No binary library needed.

I've decided not to include any lib, but to copy the SRPParameters class to our codebase and Util.trim method to ConfigHelper.
author: Parménides GV <parmegv@sdf.org> 2013-06-20 17:47:07 +0200
committer: Parménides GV <parmegv@sdf.org> 2013-06-20 17:47:07 +0200
commit: 65e2f56a8a10877964fb9fc57963d1bf8104801a (patch)
tree: 101aedd9ca3c9a66f9f109c5ec45f6cfaa2aaccf
parent: f4956bb818fb9ed04760e6de3b53b876272da5cc (diff)
7 files changed, 207 insertions, 37 deletions
diff --git a/libs/jboss-common-client.jar b/libs/jboss-common-client.jar
deleted file mode 100644
index af5fb004..00000000
--- a/libs/jboss-common-client.jar
+++ /dev/null
diff --git a/libs/jboss-srp-client.jar b/libs/jboss-srp-client.jar
deleted file mode 100644
index 9a64c28a..00000000
--- a/libs/jboss-srp-client.jar
+++ /dev/null
diff --git a/libs/jbosssx-client.jar b/libs/jbosssx-client.jar
deleted file mode 100644
index 5ad6fc84..00000000
--- a/libs/jbosssx-client.jar
+++ /dev/null
diff --git a/src/org/jboss/security/srp/SRPParameters.java b/src/org/jboss/security/srp/SRPParameters.java
new file mode 100644
index 00000000..4b188cb3
--- /dev/null
+++ b/src/org/jboss/security/srp/SRPParameters.java
@@ -0,0 +1,150 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.srp;
+
+import java.io.Serializable;
+import java.util.Arrays;
+
+import org.spongycastle.util.encoders.Base64;
+
+/** The RFC2945 algorithm session parameters that the client and server
+agree to use. In addition to the base RFC2945 parameters, one can choose an
+alternate hash algorithm for the private session key.
+
+@author Scott.Stark@jboss.org
+@version $Revision: 57210 $
+*/
+public class SRPParameters implements Cloneable, Serializable
+{
+   /** The serial version ID.
+    * @since 1.2.4.1
+    */
+   private static final long serialVersionUID = 6438772808805276693L;
+
+   /** The algorithm safe-prime modulus */
+   public final byte[] N;
+   /** The algorithm primitive generator */
+   public final byte[] g;
+   /** The random password salt originally used to verify the password */
+   public final byte[] s;
+   /** The algorithm to hash the session key to produce K. To be consistent
+    with the RFC2945 description this must be SHA_Interleave as implemented
+    by the JBossSX security provider. For compatibility with earlier JBossSX
+    SRP releases the algorithm must be SHA_ReverseInterleave. This name is
+    passed to java.security.MessageDigest.getInstance(). */
+   public final String hashAlgorithm;
+   /** The algorithm to use for any encryption of data.
+    */
+   public final String cipherAlgorithm;
+   /** The cipher intialization vector bytes
+    */
+   public byte[] cipherIV;
+
+   /** Creates a new instance of SRPParameters */
+   public SRPParameters(byte[] N, byte[] g, byte[] s)
+   {
+      this(N, g, s, "SHA_Interleave", null);
+   }
+   public SRPParameters(byte[] N, byte[] g, byte[] s, String hashAlgorithm)
+   {
+      this(N, g, s, hashAlgorithm, null);
+   }
+   public SRPParameters(byte[] N, byte[] g, byte[] s, String hashAlgorithm,
+      String cipherAlgorithm)
+   {
+      this(N, g, s, hashAlgorithm, cipherAlgorithm, null);
+   }
+   public SRPParameters(byte[] N, byte[] g, byte[] s, String hashAlgorithm,
+      String cipherAlgorithm, byte[] cipherIV)
+   {
+      this.N = N;
+      this.g = g;
+      this.s = s;
+      if( hashAlgorithm == null )
+         hashAlgorithm = "SHA_Interleave";
+      this.hashAlgorithm = hashAlgorithm;
+      this.cipherAlgorithm = cipherAlgorithm;
+      this.cipherIV = cipherIV;
+   }
+
+   public Object clone()
+   {
+      Object clone = null;
+      try
+      {
+          clone = super.clone();
+      }
+      catch(CloneNotSupportedException e)
+      {
+      }
+      return clone;
+   }
+
+   public int hashCode()
+   {
+      int hashCode = hashAlgorithm.hashCode();
+      for(int i = 0; i < N.length; i ++)
+         hashCode += N[i];
+      for(int i = 0; i < g.length; i ++)
+         hashCode += g[i];
+      for(int i = 0; i < s.length; i ++)
+         hashCode += s[i];
+      return hashCode;
+   }
+
+   public boolean equals(Object obj)
+   {
+      boolean equals = false;
+      if( obj instanceof SRPParameters )
+      {
+         SRPParameters p = (SRPParameters) obj;
+         equals = hashAlgorithm.equals(p.hashAlgorithm);
+         if( equals == true )
+            equals = Arrays.equals(N, p.N);
+         if( equals == true )
+            equals = Arrays.equals(g, p.g);
+         if( equals == true )
+            equals = Arrays.equals(s, p.s);
+      }
+      return equals;
+   }
+
+   public String toString()
+   {
+      StringBuffer tmp = new StringBuffer(super.toString());
+      tmp.append('{');
+      tmp.append("N: ");
+      tmp.append(Base64.encode(N));
+      tmp.append("|g: ");
+      tmp.append(Base64.encode(g));
+      tmp.append("|s: ");
+      tmp.append(Base64.encode(s));
+      tmp.append("|hashAlgorithm: ");
+      tmp.append(hashAlgorithm);
+      tmp.append("|cipherAlgorithm: ");
+      tmp.append(cipherAlgorithm);
+      tmp.append("|cipherIV: ");
+      tmp.append(cipherIV);
+      tmp.append('}');
+      return tmp.toString();
+   }
+}
diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index cb4a550f..dd20112c 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -208,6 +208,26 @@ public class ConfigHelper {
 	}
 
