2016-11-20 15:08:59 +01:00
|
|
|
/**
|
|
|
|
*
|
2020-07-02 13:07:17 +02:00
|
|
|
* Copyright 2014-2020 Florian Schmaus
|
2016-11-20 15:08:59 +01:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
package org.jivesoftware.smack.sasl.core;
|
|
|
|
|
2019-05-08 11:34:40 +02:00
|
|
|
import java.nio.charset.StandardCharsets;
|
2016-11-20 15:08:59 +01:00
|
|
|
import java.security.InvalidKeyException;
|
|
|
|
import java.security.SecureRandom;
|
|
|
|
import java.util.Collections;
|
|
|
|
import java.util.HashMap;
|
|
|
|
import java.util.Map;
|
2017-03-10 17:16:53 +01:00
|
|
|
import java.util.Random;
|
2016-11-20 15:08:59 +01:00
|
|
|
|
|
|
|
import javax.security.auth.callback.CallbackHandler;
|
|
|
|
|
|
|
|
import org.jivesoftware.smack.SmackException;
|
2019-02-10 19:50:46 +01:00
|
|
|
import org.jivesoftware.smack.SmackException.SmackSaslException;
|
2016-11-20 15:08:59 +01:00
|
|
|
import org.jivesoftware.smack.sasl.SASLMechanism;
|
|
|
|
import org.jivesoftware.smack.util.ByteUtils;
|
|
|
|
import org.jivesoftware.smack.util.SHA1;
|
2016-11-20 19:32:26 +01:00
|
|
|
import org.jivesoftware.smack.util.StringUtils;
|
2016-11-20 15:08:59 +01:00
|
|
|
import org.jivesoftware.smack.util.stringencoder.Base64;
|
2017-06-14 17:12:43 +02:00
|
|
|
|
2016-11-20 15:08:59 +01:00
|
|
|
import org.jxmpp.util.cache.Cache;
|
|
|
|
import org.jxmpp.util.cache.LruCache;
|
|
|
|
|
|
|
|
public abstract class ScramMechanism extends SASLMechanism {
|
|
|
|
|
|
|
|
private static final int RANDOM_ASCII_BYTE_COUNT = 32;
|
|
|
|
private static final byte[] CLIENT_KEY_BYTES = toBytes("Client Key");
|
|
|
|
private static final byte[] SERVER_KEY_BYTES = toBytes("Server Key");
|
|
|
|
private static final byte[] ONE = new byte[] { 0, 0, 0, 1 };
|
|
|
|
|
2017-03-10 17:16:53 +01:00
|
|
|
private static final ThreadLocal<SecureRandom> SECURE_RANDOM = new ThreadLocal<SecureRandom>() {
|
|
|
|
@Override
|
|
|
|
protected SecureRandom initialValue() {
|
|
|
|
return new SecureRandom();
|
|
|
|
}
|
|
|
|
};
|
2016-11-20 15:08:59 +01:00
|
|
|
|
|
|
|
private static final Cache<String, Keys> CACHE = new LruCache<String, Keys>(10);
|
|
|
|
|
|
|
|
private final ScramHmac scramHmac;
|
|
|
|
|
|
|
|
protected ScramMechanism(ScramHmac scramHmac) {
|
|
|
|
this.scramHmac = scramHmac;
|
|
|
|
}
|
|
|
|
|
|
|
|
private enum State {
|
|
|
|
INITIAL,
|
|
|
|
AUTH_TEXT_SENT,
|
|
|
|
RESPONSE_SENT,
|
|
|
|
VALID_SERVER_RESPONSE,
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The state of the this instance of SASL SCRAM-SHA1 authentication.
