pidgin.yaz: libpurple/protocols/jabber/auth

annotate libpurple/protocols/jabber/auth_scram.c @ 32776:8c71a7e95f16

The PurpleConnection->inpa handle is now stored (if needed) within each protocol prpl's protocol_data.

author	andrew.victor@mxit.com
date	Tue, 18 Oct 2011 21:44:25 +0000
parents	065d7229dff8
children

rev	line source
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	1 /*
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	2 * purple - Jabber Protocol Plugin
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	3 *
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	4 * Purple is the legal property of its developers, whose names are too numerous
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	5 * to list here. Please refer to the COPYRIGHT file distributed with this
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	6 * source distribution.
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	7 *
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	8 * This program is free software; you can redistribute it and/or modify
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	9 * it under the terms of the GNU General Public License as published by
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	10 * the Free Software Foundation; either version 2 of the License, or
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	11 * (at your option) any later version.
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	12 *
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	13 * This program is distributed in the hope that it will be useful,
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	16 * GNU General Public License for more details.
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	17 *
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	18 * You should have received a copy of the GNU General Public License
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	19 * along with this program; if not, write to the Free Software
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	21 *
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	22 */
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	23 #include "internal.h"
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	24
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	25 #include "auth.h"
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	26 #include "auth_scram.h"
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	27
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	28 #include "cipher.h"
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	29 #include "debug.h"
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	30
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	31 static const JabberScramHash hashes[] = {
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	32 { "-SHA-1", "sha1", 20 },
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	33 };
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	34
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	35 static const JabberScramHash mech_to_hash(const char mech)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	36 {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	37 int i;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	38
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	39 g_return_val_if_fail(mech != NULL && *mech != '\0', NULL);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	40
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	41 for (i = 0; i < G_N_ELEMENTS(hashes); ++i) {
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	42 if (strstr(mech, hashes[i].mech_substr))
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	43 return &(hashes[i]);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	44 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	45
29094 40a46992c728 jabber: Interop with Prosody (via Tobias' code). Hooray! Paul Aurich <paul@darkrain42.org> parents: 29093 diff changeset	46 purple_debug_error("jabber", "Unknown SCRAM mechanism %s\n", mech);
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	47 g_return_val_if_reached(NULL);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	48 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	49
30259 9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	50 static const struct {
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	51 const char *error;
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	52 const char *meaning;
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	53 } server_errors[] = {
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	54 { "invalid-encoding",
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	55 N_("Invalid Encoding")},
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	56 { "extensions-not-supported",
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	57 N_("Unsupported Extension") },
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	58 { "channel-bindings-dont-match",
30260 ce87ffff1fcc jabber: This is waaaaay more verbose, but has a hope of being approachable. Paul Aurich <paul@darkrain42.org> parents: 30259 diff changeset	59 N_("Unexpected response from the server. This may indicate a possible MITM attack") },
30259 9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	60 { "server-does-support-channel-binding",
30260 ce87ffff1fcc jabber: This is waaaaay more verbose, but has a hope of being approachable. Paul Aurich <paul@darkrain42.org> parents: 30259 diff changeset	61 N_("The server does support channel binding, but did not appear to advertise it. This indicates a likely MITM attack") },
30259 9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	62 { "channel-binding-not-supported",
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	63 N_("Server does not support channel binding") },
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	64 { "unsupported-channel-binding-type",
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	65 N_("Unsupported channel binding method") },
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	66 { "unknown-user",
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	67 N_("User not found") },
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	68 { "invalid-username-encoding",
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	69 N_("Invalid Username Encoding") },
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	70 { "no-resources",
