class AwsSRP::SRP

SRP related logic Titleized methods are not common in ruby so `A` becomes `aa`

Constants

INFO_BITS
N

Attributes

a[R]
bb[R]
g[R]
nn[R]
password[R]
salt[R]
username[R]

Public Class Methods

new() click to toggle source
# File lib/aws_srp/srp.rb, line 27
def initialize
  @nn = Hex.new(N.join)
  @g = Hex.new(2)
  @a = Hex.new(SecureRandom.hex(128))
end

Public Instance Methods

aa() click to toggle source

A = g^a (mod N)

# File lib/aws_srp/srp.rb, line 34
def aa
  @aa ||= g.mod_exp(a, nn)
end
bb=(val) click to toggle source
# File lib/aws_srp/srp.rb, line 82
def bb=(val)
  bb = Hex.new(val)
  srp_6a_safety_check!(bb % nn)

  reset
  @bb = bb
end
credentials_hash() click to toggle source
# File lib/aws_srp/srp.rb, line 51
def credentials_hash
  hash([username, password].join(':'))
end
hkdf() click to toggle source
# File lib/aws_srp/srp.rb, line 90
def hkdf
  prk = Hasher.digest(u.to_hs, ss.to_hs)
  Hasher.digest(prk, INFO_BITS)[0, 16]
end
k() click to toggle source

Multiplier parameter k = H(N, g) (in SRP-6a)

# File lib/aws_srp/srp.rb, line 40
def k
  @k ||= hash(nn.concat(g), hex: true)
end
password=(val) click to toggle source
# File lib/aws_srp/srp.rb, line 72
def password=(val)
  reset
  @password = val
end
reset() click to toggle source
# File lib/aws_srp/srp.rb, line 95
def reset
  @x = nil

  self
end
salt=(val) click to toggle source
# File lib/aws_srp/srp.rb, line 77
def salt=(val)
  reset
  @salt = Hex.new(val)
end
ss() click to toggle source

Client secret S = (B - (k * g^x)) ^ (a + (u * x)) % N

# File lib/aws_srp/srp.rb, line 63
def ss
  ((bb - k * g.mod_exp(x, nn)) % nn).mod_exp(a + x * u, nn)
end
u() click to toggle source

u = H(A, B)

# File lib/aws_srp/srp.rb, line 45
def u
  srp_6a_safety_check! do
    hash(aa.concat(bb), hex: true)
  end
end
username=(val) click to toggle source
# File lib/aws_srp/srp.rb, line 67
def username=(val)
  reset
  @username = val
end
x() click to toggle source

Private key (derived from username, raw password and salt) x = H(salt || H(username || ':' || password))

# File lib/aws_srp/srp.rb, line 57
def x
  @x ||= hash(salt.concat(credentials_hash), hex: true)
end

Private Instance Methods

hash(str, hex: false) click to toggle source
# File lib/aws_srp/srp.rb, line 103
def hash(str, hex: false)
  str = Hex.str(str) if hex
  hexdigest = Hasher.hexdigest(str)

  hex ? Hex.new(hexdigest) : hexdigest
end
srp_6a_safety_check!(val = nil) { || ... } click to toggle source
# File lib/aws_srp/srp.rb, line 110
def srp_6a_safety_check!(val = nil)
  val ||= yield

  raise ArgumentError, 'SRP-6a safety check failed' if val.zero?

  val
end