On 04-12-2020 14:38, Mark Rotteveel wrote:
A bug was reported today against Jaybird
(http://tracker.firebirdsql.org/browse/JDBC-635), that certain Srp users
cannot authenticate against Firebird 3 when using Jaybird. The issue is
not reproducible with fbclient.
This obviously means that there is something wrong in Jaybird's SRP
implementation, but so far I have no clue as to what.
The reported problem occurs with the user name DAVIDS (and one other
username that wasn't provided). I can report the problem locally with
this username.
Any ideas, or tips how to debug this?
After closer inspection, I found the issue. The SHA-1 hash of DAVIDS is
00AD377F8297F04FD83DFDBF48AABF316850862F. Seeing that leading zero, I
guessed that might be part of the problem. After stripping the leading
zero from the user hash in Jaybird, the authentication succeeds.
The roundtrip from hash bytes to BigInteger back to bytes as hash input
(in RemotePassword::clientProof (srp.cpp) and makeProof (srp.h)),
probably strips any leading zero byte(s).
I'll need to take a closer look if similar issues might occur elsewhere
in Jaybird. I guess this zero-stripping in other places might cause
intermittent login failures. Right now, zero-stripping only occurs for
values that are passed through a BigInteger in the Jaybird code, and
this specifically didn't go through a BigInteger.
Mark
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
