UNPKG

bsrp

Version:

Secure Remote Password Protocol (SRP-6a) Implementation

github.com/abehoffman/bsrp/javascript

abehoffman/bsrp

110 lines (87 loc) 2.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import { BigInteger } from "jsbn"; import * as utils from "./utils"; import * as constants from "./constants"; const { generateRandomBytes, hash, toBigInteger, pad, calculateM, calculateX, } = utils; const { generator, prime } = constants; export { constants }; export { toBigInteger }; export { utils }; export interface APair { ephemeralA: BigInteger; publicA: BigInteger; } export const generateAPair = (): APair => { const ephemeralA = toBigInteger(generateRandomBytes(32)); const publicA = generator.modPow(ephemeralA, prime); return { ephemeralA: ephemeralA, publicA: publicA, }; }; export interface ProcessedChallenge { message: BigInteger; sessionKey: BigInteger; } export const processChallenge = async ( identity: string, password: string, salt: BigInteger, ephemeralA: BigInteger, publicA: BigInteger, publicB: BigInteger ): Promise<null | ProcessedChallenge> => { const width = Math.floor((prime.bitLength() + 7) / 8); const paddedGenerator = pad(generator, width); const paddedPublicA = pad(publicA, width); const paddedPublicB = pad(publicB, width); // RFC 5054 u const scrambler = toBigInteger(await hash(paddedPublicA, paddedPublicB)); const x = await calculateX(salt, identity, password); // RFC 5054 k const multiplier = toBigInteger(await hash(prime, paddedGenerator)); // SRP-6a safety checks if (publicB.mod(prime).equals(BigInteger.ZERO)) { return null; } if (scrambler.equals(BigInteger.ZERO)) { return null; } // Premaster secret, S = t1: (B - k*(generator^x)) ^ t2: (a + u*x) const t1 = publicB.subtract(multiplier.multiply(generator.modPow(x, prime))); const t2 = ephemeralA.add(scrambler.multiply(x)); // Calculate shared session key const S = t1.modPow(t2, prime); const sessionKey = await hash(S); const message = await calculateM( generator, prime, identity, salt, publicA, publicB, sessionKey ); return { message: toBigInteger(message), sessionKey: toBigInteger(sessionKey), }; }; export const verifySession = async ( publicA: BigInteger, message: BigInteger, sessionKey: BigInteger, serverHAMK: BigInteger ): Promise<BigInteger | null> => { const clientHAMK = await hash(publicA, message, sessionKey); if (!toBigInteger(clientHAMK).equals(serverHAMK)) { return null; } return toBigInteger(clientHAMK); };