summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorSean Leonard <meanderingcode@aetherislands.net>2013-11-15 11:59:25 -0800
committerSean Leonard <meanderingcode@aetherislands.net>2013-11-15 11:59:25 -0800
commitb1974082398959704f72734d4bc801fd041fd1b4 (patch)
treee1dc1be77a1b1bb897c30a9ed20db2c66f443eed /src
parent178df1e8bd76866e6d7e7f623f41caf1893cf6f3 (diff)
parent97da9475ac740f3fb1f75c68995fe827fb917015 (diff)
Merge branch 'bug/srp-b-validation' into develop
Diffstat (limited to 'src')
-rw-r--r--src/se/leap/bitmaskclient/LeapSRPSession.java105
-rw-r--r--src/se/leap/bitmaskclient/ProviderAPI.java6
2 files changed, 60 insertions, 51 deletions
diff --git a/src/se/leap/bitmaskclient/LeapSRPSession.java b/src/se/leap/bitmaskclient/LeapSRPSession.java
index 9260c81f..14a8bff2 100644
--- a/src/se/leap/bitmaskclient/LeapSRPSession.java
+++ b/src/se/leap/bitmaskclient/LeapSRPSession.java
@@ -207,60 +207,63 @@ public class LeapSRPSession {
*/
public byte[] response(byte[] salt_bytes, byte[] Bbytes) throws NoSuchAlgorithmException {
// Calculate x = H(s | H(U | ':' | password))
- byte[] xb = calculatePasswordHash(username, password, ConfigHelper.trim(salt_bytes));
- this.x = new BigInteger(1, xb);
+ byte[] M1 = null;
+ if(new BigInteger(1, Bbytes).mod(new BigInteger(1, N_bytes)) != BigInteger.ZERO) {
+ byte[] xb = calculatePasswordHash(username, password, ConfigHelper.trim(salt_bytes));
+ this.x = new BigInteger(1, xb);
- // Calculate v = kg^x mod N
- String k_string = "bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0";
- this.v = calculateV(k_string);
+ // Calculate v = kg^x mod N
+ String k_string = "bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0";
+ this.v = calculateV(k_string);
- // H(N)
- byte[] digest_of_n = newDigest().digest(N_bytes);
-
- // H(g)
- byte[] digest_of_g = newDigest().digest(params.g);
-
- // clientHash = H(N) xor H(g)
- byte[] xor_digest = xor(digest_of_n, digest_of_g);
- clientHash.update(xor_digest);
-
- // clientHash = H(N) xor H(g) | H(U)
- byte[] username_digest = newDigest().digest(ConfigHelper.trim(username.getBytes()));
- username_digest = ConfigHelper.trim(username_digest);
- clientHash.update(username_digest);
-
- // clientHash = H(N) xor H(g) | H(U) | s
- clientHash.update(ConfigHelper.trim(salt_bytes));
-
- K = null;
+ // H(N)
+ byte[] digest_of_n = newDigest().digest(N_bytes);
- // clientHash = H(N) xor H(g) | H(U) | A
- byte[] Abytes = ConfigHelper.trim(A.toByteArray());
- clientHash.update(Abytes);
-
- // clientHash = H(N) xor H(g) | H(U) | s | A | B
- Bbytes = ConfigHelper.trim(Bbytes);
- clientHash.update(Bbytes);
-
- // Calculate S = (B - kg^x) ^ (a + u * x) % N
- BigInteger S = calculateS(Bbytes);
- byte[] S_bytes = ConfigHelper.trim(S.toByteArray());
-
- // K = SessionHash(S)
- String hash_algorithm = params.hashAlgorithm;
- MessageDigest sessionDigest = MessageDigest.getInstance(hash_algorithm);
- K = ConfigHelper.trim(sessionDigest.digest(S_bytes));
-
- // clientHash = H(N) xor H(g) | H(U) | A | B | K
- clientHash.update(K);
-
- byte[] M1 = ConfigHelper.trim(clientHash.digest());
-
- // serverHash = Astr + M + K
- serverHash.update(Abytes);
- serverHash.update(M1);
- serverHash.update(K);
-
+ // H(g)
+ byte[] digest_of_g = newDigest().digest(params.g);
+
+ // clientHash = H(N) xor H(g)
+ byte[] xor_digest = xor(digest_of_n, digest_of_g);
+ clientHash.update(xor_digest);
+
+ // clientHash = H(N) xor H(g) | H(U)
+ byte[] username_digest = newDigest().digest(ConfigHelper.trim(username.getBytes()));
+ username_digest = ConfigHelper.trim(username_digest);
+ clientHash.update(username_digest);
+
+ // clientHash = H(N) xor H(g) | H(U) | s
+ clientHash.update(ConfigHelper.trim(salt_bytes));
+
+ K = null;
+
+ // clientHash = H(N) xor H(g) | H(U) | A
+ byte[] Abytes = ConfigHelper.trim(A.toByteArray());
+ clientHash.update(Abytes);
+
+ // clientHash = H(N) xor H(g) | H(U) | s | A | B
+ Bbytes = ConfigHelper.trim(Bbytes);
+ clientHash.update(Bbytes);
+
+ // Calculate S = (B - kg^x) ^ (a + u * x) % N
+ BigInteger S = calculateS(Bbytes);
+ byte[] S_bytes = ConfigHelper.trim(S.toByteArray());
+
+ // K = SessionHash(S)
+ String hash_algorithm = params.hashAlgorithm;
+ MessageDigest sessionDigest = MessageDigest.getInstance(hash_algorithm);
+ K = ConfigHelper.trim(sessionDigest.digest(S_bytes));
+
+ // clientHash = H(N) xor H(g) | H(U) | A | B | K
+ clientHash.update(K);
+
+ M1 = ConfigHelper.trim(clientHash.digest());
+
+ // serverHash = Astr + M + K
+ serverHash.update(Abytes);
+ serverHash.update(M1);
+ serverHash.update(K);
+
+ }
return M1;
}
diff --git a/src/se/leap/bitmaskclient/ProviderAPI.java b/src/se/leap/bitmaskclient/ProviderAPI.java
index 1408efc8..6ed3a294 100644
--- a/src/se/leap/bitmaskclient/ProviderAPI.java
+++ b/src/se/leap/bitmaskclient/ProviderAPI.java
@@ -259,6 +259,7 @@ public class ProviderAPI extends IntentService {
String salt = saltAndB.getString(LeapSRPSession.SALT);
byte[] Bbytes = new BigInteger(saltAndB.getString("B"), 16).toByteArray();
byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes);
+ if(M1 != null) {
JSONObject session_idAndM2 = sendM1ToSRPServer(authentication_server, username, M1);
if(session_idAndM2.has(LeapSRPSession.M2) && client.verify((byte[])session_idAndM2.get(LeapSRPSession.M2))) {
session_id_bundle.putBoolean(RESULT_KEY, true);
@@ -267,6 +268,11 @@ public class ProviderAPI extends IntentService {
session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_bad_user_password_user_message));
session_id_bundle.putString(LogInDialog.USERNAME, username);
}
+ } else {
+ session_id_bundle.putBoolean(RESULT_KEY, false);
+ session_id_bundle.putString(LogInDialog.USERNAME, username);
+ session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_srp_math_error_user_message));
+ }
} else {
session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_bad_user_password_user_message));
session_id_bundle.putString(LogInDialog.USERNAME, username);