ObjXMPP  Diff

Differences From Artifact [ec991072f9]:

To Artifact [e2f43c5d67]:


32
33
34
35
36
37
38
39















40
41
42
43



44
45
46
47
48
49
50
51
52
53
54
55
56
57




58
59
60
61
62
63
64
65
66
67
68
69
70
71



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86




87
88
89
90
91
92
93
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55



56
57
58
59
60
61
62
63
64
65
66
67
68




69
70
71
72
73
74
75
76
77
78
79
80
81
82
83



84
85
86
87
88
89
90
91
92
93
94
95
96
97




98
99
100
101
102
103
104
105
106
107
108








+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

-
-
-
+
+
+










-
-
-
-
+
+
+
+











-
-
-
+
+
+











-
-
-
-
+
+
+
+







#import <ObjOpenSSL/SSLSocket.h>

#import "XMPPSCRAMAuth.h"
#import "XMPPExceptions.h"

#define HMAC_IPAD 0x36
#define HMAC_OPAD 0x5c

OF_ASSUME_NONNULL_BEGIN

@interface XMPPSCRAMAuth ()
- (OFString *)XMPP_genNonce;
- (const uint8_t *)XMPP_HMACWithKey: (OFDataArray *)key
			data: (OFDataArray *)data;
- (OFDataArray *)XMPP_hiWithData: (OFDataArray *)str
			   salt: (OFDataArray *)salt
		 iterationCount: (intmax_t)i;
- (OFDataArray *)XMPP_parseServerFirstMessage: (OFDataArray *)data;
- (OFDataArray *)XMPP_parseServerFinalMessage: (OFDataArray *)data;
@end

OF_ASSUME_NONNULL_END

@implementation XMPPSCRAMAuth
+ (instancetype)SCRAMAuthWithAuthcid: (OFString*)authcid
			    password: (OFString*)password
			  connection: (XMPPConnection*)connection
+ (instancetype)SCRAMAuthWithAuthcid: (OFString *)authcid
			    password: (OFString *)password
			  connection: (XMPPConnection *)connection
				hash: (Class)hash
		       plusAvailable: (bool)plusAvailable
{
	return [[[self alloc] initWithAuthcid: authcid
				     password: password
				   connection: connection
					 hash: hash
				plusAvailable: plusAvailable] autorelease];
}

+ (instancetype)SCRAMAuthWithAuthzid: (OFString*)authzid
			     authcid: (OFString*)authcid
			    password: (OFString*)password
			  connection: (XMPPConnection*)connection
+ (instancetype)SCRAMAuthWithAuthzid: (OFString *)authzid
			     authcid: (OFString *)authcid
			    password: (OFString *)password
			  connection: (XMPPConnection *)connection
				hash: (Class)hash
		       plusAvailable: (bool)plusAvailable
{
	return [[[self alloc] initWithAuthzid: authzid
				      authcid: authcid
				     password: password
				   connection: connection
					 hash: hash
				plusAvailable: plusAvailable] autorelease];
}

- initWithAuthcid: (OFString*)authcid
	 password: (OFString*)password
       connection: (XMPPConnection*)connection
- initWithAuthcid: (OFString *)authcid
	 password: (OFString *)password
       connection: (XMPPConnection *)connection
	     hash: (Class)hash
    plusAvailable: (bool)plusAvailable
{
	return [self initWithAuthzid: nil
			     authcid: authcid
			    password: password
			  connection: connection
				hash: hash
		       plusAvailable: plusAvailable];
}

- initWithAuthzid: (OFString*)authzid
	  authcid: (OFString*)authcid
	 password: (OFString*)password
       connection: (XMPPConnection*)connection
- initWithAuthzid: (OFString *)authzid
	  authcid: (OFString *)authcid
	 password: (OFString *)password
       connection: (XMPPConnection *)connection
	     hash: (Class)hash
    plusAvailable: (bool)plusAvailable
{
	self = [super initWithAuthzid: authzid
			      authcid: authcid
			     password: password];

105
106
107
108
109
110
111
112

113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

147
148
149
150
151
152
153
120
121
122
123
124
125
126

127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

161
162
163
164
165
166
167
168







-
+
















-
+
















-
+







	[_serverSignature release];
	[_cNonce release];
	[_connection release];

