From bec8886c3028261820691c2d86f677fefbfc9a81 Mon Sep 17 00:00:00 2001 From: Christian Schneppe Date: Tue, 1 Aug 2017 13:46:40 +0200 Subject: use base64 instead of base36 when creating random strings --- .../java/de/pixart/messenger/crypto/sasl/SaslMechanism.java | 4 ++++ .../java/de/pixart/messenger/crypto/sasl/ScramMechanism.java | 10 +++++++--- src/main/java/de/pixart/messenger/utils/CryptoHelper.java | 8 ++++++++ src/main/java/de/pixart/messenger/xmpp/XmppConnection.java | 4 ++-- 4 files changed, 21 insertions(+), 5 deletions(-) (limited to 'src/main/java/de/pixart') diff --git a/src/main/java/de/pixart/messenger/crypto/sasl/SaslMechanism.java b/src/main/java/de/pixart/messenger/crypto/sasl/SaslMechanism.java index 8b8883b9f..cce453455 100644 --- a/src/main/java/de/pixart/messenger/crypto/sasl/SaslMechanism.java +++ b/src/main/java/de/pixart/messenger/crypto/sasl/SaslMechanism.java @@ -26,6 +26,10 @@ public abstract class SaslMechanism { public AuthenticationException(final Exception inner) { super(inner); } + + public AuthenticationException(final String message, final Exception exception) { + super(message, exception); + } } public static class InvalidStateException extends AuthenticationException { diff --git a/src/main/java/de/pixart/messenger/crypto/sasl/ScramMechanism.java b/src/main/java/de/pixart/messenger/crypto/sasl/ScramMechanism.java index 4165e0947..8dfffaeba 100644 --- a/src/main/java/de/pixart/messenger/crypto/sasl/ScramMechanism.java +++ b/src/main/java/de/pixart/messenger/crypto/sasl/ScramMechanism.java @@ -10,7 +10,6 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.crypto.params.KeyParameter; -import java.math.BigInteger; import java.nio.charset.Charset; import java.security.InvalidKeyException; import java.security.SecureRandom; @@ -71,7 +70,7 @@ abstract class ScramMechanism extends SaslMechanism { super(tagWriter, account, rng); // This nonce should be different for each authentication attempt. - clientNonce = new BigInteger(100, this.rng).toString(32); + clientNonce = CryptoHelper.random(100, rng); clientFirstMessageBare = ""; } @@ -94,7 +93,12 @@ abstract class ScramMechanism extends SaslMechanism { if (challenge == null) { throw new AuthenticationException("challenge can not be null"); } - byte[] serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT); + byte[] serverFirstMessage; + try { + serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT); + } catch (IllegalArgumentException e) { + throw new AuthenticationException("Unable to decode server challenge", e); + } final Tokenizer tokenizer = new Tokenizer(serverFirstMessage); String nonce = ""; int iterationCount = -1; diff --git a/src/main/java/de/pixart/messenger/utils/CryptoHelper.java b/src/main/java/de/pixart/messenger/utils/CryptoHelper.java index 44e89d8fc..da34200bf 100644 --- a/src/main/java/de/pixart/messenger/utils/CryptoHelper.java +++ b/src/main/java/de/pixart/messenger/utils/CryptoHelper.java @@ -1,6 +1,7 @@ package de.pixart.messenger.utils; import android.os.Bundle; +import android.util.Base64; import android.util.Pair; import org.bouncycastle.asn1.x500.X500Name; @@ -12,6 +13,7 @@ import java.net.MalformedURLException; import java.net.URL; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; @@ -96,6 +98,12 @@ public final class CryptoHelper { return Normalizer.normalize(s, Normalizer.Form.NFKC); } + public static String random(int length, SecureRandom random) { + final byte[] bytes = new byte[length]; + random.nextBytes(bytes); + return Base64.encodeToString(bytes, Base64.NO_PADDING | Base64.NO_WRAP); + } + public static String prettifyFingerprint(String fingerprint) { if (fingerprint == null) { return ""; diff --git a/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java b/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java index 084040db1..24510b038 100644 --- a/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java +++ b/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java @@ -16,7 +16,6 @@ import org.xmlpull.v1.XmlPullParserException; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.math.BigInteger; import java.net.ConnectException; import java.net.IDN; import java.net.InetAddress; @@ -68,6 +67,7 @@ import de.pixart.messenger.generator.IqGenerator; import de.pixart.messenger.services.NotificationService; import de.pixart.messenger.services.XmppConnectionService; import de.pixart.messenger.ui.EditAccountActivity; +import de.pixart.messenger.utils.CryptoHelper; import de.pixart.messenger.utils.IP; import de.pixart.messenger.utils.Namespace; import de.pixart.messenger.utils.Patterns; @@ -1351,7 +1351,7 @@ public class XmppConnection implements Runnable { } private String nextRandomId() { - return new BigInteger(50, mXmppConnectionService.getRNG()).toString(36); + return CryptoHelper.random(50,mXmppConnectionService.getRNG()); } public String sendIqPacket(final IqPacket packet, final OnIqPacketReceived callback) { -- cgit v1.2.3