From 1de7124be9914c47d4561088b6e0dabdf57b5db8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Parm=C3=A9nides=20GV?= <parmegv@sdf.org>
Date: Thu, 1 Aug 2013 11:25:00 +0200
Subject: Check B % N != 0 in SRP algorithm.

---
 src/se/leap/bitmaskclient/ProviderAPI.java | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/se/leap/bitmaskclient/ProviderAPI.java')

diff --git a/src/se/leap/bitmaskclient/ProviderAPI.java b/src/se/leap/bitmaskclient/ProviderAPI.java
index 39b44e24..25e9af45 100644
--- a/src/se/leap/bitmaskclient/ProviderAPI.java
+++ b/src/se/leap/bitmaskclient/ProviderAPI.java
@@ -238,6 +238,7 @@ public class ProviderAPI extends IntentService {
 					String salt = saltAndB.getString(LeapSRPSession.SALT);
 					byte[] Bbytes = new BigInteger(saltAndB.getString("B"), 16).toByteArray();
 					byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes);
+					if(M1 != null) {
 					JSONObject session_idAndM2 = sendM1ToSRPServer(authentication_server, username, M1);
 					if(session_idAndM2.has(LeapSRPSession.M2) && client.verify((byte[])session_idAndM2.get(LeapSRPSession.M2))) {
 						session_id_bundle.putBoolean(RESULT_KEY, true);
@@ -246,6 +247,11 @@ public class ProviderAPI extends IntentService {
 						session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_bad_user_password_user_message));
 						session_id_bundle.putString(LogInDialog.USERNAME, username);
 					}
+					} else {
+						session_id_bundle.putBoolean(RESULT_KEY, false);
+						session_id_bundle.putString(LogInDialog.USERNAME, username);
+						session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_srp_math_error_user_message));
+					}
 				} else {
 					session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_bad_user_password_user_message));
 					session_id_bundle.putString(LogInDialog.USERNAME, username);
-- 
cgit v1.2.3