Mercurial > pidgin
annotate libpurple/protocols/jabber/auth_scram.c @ 32809:5617be6a8413
Use insertAdjacentHtml instead of document.write. This seems a lot
better since it correctly applies styles and adds elements to the DOM,
which then show up in the inspector.
author | Elliott Sales de Andrade <qulogic@pidgin.im> |
---|---|
date | Thu, 31 May 2012 03:42:49 +0000 |
parents | 065d7229dff8 |
children |
rev | line source |
---|---|
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
1 /* |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
2 * purple - Jabber Protocol Plugin |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
3 * |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
4 * Purple is the legal property of its developers, whose names are too numerous |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
5 * to list here. Please refer to the COPYRIGHT file distributed with this |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
6 * source distribution. |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
7 * |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
8 * This program is free software; you can redistribute it and/or modify |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
9 * it under the terms of the GNU General Public License as published by |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
10 * the Free Software Foundation; either version 2 of the License, or |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
11 * (at your option) any later version. |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
12 * |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
13 * This program is distributed in the hope that it will be useful, |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
16 * GNU General Public License for more details. |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
17 * |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
18 * You should have received a copy of the GNU General Public License |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
19 * along with this program; if not, write to the Free Software |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
21 * |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
22 */ |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
23 #include "internal.h" |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
24 |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
25 #include "auth.h" |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
26 #include "auth_scram.h" |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
27 |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
28 #include "cipher.h" |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
29 #include "debug.h" |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
30 |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
31 static const JabberScramHash hashes[] = { |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
32 { "-SHA-1", "sha1", 20 }, |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
33 }; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
34 |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
35 static const JabberScramHash *mech_to_hash(const char *mech) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
36 { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
37 int i; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
38 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
39 g_return_val_if_fail(mech != NULL && *mech != '\0', NULL); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
40 |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
41 for (i = 0; i < G_N_ELEMENTS(hashes); ++i) { |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
42 if (strstr(mech, hashes[i].mech_substr)) |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
43 return &(hashes[i]); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
44 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
45 |
28712
40a46992c728
jabber: Interop with Prosody (via Tobias' code). Hooray!
Paul Aurich <paul@darkrain42.org>
parents:
28711
diff
changeset
|
46 purple_debug_error("jabber", "Unknown SCRAM mechanism %s\n", mech); |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
47 g_return_val_if_reached(NULL); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
48 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
49 |
29844
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
50 static const struct { |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
51 const char *error; |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
52 const char *meaning; |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
53 } server_errors[] = { |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
54 { "invalid-encoding", |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
55 N_("Invalid Encoding")}, |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
56 { "extensions-not-supported", |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
57 N_("Unsupported Extension") }, |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
58 { "channel-bindings-dont-match", |
29845
ce87ffff1fcc
jabber: This is waaaaay more verbose, but has a hope of being approachable.
Paul Aurich <paul@darkrain42.org>
parents:
29844
diff
changeset
|
59 N_("Unexpected response from the server. This may indicate a possible MITM attack") }, |
29844
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
60 { "server-does-support-channel-binding", |
29845
ce87ffff1fcc
jabber: This is waaaaay more verbose, but has a hope of being approachable.
Paul Aurich <paul@darkrain42.org>
parents:
29844
diff
changeset
|
61 N_("The server does support channel binding, but did not appear to advertise it. This indicates a likely MITM attack") }, |
29844
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
62 { "channel-binding-not-supported", |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
63 N_("Server does not support channel binding") }, |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
64 { "unsupported-channel-binding-type", |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
65 N_("Unsupported channel binding method") }, |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
66 { "unknown-user", |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
67 N_("User not found") }, |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
68 { "invalid-username-encoding", |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
69 N_("Invalid Username Encoding") }, |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
70 { "no-resources", |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
71 N_("Resource Constraint") }, |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
72 { "other-error", |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
73 N_("Unknown Error") } |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
74 }; |
9882971c8085
jabber: Check in some new strings under the freeze radar (no code yet).
Paul Aurich <paul@darkrain42.org>
parents:
29755
diff
changeset
|
75 |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
76 guchar *jabber_scram_hi(const JabberScramHash *hash, const GString *str, |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
77 GString *salt, guint iterations) |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
78 { |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
79 PurpleCipherContext *context; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
80 guchar *result; |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
81 guint i; |
28705
ec843b380a1d
How is it that there's no programmatic way to get the output size of the hash functions without resorting to a hardcoded table? Or did I miss something?
