diff options
author | Remko Tronçon <git@el-tramo.be> | 2009-11-22 12:48:10 (GMT) |
---|---|---|
committer | Remko Tronçon <git@el-tramo.be> | 2009-11-22 12:48:10 (GMT) |
commit | 077d9f1f83c3a7ad819fea43e6c7beeefaaf81c7 (patch) | |
tree | 04407db3881c2a34261afb675eaa1d6d74d6daa7 /Swiften/SASL | |
parent | 14fbc9a52ffad2573e1955f09b033c714b9f2ff4 (diff) | |
download | swift-contrib-077d9f1f83c3a7ad819fea43e6c7beeefaaf81c7.zip swift-contrib-077d9f1f83c3a7ad819fea43e6c7beeefaaf81c7.tar.bz2 |
Added SCRAM-SHA-1 test for initial server challenge.
Diffstat (limited to 'Swiften/SASL')
-rw-r--r-- | Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp | 14 | ||||
-rw-r--r-- | Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp | 30 |
2 files changed, 40 insertions, 4 deletions
diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp index 16c938a..ab61ef5 100644 --- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp @@ -13,8 +13,6 @@ namespace Swift { SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const String& nonce) : ClientAuthenticator("SCRAM-SHA-1"), step(Initial), clientnonce(nonce) { - // TODO: Normalize authentication id - // TODO: Normalize getPassword() } ByteArray SCRAMSHA1ClientAuthenticator::getResponse() const { @@ -38,10 +36,19 @@ bool SCRAMSHA1ClientAuthenticator::setChallenge(const ByteArray& challenge) { if (step == Initial) { initialServerMessage = challenge; - // TODO: Check if these values are correct + // TODO: Check if this is correct std::map<char, String> keys = parseMap(String(initialServerMessage.getData(), initialServerMessage.getSize())); ByteArray salt = Base64::decode(keys['s']); String clientServerNonce = keys['r']; + + // Extract the server nonce + if (clientServerNonce.getUTF8Size() <= clientnonce.getUTF8Size()) { + return false; + } + String receivedClientNonce = clientServerNonce.getSubstring(0, clientnonce.getUTF8Size()); + if (receivedClientNonce != clientnonce) { + return false; + } serverNonce = clientServerNonce.getSubstring(clientnonce.getUTF8Size(), clientServerNonce.npos()); int iterations = boost::lexical_cast<int>(keys['i'].getUTF8String()); @@ -61,7 +68,6 @@ bool SCRAMSHA1ClientAuthenticator::setChallenge(const ByteArray& challenge) { } std::map<char, String> SCRAMSHA1ClientAuthenticator::parseMap(const String& s) { - // TODO: Do some proper checking here std::map<char, String> result; if (s.getUTF8Size() > 0) { char key; diff --git a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp index 618a748..01adc18 100644 --- a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp +++ b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp @@ -11,6 +11,9 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture { CPPUNIT_TEST(testGetInitialResponse); CPPUNIT_TEST(testGetInitialResponse_UsernameHasSpecialChars); CPPUNIT_TEST(testGetFinalResponse); + CPPUNIT_TEST(testSetChallenge); + CPPUNIT_TEST(testSetChallenge_InvalidClientNonce); + CPPUNIT_TEST(testSetChallenge_OnlyClientNonce); CPPUNIT_TEST(testSetFinalChallenge); CPPUNIT_TEST(testSetFinalChallenge_InvalidChallenge); CPPUNIT_TEST_SUITE_END(); @@ -56,6 +59,33 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture { CPPUNIT_ASSERT(result); } + void testSetChallenge() { + SCRAMSHA1ClientAuthenticator testling("abcdefgh"); + testling.setCredentials("user", "pass", ""); + + bool result = testling.setChallenge(ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=4096")); + + CPPUNIT_ASSERT(result); + } + + void testSetChallenge_InvalidClientNonce() { + SCRAMSHA1ClientAuthenticator testling("abcdefgh"); + testling.setCredentials("user", "pass", ""); + + bool result = testling.setChallenge(ByteArray("r=abcdefgiABCDEFGH,s=MTIzNDU2NzgK,i=4096")); + + CPPUNIT_ASSERT(!result); + } + + void testSetChallenge_OnlyClientNonce() { + SCRAMSHA1ClientAuthenticator testling("abcdefgh"); + testling.setCredentials("user", "pass", ""); + + bool result = testling.setChallenge(ByteArray("r=abcdefgh,s=MTIzNDU2NzgK,i=4096")); + + CPPUNIT_ASSERT(!result); + } + void testSetFinalChallenge_InvalidChallenge() { SCRAMSHA1ClientAuthenticator testling("abcdefgh"); testling.setCredentials("user", "pass", ""); |