On 04-12-2020 14:38, Mark Rotteveel wrote:
A bug was reported today against Jaybird (http://tracker.firebirdsql.org/browse/JDBC-635), that certain Srp users cannot authenticate against Firebird 3 when using Jaybird. The issue is not reproducible with fbclient.

This obviously means that there is something wrong in Jaybird's SRP implementation, but so far I have no clue as to what.

The reported problem occurs with the user name DAVIDS (and one other username that wasn't provided). I can report the problem locally with this username.

Any ideas, or tips how to debug this?

After closer inspection, I found the issue. The SHA-1 hash of DAVIDS is 00AD377F8297F04FD83DFDBF48AABF316850862F. Seeing that leading zero, I guessed that might be part of the problem. After stripping the leading zero from the user hash in Jaybird, the authentication succeeds.

The roundtrip from hash bytes to BigInteger back to bytes as hash input (in RemotePassword::clientProof (srp.cpp) and makeProof (srp.h)), probably strips any leading zero byte(s).

I'll need to take a closer look if similar issues might occur elsewhere in Jaybird. I guess this zero-stripping in other places might cause intermittent login failures. Right now, zero-stripping only occurs for values that are passed through a BigInteger in the Jaybird code, and this specifically didn't go through a BigInteger.

Mark
--
Mark Rotteveel


Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to