From b2930bcf08c712fc7062c3f7429ec0bab0d4d03a Mon Sep 17 00:00:00 2001 From: James Woglom Date: Sun, 24 Mar 2024 23:41:46 -0400 Subject: [PATCH] use hmacsha256 with data=derived secret, key=server-provided nonce, doesnt work --- .../messages/builders/JpakeAuthBuilder.java | 43 +++++++++++++++++-- .../JpakeAuthBuilderIntegrationTest.java | 6 ++- 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilder.java b/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilder.java index 83ebae6..fe4ae74 100644 --- a/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilder.java +++ b/messages/src/main/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilder.java @@ -1,6 +1,7 @@ package com.jwoglom.pumpx2.pump.messages.builders; import com.jwoglom.pumpx2.pump.messages.Message; +import com.jwoglom.pumpx2.pump.messages.Packetize; import com.jwoglom.pumpx2.pump.messages.helpers.Bytes; import com.jwoglom.pumpx2.pump.messages.request.authentication.Jpake1aRequest; import com.jwoglom.pumpx2.pump.messages.request.authentication.Jpake1bRequest; @@ -21,7 +22,11 @@ import java.util.Arrays; import java.util.List; +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; + import io.particle.crypto.EcJpake; +import kotlin.jvm.internal.Intrinsics; public class JpakeAuthBuilder { private static String TAG = "JPAKE"; @@ -108,12 +113,15 @@ public Message nextRequest() { step = JpakeStep.CONFIRM_3_SENT; } else if (step == JpakeStep.CONFIRM_3_RECEIVED) { // TODO: determine hashdigest + nonce - byte[] nonce = this.generateNonce(); - L.i(TAG, "Req4 generatedNonce=" + Hex.encodeHexString(nonce)); + byte[] nonce = this.serverNonce3; + + byte[] hmaced = hmacSha256(this.derivedSecret, nonce); + + L.i(TAG, "Req4 hmaced=" + Hex.encodeHexString(hmaced)); request = new Jpake4KeyConfirmationRequest(0, nonce, Jpake4KeyConfirmationRequest.RESERVED, - this.derivedSecret + hmaced ); step = JpakeStep.CONFIRM_4_SENT; @@ -176,6 +184,35 @@ byte[] generateNonce() { return nonce; } + private byte mod255(int i) { + if (i < 0) { + return (byte) ((i + 255 + 1) & 255); + } + return (byte) i; + } + + private byte[] mod255(byte[] data) { + for (int i = 0; i < data.length; i++) { + byte b = data[i]; + if (b < 0) { + data[i] = mod255(b); + } + } + return data; + } + + byte[] hmacSha256(byte[] data, byte[] key) { + try { + SecretKeySpec secretKeySpec = new SecretKeySpec(mod255(key), "HmacSHA256"); + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(secretKeySpec); + return mac.doFinal(mod255(data)); + } catch (Exception e) { + L.e(TAG, "hmacSha256: "+e); + return new byte[]{}; + } + } + public enum JpakeStep { INITIAL, ROUND_1A_SENT, diff --git a/messages/src/test/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilderIntegrationTest.java b/messages/src/test/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilderIntegrationTest.java index 4f7bd20..29a78eb 100644 --- a/messages/src/test/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilderIntegrationTest.java +++ b/messages/src/test/java/com/jwoglom/pumpx2/pump/messages/builders/JpakeAuthBuilderIntegrationTest.java @@ -115,8 +115,10 @@ public void clientRole_simulated() throws DecoderException { assertHexEquals(nonce, b.serverNonce3); Jpake4KeyConfirmationRequest req4 = (Jpake4KeyConfirmationRequest) b.nextRequest(); - assertHexEquals(req4.getNonce(), Hex.decodeHex("998c182c9d70a375")); - assertHexEquals(req4.getHashDigest(), b.derivedSecret); + assertHexEquals(req4.getNonce(), b.serverNonce3);//Hex.decodeHex("998c182c9d70a375")); + byte[] hmaced = b.hmacSha256(b.derivedSecret, b.serverNonce3); + assertEquals(32, hmaced.length); + assertHexEquals(req4.getHashDigest(), hmaced); Jpake4KeyConfirmationResponse res4 = new Jpake4KeyConfirmationResponse(0, req4.getNonce(), Jpake4KeyConfirmationResponse.RESERVED, req4.getHashDigest()); b.processResponse(res4);