From 789d1dc2259fa930c3751647c60526841f68abb6 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Tue, 6 Sep 2022 17:01:57 +0200 Subject: [PATCH] support tls-unique for TLSv1.2 --- .../crypto/sasl/ChannelBinding.java | 12 ++++++++++++ .../conversations/crypto/sasl/SaslMechanism.java | 6 +++--- .../crypto/sasl/ScramPlusMechanism.java | 16 +++++++++++++++- 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ChannelBinding.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ChannelBinding.java index 847c50e9d7213fe1696bcf43b6b41eb7bad3efb1..81bd1270527b547a377c47432b8f2e0499976059 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ChannelBinding.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ChannelBinding.java @@ -4,6 +4,8 @@ import android.util.Log; import com.google.common.base.CaseFormat; +import java.util.Collection; + import eu.siacs.conversations.Config; public enum ChannelBinding { @@ -24,4 +26,14 @@ public enum ChannelBinding { return null; } } + + public static ChannelBinding best(final Collection bindings) { + if (bindings.contains(TLS_EXPORTER)) { + return TLS_EXPORTER; + } else if (bindings.contains(TLS_UNIQUE)) { + return TLS_UNIQUE; + } else { + return null; + } + } } diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java b/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java index 4380ad93c34596991c9ad36a1f5e964c803fc516..829a4e6ea04853f3717a5d50cf78247631c77c82 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java @@ -103,11 +103,11 @@ public abstract class SaslMechanism { public SaslMechanism of( final Collection mechanisms, final Collection bindings) { + final ChannelBinding channelBinding = ChannelBinding.best(bindings); if (mechanisms.contains(External.MECHANISM) && account.getPrivateKeyAlias() != null) { return new External(account); - } else if (mechanisms.contains(ScramSha1Plus.MECHANISM) - && bindings.contains(ChannelBinding.TLS_EXPORTER)) { - return new ScramSha1Plus(account, ChannelBinding.TLS_EXPORTER); + } else if (mechanisms.contains(ScramSha1Plus.MECHANISM) && channelBinding != null) { + return new ScramSha1Plus(account, channelBinding); } else if (mechanisms.contains(ScramSha512.MECHANISM)) { return new ScramSha512(account); } else if (mechanisms.contains(ScramSha256.MECHANISM)) { diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramPlusMechanism.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramPlusMechanism.java index 3b0dbb6e18bf6ef3338cc656fb3a0b8d401c2ce4..8f6dec20ef6fdce0402e2315af41a1063fcd0fdb 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramPlusMechanism.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramPlusMechanism.java @@ -22,11 +22,25 @@ abstract class ScramPlusMechanism extends ScramMechanism { throw new AuthenticationException("Channel binding attempt on non secure socket"); } if (this.channelBinding == ChannelBinding.TLS_EXPORTER) { + final byte[] keyingMaterial; try { - return Conscrypt.exportKeyingMaterial(sslSocket, EXPORTER_LABEL, new byte[0], 32); + keyingMaterial = + Conscrypt.exportKeyingMaterial(sslSocket, EXPORTER_LABEL, new byte[0], 32); } catch (final SSLException e) { throw new AuthenticationException("Could not export keying material"); } + if (keyingMaterial == null) { + throw new AuthenticationException( + "Could not export keying material. Socket not ready"); + } + return keyingMaterial; + } else if (this.channelBinding == ChannelBinding.TLS_UNIQUE) { + final byte[] unique = Conscrypt.getTlsUnique(sslSocket); + if (unique == null) { + throw new AuthenticationException( + "Could not retrieve tls unique. Socket not ready"); + } + return unique; } else { throw new AuthenticationException( String.format("%s is not a valid channel binding", ChannelBinding.NONE));