add SRP authenticaton support #4
Conversation
|
|
||
|
|
||
| private static BigInteger getUserHash(String user, String password, byte[] salt) { | ||
| final byte[] hash1 = sha1(user.getBytes(), ":".getBytes(), password.getBytes()); |
There was a problem hiding this comment.
Not entirely sure, but I think this should use UTF-8 (as in getBytes(StandardCharsets.UTF_8)).
We will also need to handle username or password being null (although not necessarily here).
There was a problem hiding this comment.
On 08/19/2015 04:41 PM, Mark Rotteveel wrote:
byte[] b = new byte[SRP_KEY_SIZE/8];SecureRandom random = new SecureRandom();random.nextBytes(b);return fromBigByteArray(b);- }
- private static byte[] getSalt() {
byte[] b = new byte[SRP_SALT_SIZE];SecureRandom random = new SecureRandom();random.nextBytes(b);return b;- }
- private static BigInteger getUserHash(String user, String password, byte[] salt) {
final byte[] hash1 = sha1(user.getBytes(), ":".getBytes(), password.getBytes());getBytes(StandardCharsets.UTF_8)
Password should be in UTF8 charset for correct calculations.
|
|
||
| private static BigInteger getSecret() { | ||
| byte[] b = new byte[SRP_KEY_SIZE/8]; | ||
| SecureRandom random = new SecureRandom(); |
There was a problem hiding this comment.
Declare the random generator once on the class level
|
Thanks, I will check it in more detail this weekend. Were you also planning to work on the wire encryption? |
|
Yes, I will work about wire encryption, after this patch merged. |
| } | ||
|
|
||
| private static BigInteger fromBigByteArray(byte[] b) { | ||
| return new BigInteger(DatatypeConverter.printHexBinary(b), 16); |
There was a problem hiding this comment.
Would it be possible to use the BigInteger(byte[]) constructor here instead, or are you trying to avoid negative BigInteger values? In that case new BigInteger(int signum, byte[] magnitude) can be used This will prevent the String conversion step.
There was a problem hiding this comment.
Sorry I didn't know the constructor, and I don't know which is better.
This conversion need keep positive, But I did'nt try BigInteger(int signum, byte[] magnitude) constructor, so I don't know the constructor keep positive or not.
|
@nakagami Could you take a look at my comments regarding the use of other |
|
I get random "Your user name and password are not defined. Ask your database administrator to set up a Firebird login." errors for +/- 30 out of 2400 tests (the failing tests are random), this seems to indicate that something is not entirely correct with how SRP is handled. |
| spb.addArgument(isc_spb_password, props.getPassword(), encoding); | ||
| } | ||
| if (props.getRoleName() != null) { | ||
| spb.addArgument(isc_spb_sql_role_name, props.getRoleName(), encoding); | ||
| } | ||
| if (props.getAuthData() != null) { | ||
| spb.addArgument(isc_dpb_specific_auth_data, DatatypeConverter.printHexBinary(props.getAuthData()), encoding); |
There was a problem hiding this comment.
Must use isc_spb_specific_auth_data instead
There was a problem hiding this comment.
fix it, and pushed.
|
I have add a few commit and push them. |
|
Thanks, I will see if I can use the |
|
I merged the changes including some changes based on my review. Thank you for your contribution! |
SRP authentication (protocol version13) support.
But not WireCrypt.