From cfdda5f8fde8d480334b136bdf2317d66eb5e497 Mon Sep 17 00:00:00 2001 From: Sam Whited Date: Sat, 15 Nov 2014 21:09:51 -0500 Subject: Don't escape passwords in SASL Fixes #671 --- src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java | 4 ++-- src/main/java/eu/siacs/conversations/utils/CryptoHelper.java | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/main/java') diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java index f5765cf1..10cd3167 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java @@ -52,7 +52,7 @@ public class ScramSha1 extends SaslMechanism { final String[] kparts = k.split(",", 4); try { final byte[] saltedPassword, serverKey, clientKey; - saltedPassword = hi(CryptoHelper.saslPrep(CryptoHelper.hexToString(kparts[1])).getBytes(), + saltedPassword = hi(CryptoHelper.hexToString(kparts[1]).getBytes(), Base64.decode(CryptoHelper.hexToString(kparts[2]), Base64.DEFAULT), Integer.valueOf(kparts[3])); serverKey = hmac(saltedPassword, SERVER_KEY_BYTES); clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES); @@ -88,7 +88,7 @@ public class ScramSha1 extends SaslMechanism { @Override public String getClientFirstMessage() { if (clientFirstMessageBare.isEmpty() && state == State.INITIAL) { - clientFirstMessageBare = "n=" + CryptoHelper.saslPrep(account.getUsername()) + + clientFirstMessageBare = "n=" + CryptoHelper.saslEscape(CryptoHelper.saslPrep(account.getUsername())) + ",r=" + this.clientNonce; state = State.AUTH_TEXT_SENT; } diff --git a/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java b/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java index b4a6e65c..7a36e2ba 100644 --- a/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java +++ b/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java @@ -80,7 +80,7 @@ public class CryptoHelper { } public static String saslPrep(final String s) { - return saslEscape(Normalizer.normalize(s, Normalizer.Form.NFKC)); + return Normalizer.normalize(s, Normalizer.Form.NFKC); } public static String prettifyFingerprint(String fingerprint) { -- cgit v1.2.3