Cache SCRAM-SHA-1 keys for current session

This commit is contained in:
Sam Whited 2014-11-15 12:57:36 -05:00
parent 69ab8a2adb
commit a463f82e3b
2 changed files with 51 additions and 10 deletions

View File

@ -1,6 +1,7 @@
package eu.siacs.conversations.crypto.sasl; package eu.siacs.conversations.crypto.sasl;
import android.util.Base64; import android.util.Base64;
import android.util.LruCache;
import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.digests.SHA1Digest;
@ -28,9 +29,40 @@ public class ScramSha1 extends SaslMechanism {
private static final byte[] CLIENT_KEY_BYTES = "Client Key".getBytes(); private static final byte[] CLIENT_KEY_BYTES = "Client Key".getBytes();
private static final byte[] SERVER_KEY_BYTES = "Server Key".getBytes(); private static final byte[] SERVER_KEY_BYTES = "Server Key".getBytes();
public static class KeyPair {
final public byte[] clientKey;
final public byte[] serverKey;
public KeyPair(final byte[] clientKey, final byte[] serverKey) {
this.clientKey = clientKey;
this.serverKey = serverKey;
}
}
private static final LruCache<String, KeyPair> CACHE;
static { static {
DIGEST = new SHA1Digest(); DIGEST = new SHA1Digest();
HMAC = new HMac(new SHA1Digest()); HMAC = new HMac(new SHA1Digest());
CACHE = new LruCache<String, KeyPair>(10) {
protected KeyPair create(final String k) {
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations".
// Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
// is applied to prevent commas in the strings breaking things.
final String[] kparts = k.split(",", 4);
try {
final byte[] saltedPassword, serverKey, clientKey;
saltedPassword = hi(CryptoHelper.saslPrep(CryptoHelper.hexToString(kparts[1])).getBytes(),
Base64.decode(CryptoHelper.hexToString(kparts[2]), Base64.DEFAULT), Integer.valueOf(kparts[3]));
serverKey = hmac(saltedPassword, SERVER_KEY_BYTES);
clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES);
return new KeyPair(clientKey, serverKey);
} catch (final InvalidKeyException | NumberFormatException e) {
return null;
}
}
};
} }
private State state = State.INITIAL; private State state = State.INITIAL;
@ -118,15 +150,20 @@ public class ScramSha1 extends SaslMechanism {
final byte[] authMessage = (clientFirstMessageBare + ',' + new String(serverFirstMessage) + ',' final byte[] authMessage = (clientFirstMessageBare + ',' + new String(serverFirstMessage) + ','
+ clientFinalMessageWithoutProof).getBytes(); + clientFinalMessageWithoutProof).getBytes();
// TODO: In future, cache the clientKey and serverKey and re-use them on re-auth. // Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations".
final byte[] saltedPassword, clientSignature, serverKey, clientKey; final KeyPair keys = CACHE.get(
CryptoHelper.bytesToHex(account.getJid().toBareJid().toString().getBytes()) + ","
+ CryptoHelper.bytesToHex(account.getPassword().getBytes()) + ","
+ CryptoHelper.bytesToHex(salt.getBytes()) + ","
+ String.valueOf(iterationCount)
);
if (keys == null) {
throw new AuthenticationException("Invalid keys generated");
}
final byte[] clientSignature;
try { try {
saltedPassword = hi(CryptoHelper.saslPrep(account.getPassword()).getBytes(), serverSignature = hmac(keys.serverKey, authMessage);
Base64.decode(salt, Base64.DEFAULT), iterationCount); final byte[] storedKey = digest(keys.clientKey);
serverKey = hmac(saltedPassword, SERVER_KEY_BYTES);
serverSignature = hmac(serverKey, authMessage);
clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES);
final byte[] storedKey = digest(clientKey);
clientSignature = hmac(storedKey, authMessage); clientSignature = hmac(storedKey, authMessage);
@ -134,10 +171,10 @@ public class ScramSha1 extends SaslMechanism {
throw new AuthenticationException(e); throw new AuthenticationException(e);
} }
final byte[] clientProof = new byte[clientKey.length]; final byte[] clientProof = new byte[keys.clientKey.length];
for (int i = 0; i < clientProof.length; i++) { for (int i = 0; i < clientProof.length; i++) {
clientProof[i] = (byte) (clientKey[i] ^ clientSignature[i]); clientProof[i] = (byte) (keys.clientKey[i] ^ clientSignature[i]);
} }

View File

@ -30,6 +30,10 @@ public class CryptoHelper {
return array; return array;
} }
public static String hexToString(final String hexString) {
return new String(hexToBytes(hexString));
}
public static byte[] concatenateByteArrays(byte[] a, byte[] b) { public static byte[] concatenateByteArrays(byte[] a, byte[] b) {
byte[] result = new byte[a.length + b.length]; byte[] result = new byte[a.length + b.length];
System.arraycopy(a, 0, result, 0, a.length); System.arraycopy(a, 0, result, 0, a.length);