use hmacsha256 with data=derived secret, key=server-provided nonce, d…

…oesnt work
jwoglom · Mar 25, 2024 · b2930bc · b2930bc
1 parent 0d94105
commit b2930bc
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 5 deletions.
diff --git a/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilder.java b/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilder.java
@@ -1,6 +1,7 @@
 package com.jwoglom.pumpx2.pump.messages.builders;
 
 import com.jwoglom.pumpx2.pump.messages.Message;
+import com.jwoglom.pumpx2.pump.messages.Packetize;
 import com.jwoglom.pumpx2.pump.messages.helpers.Bytes;
 import com.jwoglom.pumpx2.pump.messages.request.authentication.Jpake1aRequest;
 import com.jwoglom.pumpx2.pump.messages.request.authentication.Jpake1bRequest;
@@ -21,7 +22,11 @@
 import java.util.Arrays;
 import java.util.List;
 
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
 import io.particle.crypto.EcJpake;
+import kotlin.jvm.internal.Intrinsics;
 
 public class JpakeAuthBuilder {
     private static String TAG = "JPAKE";
@@ -108,12 +113,15 @@ public Message nextRequest() {
             step = JpakeStep.CONFIRM_3_SENT;
         } else if (step == JpakeStep.CONFIRM_3_RECEIVED) {
             // TODO: determine hashdigest + nonce
-            byte[] nonce = this.generateNonce();
-            L.i(TAG, "Req4 generatedNonce=" + Hex.encodeHexString(nonce));
+            byte[] nonce = this.serverNonce3;
+
+            byte[] hmaced = hmacSha256(this.derivedSecret, nonce);
+
+            L.i(TAG, "Req4 hmaced=" + Hex.encodeHexString(hmaced));
             request = new Jpake4KeyConfirmationRequest(0,
                     nonce,
                     Jpake4KeyConfirmationRequest.RESERVED,
-                    this.derivedSecret
+                    hmaced
             );
 
             step = JpakeStep.CONFIRM_4_SENT;
@@ -176,6 +184,35 @@ byte[] generateNonce() {
         return nonce;
     }
 
+    private byte mod255(int i) {
+        if (i < 0) {
+            return (byte) ((i + 255 + 1) & 255);
+        }
+        return (byte) i;
+    }
+
+    private byte[] mod255(byte[] data) {
+        for (int i = 0; i < data.length; i++) {
+            byte b = data[i];
+            if (b < 0) {
+                data[i] = mod255(b);
+            }
+        }
+        return data;
+    }
+
+    byte[] hmacSha256(byte[] data, byte[] key) {
+        try {
+            SecretKeySpec secretKeySpec = new SecretKeySpec(mod255(key), "HmacSHA256");
+            Mac mac = Mac.getInstance("HmacSHA256");
+            mac.init(secretKeySpec);
+            return mac.doFinal(mod255(data));
+        } catch (Exception e) {
+            L.e(TAG, "hmacSha256: "+e);
+            return new byte[]{};
+        }
+    }
+
     public enum JpakeStep {
         INITIAL,
         ROUND_1A_SENT,

diff --git a/.../test/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilderIntegrationTest.java b/.../test/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilderIntegrationTest.java
@@ -115,8 +115,10 @@ public void clientRole_simulated() throws DecoderException {
         assertHexEquals(nonce, b.serverNonce3);
 
         Jpake4KeyConfirmationRequest req4 = (Jpake4KeyConfirmationRequest) b.nextRequest();
-        assertHexEquals(req4.getNonce(), Hex.decodeHex("998c182c9d70a375"));
-        assertHexEquals(req4.getHashDigest(), b.derivedSecret);
+        assertHexEquals(req4.getNonce(), b.serverNonce3);//Hex.decodeHex("998c182c9d70a375"));
+        byte[] hmaced = b.hmacSha256(b.derivedSecret, b.serverNonce3);
+        assertEquals(32, hmaced.length);
+        assertHexEquals(req4.getHashDigest(), hmaced);
 
         Jpake4KeyConfirmationResponse res4 = new Jpake4KeyConfirmationResponse(0, req4.getNonce(), Jpake4KeyConfirmationResponse.RESERVED, req4.getHashDigest());
         b.processResponse(res4);