fixed auth
This commit is contained in:
parent
ef4cfacaf4
commit
6121217df5
|
@ -22,23 +22,11 @@ import eu.siacs.conversations.xml.TagWriter;
|
||||||
abstract class ScramMechanism extends SaslMechanism {
|
abstract class ScramMechanism extends SaslMechanism {
|
||||||
// TODO: When channel binding (SCRAM-SHA1-PLUS) is supported in future, generalize this to indicate support and/or usage.
|
// TODO: When channel binding (SCRAM-SHA1-PLUS) is supported in future, generalize this to indicate support and/or usage.
|
||||||
private final static String GS2_HEADER = "n,,";
|
private final static String GS2_HEADER = "n,,";
|
||||||
private String clientFirstMessageBare;
|
|
||||||
private final String clientNonce;
|
|
||||||
private byte[] serverSignature = null;
|
|
||||||
static HMac HMAC;
|
|
||||||
static Digest DIGEST;
|
|
||||||
private static final byte[] CLIENT_KEY_BYTES = "Client Key".getBytes();
|
private static final byte[] CLIENT_KEY_BYTES = "Client Key".getBytes();
|
||||||
private static final byte[] SERVER_KEY_BYTES = "Server Key".getBytes();
|
private static final byte[] SERVER_KEY_BYTES = "Server Key".getBytes();
|
||||||
|
private static final LruCache<String, KeyPair> CACHE;
|
||||||
private static class KeyPair {
|
static HMac HMAC;
|
||||||
final byte[] clientKey;
|
static Digest DIGEST;
|
||||||
final byte[] serverKey;
|
|
||||||
|
|
||||||
KeyPair(final byte[] clientKey, final byte[] serverKey) {
|
|
||||||
this.clientKey = clientKey;
|
|
||||||
this.serverKey = serverKey;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static {
|
static {
|
||||||
CACHE = new LruCache<String, KeyPair>(10) {
|
CACHE = new LruCache<String, KeyPair>(10) {
|
||||||
|
@ -46,7 +34,7 @@ abstract class ScramMechanism extends SaslMechanism {
|
||||||
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
|
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
|
||||||
// Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
|
// Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
|
||||||
// is applied to prevent commas in the strings breaking things.
|
// is applied to prevent commas in the strings breaking things.
|
||||||
final String[] kparts = k.split(",", 4);
|
final String[] kparts = k.split(",", 5);
|
||||||
try {
|
try {
|
||||||
final byte[] saltedPassword, serverKey, clientKey;
|
final byte[] saltedPassword, serverKey, clientKey;
|
||||||
saltedPassword = hi(CryptoHelper.hexToString(kparts[1]).getBytes(),
|
saltedPassword = hi(CryptoHelper.hexToString(kparts[1]).getBytes(),
|
||||||
|
@ -62,18 +50,54 @@ abstract class ScramMechanism extends SaslMechanism {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final LruCache<String, KeyPair> CACHE;
|
private final String clientNonce;
|
||||||
|
|
||||||
protected State state = State.INITIAL;
|
protected State state = State.INITIAL;
|
||||||
|
private String clientFirstMessageBare;
|
||||||
|
private byte[] serverSignature = null;
|
||||||
|
|
||||||
ScramMechanism(final TagWriter tagWriter, final Account account, final SecureRandom rng) {
|
ScramMechanism(final TagWriter tagWriter, final Account account, final SecureRandom rng) {
|
||||||
super(tagWriter, account, rng);
|
super(tagWriter, account, rng);
|
||||||
|
|
||||||
// This nonce should be different for each authentication attempt.
|
// This nonce should be different for each authentication attempt.
|
||||||
clientNonce = CryptoHelper.random(100,rng);
|
clientNonce = CryptoHelper.random(100, rng);
|
||||||
clientFirstMessageBare = "";
|
clientFirstMessageBare = "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static synchronized byte[] hmac(final byte[] key, final byte[] input)
|
||||||
|
throws InvalidKeyException {
|
||||||
|
HMAC.init(new KeyParameter(key));
|
||||||
|
HMAC.update(input, 0, input.length);
|
||||||
|
final byte[] out = new byte[HMAC.getMacSize()];
|
||||||
|
HMAC.doFinal(out, 0);
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static synchronized byte[] digest(byte[] bytes) {
|
||||||
|
DIGEST.reset();
|
||||||
|
DIGEST.update(bytes, 0, bytes.length);
|
||||||
|
final byte[] out = new byte[DIGEST.getDigestSize()];
|
||||||
|
DIGEST.doFinal(out, 0);
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Hi() is, essentially, PBKDF2 [RFC2898] with HMAC() as the
|
||||||
|
* pseudorandom function (PRF) and with dkLen == output length of
|
||||||
|
* HMAC() == output length of H().