Paul Aurich <paul@darkrain42.org>
parents:
28704
diff
changeset
|
82 guchar *prev, *tmp; |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
83 |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
84 g_return_val_if_fail(hash != NULL, NULL); |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
85 g_return_val_if_fail(str != NULL && str->len > 0, NULL); |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
86 g_return_val_if_fail(salt != NULL && salt->len > 0, NULL); |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
87 g_return_val_if_fail(iterations > 0, NULL); |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
88 |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
89 prev = g_new0(guint8, hash->size); |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
90 tmp = g_new0(guint8, hash->size); |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
91 result = g_new0(guint8, hash->size); |
28705
ec843b380a1d
How is it that there's no programmatic way to get the output size of the hash functions without resorting to a hardcoded table? Or did I miss something?
Paul Aurich <paul@darkrain42.org>
parents:
28704
diff
changeset
|
92 |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
93 context = purple_cipher_context_new_by_name("hmac", NULL); |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
94 |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
95 /* Append INT(1), a four-octet encoding of the integer 1, most significant |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
96 * octet first. */ |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
97 g_string_append_len(salt, "\0\0\0\1", 4); |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
98 |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
99 /* Compute U0 */ |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
100 purple_cipher_context_set_option(context, "hash", (gpointer)hash->name); |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
101 purple_cipher_context_set_key_with_len(context, (guchar *)str->str, str->len); |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
102 purple_cipher_context_append(context, (guchar *)salt->str, salt->len); |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
103 purple_cipher_context_digest(context, hash->size, result, NULL); |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
104 |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
105 memcpy(prev, result, hash->size); |
28704
398ff52e7d62
Fix the Hi() function and actually 'mtn add' the test file.
Paul Aurich <paul@darkrain42.org>
parents:
28703
diff
changeset
|
106 |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
107 /* Compute U1...Ui */ |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
108 for (i = 1; i < iterations; ++i) { |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
109 guint j; |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
110 purple_cipher_context_set_option(context, "hash", (gpointer)hash->name); |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
111 purple_cipher_context_set_key_with_len(context, (guchar *)str->str, str->len); |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
112 purple_cipher_context_append(context, prev, hash->size); |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
113 purple_cipher_context_digest(context, hash->size, tmp, NULL); |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
114 |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
115 for (j = 0; j < hash->size; ++j) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
116 result[j] ^= tmp[j]; |
28704
398ff52e7d62
Fix the Hi() function and actually 'mtn add' the test file.
Paul Aurich <paul@darkrain42.org>
parents:
28703
diff
changeset
|
117 |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
118 memcpy(prev, tmp, hash->size); |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
119 } |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
120 |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
121 purple_cipher_context_destroy(context); |
28706
2b4465db73f1
Clean up the two temporary buffers.
Paul Aurich <paul@darkrain42.org>
parents:
28705
diff
changeset
|
122 g_free(tmp); |
2b4465db73f1
Clean up the two temporary buffers.
Paul Aurich <paul@darkrain42.org>
parents:
28705
diff
changeset
|
123 g_free(prev); |
28703
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
124 return result; |
338eeaf371e2
jabber: Add the Hi() function (PBKDF2).
