use base64 instead of base36 when creating random strings

author: Christian Schneppe <christian@pix-art.de> 2017-08-01 13:46:40 +0200
committer: Christian Schneppe <christian@pix-art.de> 2017-08-01 13:46:40 +0200
commit: bec8886c3028261820691c2d86f677fefbfc9a81 (patch)
tree: c5ac628c362395c063a3fd0b82b176763b6baab4 /src/main/java
parent: a76bc74a970b051c3ac247ebd3d20fc5a98c8542 (diff)
4 files changed, 21 insertions, 5 deletions
diff --git a/src/main/java/de/pixart/messenger/crypto/sasl/SaslMechanism.java b/src/main/java/de/pixart/messenger/crypto/sasl/SaslMechanism.java
index 8b8883b9f..cce453455 100644
--- a/src/main/java/de/pixart/messenger/crypto/sasl/SaslMechanism.java
+++ b/src/main/java/de/pixart/messenger/crypto/sasl/SaslMechanism.java
@@ -26,6 +26,10 @@ public abstract class SaslMechanism {
         public AuthenticationException(final Exception inner) {
             super(inner);
         }
+
+        public AuthenticationException(final String message, final Exception exception) {
+            super(message, exception);
+        }
     }
 
     public static class InvalidStateException extends AuthenticationException {
diff --git a/src/main/java/de/pixart/messenger/crypto/sasl/ScramMechanism.java b/src/main/java/de/pixart/messenger/crypto/sasl/ScramMechanism.java
index 4165e0947..8dfffaeba 100644
--- a/src/main/java/de/pixart/messenger/crypto/sasl/ScramMechanism.java
+++ b/src/main/java/de/pixart/messenger/crypto/sasl/ScramMechanism.java
@@ -10,7 +10,6 @@ import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.crypto.params.KeyParameter;
 
-import java.math.BigInteger;
 import java.nio.charset.Charset;
 import java.security.InvalidKeyException;
 import java.security.SecureRandom;
@@ -71,7 +70,7 @@ abstract class ScramMechanism extends SaslMechanism {
         super(tagWriter, account, rng);
 
         // This nonce should be different for each authentication attempt.
-        clientNonce = new BigInteger(100, this.rng).toString(32);
+        clientNonce = CryptoHelper.random(100, rng);
         clientFirstMessageBare = "";
     }
 
@@ -94,7 +93,12 @@ abstract class ScramMechanism extends SaslMechanism {
                 if (challenge == null) {
                     throw new AuthenticationException("challenge can not be null");
                 }
-                byte[] serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT);
+                byte[] serverFirstMessage;
+                try {
+                    serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT);
+                } catch (IllegalArgumentException e) {
+                    throw new AuthenticationException("Unable to decode server challenge", e);
+                }
                 final Tokenizer tokenizer = new Tokenizer(serverFirstMessage);
                 String nonce = "";
                 int iterationCount = -1;
diff --git a/src/main/java/de/pixart/messenger/utils/CryptoHelper.java b/src/main/java/de/pixart/messenger/utils/CryptoHelper.java
index 44e89d8fc..da34200bf 100644
--- a/src/main/java/de/pixart/messenger/utils/CryptoHelper.java
+++ b/src/main/java/de/pixart/messenger/utils/CryptoHelper.java
@@ -1,6 +1,7 @@
 package de.pixart.messenger.utils;
 
 import android.os.Bundle;
+import android.util.Base64;
 import android.util.Pair;
 
 import org.bouncycastle.asn1.x500.X500Name;
@@ -12,6 +13,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
@@ -96,6 +98,12 @@ public final class CryptoHelper {
         return Normalizer.normalize(s, Normalizer.Form.NFKC);
     }
 
+    public static String random(int length, SecureRandom random) {
+        final byte[] bytes = new byte[length];
+        random.nextBytes(bytes);
+        return Base64.encodeToString(bytes, Base64.NO_PADDING | Base64.NO_WRAP);
+    }
+
     public static String prettifyFingerprint(String fingerprint) {
         if (fingerprint == null) {
             return "";
diff --git a/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java b/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java
index 084040db1..24510b038 100644
--- a/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java
+++ b/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java
@@ -16,7 +16,6 @@ import org.xmlpull.v1.XmlPullParserException;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.math.BigInteger;
 import java.net.ConnectException;
 import java.net.IDN;
 import java.net.InetAddress;
@@ -68,6 +67,7 @@ import de.pixart.messenger.generator.IqGenerator;
 import de.pixart.messenger.services.NotificationService;
 import de.pixart.messenger.services.XmppConnectionService;
 import de.pixart.messenger.ui.EditAccountActivity;
+import de.pixart.messenger.utils.CryptoHelper;
 import de.pixart.messenger.utils.IP;
 import de.pixart.messenger.utils.Namespace;
 import de.pixart.messenger.utils.Patterns;
@@ -1351,7 +1351,7 @@ public class XmppConnection implements Runnable {
     }
 
     private String nextRandomId() {
-        return new BigInteger(50, mXmppConnectionService.getRNG()).toString(36);
+        return CryptoHelper.random(50,mXmppConnectionService.getRNG());
     }
 
     public String sendIqPacket(final IqPacket packet, final OnIqPacketReceived callback) {
author	Christian Schneppe <christian@pix-art.de>	2017-08-01 13:46:40 +0200
committer	Christian Schneppe <christian@pix-art.de>	2017-08-01 13:46:40 +0200
commit	bec8886c3028261820691c2d86f677fefbfc9a81 (patch)
tree	c5ac628c362395c063a3fd0b82b176763b6baab4 /src/main/java
parent	a76bc74a970b051c3ac247ebd3d20fc5a98c8542 (diff)