Artifact 662da97f8aaa446776f38905ac89a8c22468d5ba689c46ad83d2a3a42c4eab81:
- File
src/XMPPSCRAMAuth.m
— part of check-in
[6a3b0a9988]
at
2011-02-21 03:09:39
on branch trunk
— Add SCRAM-SHA-1 support
This adds the new base class XMPPAuthenticator and the derived
classes XMPPSCRAMAuth and XMPPPLAINAuth.
They are now used for authentication from within XMPPConnection.Also adds XMPPAuthFailedException which is thrown in appropriate places. (user: florob@babelmonkeys.de, size: 11887) [annotate] [blame] [check-ins using]
/* * Copyright (c) 2011, Florian Zeitz <florob@babelmonkeys.de> * * https://webkeks.org/hg/objxmpp/ * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice is present in all copies. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include <string.h> #include <bsd/stdlib.h> // FIXME: Remove this once libbsd includes arc4random_uniform() in it's headers #define fake_arc4random_uniform(upper) \ ((uint32_t) (arc4random() / (double) UINT32_MAX * upper)) #import "XMPPSCRAMAuth.h" #import "XMPPExceptions.h" #define HMAC_IPAD 0x36 #define HMAC_OPAD 0x5c @implementation XMPPSCRAMAuth + SCRAMAuthWithAuthcid: (OFString*)authcid password: (OFString*)password hash: (Class)hash; { return [[[self alloc] initWithAuthcid: authcid password: password hash: hash] autorelease]; } + SCRAMAuthWithAuthzid: (OFString*)authzid authcid: (OFString*)authcid password: (OFString*)password hash: (Class)hash; { return [[[self alloc] initWithAuthzid: authzid authcid: authcid password: password hash: hash] autorelease]; } - initWithAuthcid: (OFString*)authcid_ password: (OFString*)password_ hash: (Class)hash; { return [self initWithAuthzid: nil authcid: authcid_ password: password_ hash: hash]; } - initWithAuthzid: (OFString*)authzid_ authcid: (OFString*)authcid_ password: (OFString*)password_ hash: (Class)hash; { self = [super initWithAuthzid: authzid_ authcid: authcid_ password: password_]; hashType = hash; return self; } - (void)dealloc { [GS2Header release]; [clientFirstMessageBare release]; [serverSignature release]; [cNonce release]; [super dealloc]; } - (OFString *)_genNonce { OFMutableString *nonce = [OFMutableString string]; uint32_t res, i; for (i = 0; i < 64; i++) { while((res = fake_arc4random_uniform(0x5e) + 0x21) == 0x2C); [nonce appendFormat: @"%c", res]; } return nonce; } - (uint8_t *)_hmacWithKey: (OFDataArray*)key data: (OFDataArray*)data { size_t i, kSize, blockSize = [hashType blockSize]; uint8_t *kCArray = NULL, *kI = NULL, *kO = NULL; OFAutoreleasePool *pool = nil; OFDataArray *k = nil; OFHash *hash = nil; @try { pool = [[OFAutoreleasePool alloc] init]; k = [OFDataArray dataArrayWithItemSize: 1]; if (key.itemSize * key.count > blockSize) { hash = [[[hashType alloc] init] autorelease]; [hash updateWithBuffer: [key cArray] ofSize: key.itemSize * key.count]; [k addNItems: [hashType digestSize] fromCArray: [hash digest]]; } else [k addNItems: key.itemSize * key.count fromCArray: [key cArray]]; kI = [self allocMemoryWithSize: blockSize * sizeof(uint8_t)]; memset(kI, HMAC_IPAD, blockSize * sizeof(uint8_t)); kO = [self allocMemoryWithSize: blockSize * sizeof(uint8_t)]; memset(kO, HMAC_OPAD, blockSize * sizeof(uint8_t)); kCArray = [k cArray]; kSize = k.count; for (i = 0; i < kSize; i++) { kI[i] ^= kCArray[i]; kO[i] ^= kCArray[i]; } k = [OFDataArray dataArrayWithItemSize: 1]; [k addNItems: blockSize fromCArray: kI]; [k addNItems: data.itemSize * data.count fromCArray: [data cArray]]; hash = [[[hashType