Check B % N != 0 in SRP algorithm.

author: Parménides GV <parmegv@sdf.org> 2013-08-01 11:25:00 +0200
committer: Parménides GV <parmegv@sdf.org> 2013-11-14 20:29:32 +0100
commit: 1de7124be9914c47d4561088b6e0dabdf57b5db8 (patch)
tree: 2a060e4d3121481e7eeec9492d154ae38f14da0c
parent: 2cc19682a050e7675de4a8e5f470c7a408b46ac4 (diff)
4 files changed, 62 insertions, 52 deletions
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 39c82d40..341218a5 100755
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -278,6 +278,7 @@
     <string name="username_ask">Please enter your username</string>
     <string name="password_hint">password</string>
     <string name="user_message">User message</string>
+    <string name="error_srp_math_error_user_message">Try again: server math error.</string>
     <string name="error_bad_user_password_user_message">Not valid username and/or password.</string>
     <string name="error_not_valid_password_user_message">It should have at least 8 characters.</string>
     <string name="error_client_http_user_message">Try again: Client HTTP error</string>
diff --git a/src/se/leap/bitmaskclient/ConfigurationWizard.java b/src/se/leap/bitmaskclient/ConfigurationWizard.java
index a0ac1bc2..395e6142 100644
--- a/src/se/leap/bitmaskclient/ConfigurationWizard.java
+++ b/src/se/leap/bitmaskclient/ConfigurationWizard.java
@@ -143,7 +143,7 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn
 		}
 		else if(resultCode == ProviderAPI.INCORRECTLY_DOWNLOADED_JSON_FILES) {
 			//Toast.makeText(getApplicationContext(), R.string.incorrectly_downloaded_json_files_message, Toast.LENGTH_LONG).show();
-			mProgressDialog.dismiss();
+			//mProgressDialog.dismiss();
 			setResult(RESULT_CANCELED, mConfigState);
 		}
 		else if(resultCode == ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE) {
diff --git a/src/se/leap/bitmaskclient/LeapSRPSession.java b/src/se/leap/bitmaskclient/LeapSRPSession.java
index 9260c81f..14a8bff2 100644
--- a/src/se/leap/bitmaskclient/LeapSRPSession.java
+++ b/src/se/leap/bitmaskclient/LeapSRPSession.java
@@ -207,60 +207,63 @@ public class LeapSRPSession {
 	 */
 	public byte[] response(byte[] salt_bytes, byte[] Bbytes) throws NoSuchAlgorithmException {
 		// Calculate x = H(s | H(U | ':' | password))
-		byte[] xb = calculatePasswordHash(username, password, ConfigHelper.trim(salt_bytes));
-		this.x = new BigInteger(1, xb);
+		byte[] M1 = null;
+		if(new BigInteger(1, Bbytes).mod(new BigInteger(1, N_bytes)) != BigInteger.ZERO) {
+			byte[] xb = calculatePasswordHash(username, password, ConfigHelper.trim(salt_bytes));
+			this.x = new BigInteger(1, xb);
 
-		// Calculate v = kg^x mod N
-		String k_string = "bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0";
-		this.v = calculateV(k_string);
+			// Calculate v = kg^x mod N
+			String k_string = "bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0";
+			this.v = calculateV(k_string);
 
-		// H(N)
-		byte[] digest_of_n = newDigest().digest(N_bytes);
-		
-		// H(g)
-		byte[] digest_of_g = newDigest().digest(params.g);
-		
-		// clientHash = H(N) xor H(g)
-		byte[] xor_digest = xor(digest_of_n, digest_of_g);
-		clientHash.update(xor_digest);
-		
-		// clientHash = H(N) xor H(g) | H(U)
-		byte[] username_digest = newDigest().digest(ConfigHelper.trim(username.getBytes()));
-		username_digest = ConfigHelper.trim(username_digest);
-		clientHash.update(username_digest);
-		
-		// clientHash = H(N) xor H(g) | H(U) | s
-		clientHash.update(ConfigHelper.trim(salt_bytes));
-		
-		K = null;
+			// H(N)
+			byte[] digest_of_n = newDigest().digest(N_bytes);
 
