summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/se/leap/leapclient/LeapSRPSession.java94
-rw-r--r--src/se/leap/leapclient/LogInDialog.java4
-rw-r--r--src/se/leap/leapclient/ProviderAPI.java8
3 files changed, 57 insertions, 49 deletions
diff --git a/src/se/leap/leapclient/LeapSRPSession.java b/src/se/leap/leapclient/LeapSRPSession.java
index d266cd7f..f9037de9 100644
--- a/src/se/leap/leapclient/LeapSRPSession.java
+++ b/src/se/leap/leapclient/LeapSRPSession.java
@@ -14,7 +14,10 @@ import org.jboss.security.srp.SRPPermission;
public class LeapSRPSession {
private SRPParameters params;
+ private String username;
+ private String password;
private BigInteger N;
+ private byte[] N_bytes;
private BigInteger g;
private BigInteger x;
private BigInteger v;
@@ -58,9 +61,11 @@ public class LeapSRPSession {
this.params = params;
this.g = new BigInteger(1, params.g);
- byte[] N_bytes = Util.trim(params.N);
+ N_bytes = Util.trim(params.N);
this.N = new BigInteger(1, N_bytes);
-
+ this.username = username;
+ this.password = password;
+
if( abytes != null ) {
A_LEN = 8*abytes.length;
/* TODO Why did they put this condition?
@@ -73,41 +78,8 @@ public class LeapSRPSession {
else
A_LEN = 64;
- // Calculate x = H(s | H(U | ':' | password))
- byte[] salt_bytes = Util.trim(params.s);
- byte[] xb = calculatePasswordHash(username, password, salt_bytes);
- this.x = new BigInteger(1, xb);
-
- // Calculate v = kg^x mod N
- String k_string = "bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0";
- this.v = calculateV(k_string);
- //String v_string = v.toString(16);
-
serverHash = newDigest();
clientHash = newDigest();
-
- // H(N)
- byte[] digest_of_n = newDigest().digest(N_bytes);
-
- // H(g)
- byte[] digest_of_g = newDigest().digest(params.g);
-
- // clientHash = H(N) xor H(g)
- byte[] xor_digest = xor(digest_of_n, digest_of_g, digest_of_g.length);
- //String hxg_string = new BigInteger(1, xor_digest).toString(16);
- clientHash.update(xor_digest);
-
- // clientHash = H(N) xor H(g) | H(U)
- byte[] username_digest = newDigest().digest(Util.trim(username.getBytes()));
- username_digest = Util.trim(username_digest);
- //String username_digest_string = new BigInteger(1, username_digest).toString(16);
- clientHash.update(username_digest);
-
- // clientHash = H(N) xor H(g) | H(U) | s
- //String salt_string = new BigInteger(1, salt_bytes).toString(16);
- clientHash.update(salt_bytes);
-
- K = null;
}
/**
@@ -198,13 +170,6 @@ public class LeapSRPSession {
}
A = g.modPow(a, N);
Abytes = Util.trim(A.toByteArray());
- //String Abytes_string = new BigInteger(1, Abytes).toString(16);
-
- // clientHash = H(N) xor H(g) | H(U) | A
- clientHash.update(Abytes);
-
- // serverHash = A
- serverHash.update(Abytes);
}
return Abytes;
}
@@ -213,10 +178,52 @@ public class LeapSRPSession {
* Calculates the parameter M1, to be sent to the SRP server.
* It also updates hashes of client and server for further calculations in other methods.
