Swiftdiff options
| author | Remko Tronçon <git@el-tramo.be> | 2009-11-22 12:48:10 (GMT) |
|---|---|---|
| committer | Remko Tronçon <git@el-tramo.be> | 2009-11-22 12:48:10 (GMT) |
| commit | 077d9f1f83c3a7ad819fea43e6c7beeefaaf81c7 (patch) | |
| tree | 04407db3881c2a34261afb675eaa1d6d74d6daa7 /Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp | |
| parent | 14fbc9a52ffad2573e1955f09b033c714b9f2ff4 (diff) | |
| download | swift-077d9f1f83c3a7ad819fea43e6c7beeefaaf81c7.zip swift-077d9f1f83c3a7ad819fea43e6c7beeefaaf81c7.tar.bz2 | |
Added SCRAM-SHA-1 test for initial server challenge.
Diffstat (limited to 'Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp')
| -rw-r--r-- | Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp index 16c938a..ab61ef5 100644 --- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp @@ -10,14 +10,12 @@ #include "Swiften/StringCodecs/PBKDF2.h" #include "Swiften/StringPrep/StringPrep.h" namespace Swift { SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const String& nonce) : ClientAuthenticator("SCRAM-SHA-1"), step(Initial), clientnonce(nonce) { - // TODO: Normalize authentication id - // TODO: Normalize getPassword() } ByteArray SCRAMSHA1ClientAuthenticator::getResponse() const { if (step == Initial) { return "n,," + getInitialBareClientMessage(); } @@ -35,16 +33,25 @@ ByteArray SCRAMSHA1ClientAuthenticator::getResponse() const { } bool SCRAMSHA1ClientAuthenticator::setChallenge(const ByteArray& challenge) { if (step == Initial) { initialServerMessage = challenge; - // TODO: Check if these values are correct + // TODO: Check if this is correct std::map<char, String> keys = parseMap(String(initialServerMessage.getData(), initialServerMessage.getSize())); ByteArray salt = Base64::decode(keys['s']); String clientServerNonce = keys['r']; + + // Extract the server nonce + if (clientServerNonce.getUTF8Size() <= clientnonce.getUTF8Size()) { + return false; + } + String receivedClientNonce = clientServerNonce.getSubstring(0, clientnonce.getUTF8Size()); + if (receivedClientNonce != clientnonce) { + return false; + } serverNonce = clientServerNonce.getSubstring(clientnonce.getUTF8Size(), clientServerNonce.npos()); int iterations = boost::lexical_cast<int>(keys['i'].getUTF8String()); // Compute all the values needed for the server signature saltedPassword = PBKDF2::encode(StringPrep::getPrepared(getPassword(), StringPrep::SASLPrep), salt, iterations); authMessage = getInitialBareClientMessage() + "," + initialServerMessage + "," + "c=biwsCg==," + "r=" + clientnonce + serverNonce; @@ -58,13 +65,12 @@ bool SCRAMSHA1ClientAuthenticator::setChallenge(const ByteArray& challenge) { ByteArray result = ByteArray("v=") + ByteArray(Base64::encode(serverSignature)); return challenge == result; } } std::map<char, String> SCRAMSHA1ClientAuthenticator::parseMap(const String& s) { - // TODO: Do some proper checking here std::map<char, String> result; if (s.getUTF8Size() > 0) { char key; String value; size_t i = 0; bool expectKey = true; |