-		// clientHash = H(N) xor H(g) | H(U) | A
-		byte[] Abytes = ConfigHelper.trim(A.toByteArray());
-		clientHash.update(Abytes);
-		
-		// clientHash = H(N) xor H(g) | H(U) | s | A | B
-		Bbytes = ConfigHelper.trim(Bbytes);
-		clientHash.update(Bbytes);
-		
-		// Calculate S = (B - kg^x) ^ (a + u * x) % N
-		BigInteger S = calculateS(Bbytes);
-		byte[] S_bytes = ConfigHelper.trim(S.toByteArray());
-
-		// K = SessionHash(S)
-		String hash_algorithm = params.hashAlgorithm;
-		MessageDigest sessionDigest = MessageDigest.getInstance(hash_algorithm);
-		K = ConfigHelper.trim(sessionDigest.digest(S_bytes));
-		
-		// clientHash = H(N) xor H(g) | H(U) | A | B | K
-		clientHash.update(K);
-		
-		byte[] M1 = ConfigHelper.trim(clientHash.digest());
-		
-		// serverHash = Astr + M + K
-		serverHash.update(Abytes);
-		serverHash.update(M1);
-		serverHash.update(K);
-		
+			// H(g)
+			byte[] digest_of_g = newDigest().digest(params.g);
+
+			// clientHash = H(N) xor H(g)
+			byte[] xor_digest = xor(digest_of_n, digest_of_g);
+			clientHash.update(xor_digest);
+
+			// clientHash = H(N) xor H(g) | H(U)
+			byte[] username_digest = newDigest().digest(ConfigHelper.trim(username.getBytes()));
+			username_digest = ConfigHelper.trim(username_digest);
+			clientHash.update(username_digest);
+
+			// clientHash = H(N) xor H(g) | H(U) | s
+			clientHash.update(ConfigHelper.trim(salt_bytes));
+
+			K = null;
+
+			// clientHash = H(N) xor H(g) | H(U) | A
+			byte[] Abytes = ConfigHelper.trim(A.toByteArray());
+			clientHash.update(Abytes);
+
+			// clientHash = H(N) xor H(g) | H(U) | s | A | B
+			Bbytes = ConfigHelper.trim(Bbytes);
+			clientHash.update(Bbytes);
+
+			// Calculate S = (B - kg^x) ^ (a + u * x) % N
+			BigInteger S = calculateS(Bbytes);
+			byte[] S_bytes = ConfigHelper.trim(S.toByteArray());
+
+			// K = SessionHash(S)
+			String hash_algorithm = params.hashAlgorithm;
+			MessageDigest sessionDigest = MessageDigest.getInstance(hash_algorithm);
+			K = ConfigHelper.trim(sessionDigest.digest(S_bytes));
+
+			// clientHash = H(N) xor H(g) | H(U) | A | B | K
+			clientHash.update(K);
+
+			M1 = ConfigHelper.trim(clientHash.digest());
+
+			// serverHash = Astr + M + K
+			serverHash.update(Abytes);
+			serverHash.update(M1);
+			serverHash.update(K);
+
+		}
 		return M1;
 	}
 
diff --git a/src/se/leap/bitmaskclient/ProviderAPI.java b/src/se/leap/bitmaskclient/ProviderAPI.java
index 39b44e24..25e9af45 100644
--- a/src/se/leap/bitmaskclient/ProviderAPI.java
+++ b/src/se/leap/bitmaskclient/ProviderAPI.java
@@ -238,6 +238,7 @@ public class ProviderAPI extends IntentService {
 					String salt = saltAndB.getString(LeapSRPSession.SALT);
 					byte[] Bbytes = new BigInteger(saltAndB.getString("B"), 16).toByteArray();
 					byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes);
+					if(M1 != null) {
 					JSONObject session_idAndM2 = sendM1ToSRPServer(authentication_server, username, M1);
 					if(session_idAndM2.has(LeapSRPSession.M2) && client.verify((byte[])session_idAndM2.get(LeapSRPSession.M2))) {
 						session_id_bundle.putBoolean(RESULT_KEY, true);
@@ -246,6 +247,11 @@ public class ProviderAPI extends IntentService {
 						session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_bad_user_password_user_message));
 						session_id_bundle.putString(LogInDialog.USERNAME, username);
 					}
+					} else {
+						session_id_bundle.putBoolean(RESULT_KEY, false);
+						session_id_bundle.putString(LogInDialog.USERNAME, username);
+						session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_srp_math_error_user_message));
+					}
 				} else {
 					session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_bad_user_password_user_message));
 					session_id_bundle.putString(LogInDialog.USERNAME, username);
author	Parménides GV <parmegv@sdf.org>	2013-08-01 11:25:00 +0200
committer	Parménides GV <parmegv@sdf.org>	2013-11-14 20:29:32 +0100
commit	1de7124be9914c47d4561088b6e0dabdf57b5db8 (patch)
tree	2a060e4d3121481e7eeec9492d154ae38f14da0c
parent	2cc19682a050e7675de4a8e5f470c7a408b46ac4 (diff)