[JBoss-dev] CVS update: jbosssx/src/main/org/jboss/security Util.java

[Scott M Stark]

  User: starksm 
  Date: 02/03/07 21:32:16

  Modified:    src/main/org/jboss/security Util.java
  Log:
  Update the SRP sessions to support arbitrary message digests of the
  session key and a cipher algorithm
  
  Revision  Changes    Path
  1.3       +39 -16    jbosssx/src/main/org/jboss/security/Util.java
  
  Index: Util.java
  ===================================================================
  RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/Util.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- Util.java 8 Feb 2002 23:57:17 -0000       1.2
  +++ Util.java 8 Mar 2002 05:32:16 -0000       1.3
  @@ -10,10 +10,13 @@
   import java.math.BigInteger;
   import java.security.MessageDigest;
   import java.security.NoSuchAlgorithmException;
  +import java.security.Provider;
   import java.security.SecureRandom;
  +import java.security.Security;
   import java.util.Random;
   
   import org.jboss.logging.Logger;
  +import org.jboss.crypto.JBossSXProvider;
   
   /** Various security related utilities like MessageDigest
    factories, SecureRandom access, password hashing.
  @@ -22,7 +25,7 @@
    Jhong for the SRP Distribution (http://srp.stanford.edu/srp/).
    
    @author [EMAIL PROTECTED]
  - @version $Revision: 1.2 $
  + @version $Revision: 1.3 $
    */
   public class Util
   {
  @@ -51,9 +54,12 @@
         psuedoRng = SecureRandom.getInstance("SHA1PRNG");
         if( prngSeed != null )
            psuedoRng.setSeed(prngSeed);
  +      // Install the JBossSX security provider
  +      Provider provider = new JBossSXProvider();
  +      Security.addProvider(provider);
         initialized = true;
      }
  -   
  +
      public static MessageDigest newDigest()
      {
         MessageDigest md = null;
  @@ -116,30 +122,43 @@
      {
         return psuedoRng.generateSeed(numBytes);
      }
  -   
  -   public static byte[] calculatePasswordHash(String username, String password,
  -   byte[] salt)
  +
  +   /** Cacluate the SRP RFC2945 password hash = H(salt | H(username | ':' | 
password))
  +    where H = SHA secure hash. The username is converted to a byte[] using the
  +    UTF-8 encoding.
  +    */
  +   public static byte[] calculatePasswordHash(String username, char[] password,
  +      byte[] salt)
      {
         // Calculate x = H(s | H(U | ':' | password))
         MessageDigest xd = newDigest();
  -      // Try to convert the username, password to a byte[] using UTF-8
  +      // Try to convert the username to a byte[] using UTF-8
         byte[] user = null;
  -      byte[] pass = null;
  +      byte[] colon = {};
         try
         {
            user = username.getBytes("UTF-8");
  -         pass = password.getBytes("UTF-8");
  +         colon = ":".getBytes("UTF-8");
         }
         catch(UnsupportedEncodingException e)
         {
  -         e.printStackTrace();
  +         log.error("Failed to convert username to byte[] using UTF-8", e);
            // Use the default platform encoding
            user = username.getBytes();
  -         pass = password.getBytes();
  +         colon = ":".getBytes();
  +      }
  +      byte[] passBytes = new byte[2*password.length];
  +      for(int n = 0, p = 0; p < password.length; p ++)
  +      {
  +         char c = password[p];
  +         passBytes[n ++] = (byte) (c & 0x00FF00);
  +         passBytes[n ++] = (byte) (c & 0x0000FF);
         }
  +
  +      // Build the hash
         xd.update(user);
  -      xd.update(":".getBytes());
  -      xd.update(pass);
  +      xd.update(colon);
  +      xd.update(passBytes);
         byte[] h = xd.digest();
         xd.reset();
         xd.update(salt);
  @@ -147,12 +166,12 @@
         byte[] xb = xd.digest();
         return xb;
      }
  -   
  +
      /** Calculate x = H(s | H(U | ':' | password)) verifier
       v = g^x % N
       described in RFC2945.
       */
  -   public static byte[] calculateVerifier(String username, String password,
  +   public static byte[] calculateVerifier(String username, char[] password,
         byte[] salt, byte[] Nb, byte[] gb)
      {
         BigInteger g = new BigInteger(1, gb);
  @@ -163,7 +182,7 @@
       v = g^x % N
       described in RFC2945.
       */
  -   public static byte[] calculateVerifier(String username, String password,
  +   public static byte[] calculateVerifier(String username, char[] password,
         byte[] salt, BigInteger N, BigInteger g)
      {
         byte[] xb = calculatePasswordHash(username, password, salt);
  @@ -171,7 +190,7 @@
         BigInteger v = g.modPow(x, N);
         return v.toByteArray();
      }
  -   
  +
      /** Perform an interleaved even-odd hash on the byte string
       */
      public static byte[] sessionKeyHash(byte[] number)
  @@ -188,13 +207,17 @@
         byte[] hbuf = new byte[klen];
         
         for(i = 0; i < klen; ++i)
  +      {
            hbuf[i] = number[number.length - 2 * i - 1];
  +      }
         hout = newDigest().digest(hbuf);
         for(i = 0; i < HASH_LEN; ++i)
            key[2 * i] = hout[i];
         
         for(i = 0; i < klen; ++i)
  +      {
            hbuf[i] = number[number.length - 2 * i - 2];
  +      }
         hout = newDigest().digest(hbuf);
         for(i = 0; i < HASH_LEN; ++i)
            key[2 * i + 1] = hout[i];
  
  
  

_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development