fixed auth

This commit is contained in:
Daniel Gultsch 2018-09-26 10:39:36 +02:00
parent ef4cfacaf4
commit 6121217df5
1 changed files with 189 additions and 190 deletions

View File

@ -22,23 +22,11 @@ import eu.siacs.conversations.xml.TagWriter;
abstract class ScramMechanism extends SaslMechanism { abstract class ScramMechanism extends SaslMechanism {
// TODO: When channel binding (SCRAM-SHA1-PLUS) is supported in future, generalize this to indicate support and/or usage. // TODO: When channel binding (SCRAM-SHA1-PLUS) is supported in future, generalize this to indicate support and/or usage.
private final static String GS2_HEADER = "n,,"; private final static String GS2_HEADER = "n,,";
private String clientFirstMessageBare;
private final String clientNonce;
private byte[] serverSignature = null;
static HMac HMAC;
static Digest DIGEST;
private static final byte[] CLIENT_KEY_BYTES = "Client Key".getBytes(); private static final byte[] CLIENT_KEY_BYTES = "Client Key".getBytes();
private static final byte[] SERVER_KEY_BYTES = "Server Key".getBytes(); private static final byte[] SERVER_KEY_BYTES = "Server Key".getBytes();
private static final LruCache<String, KeyPair> CACHE;
private static class KeyPair { static HMac HMAC;
final byte[] clientKey; static Digest DIGEST;
final byte[] serverKey;
KeyPair(final byte[] clientKey, final byte[] serverKey) {
this.clientKey = clientKey;
this.serverKey = serverKey;
}
}
static { static {
CACHE = new LruCache<String, KeyPair>(10) { CACHE = new LruCache<String, KeyPair>(10) {
@ -46,7 +34,7 @@ abstract class ScramMechanism extends SaslMechanism {
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism". // Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
// Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()' // Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
// is applied to prevent commas in the strings breaking things. // is applied to prevent commas in the strings breaking things.
final String[] kparts = k.split(",", 4); final String[] kparts = k.split(",", 5);
try { try {
final byte[] saltedPassword, serverKey, clientKey; final byte[] saltedPassword, serverKey, clientKey;
saltedPassword = hi(CryptoHelper.hexToString(kparts[1]).getBytes(), saltedPassword = hi(CryptoHelper.hexToString(kparts[1]).getBytes(),
@ -62,18 +50,54 @@ abstract class ScramMechanism extends SaslMechanism {
}; };
} }
private static final LruCache<String, KeyPair> CACHE; private final String clientNonce;
protected State state = State.INITIAL; protected State state = State.INITIAL;
private String clientFirstMessageBare;
private byte[] serverSignature = null;
ScramMechanism(final TagWriter tagWriter, final Account account, final SecureRandom rng) { ScramMechanism(final TagWriter tagWriter, final Account account, final SecureRandom rng) {
super(tagWriter, account, rng); super(tagWriter, account, rng);
// This nonce should be different for each authentication attempt. // This nonce should be different for each authentication attempt.
clientNonce = CryptoHelper.random(100,rng); clientNonce = CryptoHelper.random(100, rng);
clientFirstMessageBare = ""; clientFirstMessageBare = "";
} }
private static synchronized byte[] hmac(final byte[] key, final byte[] input)
throws InvalidKeyException {
HMAC.init(new KeyParameter(key));
HMAC.update(input, 0, input.length);
final byte[] out = new byte[HMAC.getMacSize()];
HMAC.doFinal(out, 0);
return out;
}
public static synchronized byte[] digest(byte[] bytes) {
DIGEST.reset();
DIGEST.update(bytes, 0, bytes.length);
final byte[] out = new byte[DIGEST.getDigestSize()];
DIGEST.doFinal(out, 0);
return out;
}
/*
