From 7af9519591ea481718b4f903b97463250cc5f116 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Sat, 30 Mar 2013 11:20:07 +0100 Subject: Trial for srpforjava: it does not work since it implements SRP-6, and not SRP-6a. That means, for example, that M1 is calculated differently from what we need. --- src/se/leap/leapclient/ProviderAPI.java | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java index aa1ce305..b8d6a765 100644 --- a/src/se/leap/leapclient/ProviderAPI.java +++ b/src/se/leap/leapclient/ProviderAPI.java @@ -15,12 +15,13 @@ import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpPut; import org.apache.http.cookie.Cookie; import org.apache.http.impl.client.DefaultHttpClient; -import org.jboss.security.srp.SRPClientSession; -import org.jboss.security.srp.SRPParameters; -import org.jboss.security.srp.SRPServerInterface; import org.json.JSONException; import org.json.JSONObject; +import com.jordanzimmerman.SRPClientSession; +import com.jordanzimmerman.SRPConstants; +import com.jordanzimmerman.SRPFactory; + import se.leap.leapclient.ProviderListContent.ProviderItem; import android.app.IntentService; @@ -121,20 +122,20 @@ public class ProviderAPI extends IntentService { String password = (String) task.get(ConfigHelper.password_key); String authentication_server = (String) task.get(ConfigHelper.srp_server_url_key); - SRPParameters params = new SRPParameters(ConfigHelper.NG_1024.getBytes(), "2".getBytes(), "salt".getBytes(), "SHA-256"); - SRPClientSession client = new SRPClientSession(username, password.toCharArray(), params); - byte[] A = client.exponential(); + SRPConstants constants = new SRPConstants(new BigInteger(ConfigHelper.NG_1024, 16), ConfigHelper.g); + SRPFactory factory = SRPFactory.getInstance(constants); + SRPClientSession session = factory.newClientSession(password.getBytes()); + session.setSalt_s(new BigInteger("1")); + byte[] A = session.getPublicKey_A().toString(16).getBytes(); try { JSONObject saltAndB = sendAToSRPServer(authentication_server, username, getHexString(A)); - byte[] B = saltAndB.getString("B").getBytes(); + String B = saltAndB.getString("B"); String salt = saltAndB.getString("salt"); - params = new SRPParameters(ConfigHelper.NG_1024.getBytes(), "2".getBytes(), salt.getBytes(), "SHA-256"); - client = new SRPClientSession(username, password.toCharArray(), params); - client.exponential(); - byte[] M1 = client.response(B); + session.setSalt_s(new BigInteger(salt, 16)); + session.setServerPublicKey_B(new BigInteger(B, 16)); + byte[] M1 = session.getEvidenceValue_M1().toString(16).getBytes(); byte[] M2 = sendM1ToSRPServer(authentication_server, username, M1); - if( client.verify(M2) == false ) - throw new SecurityException("Failed to validate server reply"); + session.validateServerEvidenceValue_M2(new BigInteger(getHexString(M2), 16)); return true; } catch (ClientProtocolException e1) { // TODO Auto-generated catch block @@ -148,10 +149,6 @@ public class ProviderAPI extends IntentService { // TODO Auto-generated catch block e1.printStackTrace(); return false; - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - return false; } } -- cgit v1.2.3