summaryrefslogtreecommitdiff
path: root/src/se/leap
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2013-06-20 17:47:07 +0200
committerParménides GV <parmegv@sdf.org>2013-06-20 17:47:07 +0200
commit65e2f56a8a10877964fb9fc57963d1bf8104801a (patch)
tree101aedd9ca3c9a66f9f109c5ec45f6cfaa2aaccf /src/se/leap
parentf4956bb818fb9ed04760e6de3b53b876272da5cc (diff)
No binary library needed.
I've decided not to include any lib, but to copy the SRPParameters class to our codebase and Util.trim method to ConfigHelper.
Diffstat (limited to 'src/se/leap')
-rw-r--r--src/se/leap/leapclient/ConfigHelper.java20
-rw-r--r--src/se/leap/leapclient/LeapSRPSession.java69
-rw-r--r--src/se/leap/leapclient/ProviderAPI.java5
3 files changed, 57 insertions, 37 deletions
diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index cb4a550f..dd20112c 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -208,6 +208,26 @@ public class ConfigHelper {
}
/**
+ * Treat the input as the MSB representation of a number,
+ * and lop off leading zero elements. For efficiency, the
+ * input is simply returned if no leading zeroes are found.
+ *
+ * @param in array to be trimmed
+ */
+ public static byte[] trim(byte[] in) {
+ if(in.length == 0 || in[0] != 0)
+ return in;
+
+ int len = in.length;
+ int i = 1;
+ while(in[i] == 0 && i < len)
+ ++i;
+ byte[] ret = new byte[len - i];
+ System.arraycopy(in, i, ret, 0, len - i);
+ return ret;
+ }
+
+ /**
* Sets class scope Shared Preferences
* @param shared_preferences
*/
diff --git a/src/se/leap/leapclient/LeapSRPSession.java b/src/se/leap/leapclient/LeapSRPSession.java
index beb286da..d21ccffe 100644
--- a/src/se/leap/leapclient/LeapSRPSession.java
+++ b/src/se/leap/leapclient/LeapSRPSession.java
@@ -4,9 +4,9 @@ import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.util.Arrays;
-import org.jboss.security.Util;
import org.jboss.security.srp.SRPParameters;
/**
@@ -30,6 +30,7 @@ public class LeapSRPSession {
private BigInteger a;
private BigInteger A;
private byte[] K;
+ private SecureRandom pseudoRng;
/** The M1 = H(H(N) xor H(g) | H(U) | s | A | B | K) hash */
private MessageDigest clientHash;
/** The M2 = H(A | M | K) hash */
@@ -57,20 +58,20 @@ public class LeapSRPSession {
*/
public LeapSRPSession(String username, String password, SRPParameters params,
byte[] abytes) {
- try {
- // Initialize the secure random number and message digests
- Util.init();
- }
- catch(NoSuchAlgorithmException e) {
- }
-
this.params = params;
this.g = new BigInteger(1, params.g);
- N_bytes = Util.trim(params.N);
+ N_bytes = ConfigHelper.trim(params.N);
this.N = new BigInteger(1, N_bytes);
this.username = username;
this.password = password;
+ try {
+ pseudoRng = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
if( abytes != null ) {
A_LEN = 8*abytes.length;
/* TODO Why did they put this condition?
@@ -105,15 +106,15 @@ public class LeapSRPSession {
byte[] colon = {};
String encoding = "ISO-8859-1";
try {
- user = Util.trim(username.getBytes(encoding));
- colon = Util.trim(":".getBytes(encoding));
- password_bytes = Util.trim(password.getBytes(encoding));
+ user = ConfigHelper.trim(username.getBytes(encoding));
+ colon = ConfigHelper.trim(":".getBytes(encoding));
+ password_bytes = ConfigHelper.trim(password.getBytes(encoding));
}
catch(UnsupportedEncodingException e) {
// Use the default platform encoding
- user = Util.trim(username.getBytes());
- colon = Util.trim(":".getBytes());
- password_bytes = Util.trim(password.getBytes());
+ user = ConfigHelper.trim(username.getBytes());
+ colon = ConfigHelper.trim(":".getBytes());
+ password_bytes = ConfigHelper.trim(password.getBytes());
}
// Build the hash
@@ -152,7 +153,7 @@ public class LeapSRPSession {
{
//TODO Check if length matters in the order, when b2 is smaller than b1 or viceversa
byte[] xor_digest = new BigInteger(1, b1).xor(new BigInteger(1, b2)).toByteArray();
- return Util.trim(xor_digest);
+ return ConfigHelper.trim(xor_digest);
}
/**
@@ -166,11 +167,11 @@ public class LeapSRPSession {
if( a == null ) {
BigInteger one = BigInteger.ONE;
do {
- a = new BigInteger(A_LEN, Util.getPRNG());
+ a = new BigInteger(A_LEN, pseudoRng);
} while(a.compareTo(one) <= 0);
}
A = g.modPow(a, N);
- Abytes = Util.trim(A.toByteArray());
+ Abytes = ConfigHelper.trim(A.toByteArray());
}
return Abytes;
}
@@ -186,7 +187,7 @@ public class LeapSRPSession {
*/
public byte[] response(byte[] salt_bytes, byte[] Bbytes) throws NoSuchAlgorithmException {
// Calculate x = H(s | H(U | ':' | password))
