Differences From Artifact [bdb2995bf2]:
- File
src/XMPPSCRAMAuth.m
— part of check-in
[cd21ff1157]
at
2018-11-05 22:30:18
on branch trunk
— Kill #ifdef HAVE_CONFIG_H
There no longer is an Xcode project for which it is needed. (user: js, size: 14354) [annotate] [blame] [check-ins using]
To Artifact [0d02b6cf21]:
- File src/XMPPSCRAMAuth.m — part of check-in [abf66b5c9b] at 2019-03-16 20:58:13 on branch trunk — Use dot syntax (user: js, size: 14256) [annotate] [blame] [check-ins using]
1 2 | /* * Copyright (c) 2011, Florian Zeitz <florob@babelmonkeys.de> | | | 1 2 3 4 5 6 7 8 9 10 | /* * Copyright (c) 2011, Florian Zeitz <florob@babelmonkeys.de> * Copyright (c) 2011, 2019, Jonathan Schleifer <js@webkeks.org> * * https://heap.zone/objxmpp/ * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice is present in all copies. * |
| ︙ | ︙ | |||
137 138 139 140 141 142 143 |
if (authzid) {
OFMutableString *new = [[authzid mutableCopy] autorelease];
[new replaceOccurrencesOfString: @"="
withString: @"=3D"];
[new replaceOccurrencesOfString: @","
withString: @"=2C"];
| > | > | | 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
if (authzid) {
OFMutableString *new = [[authzid mutableCopy] autorelease];
[new replaceOccurrencesOfString: @"="
withString: @"=3D"];
[new replaceOccurrencesOfString: @","
withString: @"=2C"];
[new makeImmutable];
_authzid = [new copy];
} else
_authzid = nil;
[old release];
}
- (void)setAuthcid: (OFString *)authcid
{
OFString *old = _authcid;
if (authcid) {
OFMutableString *new = [[authcid mutableCopy] autorelease];
[new replaceOccurrencesOfString: @"="
withString: @"=3D"];
[new replaceOccurrencesOfString: @","
withString: @"=2C"];
[new makeImmutable];
_authcid = [new copy];
} else
_authcid = nil;
[old release];
}
- (OFData *)initialMessage
|
| ︙ | ︙ | |||
189 190 191 192 193 194 195 | _cNonce = [[self xmpp_genNonce] retain]; [_clientFirstMessageBare release]; _clientFirstMessageBare = nil; _clientFirstMessageBare = [[OFString alloc] initWithFormat: @"n=%@,r=%@", _authcid, _cNonce]; | | | | | | 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 | _cNonce = [[self xmpp_genNonce] retain]; [_clientFirstMessageBare release]; _clientFirstMessageBare = nil; _clientFirstMessageBare = [[OFString alloc] initWithFormat: @"n=%@,r=%@", _authcid, _cNonce]; [ret addItems: _GS2Header.UTF8String count: _GS2Header.UTF8StringLength]; [ret addItems: _clientFirstMessageBare.UTF8String count: _clientFirstMessageBare.UTF8StringLength]; [ret makeImmutable]; return ret; } - (OFData *)continueWithData: (OFData *)data |
| ︙ | ︙ | |||
235 236 237 238 239 240 241 | GOT_ITERCOUNT = 0x04 } got = 0; hash = [[[_hashType alloc] init] autorelease]; ret = [OFMutableData data]; authMessage = [OFMutableData data]; | | | | | | | | | | | | | | | | | | | | | | | | | 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 |
GOT_ITERCOUNT = 0x04
} got = 0;
hash = [[[_hashType alloc] init] autorelease];
ret = [OFMutableData data];
authMessage = [OFMutableData data];
OFString *challenge = [OFString stringWithUTF8String: data.items
length: data.count *
data.itemSize];
for (OFString *component in
[challenge componentsSeparatedByString: @","]) {
OFString *entry = [component substringWithRange:
of_range(2, component.length - 2)];
if ([component hasPrefix: @"r="]) {
if (![entry hasPrefix: _cNonce])
@throw [XMPPAuthFailedException
exceptionWithConnection: nil
reason: @"Received wrong "
@"nonce"];
sNonce = entry;
got |= GOT_SNONCE;
} else if ([component hasPrefix: @"s="]) {
salt = [OFData dataWithBase64EncodedString: entry];
got |= GOT_SALT;
} else if ([component hasPrefix: @"i="]) {
iterCount = entry.decimalValue;
got |= GOT_ITERCOUNT;
}
}
if (got != (GOT_SNONCE | GOT_SALT | GOT_ITERCOUNT))
@throw [OFInvalidServerReplyException exception];
// Add c=<base64(GS2Header+channelBindingData)>
tmpArray = [OFMutableData dataWithItems: _GS2Header.UTF8String
count: _GS2Header.UTF8StringLength];
if (_plusAvailable && _connection.encrypted) {
OFData *channelBinding = [((SSLSocket *)[_connection socket])
channelBindingDataWithType: @"tls-unique"];
[tmpArray addItems: channelBinding.items
count: channelBinding.count];
}
tmpString = tmpArray.stringByBase64Encoding;
[ret addItems: "c="
count: 2];
[ret addItems: tmpString.UTF8String
