New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add SRP authenticaton support #4
Conversation
|
||
|
||
private static BigInteger getUserHash(String user, String password, byte[] salt) { | ||
final byte[] hash1 = sha1(user.getBytes(), ":".getBytes(), password.getBytes()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not entirely sure, but I think this should use UTF-8 (as in getBytes(StandardCharsets.UTF_8)
).
We will also need to handle username or password being null (although not necessarily here).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On 08/19/2015 04:41 PM, Mark Rotteveel wrote:
byte[] b = new byte[SRP_KEY_SIZE/8];
SecureRandom random = new SecureRandom();
random.nextBytes(b);
return fromBigByteArray(b);
- }
- private static byte[] getSalt() {
byte[] b = new byte[SRP_SALT_SIZE];
SecureRandom random = new SecureRandom();
random.nextBytes(b);
return b;
- }
- private static BigInteger getUserHash(String user, String password, byte[] salt) {
Not entirely sure, but I think this should use UTF-8 (as infinal byte[] hash1 = sha1(user.getBytes(), ":".getBytes(), password.getBytes());
getBytes(StandardCharsets.UTF_8)
Password should be in UTF8 charset for correct calculations.
|
||
private static BigInteger getSecret() { | ||
byte[] b = new byte[SRP_KEY_SIZE/8]; | ||
SecureRandom random = new SecureRandom(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Declare the random generator once on the class level
Thanks, I will check it in more detail this weekend. Were you also planning to work on the wire encryption? |
Yes, I will work about wire encryption, after this patch merged. |
} | ||
|
||
private static BigInteger fromBigByteArray(byte[] b) { | ||
return new BigInteger(DatatypeConverter.printHexBinary(b), 16); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be possible to use the BigInteger(byte[])
constructor here instead, or are you trying to avoid negative BigInteger values? In that case new BigInteger(int signum, byte[] magnitude)
can be used This will prevent the String conversion step.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I didn't know the constructor, and I don't know which is better.
This conversion need keep positive, But I did'nt try BigInteger(int signum, byte[] magnitude) constructor, so I don't know the constructor keep positive or not.
@nakagami Could you take a look at my comments regarding the use of other |
I get random "Your user name and password are not defined. Ask your database administrator to set up a Firebird login." errors for +/- 30 out of 2400 tests (the failing tests are random), this seems to indicate that something is not entirely correct with how SRP is handled. |
spb.addArgument(isc_spb_password, props.getPassword(), encoding); | ||
} | ||
if (props.getRoleName() != null) { | ||
spb.addArgument(isc_spb_sql_role_name, props.getRoleName(), encoding); | ||
} | ||
if (props.getAuthData() != null) { | ||
spb.addArgument(isc_dpb_specific_auth_data, DatatypeConverter.printHexBinary(props.getAuthData()), encoding); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Must use isc_spb_specific_auth_data
instead
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fix it, and pushed.
I have add a few commit and push them. |
Thanks, I will see if I can use the |
I merged the changes including some changes based on my review. Thank you for your contribution! |
SRP authentication (protocol version13) support.
But not WireCrypt.