From 34400de64dcf68a451b5a1bf1dbea52a49bb24eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Parm=C3=A9nides=20GV?= <parmegv@sdf.org>
Date: Thu, 7 Mar 2013 19:56:23 +0100
Subject: Changed POST by PUT in the sendM1 method.

Cleaned some code, pending the M2 one (testing with M1).
---
 src/se/leap/leapclient/ConfigHelper.java |   2 +-
 src/se/leap/leapclient/ProviderAPI.java  | 110 ++++++++++++++-----------------
 2 files changed, 51 insertions(+), 61 deletions(-)

(limited to 'src')

diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index 41364e96..b263c532 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -37,7 +37,7 @@ public class ConfigHelper {
 	final public static String eip_service_api_path = "/config/eip-service.json";
 	
 	final public static String NG_1024 = 
-			"EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3";
+			"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3";
 	final public static BigInteger g = BigInteger.valueOf(2);
 	
 	final public static int CUSTOM_PROVIDER_ADDED = 0;
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 41612d16..e2af08e3 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -21,6 +21,7 @@ import org.apache.http.HttpResponse;
 import org.apache.http.client.ClientProtocolException;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpPut;
 import org.apache.http.cookie.Cookie;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.json.JSONException;
@@ -123,7 +124,7 @@ public class ProviderAPI extends IntentService {
 		verifier_generator.init(ng_1024, ConfigHelper.g, new SHA256Digest());
 		BigInteger verifier = verifier_generator.generateVerifier(salt_in_bytes, username.getBytes(), password.getBytes());
 		
-		return sendRegisterMessage(authentication_server, salt.toString(16), verifier.toString(), username);
+		return sendRegisterMessage(authentication_server, salt.toString(16), verifier.toString(16), username);
 	}
 	
 	private boolean sendRegisterMessage(String server_url, String password_salt, String password_verifier, String login) {
@@ -137,10 +138,11 @@ public class ProviderAPI extends IntentService {
 			HttpEntity responseEntity = getResponse.getEntity();
 			String plain_response = new Scanner(responseEntity.getContent()).useDelimiter("\\A").next();
 			JSONObject json_response = new JSONObject(plain_response);
-			if(!json_response.getString("errors").isEmpty()) {
+			if(!json_response.isNull("errors") || json_response.has("errors")) {
 				return false;
 			}
-			else if(json_response.getString("password_salt").equalsIgnoreCase(password_salt) && json_response.getString("login").equalsIgnoreCase(login))
+			//else if(json_response.getString("password_salt").equalsIgnoreCase(password_salt) && json_response.getString("login").equalsIgnoreCase(login))
+			else if(json_response.getBoolean("ok") && json_response.getString("login").equalsIgnoreCase(login))
 				return true;
 		} catch (ClientProtocolException e) {
 			// TODO Auto-generated catch block
@@ -163,30 +165,31 @@ public class ProviderAPI extends IntentService {
 		String username = (String) task.get(ConfigHelper.username_key);
 		String password = (String) task.get(ConfigHelper.password_key);
 		String authentication_server = (String) task.get(ConfigHelper.srp_server_url_key);
+		
 		SRP6Client srp_client = new SRP6Client();
-		srp_client.init(new BigInteger(ConfigHelper.NG_1024, 16), ConfigHelper.g, new SHA256Digest(), new SecureRandom());
-		// Receive salt from server
-		Random random_number_generator = new Random();
-		BigInteger ng_1024 = new BigInteger(ConfigHelper.NG_1024, 16);
-		byte[] salt_in_bytes = ng_1024.probablePrime(1024, null).toByteArray();
-		//int salt = random_number_generator.nextInt(Integer.parseInt(ConfigHelper.NG_1024, 16));
-		//byte[] salt_in_bytes = ByteBuffer.allocate(4).putInt(salt).array();
-		BigInteger clientA = srp_client.generateClientCredentials(salt_in_bytes, username.getBytes(), password.getBytes());
-		//Send A to the server. Doing a http response with cookies?
-		//Receive server generated serverB
+		BigInteger n = new BigInteger(ConfigHelper.NG_1024, 16);
+		srp_client.init(n, ConfigHelper.g, new SHA256Digest(), new SecureRandom());
+
+		BigInteger salt = BigInteger.probablePrime(1024, null);
+		BigInteger clientA = srp_client.generateClientCredentials(salt.toByteArray(), username.getBytes(), password.getBytes());
 		try {
 			BigInteger serverB = sendAToSRPServer(authentication_server, username, clientA);
 			if(serverB == BigInteger.ZERO)
 				return false; // TODO Show error: error trying to start authentication with provider
+			
 			BigInteger s = srp_client.calculateSecret(serverB);
-			MessageDigest digest_of_S = MessageDigest.getInstance("SHA-256");
-			digest_of_S.update(s.toByteArray(), 0, s.toByteArray().length);
-			BigInteger k = new BigInteger(digest_of_S.digest());
-			BigInteger m1 = generateM1(k, clientA, serverB, username);
-			BigInteger m2 = sendM1ToSRPServer(authentication_server, "M1", m1);
+			
+			BigInteger k = new BigInteger(1, MessageDigest.getInstance("SHA-256").digest(s.toByteArray()));
+			
+			BigInteger m1 = generateM1(k, salt, clientA, serverB, username);
+			
+			BigInteger m2 = sendM1ToSRPServer(authentication_server, username, m1);
+			
 			if(m2 == BigInteger.ZERO)
 				return false; // TODO Show error: error in M1
+			
 			boolean verified = verifyM2(m2, k, clientA, serverB, username);
+			
 			return verified; // TODO If false, Username or password are not correct -> Show a warning and get back to login fragment
 		} catch (ClientProtocolException e) {
 			// TODO Auto-generated catch block
@@ -218,30 +221,35 @@ public class ProviderAPI extends IntentService {
 		}
 	}
 
