/* * Copyright (c) 2010 Remko Tronçon * Licensed under the GNU General Public License v3. * See Documentation/Licenses/GPLv3.txt for more information. */ #include "Swiften/SASL/SCRAMSHA1ClientAuthenticator.h" #include #include #include #include "Swiften/StringCodecs/SHA1.h" #include "Swiften/StringCodecs/Base64.h" #include "Swiften/StringCodecs/HMACSHA1.h" #include "Swiften/StringCodecs/PBKDF2.h" #include "Swiften/IDN/StringPrep.h" namespace Swift { static String escape(const String& s) { String result; for (size_t i = 0; i < s.getUTF8Size(); ++i) { if (s[i] == ',') { result += "=2C"; } else if (s[i] == '=') { result += "=3D"; } else { result += s[i]; } } return result; } SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const String& nonce) : ClientAuthenticator("SCRAM-SHA-1"), step(Initial), clientnonce(nonce) { } boost::optional SCRAMSHA1ClientAuthenticator::getResponse() const { if (step == Initial) { return getGS2Header() + getInitialBareClientMessage(); } else if (step == Proof) { ByteArray clientKey = HMACSHA1::getResult(saltedPassword, "Client Key"); ByteArray storedKey = SHA1::getHash(clientKey); ByteArray clientSignature = HMACSHA1::getResult(storedKey, authMessage); ByteArray clientProof = clientKey; for (unsigned int i = 0; i < clientProof.getSize(); ++i) { clientProof[i] ^= clientSignature[i]; } ByteArray result = ByteArray("c=") + Base64::encode(getGS2Header()) + ",r=" + clientnonce + serverNonce + ",p=" + Base64::encode(clientProof); return result; } else { return boost::optional(); } } bool SCRAMSHA1ClientAuthenticator::setChallenge(const boost::optional& challenge) { if (step == Initial) { if (!challenge) { return false; } initialServerMessage = *challenge; std::map keys = parseMap(String(initialServerMessage.getData(), initialServerMessage.getSize())); // Extract the salt ByteArray salt = Base64::decode(keys['s']); // Extract the server nonce String clientServerNonce = keys['r']; if (clientServerNonce.getUTF8Size() <= clientnonce.getUTF8Size()) { return false; } String receivedClientNonce = clientServerNonce.getSubstring(0, clientnonce.getUTF8Size()); if (receivedClientNonce != clientnonce) { return false; } serverNonce = clientServerNonce.getSubstring(clientnonce.getUTF8Size(), clientServerNonce.npos()); // Extract the number of iterations int iterations = 0; try { iterations = boost::lexical_cast(keys['i'].getUTF8String()); } catch (const boost::bad_lexical_cast&) { return false; } if (iterations <= 0) { return false; } // Compute all the values needed for the server signature saltedPassword = PBKDF2::encode(StringPrep::getPrepared(getPassword(), StringPrep::SASLPrep), salt, iterations); authMessage = getInitialBareClientMessage() + "," + initialServerMessage + "," + "c=" + Base64::encode(getGS2Header()) + ",r=" + clientnonce + serverNonce; ByteArray serverKey = HMACSHA1::getResult(saltedPassword, "Server Key"); serverSignature = HMACSHA1::getResult(serverKey, authMessage); step = Proof; return true; } else if (step == Proof) { ByteArray result = ByteArray("v=") + ByteArray(Base64::encode(serverSignature)); step = Final; return challenge && challenge == result; } else { return true; } } std::map SCRAMSHA1ClientAuthenticator::parseMap(const String& s) { std::map result; if (s.getUTF8Size() > 0) { char key; String value; size_t i = 0; bool expectKey = true; while (i < s.getUTF8Size()) { if (expectKey) { key = s[i]; expectKey = false; i++; } else if (s[i] == ',') { result[key] = value; value = ""; expectKey = true; } else { value += s[i]; } i++; } result[key] = value; } return result; } ByteArray SCRAMSHA1ClientAuthenticator::getInitialBareClientMessage() const { String authenticationID = StringPrep::getPrepared(getAuthenticationID(), StringPrep::SASLPrep); return ByteArray(String("n=" + escape(authenticationID) + ",r=" + clientnonce)); } ByteArray SCRAMSHA1ClientAuthenticator::getGS2Header() const { return ByteArray("n,") + (getAuthorizationID().isEmpty() ? "" : "a=" + escape(getAuthorizationID())) + ","; } }