|
|
|
|
*/
|
|
|
|
private State state = State.INITIAL;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The client's random ASCII which is used as nonce
|
|
|
|
*/
|
|
|
|
private String clientRandomAscii;
|
|
|
|
|
|
|
|
private String clientFirstMessageBare;
|
|
|
|
private byte[] serverSignature;
|
|
|
|
|
|
|
|
@Override
|
2019-02-10 19:50:46 +01:00
|
|
|
protected void authenticateInternal(CallbackHandler cbh) {
|
2016-11-20 15:08:59 +01:00
|
|
|
throw new UnsupportedOperationException("CallbackHandler not (yet) supported");
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
2019-02-10 19:50:46 +01:00
|
|
|
protected byte[] getAuthenticationText() {
|
2016-11-20 15:08:59 +01:00
|
|
|
clientRandomAscii = getRandomAscii();
|
|
|
|
String saslPrepedAuthcId = saslPrep(authenticationId);
|
|
|
|
clientFirstMessageBare = "n=" + escape(saslPrepedAuthcId) + ",r=" + clientRandomAscii;
|
|
|
|
String clientFirstMessage = getGS2Header() + clientFirstMessageBare;
|
|
|
|
state = State.AUTH_TEXT_SENT;
|
|
|
|
return toBytes(clientFirstMessage);
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public String getName() {
|
|
|
|
String name = "SCRAM-" + scramHmac.getHmacName();
|
|
|
|
return name;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
2019-02-10 19:50:46 +01:00
|
|
|
public void checkIfSuccessfulOrThrow() throws SmackSaslException {
|
2016-11-20 15:08:59 +01:00
|
|
|
if (state != State.VALID_SERVER_RESPONSE) {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("SCRAM-SHA1 is missing valid server response");
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public boolean authzidSupported() {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
2019-02-10 19:50:46 +01:00
|
|
|
protected byte[] evaluateChallenge(byte[] challenge) throws SmackSaslException {
|
2019-05-08 11:34:40 +02:00
|
|
|
// TODO: Where is it specified that this is an UTF-8 encoded string?
|
|
|
|
String challengeString = new String(challenge, StandardCharsets.UTF_8);
|
2017-02-11 16:16:41 +01:00
|
|
|
|
2016-11-20 15:08:59 +01:00
|
|
|
switch (state) {
|
|
|
|
case AUTH_TEXT_SENT:
|
|
|
|
final String serverFirstMessage = challengeString;
|
|
|
|
Map<Character, String> attributes = parseAttributes(challengeString);
|
|
|
|
|
|
|
|
// Handle server random ASCII (nonce)
|
|
|
|
String rvalue = attributes.get('r');
|
|
|
|
if (rvalue == null) {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("Server random ASCII is null");
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
if (rvalue.length() <= clientRandomAscii.length()) {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("Server random ASCII is shorter then client random ASCII");
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
String receivedClientRandomAscii = rvalue.substring(0, clientRandomAscii.length());
|
|
|
|
if (!receivedClientRandomAscii.equals(clientRandomAscii)) {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("Received client random ASCII does not match client random ASCII");
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Handle iterations
|
|
|
|
int iterations;
|
|
|
|
String iterationsString = attributes.get('i');
|
|
|
|
if (iterationsString == null) {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("Iterations attribute not set");
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
try {
|
|
|
|
iterations = Integer.parseInt(iterationsString);
|
|
|
|
}
|
|
|
|
catch (NumberFormatException e) {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("Exception parsing iterations", e);
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Handle salt
|
|
|
|
String salt = attributes.get('s');
|
|
|
|
if (salt == null) {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("SALT not send");
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Parsing and error checking is done, we can now begin to calculate the values
|
|
|
|
|
|
|
|
// First the client-final-message-without-proof
|
2016-11-20 19:32:26 +01:00
|
|
|
String channelBinding = "c=" + Base64.encodeToString(getCBindInput());
|
|
|
|
String clientFinalMessageWithoutProof = channelBinding + ",r=" + rvalue;
|
2016-11-20 15:08:59 +01:00
|
|
|
|
|
|
|
// AuthMessage := client-first-message-bare + "," + server-first-message + "," +
|
|
|
|
// client-final-message-without-proof
|
|
|
|
byte[] authMessage = toBytes(clientFirstMessageBare + ',' + serverFirstMessage + ','
|
|
|
|
+ clientFinalMessageWithoutProof);
|
|
|
|
|
|
|
|
// RFC 5802 § 5.1 "Note that a client implementation MAY cache ClientKey&ServerKey … for later reauthentication …
|
|
|
|
// as it is likely that the server is going to advertise the same salt value upon reauthentication."
|
2016-11-20 19:32:26 +01:00
|
|
|
// Note that we also mangle the mechanism's name into the cache key, since the cache is used by multiple
|
|
|
|
// mechanisms.