* Hi() is, essentially, PBKDF2 [RFC2898] with HMAC() as the
* pseudorandom function (PRF) and with dkLen == output length of
* HMAC() == output length of H().
*/
private static synchronized byte[] hi(final byte[] key, final byte[] salt, final int iterations)
throws InvalidKeyException {
byte[] u = hmac(key, CryptoHelper.concatenateByteArrays(salt, CryptoHelper.ONE));
byte[] out = u.clone();
for (int i = 1; i < iterations; i++) {
u = hmac(key, u);
for (int j = 0; j < u.length; j++) {
out[j] ^= u[j];
}
}
return out;
}
@Override @Override
public String getClientFirstMessage() { public String getClientFirstMessage() {
if (clientFirstMessageBare.isEmpty() && state == State.INITIAL) { if (clientFirstMessageBare.isEmpty() && state == State.INITIAL) {
@ -97,7 +121,7 @@ abstract class ScramMechanism extends SaslMechanism {
try { try {
serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT); serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT);
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
throw new AuthenticationException("Unable to decode server challenge",e); throw new AuthenticationException("Unable to decode server challenge", e);
} }
final Tokenizer tokenizer = new Tokenizer(serverFirstMessage); final Tokenizer tokenizer = new Tokenizer(serverFirstMessage);
String nonce = ""; String nonce = "";
@ -152,7 +176,7 @@ abstract class ScramMechanism extends SaslMechanism {
CryptoHelper.bytesToHex(account.getJid().asBareJid().toString().getBytes()) + "," CryptoHelper.bytesToHex(account.getJid().asBareJid().toString().getBytes()) + ","
+ CryptoHelper.bytesToHex(account.getPassword().getBytes()) + "," + CryptoHelper.bytesToHex(account.getPassword().getBytes()) + ","
+ CryptoHelper.bytesToHex(salt.getBytes()) + "," + CryptoHelper.bytesToHex(salt.getBytes()) + ","
+ String.valueOf(iterationCount) + String.valueOf(iterationCount) + ","
+ getMechanism() + getMechanism()
); );
if (keys == null) { if (keys == null) {
@ -189,7 +213,7 @@ abstract class ScramMechanism extends SaslMechanism {
} }
state = State.VALID_SERVER_RESPONSE; state = State.VALID_SERVER_RESPONSE;
return ""; return "";
} catch(Exception e) { } catch (Exception e) {
throw new AuthenticationException("Server final message does not match calculated final message"); throw new AuthenticationException("Server final message does not match calculated final message");
} }
default: default:
@ -197,38 +221,13 @@ abstract class ScramMechanism extends SaslMechanism {
} }
} }
private static synchronized byte[] hmac(final byte[] key, final byte[] input) private static class KeyPair {
throws InvalidKeyException { final byte[] clientKey;
HMAC.init(new KeyParameter(key)); final byte[] serverKey;
HMAC.update(input, 0, input.length);
final byte[] out = new byte[HMAC.getMacSize()];
HMAC.doFinal(out, 0);
return out;
}
public static synchronized byte[] digest(byte[] bytes) { KeyPair(final byte[] clientKey, final byte[] serverKey) {
DIGEST.reset(); this.clientKey = clientKey;
DIGEST.update(bytes, 0, bytes.length); this.serverKey = serverKey;
final byte[] out = new byte[DIGEST.getDigestSize()];
DIGEST.doFinal(out, 0);
return out;
} }
/*
* Hi() is, essentially, PBKDF2 [RFC2898] with HMAC() as the
* pseudorandom function (PRF) and with dkLen == output length of
* HMAC() == output length of H().
*/
private static synchronized byte[] hi(final byte[] key, final byte[] salt, final int iterations)
throws InvalidKeyException {
byte[] u = hmac(key, CryptoHelper.concatenateByteArrays(salt, CryptoHelper.ONE));
byte[] out = u.clone();
for (int i = 1; i < iterations; i++) {
u = hmac(key, u);
for (int j = 0; j < u.length; j++) {
out[j] ^= u[j];
}
}
return out;
} }
} }