	[super dealloc];
}

- (void)setAuthzid: (OFString*)authzid
- (void)setAuthzid: (OFString *)authzid
{
	OFString *old = _authzid;

	if (authzid) {
		OFMutableString *new = [[authzid mutableCopy] autorelease];
		[new replaceOccurrencesOfString: @"="
				     withString: @"=3D"];
		[new replaceOccurrencesOfString: @","
				     withString: @"=2C"];
		_authzid = [new retain];
	} else
		_authzid = nil;

	[old release];
}

- (void)setAuthcid: (OFString*)authcid
- (void)setAuthcid: (OFString *)authcid
{
	OFString *old = _authcid;

	if (authcid) {
		OFMutableString *new = [[authcid mutableCopy] autorelease];
		[new replaceOccurrencesOfString: @"="
				     withString: @"=3D"];
		[new replaceOccurrencesOfString: @","
				     withString: @"=2C"];
		_authcid = [new retain];
	} else
		_authcid = nil;

	[old release];
}

- (OFDataArray*)initialMessage
- (OFDataArray *)initialMessage
{
	OFDataArray *ret = [OFDataArray dataArray];

	/* New authentication attempt, reset status */
	[_cNonce release];
	_cNonce = nil;
	[_GS2Header release];
176
177
178
179
180
181
182
183

184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199

200
201
202
203
204
205
206
191
192
193
194
195
196
197

198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213

214
215
216
217
218
219
220
221







-
+















-
+








	[ret addItems: [_clientFirstMessageBare UTF8String]
		count: [_clientFirstMessageBare UTF8StringLength]];

	return ret;
}

- (OFDataArray*)continueWithData: (OFDataArray*)data
- (OFDataArray *)continueWithData: (OFDataArray *)data
{
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
	OFDataArray *ret;

	if (!_serverSignature)
		ret = [self XMPP_parseServerFirstMessage: data];
	else
		ret = [self XMPP_parseServerFinalMessage: data];

	[ret retain];
	[pool release];

	return [ret autorelease];
}

- (OFDataArray*)XMPP_parseServerFirstMessage: (OFDataArray*)data
- (OFDataArray *)XMPP_parseServerFirstMessage: (OFDataArray *)data
{
	size_t i;
	const uint8_t *clientKey, *serverKey, *clientSignature;
	intmax_t iterCount = 0;
	id <OFCryptoHash> hash;
	OFDataArray *ret, *authMessage, *tmpArray, *salt = nil, *saltedPassword;
	OFString *tmpString, *sNonce = nil;
249
250
251
252
253
254
255
256


257
258
259
260
261
262
263
264
265
266
267
268
269
270

271
272
273
274
275
276
277
278
279







-
+
+







		@throw [OFInvalidServerReplyException exception];

	// Add c=<base64(GS2Header+channelBindingData)>
	tmpArray = [OFDataArray dataArray];
	[tmpArray addItems: [_GS2Header UTF8String]
		     count: [_GS2Header UTF8StringLength]];
	if (_plusAvailable && [_connection encrypted]) {
		OFDataArray *channelBinding = [((SSLSocket*)[_connection socket])
		OFDataArray *channelBinding =
		    [((SSLSocket *)[_connection socket])
		    channelBindingDataWithType: @"tls-unique"];
		[tmpArray addItems: [channelBinding items]
			     count: [channelBinding count]];
	}
	tmpString = [tmpArray stringByBase64Encoding];
	[ret addItems: "c="
		count: 2];
308
309
310
311
312
313
314
315

316
317
318
319
320
321
322
324
325
326
327
328
329
330

331
332
333
334
335
336
337
338







-
+







	clientKey = [self XMPP_HMACWithKey: saltedPassword
				      data: tmpArray];

	/*
	 * IETF RFC 5802:
	 * StoredKey := H(ClientKey)
	 */
	[hash updateWithBuffer: (void*) clientKey
	[hash updateWithBuffer: (void *)clientKey
			length: [_hashType digestSize]];
	tmpArray = [OFDataArray dataArray];
	[tmpArray addItems: [hash digest]
		     count: [_hashType digestSize]];

