sasl prep password before hashing. fixes #1893

(cherry picked from commit f8fedf0059459dcf87c34a7ab4eb2b0caa1fb564)
2020-05-19 15:28:12 +02:00 · 2020-05-19 15:28:12 +02:00 · 2f70a86f06
commit 2f70a86f06
parent 125b41da7d
1 changed files with 6 additions and 6 deletions
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
@ -34,11 +34,11 @@ abstract class ScramMechanism extends SaslMechanism {
                // Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
                // Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
                // is applied to prevent commas in the strings breaking things.
-                final String[] kparts = k.split(",", 5);
+                final String[] kParts = k.split(",", 5);
                try {
                    final byte[] saltedPassword, serverKey, clientKey;
-                    saltedPassword = hi(CryptoHelper.hexToString(kparts[1]).getBytes(),
-                            Base64.decode(CryptoHelper.hexToString(kparts[2]), Base64.DEFAULT), Integer.valueOf(kparts[3]));
+                    saltedPassword = hi(CryptoHelper.hexToString(kParts[1]).getBytes(),
+                            Base64.decode(CryptoHelper.hexToString(kParts[2]), Base64.DEFAULT), Integer.parseInt(kParts[3]));
                    serverKey = hmac(saltedPassword, SERVER_KEY_BYTES);
                    clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES);

@ -175,10 +175,10 @@ abstract class ScramMechanism extends SaslMechanism {

                // Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
                final KeyPair keys = CACHE.get(
-                        CryptoHelper.bytesToHex(account.getJid().asBareJid().toEscapedString().getBytes()) + ","
-                                + CryptoHelper.bytesToHex(account.getPassword().getBytes()) + ","
+                        CryptoHelper.bytesToHex(CryptoHelper.saslPrep(account.getJid().asBareJid().toEscapedString()).getBytes()) + ","
+                                + CryptoHelper.bytesToHex(CryptoHelper.saslPrep(account.getPassword()).getBytes()) + ","
                                + CryptoHelper.bytesToHex(salt.getBytes()) + ","
-                                + String.valueOf(iterationCount) + ","
+                                + iterationCount + ","
                                + getMechanism()
                );
                if (keys == null) {