 	/**
+	 *  Treat the input as the MSB representation of a number,
+	 *  and lop off leading zero elements.  For efficiency, the
+	 *  input is simply returned if no leading zeroes are found.
+	 *  
+	 *  @param in array to be trimmed
+	 */
+	public static byte[] trim(byte[] in) {
+		if(in.length == 0 || in[0] != 0)
+			return in;
+
+		int len = in.length;
+		int i = 1;
+		while(in[i] == 0 && i < len)
+			++i;
+		byte[] ret = new byte[len - i];
+		System.arraycopy(in, i, ret, 0, len - i);
+		return ret;
+	}
+
+	/**
 	 * Sets class scope Shared Preferences
 	 * @param shared_preferences
 	 */
diff --git a/src/se/leap/leapclient/LeapSRPSession.java b/src/se/leap/leapclient/LeapSRPSession.java
index beb286da..d21ccffe 100644
--- a/src/se/leap/leapclient/LeapSRPSession.java
+++ b/src/se/leap/leapclient/LeapSRPSession.java
@@ -4,9 +4,9 @@ import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.Arrays;
 
-import org.jboss.security.Util;
 import org.jboss.security.srp.SRPParameters;
 
 /**
@@ -30,6 +30,7 @@ public class LeapSRPSession {
 	private BigInteger a;
 	private BigInteger A;
 	private byte[] K;
+	private SecureRandom pseudoRng;
 	/** The M1 = H(H(N) xor H(g) | H(U) | s | A | B | K) hash */
 	private MessageDigest clientHash;
 	/** The M2 = H(A | M | K) hash */
@@ -57,20 +58,20 @@ public class LeapSRPSession {
 	 */
 	public LeapSRPSession(String username, String password, SRPParameters params,
 			byte[] abytes) {
-		try {
-			// Initialize the secure random number and message digests
-			Util.init();
-		}
-		catch(NoSuchAlgorithmException e) {
-		}
-
 		this.params = params;
 		this.g = new BigInteger(1, params.g);
-		N_bytes = Util.trim(params.N);
+		N_bytes = ConfigHelper.trim(params.N);
 		this.N = new BigInteger(1, N_bytes);
 		this.username = username;
 		this.password = password;
 		