	/*
	 * IETF RFC 5802:
364
365
366
367
368
369
370
371

372
373
374
375
376
377
378
380
381
382
383
384
385
386

387
388
389
390
391
392
393
394







-
+







	tmpString = [tmpArray stringByBase64Encoding];
	[ret addItems: [tmpString UTF8String]
		count: [tmpString UTF8StringLength]];

	return ret;
}

- (OFDataArray*)XMPP_parseServerFinalMessage: (OFDataArray*)data
- (OFDataArray *)XMPP_parseServerFinalMessage: (OFDataArray *)data
{
	OFString *mess, *value;

	/*
	 * server-final-message already received,
	 * we were just waiting for the last word from the server
	 */
394
395
396
397
398
399
400
401

402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417

418
419
420
421
422
423


424
425
426
427
428
429
430
410
411
412
413
414
415
416

417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432

433
434
435
436
437


438
439
440
441
442
443
444
445
446







-
+















-
+




-
-
+
+







	} else
		@throw [XMPPAuthFailedException exceptionWithConnection: nil
								 reason: value];

	return nil;
}

- (OFString*)XMPP_genNonce
- (OFString *)XMPP_genNonce
{
	uint8_t buf[64];
	size_t i;

	assert(RAND_pseudo_bytes(buf, 64) >= 0);

	for (i = 0; i < 64; i++) {
		// Restrict salt to printable range, but do not include '~'...
		buf[i] = (buf[i] % ('~' - '!')) + '!';

		// ...so we can use it to replace ','
		if (buf[i] == ',')
			buf[i] = '~';
	}

	return [OFString stringWithCString: (char*)buf
	return [OFString stringWithCString: (char *)buf
				  encoding: OF_STRING_ENCODING_ASCII
				    length: 64];
}

- (const uint8_t*)XMPP_HMACWithKey: (OFDataArray*)key
			data: (OFDataArray*)data
- (const uint8_t *)XMPP_HMACWithKey: (OFDataArray *)key
			       data: (OFDataArray *)data
{
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
	OFDataArray *k = [OFDataArray dataArray];
	size_t i, kSize, blockSize = [_hashType blockSize];
	uint8_t *kI = NULL, *kO = NULL;
	id <OFCryptoHash> hashI, hashO;

449
450
451
452
453
454
455
456

457
458
459
460
461
462

463
464

465
466
467
468
469
470
471
472
473
474
475
476
477
478
479



480
481
482
483
484
485
486
465
466
467
468
469
470
471

472
473
474
475
476
477

478
479

480
481
482
483
484
485
486
487
488
489
490
491
492



493
494
495
496
497
498
499
500
501
502







-
+





-
+

-
+












-
-
-
+
+
+








		for (i = 0; i < blockSize; i++) {
			kI[i] ^= HMAC_IPAD;
			kO[i] ^= HMAC_OPAD;
		}

		hashI = [[[_hashType alloc] init] autorelease];
		[hashI updateWithBuffer: (char*)kI
		[hashI updateWithBuffer: (char *)kI
				 length: blockSize];
		[hashI updateWithBuffer: [data items]
				 length: [data itemSize] * [data count]];

		hashO = [[[_hashType alloc] init] autorelease];
		[hashO updateWithBuffer: (char*)kO
		[hashO updateWithBuffer: (char *)kO
				 length: blockSize];
		[hashO updateWithBuffer: (char*)[hashI digest]
		[hashO updateWithBuffer: (char *)[hashI digest]
				 length: [_hashType digestSize]];
	} @finally {
		[self freeMemory: kI];
		[self freeMemory: kO];
	}

	[hashO retain];
	[pool release];

	return [[hashO autorelease] digest];
}

- (OFDataArray*)XMPP_hiWithData: (OFDataArray*)str
			   salt: (OFDataArray*)salt
		 iterationCount: (intmax_t)i
- (OFDataArray *)XMPP_hiWithData: (OFDataArray *)str
			    salt: (OFDataArray *)salt
		  iterationCount: (intmax_t)i
{
	OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
	size_t digestSize = [_hashType digestSize];
	uint8_t *result = NULL;
	const uint8_t *u, *uOld;
	intmax_t j, k;
	OFDataArray *salty, *tmp, *ret;