alloc] init] autorelease]; [hash updateWithBuffer: [k cArray] ofSize: k.count]; k = [OFDataArray dataArrayWithItemSize: 1]; [k addNItems: blockSize fromCArray: kO]; [k addNItems: [hashType digestSize] fromCArray: [hash digest]]; hash = [[[hashType alloc] init] autorelease]; [hash updateWithBuffer: [k cArray] ofSize: k.count]; [hash retain]; [pool release]; pool = nil; [hash autorelease]; return [hash digest]; } @finally { [pool release]; [self freeMemory: kI]; [self freeMemory: kO]; } } - (OFDataArray *)_hiWithData: (OFDataArray *)str salt: (OFDataArray *)salt_ iterationCount: (unsigned int)i { uint8_t *result = NULL, *u, *uOld; unsigned int j, k; size_t digestSize; OFAutoreleasePool *pool = nil; OFDataArray *salty, *tmp, *ret; @try { pool = [[OFAutoreleasePool alloc] init]; digestSize = [hashType digestSize]; result = [self allocMemoryWithSize: digestSize * sizeof(uint8_t)]; memset(result, 0, digestSize * sizeof(uint8_t)); salty = [salt_ copy]; [salty addNItems: 4 fromCArray: "\0\0\0\1"]; uOld = [self _hmacWithKey: str data: salty]; [salty release]; for (j = 0; j < digestSize; j++) result[j] ^= uOld[j]; for (j = 0; j < i-1; j++) { tmp = [OFDataArray dataArrayWithItemSize: 1]; [tmp addNItems: digestSize fromCArray: uOld]; u = [self _hmacWithKey: str data: tmp]; for (k = 0; k < digestSize; k++) result[k] ^= u[k]; uOld = u; } ret = [OFDataArray dataArrayWithItemSize: 1]; [ret addNItems: digestSize fromCArray: result]; [ret retain]; [pool release]; pool = nil; return [ret autorelease]; } @finally { [pool release]; [self freeMemory: result]; } } - (OFDataArray*)getClientFirstMessage { OFDataArray *ret = [OFDataArray dataArrayWithItemSize: 1]; [GS2Header release]; if (authzid) GS2Header = [[OFString alloc] initWithFormat: @"n,a=%@,", authzid]; else GS2Header = [[OFString alloc] initWithFormat: @"n,,"]; [cNonce release]; cNonce = [[self _genNonce] retain]; [clientFirstMessageBare release]; clientFirstMessageBare = [[OFString alloc] initWithFormat: @"n=%@,r=%@", authcid, cNonce]; [ret addNItems: [GS2Header cStringLength] fromCArray: [GS2Header cString]]; [ret addNItems: [clientFirstMessageBare cStringLength] fromCArray: [clientFirstMessageBare cString]]; return ret; } - (OFDataArray*)getResponseWithChallenge: (OFDataArray*)challenge { size_t i; uint8_t *clientKey, *serverKey, *clientSignature; intmax_t iterCount; OFHash *hash; OFDataArray *ret, *authMessage, *tmpArray, *salt, *saltedPassword; OFString *tmpString, *sNonce; OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init]; @try { hash = [[[hashType alloc] init] autorelease]; ret = [OFDataArray dataArrayWithItemSize: 1]; authMessage = [OFDataArray dataArrayWithItemSize: 1]; OFString *chal = [OFString stringWithCString: [challenge cArray] length: [challenge count] * [challenge itemSize]]; for (OFString *comp in [chal componentsSeparatedByString: @","]) { OFString *entry = [comp substringFromIndex: 2 toIndex: [comp length]]; if ([comp hasPrefix: @"r="]) { if (![entry hasPrefix: cNonce]) @throw [XMPPAuthFailedException newWithClass: isa connection: nil reason: @"Received wrong nonce"]; sNonce = entry; } else if ([comp hasPrefix: @"s="]) salt = [OFDataArray dataArrayWithBase64EncodedString: entry]; else if ([comp hasPrefix: @"i="]) iterCount = [entry decimalValue]; } // Add c=<base64(GS2Header+channelBindingData)> // XXX: No channel binding for now tmpArray = [OFDataArray dataArrayWithItemSize: 1]; [tmpArray addNItems: [GS2Header cStringLength] fromCArray: [GS2Header cString]]; tmpString = [tmpArray stringByBase64Encoding]; [ret addNItems: 2 fromCArray: "c="]; [ret addNItems: [tmpString cStringLength] fromCArray: [tmpString cString]]; // Add r=<nonce> [ret addItem: ","]; [ret addNItems: 2 fromCArray: "r="]; [ret addNItems: [sNonce cStringLength] fromCArray: [sNonce cString]]; tmpArray = [OFDataArray dataArrayWithItemSize: 1]; [tmpArray addNItems: [password cStringLength] fromCArray: [password cString]]; /* * IETF RFC 5802: * SaltedPassword := Hi(Normalize(password), salt, i) */ saltedPassword = [self _hiWithData: tmpArray salt: salt iterationCount: iterCount]; /* * IETF RFC 5802: * AuthMessage := client-first-message-bare + "," + * server-first-message + "," + * client-final-message-without-proof */ [authMessage addNItems: [clientFirstMessageBare cStringLength] fromCArray: [clientFirstMessageBare cString]]; [authMessage addItem: ","]; [authMessage addNItems: [challenge count] * [challenge itemSize] fromCArray: [challenge cArray]]; [authMessage addItem: ","]; [authMessage addNItems: [ret count] fromCArray: [ret cArray]]; /* * IETF RFC 5802: * ClientKey := HMAC(SaltedPassword, "Client Key") */ tmpArray = [OFDataArray dataArrayWithItemSize: 1]; [tmpArray addNItems: 10 fromCArray: "Client Key"]; clientKey = [self _hmacWithKey: saltedPassword data: tmpArray]; /* * IETF RFC 5802: * StoredKey := H(ClientKey) */ [hash updateWithBuffer: (void*) clientKey ofSize: [hashType digestSize]]; tmpArray = [OFDataArray dataArrayWithItemSize: 1]; [tmpArray addNItems: [hashType digestSize] fromCArray: [hash digest]]; /* * IETF RFC 5802: * ClientSignature := HMAC(StoredKey, AuthMessage) */ clientSignature = [self _hmacWithKey: tmpArray data: authMessage]; /* * IETF RFC 5802: * ServerKey := HMAC(SaltedPassword, "Server Key") */ tmpArray = [OFDataArray dataArrayWithItemSize: 1]; [tmpArray addNItems: 10 fromCArray: "Server Key"]; serverKey = [self _hmacWithKey: saltedPassword data: tmpArray]; /* * IETF RFC 5802: * ServerSignature := HMAC(ServerKey, AuthMessage) */ tmpArray = [OFDataArray dataArrayWithItemSize: 1]; [tmpArray addNItems: [hashType digestSize] fromCArray: serverKey]; serverSignature = [[OFDataArray alloc] initWithItemSize: 1]; [serverSignature addNItems: [hashType digestSize] fromCArray: [self _hmacWithKey: tmpArray data: authMessage]]; /* * IETF RFC 5802: * ClientProof := ClientKey XOR ClientSignature */ tmpArray = [OFDataArray dataArrayWithItemSize: 1]; for (i = 0; i < [hashType digestSize]; i++) { uint8_t c = clientKey[i] ^ clientSignature[i]; [tmpArray addItem: &c]; } // Add p=<base64(ClientProof)> [ret addItem: ","]; [ret addNItems: 2 fromCArray: "p="]; tmpString = [tmpArray stringByBase64Encoding]; [ret addNItems: [tmpString cStringLength] fromCArray: [tmpString cString]]; [ret retain]; [pool release]; pool = nil; return [ret autorelease]; } @finally { [pool release]; } } - (void)parseServerFinalMessage: (OFDataArray*)message { OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init]; @try { OFString *mess = [OFString stringWithCString: [message cArray] length: [message count] * [message itemSize]]; OFString *value = [mess substringFromIndex: 2 toIndex: [mess length]]; if ([mess hasPrefix: @"v="]) { if ([value compare: [serverSignature stringByBase64Encoding]]) @throw [XMPPAuthFailedException newWithClass: isa connection: nil reason: @"Received wrong ServerSignature"]; } else @throw [XMPPAuthFailedException newWithClass: isa connection: nil reason: value]; } @finally { [pool release]; } } @end