From 86856f497377aa0c9b39551a2df013b915be21ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Tue, 12 Mar 2013 18:23:11 +0100 Subject: Gonna try jboss srp implementation, because if I implement myself one we will have to audit it. --- src/se/leap/leapclient/ProviderAPI.java | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'src/se') diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java index e2af08e3..591bdc9f 100644 --- a/src/se/leap/leapclient/ProviderAPI.java +++ b/src/se/leap/leapclient/ProviderAPI.java @@ -171,9 +171,12 @@ public class ProviderAPI extends IntentService { srp_client.init(n, ConfigHelper.g, new SHA256Digest(), new SecureRandom()); BigInteger salt = BigInteger.probablePrime(1024, null); - BigInteger clientA = srp_client.generateClientCredentials(salt.toByteArray(), username.getBytes(), password.getBytes()); + + BigInteger clientA = srp_client.generateClientCredentials(salt.toString(16).getBytes(), username.getBytes(), password.getBytes()); + try { BigInteger serverB = sendAToSRPServer(authentication_server, username, clientA); + if(serverB == BigInteger.ZERO) return false; // TODO Show error: error trying to start authentication with provider @@ -241,7 +244,7 @@ public class ProviderAPI extends IntentService { } public BigInteger generateM1(BigInteger K, BigInteger salt, BigInteger clientA, BigInteger serverB, String username) throws NoSuchAlgorithmException { - String digest_of_N_as_string = new BigInteger(MessageDigest.getInstance("SHA-256").digest(ConfigHelper.NG_1024.getBytes())).toString(16); + String digest_of_N_as_string = new BigInteger(1, MessageDigest.getInstance("SHA-256").digest(hex2ascii(ConfigHelper.NG_1024).getBytes())).toString(16); String digest_of_G_as_string = new BigInteger(1, MessageDigest.getInstance("SHA-256").digest(ConfigHelper.g.toString(16).getBytes())).toString(16); @@ -297,7 +300,11 @@ public class ProviderAPI extends IntentService { private String hexXor(String a, String b) { String str = ""; for (int i = 0; i < a.length(); i += 2) { - int xor = Integer.parseInt(a.substring(i, 2 + i), 16) ^ Integer.parseInt(b.substring(i, 2 + i), 16); + int xor = 0; + if(a.length() > i + 2) + xor = Integer.parseInt(a.substring(i, 2 + i), 16) ^ Integer.parseInt(b.substring(i, 2 + i), 16); + else + xor = Integer.parseInt(a.substring(i, 1 + i), 16) ^ Integer.parseInt(b.substring(i, 1 + i), 16); String xor_string = String.valueOf(Integer.valueOf(String.valueOf(xor), 16)); str += (xor_string.length() == 1) ? ("0" + xor) : xor_string; } @@ -328,6 +335,16 @@ public class ProviderAPI extends IntentService { } return buffer.toString(); } + + private String hex2ascii(String hex) { + StringBuilder output = new StringBuilder(); + for (int i = 0; i < hex.length(); i+=2) { + String str = hex.substring(i, i+2); + output.append((char)Integer.parseInt(str, 16)); + } + String debug = output.toString(); + return output.toString(); + } private BigInteger sendM1ToSRPServer(String server_url, String username, BigInteger m1) throws ClientProtocolException, IOException, JSONException { DefaultHttpClient client = new LeapHttpClient(getApplicationContext()); -- cgit v1.2.3