summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp')
m---------Swiften0
-rw-r--r--Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp143
2 files changed, 0 insertions, 143 deletions
diff --git a/Swiften b/Swiften
new file mode 160000
+Subproject 8213ba16d0043d2461f4b031c881d61dda5a38c
diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp
deleted file mode 100644
index 5dc924e..0000000
--- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp
+++ /dev/null
@@ -1,143 +0,0 @@
-#include "Swiften/SASL/SCRAMSHA1ClientAuthenticator.h"
-
-#include <cassert>
-#include <map>
-#include <boost/lexical_cast.hpp>
-
-#include "Swiften/StringCodecs/SHA1.h"
-#include "Swiften/StringCodecs/Base64.h"
-#include "Swiften/StringCodecs/HMACSHA1.h"
-#include "Swiften/StringCodecs/PBKDF2.h"
-#include "Swiften/StringPrep/StringPrep.h"
-
-namespace Swift {
-
-static String escape(const String& s) {
- String result;
- for (size_t i = 0; i < s.getUTF8Size(); ++i) {
- if (s[i] == ',') {
- result += "=2C";
- }
- else if (s[i] == '=') {
- result += "=3D";
- }
- else {
- result += s[i];
- }
- }
- return result;
-}
-
-
-SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const String& nonce) : ClientAuthenticator("SCRAM-SHA-1"), step(Initial), clientnonce(nonce) {
-}
-
-ByteArray SCRAMSHA1ClientAuthenticator::getResponse() const {
- if (step == Initial) {
- return getGS2Header() + getInitialBareClientMessage();
- }
- else if (step == Proof) {
- ByteArray clientKey = HMACSHA1::getResult(saltedPassword, "Client Key");
- ByteArray storedKey = SHA1::getHash(clientKey);
- ByteArray clientSignature = HMACSHA1::getResult(storedKey, authMessage);
- ByteArray clientProof = clientKey;
- for (unsigned int i = 0; i < clientProof.getSize(); ++i) {
- clientProof[i] ^= clientSignature[i];
- }
- ByteArray result = ByteArray("c=") + Base64::encode(getGS2Header()) + ",r=" + clientnonce + serverNonce + ",p=" + Base64::encode(clientProof);
- return result;
- }
- else {
- return ByteArray();
- }
-}
-
-bool SCRAMSHA1ClientAuthenticator::setChallenge(const ByteArray& challenge) {
- if (step == Initial) {
- initialServerMessage = challenge;
-
- std::map<char, String> keys = parseMap(String(initialServerMessage.getData(), initialServerMessage.getSize()));
-
- // Extract the salt
- ByteArray salt = Base64::decode(keys['s']);
-
- // Extract the server nonce
- String clientServerNonce = keys['r'];
- if (clientServerNonce.getUTF8Size() <= clientnonce.getUTF8Size()) {
- return false;
- }
- String receivedClientNonce = clientServerNonce.getSubstring(0, clientnonce.getUTF8Size());
- if (receivedClientNonce != clientnonce) {
- return false;
- }
- serverNonce = clientServerNonce.getSubstring(clientnonce.getUTF8Size(), clientServerNonce.npos());
-
- // Extract the number of iterations
- int iterations = 0;
- try {
- iterations = boost::lexical_cast<int>(keys['i'].getUTF8String());
- }
- catch (const boost::bad_lexical_cast&) {
- return false;
- }
- if (iterations <= 0) {
- return false;
- }
-
- // Compute all the values needed for the server signature
- saltedPassword = PBKDF2::encode(StringPrep::getPrepared(getPassword(), StringPrep::SASLPrep), salt, iterations);
- authMessage = getInitialBareClientMessage() + "," + initialServerMessage + "," + "c=" + Base64::encode(getGS2Header()) + ",r=" + clientnonce + serverNonce;
- ByteArray serverKey = HMACSHA1::getResult(saltedPassword, "Server Key");
- serverSignature = HMACSHA1::getResult(serverKey, authMessage);
-
- step = Proof;
- return true;
- }
- else if (step == Proof) {
- ByteArray result = ByteArray("v=") + ByteArray(Base64::encode(serverSignature));
- step = Final;
- return challenge == result;
- }
- else {
- return true;
- }
-}
-
-std::map<char, String> SCRAMSHA1ClientAuthenticator::parseMap(const String& s) {
- std::map<char, String> result;
- if (s.getUTF8Size() > 0) {
- char key;
- String value;
- size_t i = 0;
- bool expectKey = true;
- while (i < s.getUTF8Size()) {
- if (expectKey) {
- key = s[i];
- expectKey = false;
- i++;
- }
- else if (s[i] == ',') {
- result[key] = value;
- value = "";
- expectKey = true;
- }
- else {
- value += s[i];
- }
- i++;
- }
- result[key] = value;
- }
- return result;
-}
-
-ByteArray SCRAMSHA1ClientAuthenticator::getInitialBareClientMessage() const {
- String authenticationID = StringPrep::getPrepared(getAuthenticationID(), StringPrep::SASLPrep);
- return ByteArray(String("n=" + escape(authenticationID) + ",r=" + clientnonce));
-}
-
-ByteArray SCRAMSHA1ClientAuthenticator::getGS2Header() const {
- return ByteArray("n,") + (getAuthorizationID().isEmpty() ? "" : "a=" + escape(getAuthorizationID())) + ",";
-}
-
-}