count: tmpString.UTF8StringLength];
// Add r=<nonce>
[ret addItem: ","];
[ret addItems: "r="
count: 2];
[ret addItems: sNonce.UTF8String
count: sNonce.UTF8StringLength];
/*
* IETF RFC 5802:
* SaltedPassword := Hi(Normalize(password), salt, i)
*/
tmpArray = [OFMutableData dataWithItems: _password.UTF8String
count: _password.UTF8StringLength];
saltedPassword = [self xmpp_hiWithData: tmpArray
salt: salt
iterationCount: iterCount];
/*
* IETF RFC 5802:
* AuthMessage := client-first-message-bare + "," +
* server-first-message + "," +
* client-final-message-without-proof
*/
[authMessage addItems: _clientFirstMessageBare.UTF8String
count: _clientFirstMessageBare.UTF8StringLength];
[authMessage addItem: ","];
[authMessage addItems: data.items
count: data.count * data.itemSize];
[authMessage addItem: ","];
[authMessage addItems: ret.items
count: ret.count];
/*
* IETF RFC 5802:
* ClientKey := HMAC(SaltedPassword, "Client Key")
*/
clientKey = [self xmpp_HMACWithKey: saltedPassword
data: [OFData dataWithItems: "Client Key"
|
| ︙ | ︙ | |||
332 333 334 335 336 337 338 | length: [_hashType digestSize]]; /* * IETF RFC 5802: * ClientSignature := HMAC(StoredKey, AuthMessage) */ clientSignature = [self | | | | 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 | length: [_hashType digestSize]]; /* * IETF RFC 5802: * ClientSignature := HMAC(StoredKey, AuthMessage) */ clientSignature = [self xmpp_HMACWithKey: [OFData dataWithItems: hash.digest count: hash.digestSize] data: authMessage]; /* * IETF RFC 5802: * ServerKey := HMAC(SaltedPassword, "Server Key") */ serverKey = [self xmpp_HMACWithKey: saltedPassword |
| ︙ | ︙ | |||
371 372 373 374 375 376 377 | [tmpArray addItem: &c]; } // Add p=<base64(ClientProof)> [ret addItem: ","]; [ret addItems: "p=" count: 2]; | | | | | | | | | 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 |
[tmpArray addItem: &c];
}
// Add p=<base64(ClientProof)>
[ret addItem: ","];
[ret addItems: "p="
count: 2];
tmpString = tmpArray.stringByBase64Encoding;
[ret addItems: tmpString.UTF8String
count: tmpString.UTF8StringLength];
return ret;
}
- (OFData *)xmpp_parseServerFinalMessage: (OFData *)data
{
OFString *mess, *value;
/*
* server-final-message already received,
* we were just waiting for the last word from the server
*/
if (_authenticated)
return nil;
mess = [OFString stringWithUTF8String: data.items
length: data.count * data.itemSize];
value = [mess substringWithRange: of_range(2, mess.length - 2)];
if ([mess hasPrefix: @"v="]) {
if (![value isEqual: _serverSignature.stringByBase64Encoding])
@throw [XMPPAuthFailedException
exceptionWithConnection: nil
reason: @"Received wrong "
@"ServerSignature"];
_authenticated = true;
} else
@throw [XMPPAuthFailedException exceptionWithConnection: nil
|
| ︙ | ︙ | |||
437 438 439 440 441 442 443 |
{
void *pool = objc_autoreleasePoolPush();
OFMutableData *k = [OFMutableData data];
size_t i, kSize, blockSize = [_hashType blockSize];
uint8_t *kI = NULL, *kO = NULL;
id <OFCryptoHash> hashI, hashO;
| | | | | | | | | | | | | | | | | 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 |
{
void *pool = objc_autoreleasePoolPush();
OFMutableData *k = [OFMutableData data];
size_t i, kSize, blockSize = [_hashType blockSize];
uint8_t *kI = NULL, *kO = NULL;
id <OFCryptoHash> hashI, hashO;
if (key.itemSize * key.count > blockSize) {
hashI = [[[_hashType alloc] init] autorelease];
[hashI updateWithBuffer: key.items
length: key.itemSize * key.count];
[k addItems: hashI.digest
count: hashI.digestSize];
} else
[k addItems: key.items
count: key.itemSize * key.count];
@try {
kI = [self allocMemoryWithSize: blockSize];
kO = [self allocMemoryWithSize: blockSize];
kSize = k.count;
memcpy(kI, k.items, kSize);
memset(kI + kSize, 0, blockSize - kSize);
memcpy(kO, kI, blockSize);
for (i = 0; i < blockSize; i++) {
kI[i] ^= HMAC_IPAD;
kO[i] ^= HMAC_OPAD;
}
hashI = [[[_hashType alloc] init] autorelease];
[hashI updateWithBuffer: kI
length: blockSize];
[hashI updateWithBuffer: data.items
length: data.itemSize * data.count];
hashO = [[[_hashType alloc] init] autorelease];
[hashO updateWithBuffer: kO
length: blockSize];
[hashO updateWithBuffer: hashI.digest
length: hashI.digestSize];
} @finally {
[self freeMemory: kI];
[self freeMemory: kO];
}
[hashO retain];
|
| ︙ | ︙ |