-	private BigInteger generateM1(BigInteger K, BigInteger clientA, BigInteger serverB, String username) throws NoSuchAlgorithmException {
-		/* https://github.com/leapcode/srp_js/blob/master/src/srp_session.js
-		var hashN = SHA256(hex2a(N.toString(16)))
-			    var hashG = SHA256(hex2a(g.toString(16)))
-			    var hexString = hexXor(hashN, hashG);
-			    hexString += SHA256(I);
-			    hexString += salt;
-			    hexString += Astr;
-			    hexString += Bstr;
-			    hexString += K
-			    M = SHA256(hex2a(hexString));
-			    //M2 = H(A, M, K)
-			    M2 = SHA256(hex2a(Astr + M + K));
-		*/
+	private BigInteger sendAToSRPServer(String server_url, String username, BigInteger clientA) throws ClientProtocolException, IOException, NumberFormatException, JSONException {
+		DefaultHttpClient client = new LeapHttpClient(getApplicationContext());
+		String parameter_chain = "A" + "=" + clientA.toString(16) + "&" + "login" + "=" + username;
+		HttpPost post = new HttpPost(server_url + "/sessions.json" + "?" + parameter_chain);
+	
+		HttpResponse getResponse = client.execute(post);
+		HttpEntity responseEntity = getResponse.getEntity();
+		String plain_response = new Scanner(responseEntity.getContent()).useDelimiter("\\A").next();
+		JSONObject json_response = new JSONObject(plain_response);
+		if(!json_response.isNull("errors") || json_response.has("errors")) {
+			return BigInteger.ZERO;
+		}
+		List<Cookie> cookies = client.getCookieStore().getCookies();
+		if(!cookies.isEmpty()) {
+			String session_id = cookies.get(0).getValue();
+		}
+		return new BigInteger(json_response.getString("B"), 16);
+	}
+
+	public BigInteger generateM1(BigInteger K, BigInteger salt, BigInteger clientA, BigInteger serverB, String username) throws NoSuchAlgorithmException {
 		String digest_of_N_as_string = new BigInteger(MessageDigest.getInstance("SHA-256").digest(ConfigHelper.NG_1024.getBytes())).toString(16);
-		
+
 		String digest_of_G_as_string = new BigInteger(1, MessageDigest.getInstance("SHA-256").digest(ConfigHelper.g.toString(16).getBytes())).toString(16);
-		//String digest_of_G_as_string = new BigInteger(MessageDigest.getInstance("SHA-256").digest(ConfigHelper.g.toByteArray())).toString(16);
-		
+
 		String xor_n_and_g = hexXor(digest_of_N_as_string, digest_of_G_as_string);
-		
+
 		String digest_of_username_as_string = new BigInteger(MessageDigest.getInstance("SHA-256").digest(username.getBytes())).toString(16);
 		
-		String m1_source_string = xor_n_and_g + digest_of_username_as_string + clientA.toString(16) + serverB.toString(16) + K.toString(16);
+		String m1_source_string = xor_n_and_g + digest_of_username_as_string + salt.toString(16) + clientA.toString(16) + serverB.toString(16) + K.toString(16);
 		
 		return new BigInteger(1, MessageDigest.getInstance("SHA-256").digest(m1_source_string.getBytes()));
 	}
@@ -318,33 +326,15 @@ public class ProviderAPI extends IntentService {
          }
          buffer.append(Integer.toHexString(intValue) + "");
      }
-     return buffer.toString().toUpperCase();
+     return buffer.toString();
 }
 
-	private BigInteger sendAToSRPServer(String server_url, String username, BigInteger clientA) throws ClientProtocolException, IOException, NumberFormatException, JSONException {
+	private BigInteger sendM1ToSRPServer(String server_url, String username, BigInteger m1) throws ClientProtocolException, IOException, JSONException {
 		DefaultHttpClient client = new LeapHttpClient(getApplicationContext());
-		String parameter_chain = "A" + "=" + clientA.toString() + "&" + "login" + "=" + username;
-		HttpPost post = new HttpPost(server_url + "/sessions.json" + "?" + parameter_chain);
-
-		HttpResponse getResponse = client.execute(post);
-		HttpEntity responseEntity = getResponse.getEntity();
-		String plain_response = new Scanner(responseEntity.getContent()).useDelimiter("\\A").next();
-		JSONObject json_response = new JSONObject(plain_response);
-		if(!json_response.isNull("errors")) {
-			return BigInteger.ZERO;
-		}
-		List<Cookie> cookies = client.getCookieStore().getCookies();
-		if(!cookies.isEmpty()) {
-			String session_id = cookies.get(0).getValue();
-		}
-		return new BigInteger(json_response.getString("B"), 16);
-	}
-	private BigInteger sendM1ToSRPServer(String server_url, String parameter_name, BigInteger parameter) throws ClientProtocolException, IOException, JSONException {
-		DefaultHttpClient client = new LeapHttpClient(getApplicationContext());
-		String parameter_chain = parameter_name + "=" + parameter.toString();
-		HttpPost post = new HttpPost(server_url + "/sessions.json" + "?" + parameter_chain);
+		String parameter_chain = "client_auth" + "=" + m1.toString(16);
+		HttpPut put = new HttpPut(server_url + "/sessions/" + username +".json" + "?" + parameter_chain);
 		
-		HttpResponse getResponse = client.execute(post);
+		HttpResponse getResponse = client.execute(put);
 		HttpEntity responseEntity = getResponse.getEntity();
 		String plain_response = new Scanner(responseEntity.getContent()).useDelimiter("\\A").next();
 		JSONObject json_response = new JSONObject(plain_response);
-- 
cgit v1.2.3