summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2013-06-20 17:47:07 +0200
committerParménides GV <parmegv@sdf.org>2013-06-20 17:47:07 +0200
commit65e2f56a8a10877964fb9fc57963d1bf8104801a (patch)
tree101aedd9ca3c9a66f9f109c5ec45f6cfaa2aaccf
parentf4956bb818fb9ed04760e6de3b53b876272da5cc (diff)
No binary library needed.
I've decided not to include any lib, but to copy the SRPParameters class to our codebase and Util.trim method to ConfigHelper.
-rw-r--r--libs/jboss-common-client.jarbin399031 -> 0 bytes
-rw-r--r--libs/jboss-srp-client.jarbin23248 -> 0 bytes
-rw-r--r--libs/jbosssx-client.jarbin140507 -> 0 bytes
-rw-r--r--src/org/jboss/security/srp/SRPParameters.java150
-rw-r--r--src/se/leap/leapclient/ConfigHelper.java20
-rw-r--r--src/se/leap/leapclient/LeapSRPSession.java69
-rw-r--r--src/se/leap/leapclient/ProviderAPI.java5
7 files changed, 207 insertions, 37 deletions
diff --git a/libs/jboss-common-client.jar b/libs/jboss-common-client.jar
deleted file mode 100644
index af5fb00..0000000
--- a/libs/jboss-common-client.jar
+++ /dev/null
Binary files differ
diff --git a/libs/jboss-srp-client.jar b/libs/jboss-srp-client.jar
deleted file mode 100644
index 9a64c28..0000000
--- a/libs/jboss-srp-client.jar
+++ /dev/null
Binary files differ
diff --git a/libs/jbosssx-client.jar b/libs/jbosssx-client.jar
deleted file mode 100644
index 5ad6fc8..0000000
--- a/libs/jbosssx-client.jar
+++ /dev/null
Binary files differ
diff --git a/src/org/jboss/security/srp/SRPParameters.java b/src/org/jboss/security/srp/SRPParameters.java
new file mode 100644
index 0000000..4b188cb
--- /dev/null
+++ b/src/org/jboss/security/srp/SRPParameters.java
@@ -0,0 +1,150 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.srp;
+
+import java.io.Serializable;
+import java.util.Arrays;
+
+import org.spongycastle.util.encoders.Base64;
+
+/** The RFC2945 algorithm session parameters that the client and server
+agree to use. In addition to the base RFC2945 parameters, one can choose an
+alternate hash algorithm for the private session key.
+
+@author Scott.Stark@jboss.org
+@version $Revision: 57210 $
+*/
+public class SRPParameters implements Cloneable, Serializable
+{
+ /** The serial version ID.
+ * @since 1.2.4.1
+ */
+ private static final long serialVersionUID = 6438772808805276693L;
+
+ /** The algorithm safe-prime modulus */
+ public final byte[] N;
+ /** The algorithm primitive generator */
+ public final byte[] g;
+ /** The random password salt originally used to verify the password */
+ public final byte[] s;
+ /** The algorithm to hash the session key to produce K. To be consistent
+ with the RFC2945 description this must be SHA_Interleave as implemented
+ by the JBossSX security provider. For compatibility with earlier JBossSX
+ SRP releases the algorithm must be SHA_ReverseInterleave. This name is
+ passed to java.security.MessageDigest.getInstance(). */
+ public final String hashAlgorithm;
+ /** The algorithm to use for any encryption of data.