|
|
|
|
final String cacheKey = password + ',' + salt + ',' + getName();
|
2016-11-20 15:08:59 +01:00
|
|
|
byte[] serverKey, clientKey;
|
2017-01-02 09:07:57 +01:00
|
|
|
Keys keys = CACHE.lookup(cacheKey);
|
2016-11-20 15:08:59 +01:00
|
|
|
if (keys == null) {
|
|
|
|
// SaltedPassword := Hi(Normalize(password), salt, i)
|
|
|
|
byte[] saltedPassword = hi(saslPrep(password), Base64.decode(salt), iterations);
|
|
|
|
|
|
|
|
// ServerKey := HMAC(SaltedPassword, "Server Key")
|
|
|
|
serverKey = hmac(saltedPassword, SERVER_KEY_BYTES);
|
|
|
|
|
|
|
|
// ClientKey := HMAC(SaltedPassword, "Client Key")
|
|
|
|
clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES);
|
|
|
|
|
|
|
|
keys = new Keys(clientKey, serverKey);
|
|
|
|
CACHE.put(cacheKey, keys);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
serverKey = keys.serverKey;
|
|
|
|
clientKey = keys.clientKey;
|
|
|
|
}
|
|
|
|
|
|
|
|
// ServerSignature := HMAC(ServerKey, AuthMessage)
|
|
|
|
serverSignature = hmac(serverKey, authMessage);
|
|
|
|
|
|
|
|
// StoredKey := H(ClientKey)
|
|
|
|
byte[] storedKey = SHA1.bytes(clientKey);
|
|
|
|
|
|
|
|
// ClientSignature := HMAC(StoredKey, AuthMessage)
|
|
|
|
byte[] clientSignature = hmac(storedKey, authMessage);
|
|
|
|
|
|
|
|
// ClientProof := ClientKey XOR ClientSignature
|
|
|
|
byte[] clientProof = new byte[clientKey.length];
|
|
|
|
for (int i = 0; i < clientProof.length; i++) {
|
|
|
|
clientProof[i] = (byte) (clientKey[i] ^ clientSignature[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
String clientFinalMessage = clientFinalMessageWithoutProof + ",p=" + Base64.encodeToString(clientProof);
|
|
|
|
state = State.RESPONSE_SENT;
|
|
|
|
return toBytes(clientFinalMessage);
|
|
|
|
case RESPONSE_SENT:
|
|
|
|
String clientCalculatedServerFinalMessage = "v=" + Base64.encodeToString(serverSignature);
|
|
|
|
if (!clientCalculatedServerFinalMessage.equals(challengeString)) {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("Server final message does not match calculated one");
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
state = State.VALID_SERVER_RESPONSE;
|
|
|
|
break;
|
|
|
|
default:
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("Invalid state");
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2018-03-28 14:02:21 +02:00
|
|
|
private String getGS2Header() {
|
2016-11-20 15:08:59 +01:00
|
|
|
String authzidPortion = "";
|
|
|
|
if (authorizationId != null) {
|
|
|
|
authzidPortion = "a=" + authorizationId;
|
|
|
|
}
|
2016-11-20 19:32:26 +01:00
|
|
|
|
2020-07-02 13:07:17 +02:00
|
|
|
String cbName = getGs2CbindFlag();
|
2019-07-24 09:18:39 +02:00
|
|
|
assert StringUtils.isNotEmpty(cbName);
|
2016-11-20 19:32:26 +01:00
|
|
|
|
|
|
|
return cbName + ',' + authzidPortion + ",";
|
|
|
|
}
|
|
|
|
|
2019-02-10 19:50:46 +01:00
|
|
|
private byte[] getCBindInput() throws SmackSaslException {
|
2016-11-20 19:32:26 +01:00
|
|
|
byte[] cbindData = getChannelBindingData();
|
|
|
|
byte[] gs2Header = toBytes(getGS2Header());
|
|
|
|
|
|
|
|
if (cbindData == null) {
|
|
|
|
return gs2Header;
|
|
|
|
}
|
|
|
|
|
2017-12-13 23:10:11 +01:00
|
|
|
return ByteUtils.concat(gs2Header, cbindData);
|
2016-11-20 19:32:26 +01:00
|
|
|
}
|
|
|
|
|
2020-07-02 13:07:17 +02:00
|
|
|
/**
|
|
|
|
* Get the SCRAM GSS-API Channel Binding Flag value.
|
|
|
|
*
|
|
|
|
* @return the gs2-cbind-flag value.