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	71 N_("Resource Constraint") },
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	72 { "other-error",
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	73 N_("Unknown Error") }
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	74 };
9882971c8085 jabber: Check in some new strings under the freeze radar (no code yet). Paul Aurich <paul@darkrain42.org> parents: 30167 diff changeset	75
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	76 guchar jabber_scram_hi(const JabberScramHash hash, const GString *str,
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	77 GString *salt, guint iterations)
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	78 {
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	79 PurpleCipherContext *context;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	80 guchar *result;
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	81 guint i;
29087 ec843b380a1d How is it that there's no programmatic way to get the output size of the hash functions without resorting to a hardcoded table? Or did I miss something? Paul Aurich <paul@darkrain42.org> parents: 29086 diff changeset	82 guchar prev, tmp;
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	83
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	84 g_return_val_if_fail(hash != NULL, NULL);
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	85 g_return_val_if_fail(str != NULL && str->len > 0, NULL);
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	86 g_return_val_if_fail(salt != NULL && salt->len > 0, NULL);
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	87 g_return_val_if_fail(iterations > 0, NULL);
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	88
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	89 prev = g_new0(guint8, hash->size);
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	90 tmp = g_new0(guint8, hash->size);
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	91 result = g_new0(guint8, hash->size);
29087 ec843b380a1d How is it that there's no programmatic way to get the output size of the hash functions without resorting to a hardcoded table? Or did I miss something? Paul Aurich <paul@darkrain42.org> parents: 29086 diff changeset	92
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	93 context = purple_cipher_context_new_by_name("hmac", NULL);
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	94
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	95 /* Append INT(1), a four-octet encoding of the integer 1, most significant
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	96 * octet first. */
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	97 g_string_append_len(salt, "\0\0\0\1", 4);
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	98
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	99 /* Compute U0 */
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	100 purple_cipher_context_set_option(context, "hash", (gpointer)hash->name);
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	101 purple_cipher_context_set_key_with_len(context, (guchar *)str->str, str->len);
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	102 purple_cipher_context_append(context, (guchar *)salt->str, salt->len);
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	103 purple_cipher_context_digest(context, hash->size, result, NULL);
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	104
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	105 memcpy(prev, result, hash->size);
29086 398ff52e7d62 Fix the Hi() function and actually 'mtn add' the test file. Paul Aurich <paul@darkrain42.org> parents: 29085 diff changeset	106
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	107 /* Compute U1...Ui */
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	108 for (i = 1; i < iterations; ++i) {
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	109 guint j;
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	110 purple_cipher_context_set_option(context, "hash", (gpointer)hash->name);
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	111 purple_cipher_context_set_key_with_len(context, (guchar *)str->str, str->len);
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	112 purple_cipher_context_append(context, prev, hash->size);
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	113 purple_cipher_context_digest(context, hash->size, tmp, NULL);
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	114
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	115 for (j = 0; j < hash->size; ++j)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	116 result[j] ^= tmp[j];
29086 398ff52e7d62 Fix the Hi() function and actually 'mtn add' the test file. Paul Aurich <paul@darkrain42.org> parents: 29085 diff changeset	117
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	118 memcpy(prev, tmp, hash->size);
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	119 }
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	120
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	121 purple_cipher_context_destroy(context);
29088 2b4465db73f1 Clean up the two temporary buffers. Paul Aurich <paul@darkrain42.org> parents: 29087 diff changeset	122 g_free(tmp);
2b4465db73f1 Clean up the two temporary buffers. Paul Aurich <paul@darkrain42.org> parents: 29087 diff changeset	123 g_free(prev);
29085 338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	124 return result;
338eeaf371e2 jabber: Add the Hi() function (PBKDF2). Paul Aurich <paul@darkrain42.org> parents: diff changeset	125 }
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	126
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	127 /*
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	128 * Helper functions for doing the SCRAM calculations. The first argument
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	129 * is the hash algorithm. All buffers must be of the appropriate size
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	130 * according to the JabberScramHash.
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	131 *
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	132 * "str" is a NULL-terminated string for hmac().
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	133 *
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	134 * Needless to say, these are fragile.
