support tls-unique for TLSv1.2
This commit is contained in:
parent
6d3d9dfe26
commit
789d1dc225
|
@ -4,6 +4,8 @@ import android.util.Log;
|
||||||
|
|
||||||
import com.google.common.base.CaseFormat;
|
import com.google.common.base.CaseFormat;
|
||||||
|
|
||||||
|
import java.util.Collection;
|
||||||
|
|
||||||
import eu.siacs.conversations.Config;
|
import eu.siacs.conversations.Config;
|
||||||
|
|
||||||
public enum ChannelBinding {
|
public enum ChannelBinding {
|
||||||
|
@ -24,4 +26,14 @@ public enum ChannelBinding {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static ChannelBinding best(final Collection<ChannelBinding> bindings) {
|
||||||
|
if (bindings.contains(TLS_EXPORTER)) {
|
||||||
|
return TLS_EXPORTER;
|
||||||
|
} else if (bindings.contains(TLS_UNIQUE)) {
|
||||||
|
return TLS_UNIQUE;
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -103,11 +103,11 @@ public abstract class SaslMechanism {
|
||||||
|
|
||||||
public SaslMechanism of(
|
public SaslMechanism of(
|
||||||
final Collection<String> mechanisms, final Collection<ChannelBinding> bindings) {
|
final Collection<String> mechanisms, final Collection<ChannelBinding> bindings) {
|
||||||
|
final ChannelBinding channelBinding = ChannelBinding.best(bindings);
|
||||||
if (mechanisms.contains(External.MECHANISM) && account.getPrivateKeyAlias() != null) {
|
if (mechanisms.contains(External.MECHANISM) && account.getPrivateKeyAlias() != null) {
|
||||||
return new External(account);
|
return new External(account);
|
||||||
} else if (mechanisms.contains(ScramSha1Plus.MECHANISM)
|
} else if (mechanisms.contains(ScramSha1Plus.MECHANISM) && channelBinding != null) {
|
||||||
&& bindings.contains(ChannelBinding.TLS_EXPORTER)) {
|
return new ScramSha1Plus(account, channelBinding);
|
||||||
return new ScramSha1Plus(account, ChannelBinding.TLS_EXPORTER);
|
|
||||||
} else if (mechanisms.contains(ScramSha512.MECHANISM)) {
|
} else if (mechanisms.contains(ScramSha512.MECHANISM)) {
|
||||||
return new ScramSha512(account);
|
return new ScramSha512(account);
|
||||||
} else if (mechanisms.contains(ScramSha256.MECHANISM)) {
|
} else if (mechanisms.contains(ScramSha256.MECHANISM)) {
|
||||||
|
|
|
@ -22,11 +22,25 @@ abstract class ScramPlusMechanism extends ScramMechanism {
|
||||||
throw new AuthenticationException("Channel binding attempt on non secure socket");
|
throw new AuthenticationException("Channel binding attempt on non secure socket");
|
||||||
}
|
}
|
||||||
if (this.channelBinding == ChannelBinding.TLS_EXPORTER) {
|
if (this.channelBinding == ChannelBinding.TLS_EXPORTER) {
|
||||||
|
final byte[] keyingMaterial;
|
||||||
try {
|
try {
|
||||||
return Conscrypt.exportKeyingMaterial(sslSocket, EXPORTER_LABEL, new byte[0], 32);
|
keyingMaterial =
|
||||||
|
Conscrypt.exportKeyingMaterial(sslSocket, EXPORTER_LABEL, new byte[0], 32);
|
||||||
} catch (final SSLException e) {
|
} catch (final SSLException e) {
|
||||||
throw new AuthenticationException("Could not export keying material");
|
throw new AuthenticationException("Could not export keying material");
|
||||||
}
|
}
|
||||||
|
if (keyingMaterial == null) {
|
||||||
|
throw new AuthenticationException(
|
||||||
|
"Could not export keying material. Socket not ready");
|
||||||
|
}
|
||||||
|
return keyingMaterial;
|
||||||
|
} else if (this.channelBinding == ChannelBinding.TLS_UNIQUE) {
|
||||||
|
final byte[] unique = Conscrypt.getTlsUnique(sslSocket);
|
||||||
|
if (unique == null) {
|
||||||
|
throw new AuthenticationException(
|
||||||
|
"Could not retrieve tls unique. Socket not ready");
|
||||||
|
}
|
||||||
|
return unique;
|
||||||
} else {
|
} else {
|
||||||
throw new AuthenticationException(
|
throw new AuthenticationException(
|
||||||
String.format("%s is not a valid channel binding", ChannelBinding.NONE));
|
String.format("%s is not a valid channel binding", ChannelBinding.NONE));
|
||||||
|
|
Loading…
Reference in a new issue