|
|
|
|
* @see <a href="https://tools.ietf.org/html/rfc5802#section-6">RFC 5802 § 6.</a>
|
|
|
|
*/
|
|
|
|
protected String getGs2CbindFlag() {
|
2017-03-18 13:37:54 +01:00
|
|
|
// Check if we are using TLS and if a "-PLUS" variant of this mechanism is enabled. Assuming that the "-PLUS"
|
|
|
|
// variants always have precedence before the non-"-PLUS" variants this means that the server did not announce
|
|
|
|
// the "-PLUS" variant, as otherwise we would have tried it.
|
2016-11-20 19:32:26 +01:00
|
|
|
if (sslSession != null && connectionConfiguration.isEnabledSaslMechanism(getName() + "-PLUS")) {
|
|
|
|
// Announce that we support Channel Binding, i.e., the '-PLUS' flavor of this SASL mechanism, but that we
|
|
|
|
// believe the server does not.
|
|
|
|
return "y";
|
|
|
|
}
|
|
|
|
return "n";
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2018-05-09 23:06:12 +02:00
|
|
|
*
|
2016-11-20 19:32:26 +01:00
|
|
|
* @return the Channel Binding data.
|
2019-10-30 12:02:36 +01:00
|
|
|
* @throws SmackSaslException if a SASL specific error occurred.
|
2016-11-20 19:32:26 +01:00
|
|
|
*/
|
2019-02-10 19:50:46 +01:00
|
|
|
protected byte[] getChannelBindingData() throws SmackSaslException {
|
2016-11-20 19:32:26 +01:00
|
|
|
return null;
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
|
2019-02-10 19:50:46 +01:00
|
|
|
private static Map<Character, String> parseAttributes(String string) throws SmackSaslException {
|
2016-11-20 15:08:59 +01:00
|
|
|
if (string.length() == 0) {
|
|
|
|
return Collections.emptyMap();
|
|
|
|
}
|
|
|
|
|
|
|
|
String[] keyValuePairs = string.split(",");
|
|
|
|
Map<Character, String> res = new HashMap<Character, String>(keyValuePairs.length, 1);
|
|
|
|
for (String keyValuePair : keyValuePairs) {
|
|
|
|
if (keyValuePair.length() < 3) {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("Invalid Key-Value pair: " + keyValuePair);
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
char key = keyValuePair.charAt(0);
|
|
|
|
if (keyValuePair.charAt(1) != '=') {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException("Invalid Key-Value pair: " + keyValuePair);
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
String value = keyValuePair.substring(2);
|
|
|
|
res.put(key, value);
|
|
|
|
}
|
|
|
|
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generate random ASCII.
|
|
|
|
* <p>
|
|
|
|
* This method is non-static and package-private for unit testing purposes.
|
|
|
|
* </p>
|
|
|
|
* @return A String of 32 random printable ASCII characters.
|
|
|
|
*/
|
|
|
|
String getRandomAscii() {
|
|
|
|
int count = 0;
|
|
|
|
char[] randomAscii = new char[RANDOM_ASCII_BYTE_COUNT];
|
2017-03-10 17:16:53 +01:00
|
|
|
final Random random = SECURE_RANDOM.get();
|
2016-11-20 15:08:59 +01:00
|
|
|
while (count < RANDOM_ASCII_BYTE_COUNT) {
|
2017-03-10 17:16:53 +01:00
|
|
|
int r = random.nextInt(128);
|
2016-11-20 15:08:59 +01:00
|
|
|
char c = (char) r;
|
|
|
|
// RFC 5802 § 5.1 specifies 'r:' to exclude the ',' character and to be only printable ASCII characters
|
|
|
|
if (!isPrintableNonCommaAsciiChar(c)) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
randomAscii[count++] = c;
|
|
|
|
}
|
|
|
|
return new String(randomAscii);
|
|
|
|
}
|
|
|
|
|
|
|
|
private static boolean isPrintableNonCommaAsciiChar(char c) {
|
|
|
|
if (c == ',') {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
// RFC 5802 § 7. 'printable': Contains all chars within 0x21 (33d) to 0x2b (43d) and 0x2d (45d) to 0x7e (126)
|
|
|
|
// aka. "Printable ASCII except ','". Since we already filter the ASCII ',' (0x2c, 44d) above, we only have to
|
|
|
|
// ensure that c is within [33, 126].
|
|
|
|
return c > 32 && c < 127;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Escapes usernames or passwords for SASL SCRAM-SHA1.
|
|
|
|
* <p>
|
|
|
|
* According to RFC 5802 § 5.1 'n:'
|
|
|
|
* "The characters ',' or '=' in usernames are sent as '=2C' and '=3D' respectively."