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	135 */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	136 static void
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	137 hmac(const JabberScramHash hash, guchar out, const guchar key, const gchar str)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	138 {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	139 PurpleCipherContext *context;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	140
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	141 context = purple_cipher_context_new_by_name("hmac", NULL);
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	142 purple_cipher_context_set_option(context, "hash", (gpointer)hash->name);
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	143 purple_cipher_context_set_key_with_len(context, key, hash->size);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	144 purple_cipher_context_append(context, (guchar *)str, strlen(str));
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	145 purple_cipher_context_digest(context, hash->size, out, NULL);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	146 purple_cipher_context_destroy(context);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	147 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	148
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	149 static void
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	150 hash(const JabberScramHash hash, guchar out, const guchar *data)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	151 {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	152 PurpleCipherContext *context;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	153
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	154 context = purple_cipher_context_new_by_name(hash->name, NULL);
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	155 purple_cipher_context_append(context, data, hash->size);
1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	156 purple_cipher_context_digest(context, hash->size, out, NULL);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	157 purple_cipher_context_destroy(context);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	158 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	159
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	160 gboolean
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	161 jabber_scram_calc_proofs(JabberScramData data, GString salt, guint iterations)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	162 {
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	163 guint hash_len = data->hash->size;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	164 guint i;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	165
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	166 GString *pass = g_string_new(data->password);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	167
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	168 guchar *salted_password;
29134 a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	169 guchar client_key, stored_key, client_signature, server_key;
a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	170
a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	171 client_key = g_new0(guchar, hash_len);
a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	172 stored_key = g_new0(guchar, hash_len);
a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	173 client_signature = g_new0(guchar, hash_len);
a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	174 server_key = g_new0(guchar, hash_len);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	175
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	176 data->client_proof = g_string_sized_new(hash_len);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	177 data->client_proof->len = hash_len;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	178 data->server_signature = g_string_sized_new(hash_len);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	179 data->server_signature->len = hash_len;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	180
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	181 salted_password = jabber_scram_hi(data->hash, pass, salt, iterations);
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	182
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	183 memset(pass->str, 0, pass->allocated_len);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	184 g_string_free(pass, TRUE);
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	185
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	186 if (!salted_password)
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	187 return FALSE;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	188
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	189 /* client_key = HMAC(salted_password, "Client Key") */
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	190 hmac(data->hash, client_key, salted_password, "Client Key");
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	191 /* server_key = HMAC(salted_password, "Server Key") */
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	192 hmac(data->hash, server_key, salted_password, "Server Key");
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	193 g_free(salted_password);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	194
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	195 /* stored_key = HASH(client_key) */
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	196 hash(data->hash, stored_key, client_key);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	197
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	198 /* client_signature = HMAC(stored_key, auth_message) */
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	199 hmac(data->hash, client_signature, stored_key, data->auth_message->str);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	200 /* server_signature = HMAC(server_key, auth_message) */
29104 1c1910b17ae5 jabber: Clean up the SCRAM code a little. Paul Aurich <paul@darkrain42.org> parents: 29103 diff changeset	201 hmac(data->hash, (guchar *)data->server_signature->str, server_key, data->auth_message->str);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	202
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	203 /* client_proof = client_key XOR client_signature */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	204 for (i = 0; i < hash_len; ++i)
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	205 data->client_proof->str[i] = client_key[i] ^ client_signature[i];
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	206
29134 a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	207 g_free(server_key);
a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	208 g_free(client_signature);
a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	209 g_free(stored_key);
a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	210 g_free(client_key);
a6cd1db77aee jabber: Ugh, make this C89-compliant. Bah. Paul Aurich <paul@darkrain42.org> parents: 29107 diff changeset	211
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	212 return TRUE;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	213 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	214
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	215 static gboolean
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	216 parse_server_step1(JabberScramData data, const char challenge,
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	217 gchar out_nonce, GString out_salt, guint *out_iterations)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	218 {
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	219 char **tokens;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	220 char token, decoded, *tmp;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	221 gsize len;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	222 char *nonce = NULL;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	223 GString *salt = NULL;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	224 guint iterations;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	225
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	226 tokens = g_strsplit(challenge, ",", -1);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	227 if (tokens == NULL)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	228 return FALSE;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	229
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	230 token = tokens[0];
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	231 if (token[0] != 'r' \|\| token[1] != '=')
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	232 goto err;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	233
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	234 /* Ensure that the first cnonce_len bytes of the nonce are the original
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	235 * cnonce we sent to the server.