+ */
+ public final String cipherAlgorithm;
+ /** The cipher intialization vector bytes
+ */
+ public byte[] cipherIV;
+
+ /** Creates a new instance of SRPParameters */
+ public SRPParameters(byte[] N, byte[] g, byte[] s)
+ {
+ this(N, g, s, "SHA_Interleave", null);
+ }
+ public SRPParameters(byte[] N, byte[] g, byte[] s, String hashAlgorithm)
+ {
+ this(N, g, s, hashAlgorithm, null);
+ }
+ public SRPParameters(byte[] N, byte[] g, byte[] s, String hashAlgorithm,
+ String cipherAlgorithm)
+ {
+ this(N, g, s, hashAlgorithm, cipherAlgorithm, null);
+ }
+ public SRPParameters(byte[] N, byte[] g, byte[] s, String hashAlgorithm,
+ String cipherAlgorithm, byte[] cipherIV)
+ {
+ this.N = N;
+ this.g = g;
+ this.s = s;
+ if( hashAlgorithm == null )
+ hashAlgorithm = "SHA_Interleave";
+ this.hashAlgorithm = hashAlgorithm;
+ this.cipherAlgorithm = cipherAlgorithm;
+ this.cipherIV = cipherIV;
+ }
+
+ public Object clone()
+ {
+ Object clone = null;
+ try
+ {
+ clone = super.clone();
+ }
+ catch(CloneNotSupportedException e)
+ {
+ }
+ return clone;
+ }
+
+ public int hashCode()
+ {
+ int hashCode = hashAlgorithm.hashCode();
+ for(int i = 0; i < N.length; i ++)
+ hashCode += N[i];
+ for(int i = 0; i < g.length; i ++)
+ hashCode += g[i];
+ for(int i = 0; i < s.length; i ++)
+ hashCode += s[i];
+ return hashCode;
+ }
+
+ public boolean equals(Object obj)
+ {
+ boolean equals = false;
+ if( obj instanceof SRPParameters )
+ {
+ SRPParameters p = (SRPParameters) obj;
+ equals = hashAlgorithm.equals(p.hashAlgorithm);
+ if( equals == true )
+ equals = Arrays.equals(N, p.N);
+ if( equals == true )
+ equals = Arrays.equals(g, p.g);
+ if( equals == true )
+ equals = Arrays.equals(s, p.s);
+ }
+ return equals;
+ }
+
+ public String toString()
+ {
+ StringBuffer tmp = new StringBuffer(super.toString());
+ tmp.append('{');
+ tmp.append("N: ");
+ tmp.append(Base64.encode(N));
+ tmp.append("|g: ");
+ tmp.append(Base64.encode(g));
+ tmp.append("|s: ");
+ tmp.append(Base64.encode(s));
+ tmp.append("|hashAlgorithm: ");
+ tmp.append(hashAlgorithm);
+ tmp.append("|cipherAlgorithm: ");
+ tmp.append(cipherAlgorithm);
+ tmp.append("|cipherIV: ");
+ tmp.append(cipherIV);
+ tmp.append('}');
+ return tmp.toString();
+ }
+}
diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index cb4a550..dd20112 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -208,6 +208,26 @@ public class ConfigHelper {
}
/**
+ * Treat the input as the MSB representation of a number,
+ * and lop off leading zero elements. For efficiency, the
+ * input is simply returned if no leading zeroes are found.
+ *
+ * @param in array to be trimmed
+ */
+ public static byte[] trim(byte[] in) {
+ if(in.length == 0 || in[0] != 0)
+ return in;
+
+ int len = in.length;
+ int i = 1;
+ while(in[i] == 0 && i < len)
+ ++i;
+ byte[] ret = new byte[len - i];
+ System.arraycopy(in, i, ret, 0, len - i);
+ return ret;
+ }
+
+ /**
* Sets class scope Shared Preferences
* @param shared_preferences
*/
diff --git a/src/se/leap/leapclient/LeapSRPSession.java b/src/se/leap/leapclient/LeapSRPSession.java
index beb286d..d21ccff 100644
--- a/src/se/leap/leapclient/LeapSRPSession.java
+++ b/src/se/leap/leapclient/LeapSRPSession.java
@@ -4,9 +4,9 @@ import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.util.Arrays;
-import org.jboss.security.Util;
import org.jboss.security.srp.SRPParameters;
/**
@@ -30,6 +30,7 @@ public class LeapSRPSession {
private BigInteger a;
private BigInteger A;
private byte[] K;
+ private SecureRandom pseudoRng;
/** The M1 = H(H(N) xor H(g) | H(U) | s | A | B | K) hash */
private MessageDigest clientHash;
/** The M2 = H(A | M | K) hash */
@@ -57,20 +58,20 @@ public class LeapSRPSession {
*/
public LeapSRPSession(String username, String password, SRPParameters params,
byte[] abytes) {
- try {
- // Initialize the secure random number and message digests
- Util.init();
- }
- catch(NoSuchAlgorithmException e) {
- }
-
this.params = params;
this.g = new BigInteger(1, params.g);
- N_bytes = Util.trim(params.N);
+ N_bytes = ConfigHelper.trim(params.N);
this.N = new BigInteger(1, N_bytes);
this.username = username;
this.password = password;
+ try {
+ pseudoRng = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
if( abytes != null ) {
A_LEN = 8*abytes.length;
/* TODO Why did they put this condition?
