From 7af9519591ea481718b4f903b97463250cc5f116 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Parm=C3=A9nides=20GV?= <parmegv@sdf.org>
Date: Sat, 30 Mar 2013 11:20:07 +0100
Subject: Trial for srpforjava: it does not work since it implements SRP-6, and
 not SRP-6a. That means, for example, that M1 is calculated differently from
 what we need.

---
 src/se/leap/leapclient/ProviderAPI.java | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index aa1ce305..b8d6a765 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -15,12 +15,13 @@ import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.methods.HttpPut;
 import org.apache.http.cookie.Cookie;
 import org.apache.http.impl.client.DefaultHttpClient;
-import org.jboss.security.srp.SRPClientSession;
-import org.jboss.security.srp.SRPParameters;
-import org.jboss.security.srp.SRPServerInterface;
 import org.json.JSONException;
 import org.json.JSONObject;
 
+import com.jordanzimmerman.SRPClientSession;
+import com.jordanzimmerman.SRPConstants;
+import com.jordanzimmerman.SRPFactory;
+
 import se.leap.leapclient.ProviderListContent.ProviderItem;
 
 import android.app.IntentService;
@@ -121,20 +122,20 @@ public class ProviderAPI extends IntentService {
 		String password = (String) task.get(ConfigHelper.password_key);
 		String authentication_server = (String) task.get(ConfigHelper.srp_server_url_key);
 
-		SRPParameters params = new SRPParameters(ConfigHelper.NG_1024.getBytes(), "2".getBytes(), "salt".getBytes(), "SHA-256");
-		SRPClientSession client = new SRPClientSession(username, password.toCharArray(), params);
-		byte[] A = client.exponential();
+		SRPConstants constants = new SRPConstants(new BigInteger(ConfigHelper.NG_1024, 16), ConfigHelper.g);
+		SRPFactory 			factory = SRPFactory.getInstance(constants);
+		SRPClientSession session = factory.newClientSession(password.getBytes());
+		session.setSalt_s(new BigInteger("1"));
+		byte[] A = session.getPublicKey_A().toString(16).getBytes();
 		try {
 			JSONObject saltAndB = sendAToSRPServer(authentication_server, username, getHexString(A));
-			byte[] B = saltAndB.getString("B").getBytes();
+			String B = saltAndB.getString("B");
 			String salt = saltAndB.getString("salt");
-			params = new SRPParameters(ConfigHelper.NG_1024.getBytes(), "2".getBytes(), salt.getBytes(), "SHA-256");
-			client = new SRPClientSession(username, password.toCharArray(), params);
-			client.exponential();
-			byte[] M1 = client.response(B);
+			session.setSalt_s(new BigInteger(salt, 16));
+			session.setServerPublicKey_B(new BigInteger(B, 16));
+			byte[] M1 = session.getEvidenceValue_M1().toString(16).getBytes();
 			byte[] M2 = sendM1ToSRPServer(authentication_server, username, M1);
-			if( client.verify(M2) == false )
-				 throw new SecurityException("Failed to validate server reply");
+			session.validateServerEvidenceValue_M2(new BigInteger(getHexString(M2), 16));
 			return true;
 		} catch (ClientProtocolException e1) {
 			// TODO Auto-generated catch block
@@ -148,10 +149,6 @@ public class ProviderAPI extends IntentService {
 			// TODO Auto-generated catch block
 			e1.printStackTrace();
 			return false;
-		} catch (NoSuchAlgorithmException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-			return false;
 		}
 	}
 	
-- 
cgit v1.2.3