Fix for 9cwg-hrvf-rm4j, details after release

AlexPeshkoff · AlexPeshkoff · commit ccb784399e91 · 2026-06-18T20:06:27.000+03:00
diff --git a/src/auth/SecureRemotePassword/client/SrpClient.cpp b/src/auth/SecureRemotePassword/client/SrpClient.cpp
@@ -141,9 +141,12 @@ int SrpClient::authenticate(CheckStatusWrapper* status, IClientBlock* cb)
 		key.assign(saltAndKey, charSize);
 		dumpIt("Clnt: key(srvPub)", key);
 
+		// validate server pubkey
+		client->serverPublicKey = client->setKey(key.c_str());
+
 		dumpIt("Clnt: login", string(cb->getLogin()));
 		dumpIt("Clnt: pass", string(cb->getPassword()));
-		client->clientSessionKey(sessionKey, cb->getLogin(), salt.c_str(), cb->getPassword(), key.c_str());
+		client->clientSessionKey(sessionKey, cb->getLogin(), salt.c_str(), cb->getPassword());
 		dumpIt("Clnt: sessionKey", sessionKey);
 
 		BigInteger cProof = client->clientProof(cb->getLogin(), salt.c_str(), sessionKey);
diff --git a/src/auth/SecureRemotePassword/server/SrpServer.cpp b/src/auth/SecureRemotePassword/server/SrpServer.cpp
@@ -289,6 +289,12 @@ int SrpServer::authenticate(CheckStatusWrapper* status, IServerBlock* sb, IWrite
 				return AUTH_MORE_DATA;
 			}
 
+			// create SRP-calculating server
+			server = remotePasswordFactory();
+
+			// validate client pubkey
+			server->clientPublicKey = server->setKey(clientPubKey.c_str());
+
 			// load verifier and salt from security database
 			Metadata messages;
 			messages.param->login.set(account.c_str());
@@ -319,8 +325,7 @@ int SrpServer::authenticate(CheckStatusWrapper* status, IServerBlock* sb, IWrite
 			BigInteger(s).getText(salt);
 			dumpIt("Srv: salt", salt);
 
-			// create SRP-calculating server
-			server = remotePasswordFactory();
+			// calculate serverPubKey
 			server->genServerKey(serverPubKey, verifier);
 
 			// Ready to prepare data for client and calculate session key
@@ -341,7 +346,7 @@ int SrpServer::authenticate(CheckStatusWrapper* status, IServerBlock* sb, IWrite
 				return AUTH_FAILED;
 			}
 
-			server->serverSessionKey(sessionKey, clientPubKey.c_str(), verifier);
+			server->serverSessionKey(sessionKey, verifier);
 			dumpIt("Srv: sessionKey", sessionKey);
 			return AUTH_MORE_DATA;
 		}
diff --git a/src/auth/SecureRemotePassword/srp.cpp b/src/auth/SecureRemotePassword/srp.cpp
@@ -68,6 +68,11 @@ string RemotePassword::pluginName(unsigned bits)
 
 RemotePassword::RemotePassword()
 	: group(RemoteGroup::getGroup())
+{
+	makePrivate();
+}
+
+void RemotePassword::makePrivate()
 {
 #if SRP_DEBUG > 1
 	privateKey = BigInteger("60975527035CF2AD1989806F0407210BC81EDC04E2762A56AFD529DDDA2D4393");
@@ -103,23 +108,40 @@ BigInteger RemotePassword::computeVerifier(const string& account, const string&
 
 void RemotePassword::genClientKey(string& pubkey)
 {
-	dumpIt("privateKey(C)", privateKey);
-	clientPublicKey = group->generator.modPow(privateKey, group->prime);
-	clientPublicKey.getText(pubkey);
-	dumpIt("clientPublicKey", clientPublicKey);
+	for(;;)
+	{
+		dumpIt("privateKey(C)", privateKey);
+		clientPublicKey = group->generator.modPow(privateKey, group->prime);
+		dumpIt("clientPublicKey", clientPublicKey);
+		if (clientPublicKey > 1)
+		{
+			clientPublicKey.getText(pubkey);
+			break;
+		}
+		dumpIt("remake private key", "");
+		makePrivate();
+	}
 }
 