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
125 } |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
126 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
127 /* |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
128 * Helper functions for doing the SCRAM calculations. The first argument |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
129 * is the hash algorithm. All buffers must be of the appropriate size |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
130 * according to the JabberScramHash. |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
131 * |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
132 * "str" is a NULL-terminated string for hmac(). |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
133 * |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
134 * Needless to say, these are fragile. |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
135 */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
136 static void |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
137 hmac(const JabberScramHash *hash, guchar *out, const guchar *key, const gchar *str) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
138 { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
139 PurpleCipherContext *context; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
140 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
141 context = purple_cipher_context_new_by_name("hmac", NULL); |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
142 purple_cipher_context_set_option(context, "hash", (gpointer)hash->name); |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
143 purple_cipher_context_set_key_with_len(context, key, hash->size); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
144 purple_cipher_context_append(context, (guchar *)str, strlen(str)); |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
145 purple_cipher_context_digest(context, hash->size, out, NULL); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
146 purple_cipher_context_destroy(context); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
147 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
148 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
149 static void |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
150 hash(const JabberScramHash *hash, guchar *out, const guchar *data) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
151 { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
152 PurpleCipherContext *context; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
153 |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
154 context = purple_cipher_context_new_by_name(hash->name, NULL); |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
155 purple_cipher_context_append(context, data, hash->size); |
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
156 purple_cipher_context_digest(context, hash->size, out, NULL); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
157 purple_cipher_context_destroy(context); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
158 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
159 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
160 gboolean |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
161 jabber_scram_calc_proofs(JabberScramData *data, GString *salt, guint iterations) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
162 { |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
163 guint hash_len = data->hash->size; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
164 guint i; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
165 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
166 GString *pass = g_string_new(data->password); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
167 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
168 guchar *salted_password; |
28752
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
169 guchar *client_key, *stored_key, *client_signature, *server_key; |
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
170 |
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
171 client_key = g_new0(guchar, hash_len); |
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
172 stored_key = g_new0(guchar, hash_len); |
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
173 client_signature = g_new0(guchar, hash_len); |
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
174 server_key = g_new0(guchar, hash_len); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
175 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
176 data->client_proof = g_string_sized_new(hash_len); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
177 data->client_proof->len = hash_len; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
178 data->server_signature = g_string_sized_new(hash_len); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
179 data->server_signature->len = hash_len; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
180 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
181 salted_password = jabber_scram_hi(data->hash, pass, salt, iterations); |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
182 |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
183 memset(pass->str, 0, pass->allocated_len); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
184 g_string_free(pass, TRUE); |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
185 |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
186 if (!salted_password) |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
187 return FALSE; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
188 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
189 /* client_key = HMAC(salted_password, "Client Key") */ |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
190 hmac(data->hash, client_key, salted_password, "Client Key"); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
191 /* server_key = HMAC(salted_password, "Server Key") */ |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
192 hmac(data->hash, server_key, salted_password, "Server Key"); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
193 g_free(salted_password); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
194 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
195 /* stored_key = HASH(client_key) */ |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
196 hash(data->hash, stored_key, client_key); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
197 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
198 /* client_signature = HMAC(stored_key, auth_message) */ |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
199 hmac(data->hash, client_signature, stored_key, data->auth_message->str); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
200 /* server_signature = HMAC(server_key, auth_message) */ |
28722
1c1910b17ae5
jabber: Clean up the SCRAM code a little.
Paul Aurich <paul@darkrain42.org>
parents:
28721
diff
changeset
|
201 hmac(data->hash, (guchar *)data->server_signature->str, server_key, data->auth_message->str); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
202 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
203 /* client_proof = client_key XOR client_signature */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
204 for (i = 0; i < hash_len; ++i) |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
205 data->client_proof->str[i] = client_key[i] ^ client_signature[i]; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
206 |
28752
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
207 g_free(server_key); |
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
208 g_free(client_signature); |
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
209 g_free(stored_key); |
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
210 g_free(client_key); |
a6cd1db77aee
jabber: Ugh, make this C89-compliant. Bah.
Paul Aurich <paul@darkrain42.org>
parents:
28725
diff
changeset
|
211 |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
212 return TRUE; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
213 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
214 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
215 static gboolean |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
216 parse_server_step1(JabberScramData *data, const char *challenge, |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
217 gchar **out_nonce, GString **out_salt, guint *out_iterations) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
218 { |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
219 char **tokens; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
220 char *token, *decoded, *tmp; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
221 gsize len; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
222 char *nonce = NULL; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
223 GString *salt = NULL; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
224 guint iterations; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
225 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
226 tokens = g_strsplit(challenge, ",", -1); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
227 if (tokens == NULL) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
228 return FALSE; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
229 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
230 token = tokens[0]; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
231 if (token[0] != 'r' || token[1] != '=') |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
232 goto err; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
233 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
234 /* Ensure that the first cnonce_len bytes of the nonce are the original |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
235 * cnonce we sent to the server. |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
236 */ |
28711
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
237 if (0 != strncmp(data->cnonce, token + 2, strlen(data->cnonce))) |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
238 goto err; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
239 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