+		try {
+			pseudoRng = SecureRandom.getInstance("SHA1PRNG");
+		} catch (NoSuchAlgorithmException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+		
 		if( abytes != null ) {
 			A_LEN = 8*abytes.length;
 			/* TODO Why did they put this condition?
@@ -105,15 +106,15 @@ public class LeapSRPSession {
 		byte[] colon = {};
 		String encoding = "ISO-8859-1";
 		try {
-			user = Util.trim(username.getBytes(encoding));
-			colon = Util.trim(":".getBytes(encoding));
-			password_bytes = Util.trim(password.getBytes(encoding));
+			user = ConfigHelper.trim(username.getBytes(encoding));
+			colon = ConfigHelper.trim(":".getBytes(encoding));
+			password_bytes = ConfigHelper.trim(password.getBytes(encoding));
 		}
 		catch(UnsupportedEncodingException e) {
 			// Use the default platform encoding
-			user = Util.trim(username.getBytes());
-			colon = Util.trim(":".getBytes());
-			password_bytes = Util.trim(password.getBytes());
+			user = ConfigHelper.trim(username.getBytes());
+			colon = ConfigHelper.trim(":".getBytes());
+			password_bytes = ConfigHelper.trim(password.getBytes());
 		}
 		
 		// Build the hash
@@ -152,7 +153,7 @@ public class LeapSRPSession {
 	{
 		//TODO Check if length matters in the order, when b2 is smaller than b1 or viceversa
 		byte[] xor_digest = new BigInteger(1, b1).xor(new BigInteger(1, b2)).toByteArray();
-		return Util.trim(xor_digest);
+		return ConfigHelper.trim(xor_digest);
 	}
 
 	/**
@@ -166,11 +167,11 @@ public class LeapSRPSession {
 			if( a == null ) {
 				BigInteger one = BigInteger.ONE;
 				do {
-					a = new BigInteger(A_LEN, Util.getPRNG());
+					a = new BigInteger(A_LEN, pseudoRng);
 				} while(a.compareTo(one) <= 0);
 			}
 			A = g.modPow(a, N);
-			Abytes = Util.trim(A.toByteArray());
+			Abytes = ConfigHelper.trim(A.toByteArray());
 		}
 		return Abytes;
 	}
@@ -186,7 +187,7 @@ public class LeapSRPSession {
 	 */
 	public byte[] response(byte[] salt_bytes, byte[] Bbytes) throws NoSuchAlgorithmException {
 		// Calculate x = H(s | H(U | ':' | password))
-		byte[] xb = calculatePasswordHash(username, password, Util.trim(salt_bytes));
+		byte[] xb = calculatePasswordHash(username, password, ConfigHelper.trim(salt_bytes));
 		this.x = new BigInteger(1, xb);
 
 		// Calculate v = kg^x mod N
@@ -204,36 +205,36 @@ public class LeapSRPSession {
 		clientHash.update(xor_digest);
 		
 		// clientHash = H(N) xor H(g) | H(U)
-		byte[] username_digest = newDigest().digest(Util.trim(username.getBytes()));
-		username_digest = Util.trim(username_digest);
+		byte[] username_digest = newDigest().digest(ConfigHelper.trim(username.getBytes()));
+		username_digest = ConfigHelper.trim(username_digest);
 		clientHash.update(username_digest);
 		
 		// clientHash = H(N) xor H(g) | H(U) | s
-		clientHash.update(Util.trim(salt_bytes));
+		clientHash.update(ConfigHelper.trim(salt_bytes));
 		
 		K = null;
 
 		// clientHash = H(N) xor H(g) | H(U) | A
-		byte[] Abytes = Util.trim(A.toByteArray());
+		byte[] Abytes = ConfigHelper.trim(A.toByteArray());
 		clientHash.update(Abytes);
 		
 		// clientHash = H(N) xor H(g) | H(U) | s | A | B
-		Bbytes = Util.trim(Bbytes);
+		Bbytes = ConfigHelper.trim(Bbytes);
 		clientHash.update(Bbytes);
 		
 		// Calculate S = (B - kg^x) ^ (a + u * x) % N
 		BigInteger S = calculateS(Bbytes);
-		byte[] S_bytes = Util.trim(S.toByteArray());
+		byte[] S_bytes = ConfigHelper.trim(S.toByteArray());
 
 		// K = SessionHash(S)
 		String hash_algorithm = params.hashAlgorithm;
 		MessageDigest sessionDigest = MessageDigest.getInstance(hash_algorithm);
-		K = Util.trim(sessionDigest.digest(S_bytes));
+		K = ConfigHelper.trim(sessionDigest.digest(S_bytes));
 		
 		// clientHash = H(N) xor H(g) | H(U) | A | B | K
 		clientHash.update(K);
 		