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	236 */
29093 65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	237 if (0 != strncmp(data->cnonce, token + 2, strlen(data->cnonce)))
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	238 goto err;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	239
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	240 nonce = g_strdup(token + 2);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	241
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	242 /* The Salt, base64-encoded */
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	243 token = tokens[1];
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	244 if (token[0] != 's' \|\| token[1] != '=')
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	245 goto err;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	246
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	247 decoded = (gchar *)purple_base64_decode(token + 2, &len);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	248 if (!decoded \|\| *decoded == '\0') {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	249 g_free(decoded);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	250 goto err;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	251 }
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	252 salt = g_string_new_len(decoded, len);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	253 g_free(decoded);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	254
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	255 /* The iteration count */
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	256 token = tokens[2];
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	257 if (token[0] != 'i' \|\| token[1] != '=' \|\| token[2] == '\0')
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	258 goto err;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	259
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	260 /* Validate the string */
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	261 for (tmp = token + 2; *tmp; ++tmp)
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	262 if (!g_ascii_isdigit(*tmp))
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	263 goto err;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	264
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	265 iterations = strtoul(token + 2, NULL, 10);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	266
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	267 g_strfreev(tokens);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	268 *out_nonce = nonce;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	269 *out_salt = salt;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	270 *out_iterations = iterations;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	271 return TRUE;
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	272
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	273 err:
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	274 g_free(nonce);
29093 65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	275 if (salt)
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	276 g_string_free(salt, TRUE);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	277 g_strfreev(tokens);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	278 return FALSE;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	279 }
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	280
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	281 static gboolean
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	282 parse_server_step2(JabberScramData data, const char challenge, gchar **out_verifier)
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	283 {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	284 char **tokens;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	285 char *token;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	286
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	287 tokens = g_strsplit(challenge, ",", -1);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	288 if (tokens == NULL)
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	289 return FALSE;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	290
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	291 token = tokens[0];
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	292 if (token[0] != 'v' \|\| token[1] != '=' \|\| token[2] == '\0') {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	293 g_strfreev(tokens);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	294 return FALSE;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	295 }
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	296
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	297 *out_verifier = g_strdup(token + 2);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	298 g_strfreev(tokens);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	299 return TRUE;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	300 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	301
29093 65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	302 gboolean
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	303 jabber_scram_feed_parser(JabberScramData data, gchar in, gchar **out)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	304 {
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	305 gboolean ret;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	306
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	307 g_return_val_if_fail(data != NULL, FALSE);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	308
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	309 g_string_append_c(data->auth_message, ',');
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	310 g_string_append(data->auth_message, in);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	311
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	312 if (data->step == 1) {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	313 gchar nonce, proof;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	314 GString *salt;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	315 guint iterations;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	316
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	317 ret = parse_server_step1(data, in, &nonce, &salt, &iterations);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	318 if (!ret)
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	319 return FALSE;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	320
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	321 g_string_append_c(data->auth_message, ',');
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	322
29093 65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	323 /* "biws" is the base64 encoding of "n,,". I promise. */
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	324 g_string_append_printf(data->auth_message, "c=%s,r=%s", "biws", nonce);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	325 #ifdef CHANNEL_BINDING
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	326 #error fix this
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	327 #endif
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	328
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	329 ret = jabber_scram_calc_proofs(data, salt, iterations);
30167 9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	330
9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	331 g_string_free(salt, TRUE);
9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	332 salt = NULL;
9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	333 if (!ret) {
9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	334 g_free(nonce);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	335 return FALSE;
30167 9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	336 }
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	337
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	338 proof = purple_base64_encode((guchar *)data->client_proof->str, data->client_proof->len);
29093 65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	339 *out = g_strdup_printf("c=%s,r=%s,p=%s", "biws", nonce, proof);
