From a29c7c725ec64c5f5b20b8df75931db828b0ba8d Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Mon, 24 Oct 2022 13:11:30 +0200 Subject: [PATCH] modify scram mechanisms to use guava hashing --- .../crypto/sasl/ScramMechanism.java | 29 ++++++------------- .../conversations/crypto/sasl/ScramSha1.java | 13 ++++----- .../crypto/sasl/ScramSha1Plus.java | 13 ++++----- .../crypto/sasl/ScramSha256.java | 12 ++++---- .../crypto/sasl/ScramSha256Plus.java | 13 ++++----- .../crypto/sasl/ScramSha512.java | 11 ++++--- .../crypto/sasl/ScramSha512Plus.java | 13 ++++----- 7 files changed, 47 insertions(+), 57 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java index 5825df29d..931debe01 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java @@ -1,15 +1,13 @@ package eu.siacs.conversations.crypto.sasl; import android.util.Base64; +import android.util.Log; import com.google.common.base.CaseFormat; import com.google.common.base.Objects; import com.google.common.cache.Cache; import com.google.common.cache.CacheBuilder; - -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.params.KeyParameter; +import com.google.common.hash.HashFunction; import java.nio.charset.Charset; import java.security.InvalidKeyException; @@ -17,6 +15,7 @@ import java.util.concurrent.ExecutionException; import javax.net.ssl.SSLSocket; +import eu.siacs.conversations.Config; import eu.siacs.conversations.entities.Account; import eu.siacs.conversations.utils.CryptoHelper; @@ -54,14 +53,14 @@ abstract class ScramMechanism extends SaslMechanism { clientFirstMessageBare = ""; } - protected abstract HMac getHMAC(); + protected abstract HashFunction getHMac(final byte[] key); - protected abstract Digest getDigest(); + protected abstract HashFunction getDigest(); private KeyPair getKeyPair(final String password, final String salt, final int iterations) throws ExecutionException { return CACHE.get( - new CacheKey(getHMAC().getAlgorithmName(), password, salt, iterations), + new CacheKey(getMechanism(), password, salt, iterations), () -> { final byte[] saltedPassword, serverKey, clientKey; saltedPassword = @@ -76,21 +75,11 @@ abstract class ScramMechanism extends SaslMechanism { } private byte[] hmac(final byte[] key, final byte[] input) throws InvalidKeyException { - final HMac hMac = getHMAC(); - hMac.init(new KeyParameter(key)); - hMac.update(input, 0, input.length); - final byte[] out = new byte[hMac.getMacSize()]; - hMac.doFinal(out, 0); - return out; + return getHMac(key).hashBytes(input).asBytes(); } - public byte[] digest(final byte[] bytes) { - final Digest digest = getDigest(); - digest.reset(); - digest.update(bytes, 0, bytes.length); - final byte[] out = new byte[digest.getDigestSize()]; - digest.doFinal(out, 0); - return out; + private byte[] digest(final byte[] bytes) { + return getDigest().hashBytes(bytes).asBytes(); } /* diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java index 9bcc8ad47..6f00c49eb 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java @@ -1,8 +1,7 @@ package eu.siacs.conversations.crypto.sasl; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.macs.HMac; +import com.google.common.hash.HashFunction; +import com.google.common.hash.Hashing; import eu.siacs.conversations.entities.Account; @@ -15,13 +14,13 @@ public class ScramSha1 extends ScramMechanism { } @Override - protected HMac getHMAC() { - return new HMac(new SHA1Digest()); + protected HashFunction getHMac(final byte[] key) { + return Hashing.hmacSha1(key); } @Override - protected Digest getDigest() { - return new SHA1Digest(); + protected HashFunction getDigest() { + return Hashing.sha1(); } @Override diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1Plus.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1Plus.java index d4f2fcb0b..d353bd9ee 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1Plus.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1Plus.java @@ -1,8 +1,7 @@ package eu.siacs.conversations.crypto.sasl; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.macs.HMac; +import com.google.common.hash.HashFunction; +import com.google.common.hash.Hashing; import eu.siacs.conversations.entities.Account; @@ -15,13 +14,13 @@ public class ScramSha1Plus extends ScramPlusMechanism { } @Override - protected HMac getHMAC() { - return new HMac(new SHA1Digest()); + protected HashFunction getHMac(final byte[] key) { + return Hashing.hmacSha1(key); } @Override - protected Digest getDigest() { - return new SHA1Digest(); + protected HashFunction getDigest() { + return Hashing.sha1(); } @Override diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256.java index 610ed788b..9d7d62c36 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256.java @@ -1,5 +1,8 @@ package eu.siacs.conversations.crypto.sasl; +import com.google.common.hash.HashFunction; +import com.google.common.hash.Hashing; + import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.macs.HMac; @@ -15,15 +18,14 @@ public class ScramSha256 extends ScramMechanism { } @Override - protected HMac getHMAC() { - return new HMac(new SHA256Digest()); + protected HashFunction getHMac(final byte[] key) { + return Hashing.hmacSha256(key); } @Override - protected Digest getDigest() { - return new SHA256Digest(); + protected HashFunction getDigest() { + return Hashing.sha256(); } - @Override public int getPriority() { return 25; diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java index f48a052ab..5f15e9bf1 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java @@ -1,8 +1,7 @@ package eu.siacs.conversations.crypto.sasl; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.macs.HMac; +import com.google.common.hash.HashFunction; +import com.google.common.hash.Hashing; import eu.siacs.conversations.entities.Account; @@ -15,13 +14,13 @@ public class ScramSha256Plus extends ScramPlusMechanism { } @Override - protected HMac getHMAC() { - return new HMac(new SHA256Digest()); + protected HashFunction getHMac(final byte[] key) { + return Hashing.hmacSha256(key); } @Override - protected Digest getDigest() { - return new SHA256Digest(); + protected HashFunction getDigest() { + return Hashing.sha256(); } @Override diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512.java index 3d54b39e9..8194ac0ac 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512.java @@ -1,5 +1,8 @@ package eu.siacs.conversations.crypto.sasl; +import com.google.common.hash.HashFunction; +import com.google.common.hash.Hashing; + import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.SHA512Digest; import org.bouncycastle.crypto.macs.HMac; @@ -15,13 +18,13 @@ public class ScramSha512 extends ScramMechanism { } @Override - protected HMac getHMAC() { - return new HMac(new SHA512Digest()); + protected HashFunction getHMac(final byte[] key) { + return Hashing.hmacSha512(key); } @Override - protected Digest getDigest() { - return new SHA512Digest(); + protected HashFunction getDigest() { + return Hashing.sha512(); } @Override diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java index 8cec1f33f..610c87e23 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java @@ -1,8 +1,7 @@ package eu.siacs.conversations.crypto.sasl; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.macs.HMac; +import com.google.common.hash.HashFunction; +import com.google.common.hash.Hashing; import eu.siacs.conversations.entities.Account; @@ -15,13 +14,13 @@ public class ScramSha512Plus extends ScramPlusMechanism { } @Override - protected HMac getHMAC() { - return new HMac(new SHA512Digest()); + protected HashFunction getHMac(final byte[] key) { + return Hashing.hmacSha512(key); } @Override - protected Digest getDigest() { - return new SHA512Digest(); + protected HashFunction getDigest() { + return Hashing.sha512(); } @Override