240 nonce = g_strdup(token + 2); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
241 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
242 /* The Salt, base64-encoded */ |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
243 token = tokens[1]; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
244 if (token[0] != 's' || token[1] != '=') |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
245 goto err; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
246 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
247 decoded = (gchar *)purple_base64_decode(token + 2, &len); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
248 if (!decoded || *decoded == '\0') { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
249 g_free(decoded); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
250 goto err; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
251 } |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
252 salt = g_string_new_len(decoded, len); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
253 g_free(decoded); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
254 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
255 /* The iteration count */ |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
256 token = tokens[2]; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
257 if (token[0] != 'i' || token[1] != '=' || token[2] == '\0') |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
258 goto err; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
259 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
260 /* Validate the string */ |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
261 for (tmp = token + 2; *tmp; ++tmp) |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
262 if (!g_ascii_isdigit(*tmp)) |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
263 goto err; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
264 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
265 iterations = strtoul(token + 2, NULL, 10); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
266 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
267 g_strfreev(tokens); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
268 *out_nonce = nonce; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
269 *out_salt = salt; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
270 *out_iterations = iterations; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
271 return TRUE; |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
272 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
273 err: |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
274 g_free(nonce); |
28711
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
275 if (salt) |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
276 g_string_free(salt, TRUE); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
277 g_strfreev(tokens); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
278 return FALSE; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
279 } |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
280 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
281 static gboolean |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
282 parse_server_step2(JabberScramData *data, const char *challenge, gchar **out_verifier) |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
283 { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
284 char **tokens; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
285 char *token; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
286 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
287 tokens = g_strsplit(challenge, ",", -1); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
288 if (tokens == NULL) |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
289 return FALSE; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
290 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
291 token = tokens[0]; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
292 if (token[0] != 'v' || token[1] != '=' || token[2] == '\0') { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
293 g_strfreev(tokens); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
294 return FALSE; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
295 } |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
296 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
297 *out_verifier = g_strdup(token + 2); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
298 g_strfreev(tokens); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
299 return TRUE; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
300 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
301 |
28711
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
302 gboolean |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
303 jabber_scram_feed_parser(JabberScramData *data, gchar *in, gchar **out) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
304 { |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
305 gboolean ret; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
306 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
307 g_return_val_if_fail(data != NULL, FALSE); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
308 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
309 g_string_append_c(data->auth_message, ','); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
310 g_string_append(data->auth_message, in); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
311 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
312 if (data->step == 1) { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
313 gchar *nonce, *proof; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
314 GString *salt; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
315 guint iterations; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
316 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
317 ret = parse_server_step1(data, in, &nonce, &salt, &iterations); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
318 if (!ret) |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
319 return FALSE; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
320 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
321 g_string_append_c(data->auth_message, ','); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
322 |
28711
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
323 /* "biws" is the base64 encoding of "n,,". I promise. */ |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
324 g_string_append_printf(data->auth_message, "c=%s,r=%s", "biws", nonce); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
325 #ifdef CHANNEL_BINDING |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
326 #error fix this |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
327 #endif |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
328 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
329 ret = jabber_scram_calc_proofs(data, salt, iterations); |
29755 | 330 |
331 g_string_free(salt, TRUE); | |
332 salt = NULL; | |
333 if (!ret) { | |
334 g_free(nonce); | |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
335 return FALSE; |
29755 | 336 } |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
337 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
338 proof = purple_base64_encode((guchar *)data->client_proof->str, data->client_proof->len); |
28711
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
339 *out = g_strdup_printf("c=%s,r=%s,p=%s", "biws", nonce, proof); |
29755 | 340 g_free(nonce); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
341 g_free(proof); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
342 } else if (data->step == 2) { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
343 gchar *server_sig, *enc_server_sig; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
344 gsize len; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
345 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
346 ret = parse_server_step2(data, in, &enc_server_sig); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
347 if (!ret) |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
348 return FALSE; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
349 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
350 server_sig = (gchar *)purple_base64_decode(enc_server_sig, &len); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
351 g_free(enc_server_sig); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
352 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
353 if (server_sig == NULL || len != data->server_signature->len) { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
354 g_free(server_sig); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
355 return FALSE; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
356 } |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
357 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
358 if (0 != memcmp(server_sig, data->server_signature->str, len)) { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
359 g_free(server_sig); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
360 return FALSE; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
361 } |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
362 g_free(server_sig); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
363 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
364 *out = NULL; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
365 } else { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
366 purple_debug_error("jabber", "SCRAM: There is no step %d\n", data->step); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
367 return FALSE; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
368 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
369 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
370 return TRUE; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
371 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
372 |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
373 static gchar *escape_username(const gchar *in) |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
374 { |
28721
f10741a709a9
jabber: Should have looked for this function earlier.