|
|
|
|
* </p>
|
|
|
|
*
|
2019-08-30 12:08:30 +02:00
|
|
|
* @param string TODO javadoc me please
|
2016-11-20 15:08:59 +01:00
|
|
|
* @return the escaped string
|
|
|
|
*/
|
|
|
|
private static String escape(String string) {
|
|
|
|
StringBuilder sb = new StringBuilder((int) (string.length() * 1.1));
|
|
|
|
for (int i = 0; i < string.length(); i++) {
|
|
|
|
char c = string.charAt(i);
|
|
|
|
switch (c) {
|
|
|
|
case ',':
|
|
|
|
sb.append("=2C");
|
|
|
|
break;
|
|
|
|
case '=':
|
|
|
|
sb.append("=3D");
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
sb.append(c);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return sb.toString();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* RFC 5802 § 2.2 HMAC(key, str)
|
2018-05-09 23:06:12 +02:00
|
|
|
*
|
2019-08-30 12:08:30 +02:00
|
|
|
* @param key TODO javadoc me please
|
|
|
|
* @param str TODO javadoc me please
|
2016-11-20 15:08:59 +01:00
|
|
|
* @return the HMAC-SHA1 value of the input.
|
2019-08-30 12:08:30 +02:00
|
|
|
* @throws SmackException if Smack detected an exceptional situation.
|
2016-11-20 15:08:59 +01:00
|
|
|
*/
|
2019-02-10 19:50:46 +01:00
|
|
|
private byte[] hmac(byte[] key, byte[] str) throws SmackSaslException {
|
2016-11-20 15:08:59 +01:00
|
|
|
try {
|
|
|
|
return scramHmac.hmac(key, str);
|
|
|
|
}
|
|
|
|
catch (InvalidKeyException e) {
|
2019-02-10 19:50:46 +01:00
|
|
|
throw new SmackSaslException(getName() + " Exception", e);
|
2016-11-20 15:08:59 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* RFC 5802 § 2.2 Hi(str, salt, i)
|
|
|
|
* <p>
|
|
|
|
* Hi() is, essentially, PBKDF2 [RFC2898] with HMAC() as the pseudorandom function
|
|
|
|
* (PRF) and with dkLen == output length of HMAC() == output length of H().
|
|
|
|
* </p>
|
2018-05-09 23:06:12 +02:00
|
|
|
*
|
2017-02-11 16:16:41 +01:00
|
|
|
* @param normalizedPassword the normalized password.
|
2019-08-30 12:08:30 +02:00
|
|
|
* @param salt TODO javadoc me please
|
|
|
|
* @param iterations TODO javadoc me please
|
2016-11-20 15:08:59 +01:00
|
|
|
* @return the result of the Hi function.
|
2019-02-10 19:50:46 +01:00
|
|
|
* @throws SmackSaslException if a SASL related error occurs.
|
2016-11-20 15:08:59 +01:00
|
|
|
*/
|
2019-02-10 19:50:46 +01:00
|
|
|
private byte[] hi(String normalizedPassword, byte[] salt, int iterations) throws SmackSaslException {
|
2019-05-08 11:34:40 +02:00
|
|
|
// According to RFC 5802 § 2.2, the resulting string of the normalization is also in UTF-8.
|
|
|
|
byte[] key = normalizedPassword.getBytes(StandardCharsets.UTF_8);
|
|
|
|
|
2016-11-20 15:08:59 +01:00
|
|
|
// U1 := HMAC(str, salt + INT(1))
|
2017-12-13 23:10:11 +01:00
|
|
|
byte[] u = hmac(key, ByteUtils.concat(salt, ONE));
|
2016-11-20 15:08:59 +01:00
|
|
|
byte[] res = u.clone();
|
|
|
|
for (int i = 1; i < iterations; i++) {
|
|
|
|
u = hmac(key, u);
|
|
|
|
for (int j = 0; j < u.length; j++) {
|
|
|
|
res[j] ^= u[j];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
private static class Keys {
|
|
|
|
private final byte[] clientKey;
|
|
|
|
private final byte[] serverKey;
|
|
|
|
|
2018-03-28 14:02:21 +02:00
|
|
|
Keys(byte[] clientKey, byte[] serverKey) {
|
2016-11-20 15:08:59 +01:00
|
|
|
this.clientKey = clientKey;
|
|
|
|
this.serverKey = serverKey;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|