auth: try hmacing the hkdf output

jwoglom · Mar 26, 2024 · 132b1de · 132b1de
1 parent 4e94a9b
commit 132b1de
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 16 deletions.
diff --git a/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilder.java b/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilder.java
@@ -123,23 +123,26 @@ public Message nextRequest() {
         } else if (step == JpakeStep.CONFIRM_3_RECEIVED) {
             // TODO: determine hashdigest + nonce
             this.clientNonce4 = generateNonce();
-            byte[] hashDigest = Hkdf.build(this.serverNonce3, this.derivedSecret);
+            byte[] hkdfDerivedMaterial = Hkdf.build(this.serverNonce3, this.derivedSecret);
+            byte[] hmacAuthHash = HmacSha256.hmacSha256(this.serverNonce3, hkdfDerivedMaterial);
 
-            L.i(TAG, "Req4 hashDigest=" + Hex.encodeHexString(hashDigest)+" clientNonce=" + Hex.encodeHexString(this.clientNonce4));
+
+            L.i(TAG, "Req4 hmacAuthHash=" + Hex.encodeHexString(hmacAuthHash)+" hkdfDerivedMaterial=" + Hex.encodeHexString(hkdfDerivedMaterial));
             request = new Jpake4KeyConfirmationRequest(0,
                     this.clientNonce4,
                     Jpake4KeyConfirmationRequest.RESERVED,
-                    hashDigest
+                    hmacAuthHash
             );
 
             step = JpakeStep.CONFIRM_4_SENT;
         } else if (step == JpakeStep.CONFIRM_4_RECEIVED) {
-            byte[] hashDigest = Hkdf.build(this.serverNonce4, this.derivedSecret);
-            if (Hex.encodeHexString(serverHashDigest4).equals(Hex.encodeHexString(hashDigest))) {
+            byte[] hkdfDerivedMaterial = Hkdf.build(this.serverNonce4, this.derivedSecret);
+            byte[] hmacAuthHash = HmacSha256.hmacSha256(this.serverNonce4, hkdfDerivedMaterial);
+            if (Hex.encodeHexString(serverHashDigest4).equals(Hex.encodeHexString(hmacAuthHash))) {
                 L.i(TAG, "HMAC SECRET VALIDATES");
                 step = JpakeStep.COMPLETE;
             } else {
-                L.w(TAG, "HMAC SECRET DOES NOT VALIDATE hashDigest=" + Hex.encodeHexString(hashDigest) + " serverHashDigest=" + Hex.encodeHexString(serverHashDigest4));
+                L.w(TAG, "HMAC SECRET DOES NOT VALIDATE hkdfDerivedMaterial=" + Hex.encodeHexString(hkdfDerivedMaterial) + " hmacAuthHash=" + Hex.encodeHexString(hmacAuthHash) + " serverHashDigest=" + Hex.encodeHexString(serverHashDigest4));
                 step = JpakeStep.INVALID;
             }
 

diff --git a/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/crypto/Hkdf.java b/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/crypto/Hkdf.java
@@ -2,8 +2,6 @@
 
 import com.jwoglom.pumpx2.pump.messages.helpers.Bytes;
 
-import org.apache.commons.codec.DecoderException;
-
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;

diff --git a/.../test/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilderIntegrationTest.java b/.../test/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilderIntegrationTest.java
@@ -4,6 +4,7 @@
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
 
 import com.jwoglom.pumpx2.pump.messages.MessageTester;
 import com.jwoglom.pumpx2.pump.messages.builders.crypto.Hkdf;
@@ -118,21 +119,24 @@ public void clientRole_simulated() throws DecoderException {
 
         Jpake4KeyConfirmationRequest req4 = (Jpake4KeyConfirmationRequest) b.nextRequest();
         assertHexEquals(req4.getNonce(), Hex.decodeHex("998c182c9d70a375"));
-        byte[] clientHmac = Hkdf.build(b.serverNonce3, b.derivedSecret);
-        assertEquals(32, clientHmac.length);
-        assertHexEquals(req4.getHashDigest(), clientHmac);
-
-        byte[] serverHmac = Hkdf.build(b.clientNonce4, b.derivedSecret);
-        assertEquals(32, serverHmac.length);
+        byte[] clientHkdf = Hkdf.build(b.serverNonce3, b.derivedSecret);
+        assertEquals(32, clientHkdf.length);
+        byte[] clientHmacedHkdf = HmacSha256.hmacSha256(b.serverNonce3, clientHkdf);
+        assertHexEquals(req4.getHashDigest(), clientHmacedHkdf);
+
+        byte[] serverHkdf = Hkdf.build(b.clientNonce4, b.derivedSecret);
+        assertEquals(32, serverHkdf.length);
+        byte[] serverHmacedHkdf = HmacSha256.hmacSha256(b.clientNonce4, serverHkdf);
+        assertEquals(32, serverHmacedHkdf.length);
         Jpake4KeyConfirmationResponse res4 = new Jpake4KeyConfirmationResponse(
                 0,
                 req4.getNonce(),
                 Jpake4KeyConfirmationResponse.RESERVED,
-                serverHmac);
+                serverHmacedHkdf);
         b.processResponse(res4);
 
         assertNull(b.nextRequest());
         assertEquals(JpakeAuthBuilder.JpakeStep.COMPLETE, b.step);
-
+        assertTrue(b.done());
     }
 }