Paul Aurich <paul@darkrain42.org>
parents:
28717
diff
changeset
|
375 gchar *tmp, *tmp2; |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
376 |
28721
f10741a709a9
jabber: Should have looked for this function earlier.
Paul Aurich <paul@darkrain42.org>
parents:
28717
diff
changeset
|
377 tmp = purple_strreplace(in, "=", "=3D"); |
31258
065d7229dff8
jabber: Oops. Clearly the wrong escape sequence here for ','.
Paul Aurich <paul@darkrain42.org>
parents:
30008
diff
changeset
|
378 tmp2 = purple_strreplace(tmp, ",", "=2C"); |
28721
f10741a709a9
jabber: Should have looked for this function earlier.
Paul Aurich <paul@darkrain42.org>
parents:
28717
diff
changeset
|
379 g_free(tmp); |
f10741a709a9
jabber: Should have looked for this function earlier.
Paul Aurich <paul@darkrain42.org>
parents:
28717
diff
changeset
|
380 return tmp2; |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
381 } |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
382 |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
383 static JabberSaslState |
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28752
diff
changeset
|
384 scram_start(JabberStream *js, xmlnode *mechanisms, xmlnode **out, char **error) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
385 { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
386 xmlnode *reply; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
387 JabberScramData *data; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
388 guint64 cnonce; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
389 #ifdef CHANNEL_BINDING |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
390 gboolean binding_supported = TRUE; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
391 #endif |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
392 gchar *dec_out, *enc_out; |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
393 gchar *prepped_node, *tmp; |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
394 gchar *prepped_pass; |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
395 |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
396 prepped_node = jabber_saslprep(js->user->node); |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
397 if (!prepped_node) { |
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28752
diff
changeset
|
398 *error = g_strdup(_("Unable to canonicalize username")); |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
399 return JABBER_SASL_STATE_FAIL; |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
400 } |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
401 |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
402 tmp = escape_username(prepped_node); |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
403 g_free(prepped_node); |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
404 prepped_node = tmp; |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
405 |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
406 prepped_pass = jabber_saslprep(purple_connection_get_password(js->gc)); |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
407 if (!prepped_pass) { |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
408 g_free(prepped_node); |
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28752
diff
changeset
|
409 *error = g_strdup(_("Unable to canonicalize password")); |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
410 return JABBER_SASL_STATE_FAIL; |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
411 } |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
412 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
413 data = js->auth_mech_data = g_new0(JabberScramData, 1); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
414 data->hash = mech_to_hash(js->auth_mech->name); |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
415 data->password = prepped_pass; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
416 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
417 #ifdef CHANNEL_BINDING |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
418 if (strstr(js->auth_mech_name, "-PLUS")) |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
419 data->channel_binding = TRUE; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
420 #endif |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
421 cnonce = ((guint64)g_random_int() << 32) | g_random_int(); |
28712
40a46992c728
jabber: Interop with Prosody (via Tobias' code). Hooray!
Paul Aurich <paul@darkrain42.org>
parents:
28711
diff
changeset
|
422 data->cnonce = purple_base64_encode((guchar *)&cnonce, sizeof(cnonce)); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
423 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
424 data->auth_message = g_string_new(NULL); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
425 g_string_printf(data->auth_message, "n=%s,r=%s", |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
426 prepped_node, data->cnonce); |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
427 g_free(prepped_node); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
428 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
429 data->step = 1; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
430 |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
431 reply = xmlnode_new("auth"); |
28715
cea22db36ffc
jabber: Use NS_XMPP_SASL
Paul Aurich <paul@darkrain42.org>
parents:
28712
diff
changeset
|
432 xmlnode_set_namespace(reply, NS_XMPP_SASL); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
433 xmlnode_set_attrib(reply, "mechanism", js->auth_mech->name); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
434 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
435 /* TODO: Channel binding */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
436 dec_out = g_strdup_printf("%c,,%s", 'n', data->auth_message->str); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
437 enc_out = purple_base64_encode((guchar *)dec_out, strlen(dec_out)); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
438 purple_debug_misc("jabber", "initial SCRAM message '%s'\n", dec_out); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
439 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
440 xmlnode_insert_data(reply, enc_out, -1); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
441 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
442 g_free(enc_out); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
443 g_free(dec_out); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
444 |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
445 *out = reply; |
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
446 return JABBER_SASL_STATE_CONTINUE; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
447 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
448 |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
449 static JabberSaslState |
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28752
diff
changeset
|
450 scram_handle_challenge(JabberStream *js, xmlnode *challenge, xmlnode **out, char **error) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
451 { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
452 JabberScramData *data = js->auth_mech_data; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
453 xmlnode *reply; |
29755 | 454 gchar *enc_in, *dec_in = NULL; |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
455 gchar *enc_out = NULL, *dec_out = NULL; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
456 gsize len; |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
457 JabberSaslState state = JABBER_SASL_STATE_FAIL; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