@@ -105,15 +106,15 @@ public class LeapSRPSession {
byte[] colon = {};
String encoding = "ISO-8859-1";
try {
- user = Util.trim(username.getBytes(encoding));
- colon = Util.trim(":".getBytes(encoding));
- password_bytes = Util.trim(password.getBytes(encoding));
+ user = ConfigHelper.trim(username.getBytes(encoding));
+ colon = ConfigHelper.trim(":".getBytes(encoding));
+ password_bytes = ConfigHelper.trim(password.getBytes(encoding));
}
catch(UnsupportedEncodingException e) {
// Use the default platform encoding
- user = Util.trim(username.getBytes());
- colon = Util.trim(":".getBytes());
- password_bytes = Util.trim(password.getBytes());
+ user = ConfigHelper.trim(username.getBytes());
+ colon = ConfigHelper.trim(":".getBytes());
+ password_bytes = ConfigHelper.trim(password.getBytes());
}
// Build the hash
@@ -152,7 +153,7 @@ public class LeapSRPSession {
{
//TODO Check if length matters in the order, when b2 is smaller than b1 or viceversa
byte[] xor_digest = new BigInteger(1, b1).xor(new BigInteger(1, b2)).toByteArray();
- return Util.trim(xor_digest);
+ return ConfigHelper.trim(xor_digest);
}
/**
@@ -166,11 +167,11 @@ public class LeapSRPSession {
if( a == null ) {
BigInteger one = BigInteger.ONE;
do {
- a = new BigInteger(A_LEN, Util.getPRNG());
+ a = new BigInteger(A_LEN, pseudoRng);
} while(a.compareTo(one) <= 0);
}
A = g.modPow(a, N);
- Abytes = Util.trim(A.toByteArray());
+ Abytes = ConfigHelper.trim(A.toByteArray());
}
return Abytes;
}
@@ -186,7 +187,7 @@ public class LeapSRPSession {
*/
public byte[] response(byte[] salt_bytes, byte[] Bbytes) throws NoSuchAlgorithmException {
// Calculate x = H(s | H(U | ':' | password))
- byte[] xb = calculatePasswordHash(username, password, Util.trim(salt_bytes));
+ byte[] xb = calculatePasswordHash(username, password, ConfigHelper.trim(salt_bytes));
this.x = new BigInteger(1, xb);
// Calculate v = kg^x mod N
@@ -204,36 +205,36 @@ public class LeapSRPSession {
clientHash.update(xor_digest);
// clientHash = H(N) xor H(g) | H(U)
- byte[] username_digest = newDigest().digest(Util.trim(username.getBytes()));
- username_digest = Util.trim(username_digest);
+ byte[] username_digest = newDigest().digest(ConfigHelper.trim(username.getBytes()));
+ username_digest = ConfigHelper.trim(username_digest);
clientHash.update(username_digest);
// clientHash = H(N) xor H(g) | H(U) | s
- clientHash.update(Util.trim(salt_bytes));
+ clientHash.update(ConfigHelper.trim(salt_bytes));
K = null;
// clientHash = H(N) xor H(g) | H(U) | A
- byte[] Abytes = Util.trim(A.toByteArray());
+ byte[] Abytes = ConfigHelper.trim(A.toByteArray());
clientHash.update(Abytes);
// clientHash = H(N) xor H(g) | H(U) | s | A | B
- Bbytes = Util.trim(Bbytes);
+ Bbytes = ConfigHelper.trim(Bbytes);
clientHash.update(Bbytes);
// Calculate S = (B - kg^x) ^ (a + u * x) % N
BigInteger S = calculateS(Bbytes);
- byte[] S_bytes = Util.trim(S.toByteArray());
+ byte[] S_bytes = ConfigHelper.trim(S.toByteArray());
// K = SessionHash(S)
String hash_algorithm = params.hashAlgorithm;
MessageDigest sessionDigest = MessageDigest.getInstance(hash_algorithm);