30167 9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	340 g_free(nonce);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	341 g_free(proof);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	342 } else if (data->step == 2) {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	343 gchar server_sig, enc_server_sig;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	344 gsize len;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	345
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	346 ret = parse_server_step2(data, in, &enc_server_sig);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	347 if (!ret)
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	348 return FALSE;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	349
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	350 server_sig = (gchar *)purple_base64_decode(enc_server_sig, &len);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	351 g_free(enc_server_sig);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	352
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	353 if (server_sig == NULL \|\| len != data->server_signature->len) {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	354 g_free(server_sig);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	355 return FALSE;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	356 }
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	357
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	358 if (0 != memcmp(server_sig, data->server_signature->str, len)) {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	359 g_free(server_sig);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	360 return FALSE;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	361 }
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	362 g_free(server_sig);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	363
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	364 *out = NULL;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	365 } else {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	366 purple_debug_error("jabber", "SCRAM: There is no step %d\n", data->step);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	367 return FALSE;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	368 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	369
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	370 return TRUE;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	371 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	372
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	373 static gchar escape_username(const gchar in)
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	374 {
29103 f10741a709a9 jabber: Should have looked for this function earlier. Paul Aurich <paul@darkrain42.org> parents: 29099 diff changeset	375 gchar tmp, tmp2;
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	376
29103 f10741a709a9 jabber: Should have looked for this function earlier. Paul Aurich <paul@darkrain42.org> parents: 29099 diff changeset	377 tmp = purple_strreplace(in, "=", "=3D");
31707 065d7229dff8 jabber: Oops. Clearly the wrong escape sequence here for ','. Paul Aurich <paul@darkrain42.org> parents: 30428 diff changeset	378 tmp2 = purple_strreplace(tmp, ",", "=2C");
29103 f10741a709a9 jabber: Should have looked for this function earlier. Paul Aurich <paul@darkrain42.org> parents: 29099 diff changeset	379 g_free(tmp);
f10741a709a9 jabber: Should have looked for this function earlier. Paul Aurich <paul@darkrain42.org> parents: 29099 diff changeset	380 return tmp2;
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	381 }
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	382
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	383 static JabberSaslState
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29134 diff changeset	384 scram_start(JabberStream js, xmlnode mechanisms, xmlnode out, char error)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	385 {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	386 xmlnode *reply;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	387 JabberScramData *data;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	388 guint64 cnonce;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	389 #ifdef CHANNEL_BINDING
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	390 gboolean binding_supported = TRUE;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	391 #endif
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	392 gchar dec_out, enc_out;
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	393 gchar prepped_node, tmp;
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	394 gchar *prepped_pass;
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	395
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	396 prepped_node = jabber_saslprep(js->user->node);
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	397 if (!prepped_node) {
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29134 diff changeset	398 *error = g_strdup(_("Unable to canonicalize username"));
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	399 return JABBER_SASL_STATE_FAIL;
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	400 }
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	401
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	402 tmp = escape_username(prepped_node);
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	403 g_free(prepped_node);
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	404 prepped_node = tmp;
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	405
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	406 prepped_pass = jabber_saslprep(purple_connection_get_password(js->gc));
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	407 if (!prepped_pass) {
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	408 g_free(prepped_node);
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29134 diff changeset	409 *error = g_strdup(_("Unable to canonicalize password"));
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	410 return JABBER_SASL_STATE_FAIL;
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	411 }
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	412
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	413 data = js->auth_mech_data = g_new0(JabberScramData, 1);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	414 data->hash = mech_to_hash(js->auth_mech->name);
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	415 data->password = prepped_pass;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	416
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	417 #ifdef CHANNEL_BINDING
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	418 if (strstr(js->auth_mech_name, "-PLUS"))
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	419 data->channel_binding = TRUE;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	420 #endif
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	421 cnonce = ((guint64)g_random_int() << 32) \| g_random_int();
29094 40a46992c728 jabber: Interop with Prosody (via Tobias' code). Hooray! Paul Aurich <paul@darkrain42.org> parents: 29093 diff changeset	422 data->cnonce = purple_base64_encode((guchar *)&cnonce, sizeof(cnonce));
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	423
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	424 data->auth_message = g_string_new(NULL);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	425 g_string_printf(data->auth_message, "n=%s,r=%s",
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	426 prepped_node, data->cnonce);
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	427 g_free(prepped_node);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	428
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	429 data->step = 1;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	430
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	431 reply = xmlnode_new("auth");
29097 cea22db36ffc jabber: Use NS_XMPP_SASL Paul Aurich <paul@darkrain42.org> parents: 29094 diff changeset	432 xmlnode_set_namespace(reply, NS_XMPP_SASL);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	433 xmlnode_set_attrib(reply, "mechanism", js->auth_mech->name);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	434