458 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
459 enc_in = xmlnode_get_data(challenge); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
460 if (!enc_in || *enc_in == '\0') { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
461 reply = xmlnode_new("abort"); |
28715
cea22db36ffc
jabber: Use NS_XMPP_SASL
Paul Aurich <paul@darkrain42.org>
parents:
28712
diff
changeset
|
462 xmlnode_set_namespace(reply, NS_XMPP_SASL); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
463 data->step = -1; |
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28752
diff
changeset
|
464 *error = g_strdup(_("Invalid challenge from server")); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
465 goto out; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
466 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
467 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
468 dec_in = (gchar *)purple_base64_decode(enc_in, &len); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
469 if (!dec_in || len != strlen(dec_in)) { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
470 /* Danger afoot; SCRAM shouldn't contain NUL bytes */ |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
471 reply = xmlnode_new("abort"); |
28715
cea22db36ffc
jabber: Use NS_XMPP_SASL
Paul Aurich <paul@darkrain42.org>
parents:
28712
diff
changeset
|
472 xmlnode_set_namespace(reply, NS_XMPP_SASL); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
473 data->step = -1; |
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28752
diff
changeset
|
474 *error = g_strdup(_("Malicious challenge from server")); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
475 goto out; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
476 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
477 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
478 purple_debug_misc("jabber", "decoded challenge: %s\n", dec_in); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
479 |
28711
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
480 if (!jabber_scram_feed_parser(data, dec_in, &dec_out)) { |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
481 reply = xmlnode_new("abort"); |
28715
cea22db36ffc
jabber: Use NS_XMPP_SASL
Paul Aurich <paul@darkrain42.org>
parents:
28712
diff
changeset
|
482 xmlnode_set_namespace(reply, NS_XMPP_SASL); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
483 data->step = -1; |
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28752
diff
changeset
|
484 *error = g_strdup(_("Invalid challenge from server")); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
485 goto out; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
486 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
487 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
488 data->step += 1; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
489 |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
490 reply = xmlnode_new("response"); |
28715
cea22db36ffc
jabber: Use NS_XMPP_SASL
Paul Aurich <paul@darkrain42.org>
parents:
28712
diff
changeset
|
491 xmlnode_set_namespace(reply, NS_XMPP_SASL); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
492 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
493 purple_debug_misc("jabber", "decoded response: %s\n", dec_out ? dec_out : "(null)"); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
494 if (dec_out) { |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
495 enc_out = purple_base64_encode((guchar *)dec_out, strlen(dec_out)); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
496 xmlnode_insert_data(reply, enc_out, -1); |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
497 } |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
498 |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
499 state = JABBER_SASL_STATE_CONTINUE; |
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
500 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
501 out: |
29755 | 502 g_free(enc_in); |
503 g_free(dec_in); | |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
504 g_free(enc_out); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
505 g_free(dec_out); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
506 |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
507 *out = reply; |
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
508 return state; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
509 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
510 |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
511 static JabberSaslState |
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28752
diff
changeset
|
512 scram_handle_success(JabberStream *js, xmlnode *packet, char **error) |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
513 { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
514 JabberScramData *data = js->auth_mech_data; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
515 char *enc_in, *dec_in; |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
516 char *dec_out = NULL; |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
517 gsize len; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
518 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
519 enc_in = xmlnode_get_data(packet); |
30008
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
520 if (data->step != 3 && (!enc_in || *enc_in == '\0')) { |
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
521 *error = g_strdup(_("Invalid challenge from server")); |
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
522 g_free(enc_in); |
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
523 return JABBER_SASL_STATE_FAIL; |
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
524 } |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
525 |
30008
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
526 if (data->step == 3) { |
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
527 /* |
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
528 * If the server took the slow approach (sending the verifier |
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
529 * as a challenge/response pair), we get here. |
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
530 */ |
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
531 g_free(enc_in); |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
532 return JABBER_SASL_STATE_OK; |
30008
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
533 } |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
534 |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
535 if (data->step != 2) { |
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28752
diff
changeset
|
536 *error = g_strdup(_("Unexpected response from server")); |
30008
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
537 g_free(enc_in); |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
538 return JABBER_SASL_STATE_FAIL; |
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
539 } |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
540 |
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
541 dec_in = (gchar *)purple_base64_decode(enc_in, &len); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
542 g_free(enc_in); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
543 if (!dec_in || len != strlen(dec_in)) { |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
544 /* Danger afoot; SCRAM shouldn't contain NUL bytes */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
545 g_free(dec_in); |
30008
09ca9dfb2cfe
jabber: Fix a case where a broken server would hang the connection.