|
||||||
|
*/
|
||||||
|
private static synchronized byte[] hi(final byte[] key, final byte[] salt, final int iterations)
|
||||||
|
throws InvalidKeyException {
|
||||||
|
byte[] u = hmac(key, CryptoHelper.concatenateByteArrays(salt, CryptoHelper.ONE));
|
||||||
|
byte[] out = u.clone();
|
||||||
|
for (int i = 1; i < iterations; i++) {
|
||||||
|
u = hmac(key, u);
|
||||||
|
for (int j = 0; j < u.length; j++) {
|
||||||
|
out[j] ^= u[j];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getClientFirstMessage() {
|
public String getClientFirstMessage() {
|
||||||
if (clientFirstMessageBare.isEmpty() && state == State.INITIAL) {
|
if (clientFirstMessageBare.isEmpty() && state == State.INITIAL) {
|
||||||
|
@ -97,7 +121,7 @@ abstract class ScramMechanism extends SaslMechanism {
|
||||||
try {
|
try {
|
||||||
serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT);
|
serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT);
|
||||||
} catch (IllegalArgumentException e) {
|
} catch (IllegalArgumentException e) {
|
||||||
throw new AuthenticationException("Unable to decode server challenge",e);
|
throw new AuthenticationException("Unable to decode server challenge", e);
|
||||||
}
|
}
|
||||||
final Tokenizer tokenizer = new Tokenizer(serverFirstMessage);
|
final Tokenizer tokenizer = new Tokenizer(serverFirstMessage);
|
||||||
String nonce = "";
|
String nonce = "";
|
||||||
|
@ -152,7 +176,7 @@ abstract class ScramMechanism extends SaslMechanism {
|
||||||
CryptoHelper.bytesToHex(account.getJid().asBareJid().toString().getBytes()) + ","
|
CryptoHelper.bytesToHex(account.getJid().asBareJid().toString().getBytes()) + ","
|
||||||
+ CryptoHelper.bytesToHex(account.getPassword().getBytes()) + ","
|
+ CryptoHelper.bytesToHex(account.getPassword().getBytes()) + ","
|
||||||
+ CryptoHelper.bytesToHex(salt.getBytes()) + ","
|
+ CryptoHelper.bytesToHex(salt.getBytes()) + ","
|
||||||
+ String.valueOf(iterationCount)
|
+ String.valueOf(iterationCount) + ","
|
||||||
+ getMechanism()
|
+ getMechanism()
|
||||||
);
|
);
|
||||||
if (keys == null) {
|
if (keys == null) {
|
||||||
|
@ -189,7 +213,7 @@ abstract class ScramMechanism extends SaslMechanism {
|
||||||
}
|
}
|
||||||
state = State.VALID_SERVER_RESPONSE;
|
state = State.VALID_SERVER_RESPONSE;
|
||||||
return "";
|
return "";
|
||||||
} catch(Exception e) {
|
} catch (Exception e) {
|
||||||
throw new AuthenticationException("Server final message does not match calculated final message");
|
throw new AuthenticationException("Server final message does not match calculated final message");
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
|
@ -197,38 +221,13 @@ abstract class ScramMechanism extends SaslMechanism {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static synchronized byte[] hmac(final byte[] key, final byte[] input)
|
private static class KeyPair {
|
||||||
throws InvalidKeyException {
|
final byte[] clientKey;
|
||||||
HMAC.init(new KeyParameter(key));
|
final byte[] serverKey;
|
||||||
HMAC.update(input, 0, input.length);
|
|
||||||
final byte[] out = new byte[HMAC.getMacSize()];
|
|
||||||
HMAC.doFinal(out, 0);
|
|
||||||
return out;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static synchronized byte[] digest(byte[] bytes) {
|
KeyPair(final byte[] clientKey, final byte[] serverKey) {
|
||||||
DIGEST.reset();
|
this.clientKey = clientKey;
|
||||||
DIGEST.update(bytes, 0, bytes.length);
|
this.serverKey = serverKey;
|
||||||
final byte[] out = new byte[DIGEST.getDigestSize()];
|
|
||||||
DIGEST.doFinal(out, 0);
|
|
||||||
return out;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* Hi() is, essentially, PBKDF2 [RFC2898] with HMAC() as the
|
|
||||||
* pseudorandom function (PRF) and with dkLen == output length of
|
|
||||||
* HMAC() == output length of H().
|
|
||||||
*/
|
|
||||||
private static synchronized byte[] hi(final byte[] key, final byte[] salt, final int iterations)
|
|
||||||
throws InvalidKeyException {
|
|
||||||
byte[] u = hmac(key, CryptoHelper.concatenateByteArrays(salt, CryptoHelper.ONE));
|
|
||||||
byte[] out = u.clone();
|
|
||||||
for (int i = 1; i < iterations; i++) {
|
|
||||||
u = hmac(key, u);
|
|
||||||
for (int j = 0; j < u.length; j++) {
|
|
||||||
out[j] ^= u[j];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return out;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue