| ︙ | | | ︙ | |
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
#define HMAC_IPAD 0x36
#define HMAC_OPAD 0x5c
OF_ASSUME_NONNULL_BEGIN
@interface XMPPSCRAMAuth ()
- (OFString *)XMPP_genNonce;
- (const uint8_t *)XMPP_HMACWithKey: (OFDataArray *)key
data: (OFDataArray *)data;
- (OFDataArray *)XMPP_hiWithData: (OFDataArray *)str
salt: (OFDataArray *)salt
iterationCount: (intmax_t)i;
- (OFDataArray *)XMPP_parseServerFirstMessage: (OFDataArray *)data;
- (OFDataArray *)XMPP_parseServerFinalMessage: (OFDataArray *)data;
@end
OF_ASSUME_NONNULL_END
@implementation XMPPSCRAMAuth
+ (instancetype)SCRAMAuthWithAuthcid: (OFString *)authcid
password: (OFString *)password
|
|
|
|
|
|
|
|
|
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
#define HMAC_IPAD 0x36
#define HMAC_OPAD 0x5c
OF_ASSUME_NONNULL_BEGIN
@interface XMPPSCRAMAuth ()
- (OFString *)XMPP_genNonce;
- (const uint8_t *)XMPP_HMACWithKey: (OFData *)key
data: (OFData *)data;
- (OFData *)XMPP_hiWithData: (OFData *)str
salt: (OFData *)salt
iterationCount: (intmax_t)i;
- (OFData *)XMPP_parseServerFirstMessage: (OFData *)data;
- (OFData *)XMPP_parseServerFinalMessage: (OFData *)data;
@end
OF_ASSUME_NONNULL_END
@implementation XMPPSCRAMAuth
+ (instancetype)SCRAMAuthWithAuthcid: (OFString *)authcid
password: (OFString *)password
|
| ︙ | | | ︙ | |
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
|
_authcid = [new retain];
} else
_authcid = nil;
[old release];
}
- (OFDataArray *)initialMessage
{
OFDataArray *ret = [OFDataArray dataArray];
/* New authentication attempt, reset status */
[_cNonce release];
_cNonce = nil;
[_GS2Header release];
_GS2Header = nil;
[_serverSignature release];
_serverSignature = nil;
_authenticated = false;
if (_authzid)
_GS2Header = [[OFString alloc]
initWithFormat: @"%@,a=%@,",
(_plusAvailable ? @"p=tls-unique" : @"y"),
_authzid];
else
_GS2Header = (_plusAvailable ? @"p=tls-unique,," : @"y,,");
_cNonce = [[self XMPP_genNonce] retain];
[_clientFirstMessageBare release];
_clientFirstMessageBare = nil;
_clientFirstMessageBare = [[OFString alloc]
initWithFormat: @"n=%@,r=%@", _authcid, _cNonce];
[ret addItems: [_GS2Header UTF8String]
count: [_GS2Header UTF8StringLength]];
[ret addItems: [_clientFirstMessageBare UTF8String]
count: [_clientFirstMessageBare UTF8StringLength]];
return ret;
}
- (OFDataArray *)continueWithData: (OFDataArray *)data
{
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
OFDataArray *ret;
if (!_serverSignature)
ret = [self XMPP_parseServerFirstMessage: data];
else
ret = [self XMPP_parseServerFinalMessage: data];
[ret retain];
[pool release];
return [ret autorelease];
}
- (OFDataArray *)XMPP_parseServerFirstMessage: (OFDataArray *)data
{
size_t i;
const uint8_t *clientKey, *serverKey, *clientSignature;
intmax_t iterCount = 0;
id <OFCryptoHash> hash;
OFDataArray *ret, *authMessage, *tmpArray, *salt = nil, *saltedPassword;
OFString *tmpString, *sNonce = nil;
OFEnumerator *enumerator;
OFString *comp;
enum {
GOT_SNONCE = 0x01,
GOT_SALT = 0x02,
GOT_ITERCOUNT = 0x04
} got = 0;
hash = [[[_hashType alloc] init] autorelease];
ret = [OFDataArray dataArray];
authMessage = [OFDataArray dataArray];
OFString *chal = [OFString stringWithUTF8String: [data items]
length: [data count] *
[data itemSize]];
enumerator =
[[chal componentsSeparatedByString: @","] objectEnumerator];
|
|
|
|
>
>
|
|
|
>
|
|
|
|
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
|
_authcid = [new retain];
} else
_authcid = nil;
[old release];
}
- (OFData *)initialMessage
{
OFMutableData *ret = [OFMutableData data];
/* New authentication attempt, reset status */
[_cNonce release];
_cNonce = nil;
[_GS2Header release];
_GS2Header = nil;
[_serverSignature release];
_serverSignature = nil;
_authenticated = false;
if (_authzid != nil)
_GS2Header = [[OFString alloc]
initWithFormat: @"%@,a=%@,",
(_plusAvailable ? @"p=tls-unique" : @"y"),
_authzid];
else
_GS2Header = (_plusAvailable ? @"p=tls-unique,," : @"y,,");
_cNonce = [[self XMPP_genNonce] retain];
[_clientFirstMessageBare release];
_clientFirstMessageBare = nil;
_clientFirstMessageBare = [[OFString alloc]
initWithFormat: @"n=%@,r=%@", _authcid, _cNonce];
[ret addItems: [_GS2Header UTF8String]
count: [_GS2Header UTF8StringLength]];
[ret addItems: [_clientFirstMessageBare UTF8String]
count: [_clientFirstMessageBare UTF8StringLength]];
[ret makeImmutable];
return ret;
}
- (OFData *)continueWithData: (OFData *)data
{
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
OFData *ret;
if (!_serverSignature)
ret = [self XMPP_parseServerFirstMessage: data];
else
ret = [self XMPP_parseServerFinalMessage: data];
[ret retain];
[pool release];
return [ret autorelease];
}
- (OFData *)XMPP_parseServerFirstMessage: (OFData *)data
{
size_t i;
const uint8_t *clientKey, *serverKey, *clientSignature;
intmax_t iterCount = 0;
id <OFCryptoHash> hash;
OFMutableData *ret, *authMessage, *tmpArray;
OFData *salt = nil, *saltedPassword;
OFString *tmpString, *sNonce = nil;
OFEnumerator *enumerator;
OFString *comp;
enum {
GOT_SNONCE = 0x01,
GOT_SALT = 0x02,
GOT_ITERCOUNT = 0x04
} got = 0;
hash = [[[_hashType alloc] init] autorelease];
ret = [OFMutableData data];
authMessage = [OFMutableData data];
OFString *chal = [OFString stringWithUTF8String: [data items]
length: [data count] *
[data itemSize]];
enumerator =
[[chal componentsSeparatedByString: @","] objectEnumerator];
|
| ︙ | | | ︙ | |
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
|
exceptionWithConnection: nil
reason: @"Received wrong "
@"nonce"];
sNonce = entry;
got |= GOT_SNONCE;
} else if ([comp hasPrefix: @"s="]) {
salt = [OFDataArray
dataArrayWithBase64EncodedString: entry];
tmpArray = [OFDataArray dataArray];
[tmpArray addItems: [_GS2Header UTF8String]
count: [_GS2Header UTF8StringLength]];
if (_plusAvailable && [_connection encrypted]) {
OFDataArray *channelBinding =
[((SSLSocket *)[_connection socket])
|
<
|
|
<
|
|
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
exceptionWithConnection: nil
reason: @"Received wrong "
@"nonce"];
sNonce = entry;
got |= GOT_SNONCE;
} else if ([comp hasPrefix: @"s="]) {
salt = [OFData dataWithBase64EncodedString: entry];
got |= GOT_SALT;
} else if ([comp hasPrefix: @"i="]) {
iterCount = [entry decimalValue];
got |= GOT_ITERCOUNT;
}
}
if (got != (GOT_SNONCE | GOT_SALT | GOT_ITERCOUNT))
@throw [OFInvalidServerReplyException exception];
// Add c=<base64(GS2Header+channelBindingData)>
tmpArray = [OFMutableData data];
[tmpArray addItems: [_GS2Header UTF8String]
count: [_GS2Header UTF8StringLength]];
if (_plusAvailable && [_connection encrypted]) {
OFData *channelBinding = [((SSLSocket *)[_connection socket])
channelBindingDataWithType: @"tls-unique"];
[tmpArray addItems: [channelBinding items]
count: [channelBinding count]];
}
tmpString = [tmpArray stringByBase64Encoding];
[ret addItems: "c="
count: 2];
|
| ︙ | | | ︙ | |
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
[ret addItems: [sNonce UTF8String]
count: [sNonce UTF8StringLength]];
/*
* IETF RFC 5802:
* SaltedPassword := Hi(Normalize(password), salt, i)
*/
tmpArray = [OFDataArray dataArray];
[tmpArray addItems: [_password UTF8String]
count: [_password UTF8StringLength]];
|
<
|
|
<
|
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
|
[ret addItems: [sNonce UTF8String]
count: [sNonce UTF8StringLength]];
/*
* IETF RFC 5802:
* SaltedPassword := Hi(Normalize(password), salt, i)
*/
tmpArray = [OFMutableData dataWithItems: [_password UTF8String]
count: [_password UTF8StringLength]];
saltedPassword = [self XMPP_hiWithData: tmpArray
salt: salt
iterationCount: iterCount];
/*
* IETF RFC 5802:
* AuthMessage := client-first-message-bare + "," +
|
| ︙ | | | ︙ | |
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
|
[authMessage addItems: [ret items]
count: [ret count]];
/*
* IETF RFC 5802:
* ClientKey := HMAC(SaltedPassword, "Client Key")
*/
tmpArray = [OFDataArray dataArray];
[tmpArray addItems: "Client Key"
count: 10];
data: tmpArray];
/*
* IETF RFC 5802:
* StoredKey := H(ClientKey)
*/
[hash updateWithBuffer: (void *)clientKey
length: [_hashType digestSize]];
tmpArray = [OFDataArray dataArray];
[tmpArray addItems: [hash digest]
count: [_hashType digestSize]];
tmpArray = [OFDataArray dataArray];
[tmpArray addItems: "Server Key"
count: 10];
tmpArray = [OFDataArray dataArray];
[tmpArray addItems: serverKey
count: [_hashType digestSize]];
_serverSignature = [[OFDataArray alloc] init];
[_serverSignature addItems: [self XMPP_HMACWithKey: tmpArray
data: authMessage]
count: [_hashType digestSize]];
/*
* IETF RFC 5802:
* ClientProof := ClientKey XOR ClientSignature
*/
tmpArray = [OFDataArray dataArray];
for (i = 0; i < [_hashType digestSize]; i++) {
uint8_t c = clientKey[i] ^ clientSignature[i];
[tmpArray addItem: &c];
}
// Add p=<base64(ClientProof)>
[ret addItem: ","];
[ret addItems: "p="
count: 2];
tmpString = [tmpArray stringByBase64Encoding];
[ret addItems: [tmpString UTF8String]
count: [tmpString UTF8StringLength]];
return ret;
}
- (OFDataArray *)XMPP_parseServerFinalMessage: (OFDataArray *)data
{
OFString *mess, *value;
/*
* server-final-message already received,
* we were just waiting for the last word from the server
*/
if (_authenticated)
return nil;
mess = [OFString stringWithUTF8String: [data items]
length: [data count] *
[data itemSize]];
value = [mess substringWithRange: of_range(2, [mess length] - 2)];
if ([mess hasPrefix: @"v="]) {
if (![value isEqual: [_serverSignature stringByBase64Encoding]])
@throw [XMPPAuthFailedException
exceptionWithConnection: nil
reason: @"Received wrong "
|
<
<
<
|
>
<
|
|
<
|
|
<
|
|
>
>
|
|
|
|
|
|
|
<
|
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
|
[authMessage addItems: [ret items]
count: [ret count]];
/*
* IETF RFC 5802:
* ClientKey := HMAC(SaltedPassword, "Client Key")
*/
clientKey = [self XMPP_HMACWithKey: saltedPassword
data: [OFData dataWithItems: @"Client key"
count: 10]];
/*
* IETF RFC 5802:
* StoredKey := H(ClientKey)
*/
[hash updateWithBuffer: (void *)clientKey
length: [_hashType digestSize]];
tmpArray = [OFMutableData dataWithItems: [hash digest]
count: [_hashType digestSize]];
/*
* IETF RFC 5802:
* ClientSignature := HMAC(StoredKey, AuthMessage)
*/
clientSignature = [self XMPP_HMACWithKey: tmpArray
data: authMessage];
/*
* IETF RFC 5802:
* ServerKey := HMAC(SaltedPassword, "Server Key")
*/
tmpArray = [OFMutableData dataWithItems: "Server Key"
count: 10];
serverKey = [self XMPP_HMACWithKey: saltedPassword
data: tmpArray];
/*
* IETF RFC 5802:
* ServerSignature := HMAC(ServerKey, AuthMessage)
*/
tmpArray = [OFMutableData dataWithItems: serverKey
count: [_hashType digestSize]];
[_serverSignature release];
_serverSignature = [[OFMutableData alloc]
initWithItems: [self XMPP_HMACWithKey: tmpArray
data: authMessage]
count: [_hashType digestSize]];
/*
* IETF RFC 5802:
* ClientProof := ClientKey XOR ClientSignature
*/
tmpArray = [OFMutableData data];
for (i = 0; i < [_hashType digestSize]; i++) {
uint8_t c = clientKey[i] ^ clientSignature[i];
[tmpArray addItem: &c];
}
// Add p=<base64(ClientProof)>
[ret addItem: ","];
[ret addItems: "p="
count: 2];
tmpString = [tmpArray stringByBase64Encoding];
[ret addItems: [tmpString UTF8String]
count: [tmpString UTF8StringLength]];
return ret;
}
- (OFData *)XMPP_parseServerFinalMessage: (OFData *)data
{
OFString *mess, *value;
/*
* server-final-message already received,
* we were just waiting for the last word from the server
*/
if (_authenticated)
return nil;
mess = [OFString stringWithUTF8String: [data items]
length: [data count] * [data itemSize]];
value = [mess substringWithRange: of_range(2, [mess length] - 2)];
if ([mess hasPrefix: @"v="]) {
if (![value isEqual: [_serverSignature stringByBase64Encoding]])
@throw [XMPPAuthFailedException
exceptionWithConnection: nil
reason: @"Received wrong "
|
| ︙ | | | ︙ | |
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
|
}
return [OFString stringWithCString: (char *)buf
encoding: OF_STRING_ENCODING_ASCII
length: 64];
}
- (const uint8_t *)XMPP_HMACWithKey: (OFDataArray *)key
data: (OFDataArray *)data
{
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
OFDataArray *k = [OFDataArray dataArray];
size_t i, kSize, blockSize = [_hashType blockSize];
uint8_t *kI = NULL, *kO = NULL;
id <OFCryptoHash> hashI, hashO;
if ([key itemSize] * [key count] > blockSize) {
hashI = [[[_hashType alloc] init] autorelease];
[hashI updateWithBuffer: [key items]
|
|
|
|
|
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
|
}
return [OFString stringWithCString: (char *)buf
encoding: OF_STRING_ENCODING_ASCII
length: 64];
}
- (const uint8_t *)XMPP_HMACWithKey: (OFData *)key
data: (OFData *)data
{
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
OFMutableData *k = [OFMutableData data];
size_t i, kSize, blockSize = [_hashType blockSize];
uint8_t *kI = NULL, *kO = NULL;
id <OFCryptoHash> hashI, hashO;
if ([key itemSize] * [key count] > blockSize) {
hashI = [[[_hashType alloc] init] autorelease];
[hashI updateWithBuffer: [key items]
|
| ︙ | | | ︙ | |
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
|
[hashO retain];
[pool release];
return [[hashO autorelease] digest];
}
- (OFDataArray *)XMPP_hiWithData: (OFDataArray *)str
salt: (OFDataArray *)salt
iterationCount: (intmax_t)i
{
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
size_t digestSize = [_hashType digestSize];
uint8_t *result = NULL;
const uint8_t *u, *uOld;
intmax_t j, k;
OFDataArray *salty, *tmp, *ret;
result = [self allocMemoryWithSize: digestSize];
@try {
memset(result, 0, digestSize);
salty = [[salt copy] autorelease];
[salty addItems: "\0\0\0\1"
count: 4];
uOld = [self XMPP_HMACWithKey: str
data: salty];
for (j = 0; j < digestSize; j++)
result[j] ^= uOld[j];
for (j = 0; j < i - 1; j++) {
tmp = [[OFDataArray alloc] init];
[tmp addItems: uOld
count: digestSize];
[pool releaseObjects]; // releases uOld and previous tmp
[tmp autorelease];
u = [self XMPP_HMACWithKey: str
data: tmp];
for (k = 0; k < digestSize; k++)
result[k] ^= u[k];
uOld = u;
}
ret = [OFDataArray dataArray];
[ret addItems: result
count: digestSize];
|
|
|
|
|
|
<
|
|
|
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
|
[hashO retain];
[pool release];
return [[hashO autorelease] digest];
}
- (OFData *)XMPP_hiWithData: (OFData *)str
salt: (OFData *)salt
iterationCount: (intmax_t)i
{
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
size_t digestSize = [_hashType digestSize];
uint8_t *result = NULL;
const uint8_t *u, *uOld;
intmax_t j, k;
OFMutableData *salty, *tmp, *ret;
result = [self allocMemoryWithSize: digestSize];
@try {
memset(result, 0, digestSize);
salty = [[salt copy] autorelease];
[salty addItems: "\0\0\0\1"
count: 4];
uOld = [self XMPP_HMACWithKey: str
data: salty];
for (j = 0; j < digestSize; j++)
result[j] ^= uOld[j];
for (j = 0; j < i - 1; j++) {
tmp = [[OFMutableData alloc] init];
[tmp addItems: uOld
count: digestSize];
[pool releaseObjects]; // releases uOld and previous tmp
[tmp autorelease];
u = [self XMPP_HMACWithKey: str
data: tmp];
for (k = 0; k < digestSize; k++)
result[k] ^= u[k];
uOld = u;
}
ret = [OFMutableData dataWithItems: result
count: digestSize];
} @finally {
[self freeMemory: result];
}
[ret retain];
[pool release];
return [ret autorelease];
}
@end
|