Mercury-IM/Smack
Mercury-IM/Smack
1
0
Fork 0
mirror of https://codeberg.org/Mercury-IM/Smack synced 2024-11-22 22:32:06 +01:00
Code Issues Releases Wiki Activity

SCRAM-SHA1: Always calculate serverSignature

Browse source 
Otherwise we may get an NPE if the key was cached:

Connection closed with error java.lang.NullPointerException: Attempt to get length of null array
	at org.jivesoftware.smack.util.stringencoder.Base64.encodeToString(Base64.java:43)
	at org.jivesoftware.smack.sasl.core.SCRAMSHA1Mechanism.evaluateChallenge(SCRAMSHA1Mechanism.java:201)
	at org.jivesoftware.smack.sasl.SASLMechanism.challengeReceived(SASLMechanism.java:230)
 	at org.jivesoftware.smack.SASLAuthentication.challengeReceived(SASLAuthentication.java:328)
 	at org.jivesoftware.smack.SASLAuthentication.authenticated(SASLAuthentication.java:347)
 	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$200(XMPPTCPConnection.java:894)
 	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:909)
 	at java.lang.Thread.run(Thread.java:818)
This commit is contained in:
Florian Schmaus 2015-01-25 23:31:26 +01:00
parent 1407f10f7f
commit 7aa784a494
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
smack-core/src/main/java/org/jivesoftware/smack/sasl/core/SCRAMSHA1Mechanism.java
View file

@ -167,9 +167,6 @@ public class SCRAMSHA1Mechanism extends SASLMechanism {
// ServerKey := HMAC(SaltedPassword, "Server Key") // ServerKey := HMAC(SaltedPassword, "Server Key")
serverKey = hmac(saltedPassword, SERVER_KEY_BYTES); serverKey = hmac(saltedPassword, SERVER_KEY_BYTES);
// ServerSignature := HMAC(ServerKey, AuthMessage)
serverSignature = hmac(serverKey, authMessage);
// ClientKey := HMAC(SaltedPassword, "Client Key") // ClientKey := HMAC(SaltedPassword, "Client Key")
clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES); clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES);
@ -181,6 +178,8 @@ public class SCRAMSHA1Mechanism extends SASLMechanism {
clientKey = keys.clientKey; clientKey = keys.clientKey;
} }
// ServerSignature := HMAC(ServerKey, AuthMessage)
serverSignature = hmac(serverKey, authMessage);
// StoredKey := H(ClientKey) // StoredKey := H(ClientKey)
byte[] storedKey = SHA1.bytes(clientKey); byte[] storedKey = SHA1.bytes(clientKey);