sasl prep password before hashing. fixes #1893
This commit is contained in:
parent
d17f4acd3e
commit
f8fedf0059
|
@ -34,11 +34,11 @@ abstract class ScramMechanism extends SaslMechanism {
|
||||||
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
|
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
|
||||||
// Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
|
// Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
|
||||||
// is applied to prevent commas in the strings breaking things.
|
// is applied to prevent commas in the strings breaking things.
|
||||||
final String[] kparts = k.split(",", 5);
|
final String[] kParts = k.split(",", 5);
|
||||||
try {
|
try {
|
||||||
final byte[] saltedPassword, serverKey, clientKey;
|
final byte[] saltedPassword, serverKey, clientKey;
|
||||||
saltedPassword = hi(CryptoHelper.hexToString(kparts[1]).getBytes(),
|
saltedPassword = hi(CryptoHelper.hexToString(kParts[1]).getBytes(),
|
||||||
Base64.decode(CryptoHelper.hexToString(kparts[2]), Base64.DEFAULT), Integer.valueOf(kparts[3]));
|
Base64.decode(CryptoHelper.hexToString(kParts[2]), Base64.DEFAULT), Integer.parseInt(kParts[3]));
|
||||||
serverKey = hmac(saltedPassword, SERVER_KEY_BYTES);
|
serverKey = hmac(saltedPassword, SERVER_KEY_BYTES);
|
||||||
clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES);
|
clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES);
|
||||||
|
|
||||||
|
@ -173,10 +173,10 @@ abstract class ScramMechanism extends SaslMechanism {
|
||||||
|
|
||||||
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
|
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
|
||||||
final KeyPair keys = CACHE.get(
|
final KeyPair keys = CACHE.get(
|
||||||
CryptoHelper.bytesToHex(account.getJid().asBareJid().toEscapedString().getBytes()) + ","
|
CryptoHelper.bytesToHex(CryptoHelper.saslPrep(account.getJid().asBareJid().toEscapedString()).getBytes()) + ","
|
||||||
+ CryptoHelper.bytesToHex(account.getPassword().getBytes()) + ","
|
+ CryptoHelper.bytesToHex(CryptoHelper.saslPrep(account.getPassword()).getBytes()) + ","
|
||||||
+ CryptoHelper.bytesToHex(salt.getBytes()) + ","
|
+ CryptoHelper.bytesToHex(salt.getBytes()) + ","
|
||||||
+ String.valueOf(iterationCount) + ","
|
+ iterationCount + ","
|
||||||
+ getMechanism()
|
+ getMechanism()
|
||||||
);
|
);
|
||||||
if (keys == null) {
|
if (keys == null) {
|
||||||
|
|
Loading…
Reference in New Issue