#370 don't convert xored strings to hex

totaam · totaam · commit de64e1ec5d38 · 2025-03-25T22:17:19.000+07:00
diff --git a/html5/js/Client.js b/html5/js/Client.js
@@ -2815,6 +2815,7 @@ class XpraClient {
     const client = this;
 
     function call_do_process_challenge(password) {
+      Utilities.clog("call_do_process_challenge(", password, ")");
       if (!client || !client.protocol) {
         return;
       }
@@ -2878,16 +2879,29 @@ class XpraClient {
     this.clog("using", salt_digest);
     Utilities.gendigest(salt_digest, client_salt, server_salt)
       .then(salt => {
-        this.clog(salt_digest, ":", Utilities.convertToHex(salt));
         const hex_salt = Utilities.convertToHex(salt);
+        this.clog(salt_digest, ":", hex_salt);
+        if (challenge_digest == "xor") {
+          // shortcut: no need for async API, do not convert the result to hex
+          const xored = Utilities.xor(password, hex_salt);
+          this.do_send_hello(xored, client_salt);
+          return;
+        }
+
         Utilities.gendigest(challenge_digest, password, hex_salt)
           .then(challenge_response => {
             const hex_challenge = Utilities.convertToHex(challenge_response);
             this.do_send_hello(hex_challenge, client_salt)
           })
-          .catch(err => this.disconnect("failed to generate challenge response: " + err));
+          .catch(err => {
+            this.cerror("challenge digest error", err);
+            this.disconnect("failed to generate challenge response " + err);
+          });
       })
-      .catch(err => this.disconnect("failed to generate salt: " + err));
+      .catch(err => {
+        this.cerror("salt digest error", err);
+        this.disconnect("failed to generate challenge response " + err);
+      });
   }
 
   _send_ping() {
diff --git a/html5/js/Utilities.js b/html5/js/Utilities.js
@@ -95,7 +95,13 @@ const Utilities = {
     return new Uint8Array(value);
   },
 
+  xor(str1, str2) {
+    const trimmed_str2 = str2.slice(0, str1.length);
+    return Utilities.xorString(str1, trimmed_str2);
+  },
+
   gendigest(digest, password, salt) {
+    Utilities.clog("gendigest(", digest, ", ", password, ", ", salt, ")");
     if (digest == "xor") {
       const trimmed_salt = salt.slice(0, password.length);
       // Utilities.debug("xoring with trimmed salt:", Utilities.convertToHex(trimmed_salt));
@@ -121,6 +127,8 @@ const Utilities = {
     }
 
     const promise = new Promise(function(resolve, reject) {
+      Utilities.clog("crypto.subtle=", crypto.subtle);
+      Utilities.clog("crypto.subtle.importKey=", crypto.subtle.importKey);
       crypto.subtle.importKey("raw", Utilities.u8(password), {
           name: "HMAC",
           hash: hash