* @param Bbytes the parameter received from the server, in bytes
+ * @param bs
* @return the parameter M1
* @throws NoSuchAlgorithmException
*/
- public byte[] response(byte[] Bbytes) throws NoSuchAlgorithmException {
+ public byte[] response(byte[] salt_bytes, byte[] Bbytes) throws NoSuchAlgorithmException {
+ // Calculate x = H(s | H(U | ':' | password))
+ byte[] xb = calculatePasswordHash(username, password, salt_bytes);
+ this.x = new BigInteger(1, xb);
+
+ // Calculate v = kg^x mod N
+ String k_string = "bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0";
+ this.v = calculateV(k_string);
+ //String v_string = v.toString(16);
+
+
+ // H(N)
+ byte[] digest_of_n = newDigest().digest(N_bytes);
+
+ // H(g)
+ byte[] digest_of_g = newDigest().digest(params.g);
+
+ // clientHash = H(N) xor H(g)
+ byte[] xor_digest = xor(digest_of_n, digest_of_g, digest_of_g.length);
+ //String hxg_string = new BigInteger(1, xor_digest).toString(16);
+ clientHash.update(xor_digest);
+
+ // clientHash = H(N) xor H(g) | H(U)
+ byte[] username_digest = newDigest().digest(Util.trim(username.getBytes()));
+ username_digest = Util.trim(username_digest);
+ //String username_digest_string = new BigInteger(1, username_digest).toString(16);
+ clientHash.update(username_digest);
+
+ // clientHash = H(N) xor H(g) | H(U) | s
+ //String salt_string = new BigInteger(1, salt_bytes).toString(16);
+ clientHash.update(Util.trim(salt_bytes));
+
+ K = null;
+
+ // clientHash = H(N) xor H(g) | H(U) | s | A | B
+
+ byte[] Abytes = Util.trim(A.toByteArray());
+ //String Abytes_string = new BigInteger(1, Abytes).toString(16);
+
+ // clientHash = H(N) xor H(g) | H(U) | A
+ clientHash.update(Abytes);
+
// clientHash = H(N) xor H(g) | H(U) | s | A | B
Bbytes = Util.trim(Bbytes);
//String Bbytes_string = new BigInteger(1, Bbytes).toString(16);
@@ -239,6 +246,7 @@ public class LeapSRPSession {
byte[] M1 = Util.trim(clientHash.digest());
// serverHash = Astr + M + K
+ serverHash.update(Abytes);
serverHash.update(M1);
serverHash.update(K);
return M1;
diff --git a/src/se/leap/leapclient/LogInDialog.java b/src/se/leap/leapclient/LogInDialog.java
index 74db92ea..30984db6 100644
--- a/src/se/leap/leapclient/LogInDialog.java
+++ b/src/se/leap/leapclient/LogInDialog.java
@@ -51,10 +51,10 @@ public class LogInDialog extends DialogFragment {
String password = password_field.getText().toString().trim();
if(validPassword(password)) {
interface_with_Dashboard.authenticate(username, password);
- Toast.makeText(getActivity().getApplicationContext(), "It seems your URL is well formed", Toast.LENGTH_LONG).show();
+ Toast.makeText(getActivity().getApplicationContext(), "Your password is valid", Toast.LENGTH_LONG).show();
} else {
password_field.setText("");
- Toast.makeText(getActivity().getApplicationContext(), "It seems your URL is not well formed", Toast.LENGTH_LONG).show();
+ Toast.makeText(getActivity().getApplicationContext(), "Your password is not valid: it should have at least 8 characters", Toast.LENGTH_LONG).show();
}
}
})
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 04185eda..66eb3e60 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -131,14 +131,14 @@ public class ProviderAPI extends IntentService {
try {
JSONObject saltAndB = sendAToSRPServer(authentication_server, username, new BigInteger(1, A).toString(16));
if(saltAndB.length() > 0) {
- byte[] B = saltAndB.getString("B").getBytes();
- salt = saltAndB.getString("salt");
+ /*byte[] B = saltAndB.getString("B").getBytes();
params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
client = new LeapSRPSession(username, password, params);
A = client.exponential();
- saltAndB = sendAToSRPServer(authentication_server, username, new BigInteger(1, A).toString(16));
+ saltAndB = sendAToSRPServer(authentication_server, username, new BigInteger(1, A).toString(16));*/
+ salt = saltAndB.getString("salt");
byte[] Bbytes = new BigInteger(saltAndB.getString("B"), 16).toByteArray();
- byte[] M1 = client.response(Bbytes);
+ byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes);
byte[] M2 = sendM1ToSRPServer(authentication_server, username, M1);
if( client.verify(M2) == false )
//throw new SecurityException("Failed to validate server reply: M2 = " + new BigInteger(1, M2).toString(16));