- byte[] xb = calculatePasswordHash(username, password, Util.trim(salt_bytes));
+ byte[] xb = calculatePasswordHash(username, password, ConfigHelper.trim(salt_bytes));
this.x = new BigInteger(1, xb);
// Calculate v = kg^x mod N
@@ -204,36 +205,36 @@ public class LeapSRPSession {
clientHash.update(xor_digest);
// clientHash = H(N) xor H(g) | H(U)
- byte[] username_digest = newDigest().digest(Util.trim(username.getBytes()));
- username_digest = Util.trim(username_digest);
+ byte[] username_digest = newDigest().digest(ConfigHelper.trim(username.getBytes()));
+ username_digest = ConfigHelper.trim(username_digest);
clientHash.update(username_digest);
// clientHash = H(N) xor H(g) | H(U) | s
- clientHash.update(Util.trim(salt_bytes));
+ clientHash.update(ConfigHelper.trim(salt_bytes));
K = null;
// clientHash = H(N) xor H(g) | H(U) | A
- byte[] Abytes = Util.trim(A.toByteArray());
+ byte[] Abytes = ConfigHelper.trim(A.toByteArray());
clientHash.update(Abytes);
// clientHash = H(N) xor H(g) | H(U) | s | A | B
- Bbytes = Util.trim(Bbytes);
+ Bbytes = ConfigHelper.trim(Bbytes);
clientHash.update(Bbytes);
// Calculate S = (B - kg^x) ^ (a + u * x) % N
BigInteger S = calculateS(Bbytes);
- byte[] S_bytes = Util.trim(S.toByteArray());
+ byte[] S_bytes = ConfigHelper.trim(S.toByteArray());
// K = SessionHash(S)
String hash_algorithm = params.hashAlgorithm;
MessageDigest sessionDigest = MessageDigest.getInstance(hash_algorithm);
- K = Util.trim(sessionDigest.digest(S_bytes));
+ K = ConfigHelper.trim(sessionDigest.digest(S_bytes));
// clientHash = H(N) xor H(g) | H(U) | A | B | K
clientHash.update(K);
- byte[] M1 = Util.trim(clientHash.digest());
+ byte[] M1 = ConfigHelper.trim(clientHash.digest());
// serverHash = Astr + M + K
serverHash.update(Abytes);
@@ -249,8 +250,8 @@ public class LeapSRPSession {
* @return the parameter S
*/
private BigInteger calculateS(byte[] Bbytes) {
- byte[] Abytes = Util.trim(A.toByteArray());
- Bbytes = Util.trim(Bbytes);
+ byte[] Abytes = ConfigHelper.trim(A.toByteArray());
+ Bbytes = ConfigHelper.trim(Bbytes);
byte[] u_bytes = getU(Abytes, Bbytes);
BigInteger B = new BigInteger(1, Bbytes);
@@ -270,10 +271,10 @@ public class LeapSRPSession {
*/
public byte[] getU(byte[] Abytes, byte[] Bbytes) {
MessageDigest u_digest = newDigest();
- u_digest.update(Util.trim(Abytes));
- u_digest.update(Util.trim(Bbytes));
+ u_digest.update(ConfigHelper.trim(Abytes));
+ u_digest.update(ConfigHelper.trim(Bbytes));
byte[] u_digest_bytes = u_digest.digest();
- return Util.trim(new BigInteger(1, u_digest_bytes).toByteArray());
+ return ConfigHelper.trim(new BigInteger(1, u_digest_bytes).toByteArray());
}
/**
@@ -283,8 +284,8 @@ public class LeapSRPSession {
public boolean verify(byte[] M2)
{
// M2 = H(A | M1 | K)
- M2 = Util.trim(M2);
- byte[] myM2 = Util.trim(serverHash.digest());
+ M2 = ConfigHelper.trim(M2);
+ byte[] myM2 = ConfigHelper.trim(serverHash.digest());
boolean valid = Arrays.equals(M2, myM2);
return valid;
}
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 4dfe200a..00d7d820 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -41,7 +41,6 @@ import org.apache.http.cookie.Cookie;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
-import org.jboss.security.Util;
import org.jboss.security.srp.SRPParameters;
import org.json.JSONException;
import org.json.JSONObject;
@@ -214,7 +213,7 @@ public class ProviderAPI extends IntentService {
* @throws JSONException
*/
private JSONObject sendM1ToSRPServer(String server_url, String username, byte[] m1) throws ClientProtocolException, IOException, JSONException {
- HttpPut put = new HttpPut(server_url + "/sessions/" + username +".json" + "?" + "client_auth" + "=" + new BigInteger(1, Util.trim(m1)).toString(16));
+ HttpPut put = new HttpPut(server_url + "/sessions/" + username +".json" + "?" + "client_auth" + "=" + new BigInteger(1, ConfigHelper.trim(m1)).toString(16));
JSONObject json_response = sendToServer(put);
JSONObject session_idAndM2 = new JSONObject();
@@ -223,7 +222,7 @@ public class ProviderAPI extends IntentService {
Cookie session_id_cookie = LeapHttpClient.getInstance(getApplicationContext()).getCookieStore().getCookies().get(0);
session_idAndM2.put(ConfigHelper.SESSION_ID_COOKIE_KEY, session_id_cookie.getName());
session_idAndM2.put(ConfigHelper.SESSION_ID_KEY, session_id_cookie.getValue());
- session_idAndM2.put(ConfigHelper.M2_KEY, Util.trim(M2_not_trimmed));
+ session_idAndM2.put(ConfigHelper.M2_KEY, ConfigHelper.trim(M2_not_trimmed));
}
return session_idAndM2;
}