-		byte[] M1 = Util.trim(clientHash.digest());
+		byte[] M1 = ConfigHelper.trim(clientHash.digest());
 		
 		// serverHash = Astr + M + K
 		serverHash.update(Abytes);
@@ -249,8 +250,8 @@ public class LeapSRPSession {
 	 * @return the parameter S
 	 */
 	private BigInteger calculateS(byte[] Bbytes) {
-		byte[] Abytes = Util.trim(A.toByteArray());
-		Bbytes = Util.trim(Bbytes);
+		byte[] Abytes = ConfigHelper.trim(A.toByteArray());
+		Bbytes = ConfigHelper.trim(Bbytes);
 		byte[] u_bytes = getU(Abytes, Bbytes);
 		
 		BigInteger B = new BigInteger(1, Bbytes);
@@ -270,10 +271,10 @@ public class LeapSRPSession {
 	 */
 	public byte[] getU(byte[] Abytes, byte[] Bbytes) {
 		MessageDigest u_digest = newDigest();
-		u_digest.update(Util.trim(Abytes));
-		u_digest.update(Util.trim(Bbytes));
+		u_digest.update(ConfigHelper.trim(Abytes));
+		u_digest.update(ConfigHelper.trim(Bbytes));
 		byte[] u_digest_bytes = u_digest.digest();
-		return Util.trim(new BigInteger(1, u_digest_bytes).toByteArray());
+		return ConfigHelper.trim(new BigInteger(1, u_digest_bytes).toByteArray());
 	}
 
 	/**
@@ -283,8 +284,8 @@ public class LeapSRPSession {
 	public boolean verify(byte[] M2)
 	{
 		// M2 = H(A | M1 | K)
-		M2 = Util.trim(M2);
-		byte[] myM2 = Util.trim(serverHash.digest());
+		M2 = ConfigHelper.trim(M2);
+		byte[] myM2 = ConfigHelper.trim(serverHash.digest());
 		boolean valid = Arrays.equals(M2, myM2);
 		return valid;
 	}
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 4dfe200a..00d7d820 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -41,7 +41,6 @@ import org.apache.http.cookie.Cookie;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.protocol.BasicHttpContext;
 import org.apache.http.protocol.HttpContext;
-import org.jboss.security.Util;
 import org.jboss.security.srp.SRPParameters;
 import org.json.JSONException;
 import org.json.JSONObject;
@@ -214,7 +213,7 @@ public class ProviderAPI extends IntentService {
 	 * @throws JSONException
 	 */
 	private JSONObject sendM1ToSRPServer(String server_url, String username, byte[] m1) throws ClientProtocolException, IOException, JSONException {
-		HttpPut put = new HttpPut(server_url + "/sessions/" + username +".json" + "?" + "client_auth" + "=" + new BigInteger(1, Util.trim(m1)).toString(16));
+		HttpPut put = new HttpPut(server_url + "/sessions/" + username +".json" + "?" + "client_auth" + "=" + new BigInteger(1, ConfigHelper.trim(m1)).toString(16));
 		JSONObject json_response = sendToServer(put);
 
 		JSONObject session_idAndM2 = new JSONObject();
@@ -223,7 +222,7 @@ public class ProviderAPI extends IntentService {
 			Cookie session_id_cookie = LeapHttpClient.getInstance(getApplicationContext()).getCookieStore().getCookies().get(0);
 			session_idAndM2.put(ConfigHelper.SESSION_ID_COOKIE_KEY, session_id_cookie.getName());
 			session_idAndM2.put(ConfigHelper.SESSION_ID_KEY, session_id_cookie.getValue());
-			session_idAndM2.put(ConfigHelper.M2_KEY, Util.trim(M2_not_trimmed));
+			session_idAndM2.put(ConfigHelper.M2_KEY, ConfigHelper.trim(M2_not_trimmed));
 		}
 		return session_idAndM2;
 	}
author	Parménides GV <parmegv@sdf.org>	2013-06-20 17:47:07 +0200
committer	Parménides GV <parmegv@sdf.org>	2013-06-20 17:47:07 +0200
commit	65e2f56a8a10877964fb9fc57963d1bf8104801a (patch)
tree	101aedd9ca3c9a66f9f109c5ec45f6cfaa2aaccf
parent	f4956bb818fb9ed04760e6de3b53b876272da5cc (diff)