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	435 /* TODO: Channel binding */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	436 dec_out = g_strdup_printf("%c,,%s", 'n', data->auth_message->str);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	437 enc_out = purple_base64_encode((guchar *)dec_out, strlen(dec_out));
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	438 purple_debug_misc("jabber", "initial SCRAM message '%s'\n", dec_out);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	439
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	440 xmlnode_insert_data(reply, enc_out, -1);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	441
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	442 g_free(enc_out);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	443 g_free(dec_out);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	444
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	445 *out = reply;
4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	446 return JABBER_SASL_STATE_CONTINUE;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	447 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	448
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	449 static JabberSaslState
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29134 diff changeset	450 scram_handle_challenge(JabberStream js, xmlnode challenge, xmlnode out, char error)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	451 {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	452 JabberScramData *data = js->auth_mech_data;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	453 xmlnode *reply;
30167 9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	454 gchar enc_in, dec_in = NULL;
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	455 gchar enc_out = NULL, dec_out = NULL;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	456 gsize len;
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	457 JabberSaslState state = JABBER_SASL_STATE_FAIL;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	458
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	459 enc_in = xmlnode_get_data(challenge);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	460 if (!enc_in \|\| *enc_in == '\0') {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	461 reply = xmlnode_new("abort");
29097 cea22db36ffc jabber: Use NS_XMPP_SASL Paul Aurich <paul@darkrain42.org> parents: 29094 diff changeset	462 xmlnode_set_namespace(reply, NS_XMPP_SASL);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	463 data->step = -1;
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29134 diff changeset	464 *error = g_strdup(_("Invalid challenge from server"));
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	465 goto out;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	466 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	467
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	468 dec_in = (gchar *)purple_base64_decode(enc_in, &len);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	469 if (!dec_in \|\| len != strlen(dec_in)) {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	470 /* Danger afoot; SCRAM shouldn't contain NUL bytes */
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	471 reply = xmlnode_new("abort");
29097 cea22db36ffc jabber: Use NS_XMPP_SASL Paul Aurich <paul@darkrain42.org> parents: 29094 diff changeset	472 xmlnode_set_namespace(reply, NS_XMPP_SASL);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	473 data->step = -1;
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29134 diff changeset	474 *error = g_strdup(_("Malicious challenge from server"));
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	475 goto out;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	476 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	477
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	478 purple_debug_misc("jabber", "decoded challenge: %s\n", dec_in);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	479
29093 65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	480 if (!jabber_scram_feed_parser(data, dec_in, &dec_out)) {
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	481 reply = xmlnode_new("abort");
29097 cea22db36ffc jabber: Use NS_XMPP_SASL Paul Aurich <paul@darkrain42.org> parents: 29094 diff changeset	482 xmlnode_set_namespace(reply, NS_XMPP_SASL);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	483 data->step = -1;
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29134 diff changeset	484 *error = g_strdup(_("Invalid challenge from server"));
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	485 goto out;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	486 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	487
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	488 data->step += 1;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	489
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	490 reply = xmlnode_new("response");
29097 cea22db36ffc jabber: Use NS_XMPP_SASL Paul Aurich <paul@darkrain42.org> parents: 29094 diff changeset	491 xmlnode_set_namespace(reply, NS_XMPP_SASL);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	492
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	493 purple_debug_misc("jabber", "decoded response: %s\n", dec_out ? dec_out : "(null)");
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	494 if (dec_out) {
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	495 enc_out = purple_base64_encode((guchar *)dec_out, strlen(dec_out));
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	496 xmlnode_insert_data(reply, enc_out, -1);
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	497 }
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	498
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	499 state = JABBER_SASL_STATE_CONTINUE;
4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	500
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	501 out:
30167 9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	502 g_free(enc_in);
9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	503 g_free(dec_in);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	504 g_free(enc_out);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	505 g_free(dec_out);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	506
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	507 *out = reply;
4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	508 return state;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	509 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	510
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	511 static JabberSaslState
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29134 diff changeset	512 scram_handle_success(JabberStream js, xmlnode packet, char **error)
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	513 {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	514 JabberScramData *data = js->auth_mech_data;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	515 char enc_in, dec_in;
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	516 char *dec_out = NULL;
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	517 gsize len;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	518
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	519 enc_in = xmlnode_get_data(packet);
30428 09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	520 if (data->step != 3 && (!enc_in \|\| *enc_in == '\0')) {
09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	521 *error = g_strdup(_("Invalid challenge from server"));
09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	522 g_free(enc_in);
09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	523 return JABBER_SASL_STATE_FAIL;
09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	524 }
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	525
30428 09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	526 if (data->step == 3) {
09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	527 /*
09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	528 * If the server took the slow approach (sending the verifier
09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	529 * as a challenge/response pair), we get here.
