diff options
author | Remko Tronçon <git@el-tramo.be> | 2009-11-19 20:54:01 (GMT) |
---|---|---|
committer | Remko Tronçon <git@el-tramo.be> | 2009-11-19 20:54:20 (GMT) |
commit | 250ede4f32a14f566fbafd634e2024c93677cf19 (patch) | |
tree | 7e09ea5c685e046145d5f238409af235798a85f1 /Swiften/SASL | |
parent | 1e4a5816db5178b535a4405dd54df4c95491810f (diff) | |
download | swift-250ede4f32a14f566fbafd634e2024c93677cf19.zip swift-250ede4f32a14f566fbafd634e2024c93677cf19.tar.bz2 |
Added missing files of previous commit.
Diffstat (limited to 'Swiften/SASL')
-rw-r--r-- | Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp | 56 | ||||
-rw-r--r-- | Swiften/SASL/SCRAMSHA1ClientAuthenticator.h | 30 |
2 files changed, 86 insertions, 0 deletions
diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp new file mode 100644 index 0000000..b2e85e9 --- /dev/null +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp @@ -0,0 +1,56 @@ +#include "Swiften/SASL/SCRAMSHA1ClientAuthenticator.h" + +#include <cassert> + +#include "Swiften/StringCodecs/SHA1.h" +#include "Swiften/StringCodecs/HMACSHA1.h" + +namespace Swift { + +SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const String& authcid, const String& password, const String& authzid, const ByteArray& nonce) : step(Initial), authcid(authcid), password(password), authzid(authzid), clientnonce(nonce) { +} + +ByteArray SCRAMSHA1ClientAuthenticator::getMessage() const { + if (step == Initial) { + return getInitialClientMessage(); + } + else { + ByteArray mask = HMACSHA1::getResult(getClientVerifier(), initialServerMessage + getInitialClientMessage()); + ByteArray p = SHA1::getBinaryHash(password); + for (unsigned int i = 0; i < p.getSize(); ++i) { + p[i] ^= mask[i]; + } + return p; + } +} + +bool SCRAMSHA1ClientAuthenticator::setResponse(const ByteArray& response) { + if (step == Initial) { + initialServerMessage = response; + step = Proof; + return getSalt().getSize() > 0; + } + else { + return response == HMACSHA1::getResult(getClientVerifier(), getInitialClientMessage() + initialServerMessage); + } +} + +ByteArray SCRAMSHA1ClientAuthenticator::getSalt() const { + if (initialServerMessage.getSize() < 8) { + std::cerr << "ERROR: SCRAM-SHA1: Invalid server response" << std::endl; + return ByteArray(); + } + else { + return ByteArray(initialServerMessage.getData(), 8); + } +} + +ByteArray SCRAMSHA1ClientAuthenticator::getClientVerifier() const { + return HMACSHA1::getResult(SHA1::getBinaryHash(password), getSalt()); +} + +ByteArray SCRAMSHA1ClientAuthenticator::getInitialClientMessage() const { + return ByteArray(authzid) + '\0' + ByteArray(authcid) + '\0' + ByteArray(clientnonce); +} + +} diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h new file mode 100644 index 0000000..d129468 --- /dev/null +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h @@ -0,0 +1,30 @@ +#pragma once + +#include "Swiften/Base/String.h" +#include "Swiften/Base/ByteArray.h" + +namespace Swift { + class SCRAMSHA1ClientAuthenticator { + public: + SCRAMSHA1ClientAuthenticator(const String& authcid, const String& password, const String& authzid, const ByteArray& nonce); + + ByteArray getMessage() const; + bool setResponse(const ByteArray&); + + private: + ByteArray getInitialClientMessage() const; + ByteArray getSalt() const; + ByteArray getClientVerifier() const; + + private: + enum Step { + Initial, + Proof + } step; + String authcid; + String password; + String authzid; + ByteArray clientnonce; + ByteArray initialServerMessage; + }; +} |