Paul Aurich <paul@darkrain42.org>
parents:
29845
diff
changeset
|
546 *error = g_strdup(_("Malicious challenge from server")); |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
547 return JABBER_SASL_STATE_FAIL; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
548 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
549 |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
550 purple_debug_misc("jabber", "decoded success: %s\n", dec_in); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
551 |
28711
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
552 if (!jabber_scram_feed_parser(data, dec_in, &dec_out) || dec_out != NULL) { |
29755 | 553 g_free(dec_in); |
28709
b0fb53868142
jabber: Handle the case where the server success-with-data is sent as a challenge/response pair.
Paul Aurich <paul@darkrain42.org>
parents:
28707
diff
changeset
|
554 g_free(dec_out); |
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28752
diff
changeset
|
555 *error = g_strdup(_("Invalid challenge from server")); |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
556 return JABBER_SASL_STATE_FAIL; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
557 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
558 |
29755 | 559 g_free(dec_in); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
560 /* Hooray */ |
28725
4f45aae3ace1
Let's try a more complex set of return states / values for auth mechs.
Paul Aurich <paul@darkrain42.org>
parents:
28722
diff
changeset
|
561 return JABBER_SASL_STATE_OK; |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
562 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
563 |
28711
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
564 void jabber_scram_data_destroy(JabberScramData *data) |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
565 { |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
566 g_free(data->cnonce); |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
567 if (data->auth_message) |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
568 g_string_free(data->auth_message, TRUE); |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
569 if (data->client_proof) |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
570 g_string_free(data->client_proof, TRUE); |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
571 if (data->server_signature) |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
572 g_string_free(data->server_signature, TRUE); |
28717
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
573 if (data->password) { |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
574 memset(data->password, 0, strlen(data->password)); |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
575 g_free(data->password); |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
576 } |
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
577 |
28711
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
578 g_free(data); |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
579 } |
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
580 |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
581 static void scram_dispose(JabberStream *js) |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
582 { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
583 if (js->auth_mech_data) { |
28711
65a34cce02e3
jabber: Fix up the remaining issues and add a test case that interoperates with gsasl. Woot.
Paul Aurich <paul@darkrain42.org>
parents:
28709
diff
changeset
|
584 jabber_scram_data_destroy(js->auth_mech_data); |
28707
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
585 js->auth_mech_data = NULL; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
586 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
587 } |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
588 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
589 static JabberSaslMech scram_sha1_mech = { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
590 50, /* priority */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
591 "SCRAM-SHA-1", /* name */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
592 scram_start, |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
593 scram_handle_challenge, |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
594 scram_handle_success, |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
595 NULL, /* handle_failure */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
596 scram_dispose |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
597 }; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
598 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
599 #ifdef CHANNEL_BINDING |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
600 /* With channel binding */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
601 static JabberSaslMech scram_sha1_plus_mech = { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
602 scram_sha1_mech.priority + 1, /* priority */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
603 "SCRAM-SHA-1-PLUS", /* name */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
604 scram_start, |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
605 scram_handle_challenge, |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
606 scram_handle_success, |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
607 NULL, /* handle_failure */ |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
608 scram_dispose |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
609 }; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
610 #endif |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
611 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
612 JabberSaslMech **jabber_auth_get_scram_mechs(gint *count) |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
613 { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
614 static JabberSaslMech *mechs[] = { |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
615 &scram_sha1_mech, |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
616 #ifdef CHANNEL_BINDING |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
617 &scram_sha1_plus_mech, |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
618 #endif |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
619 }; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
620 |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
621 *count = G_N_ELEMENTS(mechs); |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
622 return mechs; |
c1d41b7484ff
jabber: Complete (though untested) SCRAM implementation.
Paul Aurich <paul@darkrain42.org>
parents:
28706
diff
changeset
|
623 } |