- K = Util.trim(sessionDigest.digest(S_bytes));
+ K = ConfigHelper.trim(sessionDigest.digest(S_bytes));
// clientHash = H(N) xor H(g) | H(U) | A | B | K
clientHash.update(K);
- byte[] M1 = Util.trim(clientHash.digest());
+ byte[] M1 = ConfigHelper.trim(clientHash.digest());
// serverHash = Astr + M + K
serverHash.update(Abytes);
@@ -249,8 +250,8 @@ public class LeapSRPSession {
* @return the parameter S
*/
private BigInteger calculateS(byte[] Bbytes) {
- byte[] Abytes = Util.trim(A.toByteArray());
- Bbytes = Util.trim(Bbytes);
+ byte[] Abytes = ConfigHelper.trim(A.toByteArray());
+ Bbytes = ConfigHelper.trim(Bbytes);
byte[] u_bytes = getU(Abytes, Bbytes);
BigInteger B = new BigInteger(1, Bbytes);
@@ -270,10 +271,10 @@ public class LeapSRPSession {
*/
public byte[] getU(byte[] Abytes, byte[] Bbytes) {
MessageDigest u_digest = newDigest();
- u_digest.update(Util.trim(Abytes));
- u_digest.update(Util.trim(Bbytes));
+ u_digest.update(ConfigHelper.trim(Abytes));
+ u_digest.update(ConfigHelper.trim(Bbytes));
byte[] u_digest_bytes = u_digest.digest();
- return Util.trim(new BigInteger(1, u_digest_bytes).toByteArray());
+ return ConfigHelper.trim(new BigInteger(1, u_digest_bytes).toByteArray());
}
/**
@@ -283,8 +284,8 @@ public class LeapSRPSession {
public boolean verify(byte[] M2)
{
// M2 = H(A | M1 | K)
- M2 = Util.trim(M2);
- byte[] myM2 = Util.trim(serverHash.digest());
+ M2 = ConfigHelper.trim(M2);
+ byte[] myM2 = ConfigHelper.trim(serverHash.digest());
boolean valid = Arrays.equals(M2, myM2);
return valid;
}
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 4dfe200..00d7d82 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -41,7 +41,6 @@ import org.apache.http.cookie.Cookie;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
-import org.jboss.security.Util;
import org.jboss.security.srp.SRPParameters;
import org.json.JSONException;
import org.json.JSONObject;
@@ -214,7 +213,7 @@ public class ProviderAPI extends IntentService {
* @throws JSONException
*/
private JSONObject sendM1ToSRPServer(String server_url, String username, byte[] m1) throws ClientProtocolException, IOException, JSONException {
- HttpPut put = new HttpPut(server_url + "/sessions/" + username +".json" + "?" + "client_auth" + "=" + new BigInteger(1, Util.trim(m1)).toString(16));
+ HttpPut put = new HttpPut(server_url + "/sessions/" + username +".json" + "?" + "client_auth" + "=" + new BigInteger(1, ConfigHelper.trim(m1)).toString(16));
JSONObject json_response = sendToServer(put);
JSONObject session_idAndM2 = new JSONObject();
@@ -223,7 +222,7 @@ public class ProviderAPI extends IntentService {
Cookie session_id_cookie = LeapHttpClient.getInstance(getApplicationContext()).getCookieStore().getCookies().get(0);
session_idAndM2.put(ConfigHelper.SESSION_ID_COOKIE_KEY, session_id_cookie.getName());
session_idAndM2.put(ConfigHelper.SESSION_ID_KEY, session_id_cookie.getValue());
- session_idAndM2.put(ConfigHelper.M2_KEY, Util.trim(M2_not_trimmed));
+ session_idAndM2.put(ConfigHelper.M2_KEY, ConfigHelper.trim(M2_not_trimmed));
}
return session_idAndM2;
}