sasl prep password before hashing. fixes #1893

This commit is contained in:
Daniel Gultsch 2020-05-19 15:28:12 +02:00
parent d17f4acd3e
commit f8fedf0059

View file

@ -34,11 +34,11 @@ abstract class ScramMechanism extends SaslMechanism {
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism". // Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
// Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()' // Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
// is applied to prevent commas in the strings breaking things. // is applied to prevent commas in the strings breaking things.
final String[] kparts = k.split(",", 5); final String[] kParts = k.split(",", 5);
try { try {
final byte[] saltedPassword, serverKey, clientKey; final byte[] saltedPassword, serverKey, clientKey;
saltedPassword = hi(CryptoHelper.hexToString(kparts[1]).getBytes(), saltedPassword = hi(CryptoHelper.hexToString(kParts[1]).getBytes(),
Base64.decode(CryptoHelper.hexToString(kparts[2]), Base64.DEFAULT), Integer.valueOf(kparts[3])); Base64.decode(CryptoHelper.hexToString(kParts[2]), Base64.DEFAULT), Integer.parseInt(kParts[3]));
serverKey = hmac(saltedPassword, SERVER_KEY_BYTES); serverKey = hmac(saltedPassword, SERVER_KEY_BYTES);
clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES); clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES);
@ -173,10 +173,10 @@ abstract class ScramMechanism extends SaslMechanism {
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism". // Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
final KeyPair keys = CACHE.get( final KeyPair keys = CACHE.get(
CryptoHelper.bytesToHex(account.getJid().asBareJid().toEscapedString().getBytes()) + "," CryptoHelper.bytesToHex(CryptoHelper.saslPrep(account.getJid().asBareJid().toEscapedString()).getBytes()) + ","
+ CryptoHelper.bytesToHex(account.getPassword().getBytes()) + "," + CryptoHelper.bytesToHex(CryptoHelper.saslPrep(account.getPassword()).getBytes()) + ","
+ CryptoHelper.bytesToHex(salt.getBytes()) + "," + CryptoHelper.bytesToHex(salt.getBytes()) + ","
+ String.valueOf(iterationCount) + "," + iterationCount + ","
+ getMechanism() + getMechanism()
); );
if (keys == null) { if (keys == null) {