narayana/anotherim
narayana/anotherim
3
2
Fork 0
Code Issues 3 Pull requests Actions Packages Projects Releases 4 Wiki Activity

Fix auth when upgrading from SCRAM-SHA-1 to -256 (#3192)

Browse source
This commit is contained in:
Sam Whited 2018-09-26 03:19:54 -05:00 committed by Daniel Gultsch
parent 9015d0a1fc
commit ef4cfacaf4
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
View file

@ -43,7 +43,7 @@ abstract class ScramMechanism extends SaslMechanism {
static { static {
CACHE = new LruCache<String, KeyPair>(10) { CACHE = new LruCache<String, KeyPair>(10) {
protected KeyPair create(final String k) { protected KeyPair create(final String k) {
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations". // Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
// Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()' // Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
// is applied to prevent commas in the strings breaking things. // is applied to prevent commas in the strings breaking things.
final String[] kparts = k.split(",", 4); final String[] kparts = k.split(",", 4);
@ -147,12 +147,13 @@ abstract class ScramMechanism extends SaslMechanism {
final byte[] authMessage = (clientFirstMessageBare + ',' + new String(serverFirstMessage) + ',' final byte[] authMessage = (clientFirstMessageBare + ',' + new String(serverFirstMessage) + ','
+ clientFinalMessageWithoutProof).getBytes(); + clientFinalMessageWithoutProof).getBytes();
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations". // Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
final KeyPair keys = CACHE.get( final KeyPair keys = CACHE.get(
CryptoHelper.bytesToHex(account.getJid().asBareJid().toString().getBytes()) + "," CryptoHelper.bytesToHex(account.getJid().asBareJid().toString().getBytes()) + ","
+ CryptoHelper.bytesToHex(account.getPassword().getBytes()) + "," + CryptoHelper.bytesToHex(account.getPassword().getBytes()) + ","
+ CryptoHelper.bytesToHex(salt.getBytes()) + "," + CryptoHelper.bytesToHex(salt.getBytes()) + ","
+ String.valueOf(iterationCount) + String.valueOf(iterationCount)
+ getMechanism()
); );
if (keys == null) { if (keys == null) {
throw new AuthenticationException("Invalid keys generated"); throw new AuthenticationException("Invalid keys generated");