09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	530 */
09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	531 g_free(enc_in);
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	532 return JABBER_SASL_STATE_OK;
30428 09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	533 }
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	534
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	535 if (data->step != 2) {
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29134 diff changeset	536 *error = g_strdup(_("Unexpected response from server"));
30428 09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	537 g_free(enc_in);
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	538 return JABBER_SASL_STATE_FAIL;
4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	539 }
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	540
b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	541 dec_in = (gchar *)purple_base64_decode(enc_in, &len);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	542 g_free(enc_in);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	543 if (!dec_in \|\| len != strlen(dec_in)) {
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	544 /* Danger afoot; SCRAM shouldn't contain NUL bytes */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	545 g_free(dec_in);
30428 09ca9dfb2cfe jabber: Fix a case where a broken server would hang the connection. Paul Aurich <paul@darkrain42.org> parents: 30260 diff changeset	546 *error = g_strdup(_("Malicious challenge from server"));
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	547 return JABBER_SASL_STATE_FAIL;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	548 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	549
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	550 purple_debug_misc("jabber", "decoded success: %s\n", dec_in);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	551
29093 65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	552 if (!jabber_scram_feed_parser(data, dec_in, &dec_out) \|\| dec_out != NULL) {
30167 9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	553 g_free(dec_in);
29091 b0fb53868142 jabber: Handle the case where the server success-with-data is sent as a challenge/response pair. Paul Aurich <paul@darkrain42.org> parents: 29089 diff changeset	554 g_free(dec_out);
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29134 diff changeset	555 *error = g_strdup(_("Invalid challenge from server"));
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	556 return JABBER_SASL_STATE_FAIL;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	557 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	558
30167 9134be6baaef jabber: --more leaks Paul Aurich <paul@darkrain42.org> parents: 29136 diff changeset	559 g_free(dec_in);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	560 /* Hooray */
29107 4f45aae3ace1 Let's try a more complex set of return states / values for auth mechs. Paul Aurich <paul@darkrain42.org> parents: 29104 diff changeset	561 return JABBER_SASL_STATE_OK;
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	562 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	563
29093 65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	564 void jabber_scram_data_destroy(JabberScramData *data)
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	565 {
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	566 g_free(data->cnonce);
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	567 if (data->auth_message)
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	568 g_string_free(data->auth_message, TRUE);
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	569 if (data->client_proof)
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	570 g_string_free(data->client_proof, TRUE);
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	571 if (data->server_signature)
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	572 g_string_free(data->server_signature, TRUE);
29099 464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	573 if (data->password) {
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	574 memset(data->password, 0, strlen(data->password));
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	575 g_free(data->password);
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	576 }
464d022d7d6e jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1. Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	577
29093 65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	578 g_free(data);
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	579 }
65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	580
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	581 static void scram_dispose(JabberStream *js)
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	582 {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	583 if (js->auth_mech_data) {
29093 65a34cce02e3 jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot. Paul Aurich <paul@darkrain42.org> parents: 29091 diff changeset	584 jabber_scram_data_destroy(js->auth_mech_data);
29089 c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	585 js->auth_mech_data = NULL;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	586 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	587 }
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	588
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	589 static JabberSaslMech scram_sha1_mech = {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	590 50, /* priority */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	591 "SCRAM-SHA-1", /* name */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	592 scram_start,
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	593 scram_handle_challenge,
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	594 scram_handle_success,
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	595 NULL, /* handle_failure */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	596 scram_dispose
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	597 };
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	598
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	599 #ifdef CHANNEL_BINDING
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	600 /* With channel binding */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	601 static JabberSaslMech scram_sha1_plus_mech = {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	602 scram_sha1_mech.priority + 1, /* priority */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	603 "SCRAM-SHA-1-PLUS", /* name */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	604 scram_start,
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	605 scram_handle_challenge,
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	606 scram_handle_success,
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	607 NULL, /* handle_failure */
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	608 scram_dispose
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	609 };
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	610 #endif
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	611
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	612 JabberSaslMech *jabber_auth_get_scram_mechs(gint count)
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	613 {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	614 static JabberSaslMech *mechs[] = {
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	615 &scram_sha1_mech,
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	616 #ifdef CHANNEL_BINDING
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	617 &scram_sha1_plus_mech,
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	618 #endif
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	619 };
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	620
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	621 *count = G_N_ELEMENTS(mechs);
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	622 return mechs;
c1d41b7484ff jabber: Complete (though untested) SCRAM implementation. Paul Aurich <paul@darkrain42.org> parents: 29088 diff changeset	623 }

Mercurial > pidgin.yaz

annotate libpurple/protocols/jabber/auth_scram.c @ 32776:8c71a7e95f16