attempt: switch nonces of hkdf

jwoglom · Mar 26, 2024 · 2654c15 · 2654c15
1 parent 132b1de
commit 2654c15
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilder.java b/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilder.java
@@ -123,7 +123,7 @@ public Message nextRequest() {
         } else if (step == JpakeStep.CONFIRM_3_RECEIVED) {
             // TODO: determine hashdigest + nonce
             this.clientNonce4 = generateNonce();
-            byte[] hkdfDerivedMaterial = Hkdf.build(this.serverNonce3, this.derivedSecret);
+            byte[] hkdfDerivedMaterial = Hkdf.build(this.clientNonce4, this.derivedSecret);
             byte[] hmacAuthHash = HmacSha256.hmacSha256(this.serverNonce3, hkdfDerivedMaterial);
 
 
@@ -136,7 +136,7 @@ public Message nextRequest() {
 
             step = JpakeStep.CONFIRM_4_SENT;
         } else if (step == JpakeStep.CONFIRM_4_RECEIVED) {
-            byte[] hkdfDerivedMaterial = Hkdf.build(this.serverNonce4, this.derivedSecret);
+            byte[] hkdfDerivedMaterial = Hkdf.build(this.clientNonce4, this.derivedSecret);
             byte[] hmacAuthHash = HmacSha256.hmacSha256(this.serverNonce4, hkdfDerivedMaterial);
             if (Hex.encodeHexString(serverHashDigest4).equals(Hex.encodeHexString(hmacAuthHash))) {
                 L.i(TAG, "HMAC SECRET VALIDATES");

diff --git a/.../test/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilderIntegrationTest.java b/.../test/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilderIntegrationTest.java
@@ -119,12 +119,12 @@ public void clientRole_simulated() throws DecoderException {
 
         Jpake4KeyConfirmationRequest req4 = (Jpake4KeyConfirmationRequest) b.nextRequest();
         assertHexEquals(req4.getNonce(), Hex.decodeHex("998c182c9d70a375"));
-        byte[] clientHkdf = Hkdf.build(b.serverNonce3, b.derivedSecret);
+        byte[] clientHkdf = Hkdf.build(b.clientNonce4, b.derivedSecret);
         assertEquals(32, clientHkdf.length);
         byte[] clientHmacedHkdf = HmacSha256.hmacSha256(b.serverNonce3, clientHkdf);
         assertHexEquals(req4.getHashDigest(), clientHmacedHkdf);
 
-        byte[] serverHkdf = Hkdf.build(b.clientNonce4, b.derivedSecret);
+        byte[] serverHkdf = Hkdf.build(req4.getNonce(), b.derivedSecret);
         assertEquals(32, serverHkdf.length);
         byte[] serverHmacedHkdf = HmacSha256.hmacSha256(b.clientNonce4, serverHkdf);
         assertEquals(32, serverHmacedHkdf.length);