object writeonly

  Sets the attribute salt.

• #u ⇒ Object readonly

  Returns the value of attribute u.

Instance Method Summary

• #generate_B(xverifier) ⇒ Object

  generates challenge input verifier in hex.

• #generate_userauth(username, password) ⇒ Object

  Initial user creation for the persistance layer.

• #get_challenge_and_proof(username, xverifier, xsalt) ⇒ Object

  Authentication phase 1 - create challenge.

• #initialize(group = 3072) ⇒ Verifier constructor

  A new instance of Verifier.

• #random_bignum ⇒ Object
• #random_salt ⇒ Object
• #verify_session(proof, client_M) ⇒ Object

  returns H_AMK on success, None on failure User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K) Host -> User: H(A, M, K).

Constructor Details

#initialize(group = 3072) ⇒ Verifier

Returns a new instance of Verifier.

# File 'lib/ruby_home/srp.rb', line 103

def initialize group=3072
  # select modulus (N) and generator (g)
  @N, @g = SRP.Ng group
  @k = SRP.calc_k(@N, @g)
end

Instance Attribute Details

#b=(value) ⇒ Object (writeonly)

Sets the attribute b

Parameters:

• value —

  the value to set the attribute b to.

# File 'lib/ruby_home/srp.rb', line 101

def b=(value)
  @b = value
end

#salt=(value) ⇒ Object (writeonly)

Sets the attribute salt

Parameters:

• value —

  the value to set the attribute salt to.

# File 'lib/ruby_home/srp.rb', line 101

def salt=(value)
  @salt = value
end

#u ⇒ Object (readonly)

Returns the value of attribute u.

# File 'lib/ruby_home/srp.rb', line 100

def u
  @u
end

Instance Method Details

#generate_B(xverifier) ⇒ Object

generates challenge input verifier in hex

# File 'lib/ruby_home/srp.rb', line 174

def generate_B xverifier
  v = xverifier.to_i(16)
  @b ||= random_bignum
  @B = SRP.calc_B(@b, @k, v, @N, @g.hex).to_hex_string
end

#generate_userauth(username, password) ⇒ Object

Initial user creation for the persistance layer. Not part of the authentication process. Returns { <username>, <password verifier>, <salt> }

# File 'lib/ruby_home/srp.rb', line 112

def generate_userauth username, password
  @salt ||= random_salt
  x = SRP.calc_x(username, password, @salt)
  v = SRP.calc_v(x, @N, @g.hex)
  return {:username => username, :verifier => v.to_hex_string, :salt => @salt}
end

#get_challenge_and_proof(username, xverifier, xsalt) ⇒ Object

Authentication phase 1 - create challenge. Returns Hash with challenge for client and proof to be stored on server. Parameters should be given in hex.

# File 'lib/ruby_home/srp.rb', line 122

def get_challenge_and_proof username, xverifier, xsalt
  generate_B(xverifier)
  return {
    :challenge => {:B => @B, :salt => xsalt},
    :proof     => {:B => @B, :b => @b.to_hex_string, :I => username, :s => xsalt, :v => xverifier}
  }
end

#random_bignum ⇒ Object

# File 'lib/ruby_home/srp.rb', line 164

def random_bignum
  SecureRandom.hex(32).hex
end

#random_salt ⇒ Object

# File 'lib/ruby_home/srp.rb', line 160

def random_salt
  SecureRandom.hex(16)
end

#verify_session(proof, client_M) ⇒ Object

returns H_AMK on success, None on failure User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K) Host -> User: H(A, M, K)

# File 'lib/ruby_home/srp.rb', line 133

def verify_session proof, client_M
  @A = proof[:A]
  @B = proof[:B]
  @b = proof[:b].to_i(16)
  username = proof[:I]
  xsalt = proof[:s]
  v = proof[:v].to_i(16)

  @u = SRP.calc_u(@A, @B, @N)
  # SRP-6a safety check
  return false if @u == 0

  # calculate session key
  @S = SRP.calc_server_S(@A.to_i(16), @b, v, @u, @N).to_hex_string
  @K = SRP.sha512_hex(@S)

  # calculate match
  @M = SRP.calc_M(username, xsalt, @A, @B, @K, @N, @g).to_hex_string

  if @M == client_M
    # authentication succeeded
    @H_AMK = SRP.calc_H_AMK(@A, @M, @K, @N, @g).to_hex_string
    return @H_AMK
  end
  return false
end