 void RemotePassword::genServerKey(string& pubkey, const Firebird::UCharBuffer& verifier)
 {
-	dumpIt("privateKey(S)", privateKey);
-	BigInteger gb(group->generator.modPow(privateKey, group->prime));	// g^b
-	dumpIt("gb", gb);
-	BigInteger v(verifier);												// v
-	BigInteger kv = (group->k * v) % group->prime;
-	dumpIt("kv", kv);
-	serverPublicKey = (kv + gb) % group->prime;
-	serverPublicKey.getText(pubkey);
-	dumpIt("serverPublicKey", serverPublicKey);
+	for(;;)
+	{
+		dumpIt("privateKey(S)", privateKey);
+		BigInteger gb(group->generator.modPow(privateKey, group->prime));	// g^b
+		dumpIt("gb", gb);
+		BigInteger v(verifier);												// v
+		BigInteger kv = (group->k * v) % group->prime;
+		dumpIt("kv", kv);
+		serverPublicKey = (kv + gb) % group->prime;
+		dumpIt("serverPublicKey", serverPublicKey);
+		if (serverPublicKey > 1)
+		{
+			serverPublicKey.getText(pubkey);
+			break;
+		}
+		makePrivate();
+	}
 }
 
 void RemotePassword::computeScramble()
@@ -133,10 +155,8 @@ void RemotePassword::computeScramble()
 }
 
 void RemotePassword::clientSessionKey(UCharBuffer& sessionKey, const char* account,
-									  const char* salt, const char* password,
-									  const char* serverPubKey)
+									  const char* salt, const char* password)
 {
-	serverPublicKey = BigInteger(serverPubKey);
 	computeScramble();
 	dumpIt("scramble", scramble);
 	dumpIt("password", password);
@@ -158,10 +178,8 @@ void RemotePassword::clientSessionKey(UCharBuffer& sessionKey, const char* accou
 	hash.getHash(sessionKey);
 }
 
-void RemotePassword::serverSessionKey(UCharBuffer& sessionKey, const char* clientPubKey,
-									  const UCharBuffer& verifier)
+void RemotePassword::serverSessionKey(UCharBuffer& sessionKey, const UCharBuffer& verifier)
 {
-	clientPublicKey = BigInteger(clientPubKey);
 	computeScramble();
 	dumpIt("scramble", scramble);
 	BigInteger v = BigInteger(verifier);
@@ -201,6 +219,15 @@ BigInteger RemotePassword::clientProof(const char* account, const char* salt, co
 RemotePassword::~RemotePassword()
 { }
 
+BigInteger RemotePassword::setKey(const char* from)
+{
+	BigInteger key(from);
+	if (key % group->prime < 2)
+		(Arg::Gds(isc_random) << "Trivial public key").raise();
+
+	return key;
+}
+
 #if SRP_DEBUG > 0
 void dumpIt(const char* name, const Firebird::UCharBuffer& data)
 {
@@ -217,7 +244,7 @@ void dumpIt(const char* name, const Firebird::string& str)
 
 void dumpBin(const char* name, const Firebird::string& str)
 {
-	fprintf(stderr, "%s (%ld)\n", name, str.length());
+	fprintf(stderr, "%s (%ld)\n", name, long(str.length()));
 	for (size_t x = 0; x < str.length(); ++x)
 		fprintf(stderr, "%02x ", str[x]);
 	fprintf(stderr, "\n");
diff --git a/src/auth/SecureRemotePassword/srp.h b/src/auth/SecureRemotePassword/srp.h
@@ -84,8 +84,10 @@ template <class SHA> class SecureHash : public SHA
 
 class RemotePassword : public Firebird::GlobalStorage
 {
-private:
+public:
 	const RemoteGroup*		group;
+
+private:
 	Auth::SecureHash<Firebird::Sha1>	hash;
 	Firebird::BigInteger	privateKey;
 	Firebird::BigInteger	scramble;
@@ -118,11 +120,11 @@ class RemotePassword : public Firebird::GlobalStorage
 	void genClientKey(Firebird::string& clientPubKey);
 	void genServerKey(Firebird::string& serverPubKey, const Firebird::UCharBuffer& verifier);
 	void computeScramble();
+	void makePrivate();
+	Firebird::BigInteger setKey(const char* from);
 	void clientSessionKey(Firebird::UCharBuffer& sessionKey, const char* account,
-						  const char* salt, const char* password,
-						  const char* serverPubKey);
+						  const char* salt, const char* password);
 	void serverSessionKey(Firebird::UCharBuffer& sessionKey,
-						  const char* clientPubKey,
 						  const Firebird::UCharBuffer& verifier);
 	Firebird::BigInteger clientProof(const char* account,
 									 const char* salt,
