JDBC-635 Fixed: Some usernames cannot authenticate using SRP

Usernames that produce a SHA-1 hash with leading zeroes could not authenticate
FirebirdSQL · Dec 4, 2020 · e72e27d · e72e27d
1 parent bcadf68
commit e72e27d
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 2 deletions.
diff --git a/src/documentation/release_notes.md b/src/documentation/release_notes.md
@@ -256,6 +256,7 @@ The following has been changed or fixed since Jaybird 3.0.9:
 -   Fixed: Use of `isc_dpb_no_db_triggers` no longer logs a warning ([JDBC-628](http://tracker.firebirdsql.org/browse/JDBC-628))
 -   Fixed: First letter of JDBC escape was case-sensitive ([JDBC-632](http://tracker.firebirdsql.org/browse/JDBC-632)) \
     This was a regression compared to 2.2.x.
+-   Fixed: Some usernames cannot authenticate using SRP ([JDBC-635](http://tracker.firebirdsql.org/browse/JDBC-635))
 
 ### Known issues in Jaybird 3.0.10
 

diff --git a/src/main/org/firebirdsql/gds/ng/wire/auth/SrpClient.java b/src/main/org/firebirdsql/gds/ng/wire/auth/SrpClient.java
@@ -81,7 +81,10 @@ private static BigInteger fromBigByteArray(byte[] b) {
     }
 
     private static byte[] toBigByteArray(BigInteger n) {
-        byte[] b = n.toByteArray();
+        return stripLeadingZeroes(n.toByteArray());
+    }
+
+    private static byte[] stripLeadingZeroes(byte[] b) {
         if (b[0] != 0) {
             return b;
         }
@@ -200,7 +203,7 @@ byte[] clientProof(String user, String password, byte[] salt, BigInteger serverP
         final BigInteger n2 = fromBigByteArray(sha1(toBigByteArray(g)));
         final byte[] M = clientProofHash(
                 toBigByteArray(n1.modPow(n2, N)),
-                sha1(user.getBytes(StandardCharsets.UTF_8)),
+                stripLeadingZeroes(sha1(user.getBytes(StandardCharsets.UTF_8))),
                 salt,
                 toBigByteArray(publicKey),
                 toBigByteArray(serverPublicKey),

diff --git a/src/test/org/firebirdsql/jdbc/TestFBDriver.java b/src/test/org/firebirdsql/jdbc/TestFBDriver.java
@@ -437,5 +437,27 @@ public void testNormalizeProperties_dpbLongAliasAndAlias_throwsException() throw
         FBDriver.normalizeProperties(url, props);
     }
 
+    /**
+     * Test Srp authentication with an account (DAVIDS) that produces a hash with leading zero.
+     * <p>
+     * See <a href="http://tracker.firebirdsql.org/browse/JDBC-635">JDBC-635</a>.
+     * </p>
+     */
+    @Test
+    public void testProblematicUserAccount_DAVIDS() throws Exception {
+        String username = "DAVIDS";
+        String password = "aaa123";
+        databaseUserRule.createUser(username, password, "Srp");
+
+        Properties connectionProperties = getDefaultPropertiesForConnection();
+        connectionProperties.setProperty("user", username);
+        connectionProperties.setProperty("password", password);
+        connectionProperties.setProperty("authPlugins", "Srp256");
+
+        try (Connection connection = DriverManager.getConnection(getUrl(), connectionProperties)) {
+            assertTrue(connection.isValid(1000));
+        }
+    }
+
 }