-
Maranda
SamWhited, erm lol now it works, I'm not sure what shenanigan was it in Conversations.
-
Maranda
https://muc.metronome.im/pastebin/46ab5670-11ef-458e-922f-5520570142a1
-
Maranda
but it fixed itself
-
SamWhited
Maranda: the lengths you gave were correct for SCRAM-SHA-1, maybe you were loading that instead
-
Maranda
SamWhited, hm nope
-
Maranda
SamWhited, and sha1 is 20 bytes if I understood correctly, sha256 is 32
-
SamWhited
20 is what you said before, I think
-
Maranda
SamWhited, no I said it mixed a 32 bytes signature with 20 bytes proof
-
Maranda
which is what cause the mega massive mayhem that broke XOR and all the rest hehe
-
Maranda
I was about to pull my hair out haha
-
SamWhited
Oh I see, that's *really* bad if that's happening somehow. I'll go double check, are you sure you didn't modify anything in the Java?
-
SamWhited
In Conversations, I mean
-
Maranda
SamWhited, I'm not sure how it happened but it looks like some bug in Conversations.
-
Maranda
Nope stock playstore Conversations
-
SamWhited
What signature in particular did you observe that length on? The client or server one?
-
Maranda
Client
-
SamWhited
The client signature comes directly from the hmac function, and the buffer is sized exactly so I don't see how that could change. Maybe it printed with some padding or something
-
Maranda
Server started tracing when attempting to run XOR to generate the Client Key out the challenge
-
Maranda
(so XOR'ing Signature and decoded Proof)
-
SamWhited
You'll want to account for malformed data on the server anyways, so probably best to just bail out if the lengths aren't what you're expecting
-
SamWhited
How were you getting the length from conversations, a debugger?
-
Maranda
SamWhited, no I added logging on the server then started testing on a lua interpreter :P
-
Maranda
https://github.com/maranda/metronome/blob/master/util/sasl/scram.lua#L215 ---> and that's solved
-
Maranda
XOR function is safed, so if there's a missing byte it'll break loop and abort.
-
SamWhited
What did your logging look like? I'm trying to rule out some sort of uninitialized buffer printing random garbage or something in lua land
-
Maranda
I just added logging in scram.lua with log() and tostring()
-
Maranda
to get values
-
Maranda
and then wen't looking for data in flat files as well
-
SamWhited
Ah wait, I'm being dumb and debugging the client signature, but it's the proof that you said was the wrong length for SCRAM-SHA-2
-
SamWhited
Checking the clientProof now
-
SamWhited
no, this appears right. The proof is setup to be the same sizes as the clientKey which is the same size as the hmac size, so that should be correct
-
SamWhited
I'll write some tests and see if I can't reproduce the issue
-
Maranda
SamWhited, I'm not sure if it was because of some messing up while I was tinkering with SASL to get it to work on the server, but that shouldn't have happened anyways
-
Maranda
*I think* in any case
-
SamWhited
If it gave bad output after giving bad input that would still potentially be a serious bug
-
SamWhited
Oooh, I have an idea. I wonder if it somehow mixed up the clientKey cache for the SHA-1 and SHA-256 variants. That would be a bad bug, but could cause this behavior.
-
SamWhited
I don't *think* it would be fatal or affect security though, it would just always cause validation to fail. I suppose technically it could let the server fetch scram info from another account, but that's not really a problem
-
SamWhited
Aha! That's it; thanks for spotting a bug!
-
Maranda
SamWhited, np yw
-
Maranda
[16:55:25] error: not-acceptable [16:55:26] ha impostato l'argomento a XMPP Operators Room | http://mail.jabber.org/mailman/listinfo/operators
-
Maranda
o.o