diff options
| author | George Hazan <ghazan@miranda.im> | 2020-06-30 22:20:02 +0300 |
|---|---|---|
| committer | George Hazan <ghazan@miranda.im> | 2020-06-30 22:20:02 +0300 |
| commit | 4ac1dc06f30c240089da5cdeba6cbf46cd598a1e (patch) | |
| tree | 7ebb856ffcfb1ef25868865f0c3c5c681b4174a3 /protocols/JabberG/src/jabber_secur.cpp | |
| parent | 50ee560889dd24d306ba8c873b8e26ae9c05c617 (diff) | |
Jabber: more fixes for #2469
Diffstat (limited to 'protocols/JabberG/src/jabber_secur.cpp')
| -rw-r--r-- | protocols/JabberG/src/jabber_secur.cpp | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp index a0ae449508..67bc2b1ae7 100644 --- a/protocols/JabberG/src/jabber_secur.cpp +++ b/protocols/JabberG/src/jabber_secur.cpp @@ -206,12 +206,11 @@ char* TMD5Auth::getChallenge(const char *challenge) /////////////////////////////////////////////////////////////////////////////////////////
// SCRAM-SHA-1 authorization
-TScramAuth::TScramAuth(ThreadData *info, bool bPlusAvailable) :
+TScramAuth::TScramAuth(ThreadData *info, bool bPlus) :
TJabberAuth(info),
- bPlus(bPlusAvailable)
+ bindingData(bPlus ? "p=tls-unique,," : "n,,")
{
- szName = (bPlusAvailable) ? "SCRAM-SHA-1-PLUS" : "SCRAM-SHA-1";
- cnonce = msg1 = serverSignature = nullptr;
+ szName = (bPlus) ? "SCRAM-SHA-1-PLUS" : "SCRAM-SHA-1";
}
TScramAuth::~TScramAuth()
@@ -245,8 +244,10 @@ char* TScramAuth::getInitialRequest() Utils_GetRandom(nonce, sizeof(nonce));
cnonce = mir_base64_encode(nonce, sizeof(nonce));
- CMStringA buf(FORMAT, "%c,,n=%s,r=%s", (bPlus) ? 'p' : 'n', info->conn.username, cnonce);
- msg1 = mir_strdup(buf.c_str() + 3);
+ CMStringA buf(FORMAT, "n=%s,r=%s", info->conn.username, cnonce);
+ msg1 = mir_strdup(buf);
+
+ buf.Insert(0, bindingData);
return mir_base64_encode(buf, buf.GetLength());
}
@@ -257,6 +258,7 @@ char* TScramAuth::getChallenge(const char *challenge) int ind = -1;
ptrA chl((char*)mir_base64_decode(challenge, &chlLen));
+ ptrA cbd(mir_base64_encode(bindingData, mir_strlen(bindingData)));
for (char *p = strtok(NEWSTR_ALLOCA(chl), ","); p != nullptr; p = strtok(nullptr, ",")) {
if (*p == 'r' && p[1] == '=') { // snonce
@@ -287,11 +289,10 @@ char* TScramAuth::getChallenge(const char *challenge) mir_sha1_append(&ctx, clientKey, MIR_SHA1_HASH_SIZE);
mir_sha1_finish(&ctx, storedKey);
- char authmsg[4096];
- int authmsgLen = mir_snprintf(authmsg, "%s,%s,c=biws,r=%s", msg1, chl.get(), snonce.get());
+ CMStringA authmsg(FORMAT, "%s,%s,c=%s,r=%s", msg1, chl.get(), cbd.get(), snonce.get());
BYTE clientSig[MIR_SHA1_HASH_SIZE];
- HMAC(EVP_sha1(), storedKey, sizeof(storedKey), (BYTE*)authmsg, authmsgLen, clientSig, &len);
+ HMAC(EVP_sha1(), storedKey, sizeof(storedKey), (BYTE*)authmsg.c_str(), authmsg.GetLength(), clientSig, &len);
BYTE clientProof[MIR_SHA1_HASH_SIZE];
for (unsigned j = 0; j < sizeof(clientKey); j++)
@@ -302,13 +303,12 @@ char* TScramAuth::getChallenge(const char *challenge) HMAC(EVP_sha1(), saltedPassw, sizeof(saltedPassw), (BYTE*)"Server Key", 10, serverKey, &len);
BYTE srvSig[MIR_SHA1_HASH_SIZE];
- HMAC(EVP_sha1(), serverKey, sizeof(serverKey), (BYTE*)authmsg, authmsgLen, srvSig, &len);
+ HMAC(EVP_sha1(), serverKey, sizeof(serverKey), (BYTE*)authmsg.c_str(), authmsg.GetLength(), srvSig, &len);
serverSignature = mir_base64_encode(srvSig, sizeof(srvSig));
- char buf[4096];
ptrA encproof(mir_base64_encode(clientProof, sizeof(clientProof)));
- int cbLen = mir_snprintf(buf, "c=biws,r=%s,p=%s", snonce.get(), encproof.get());
- return mir_base64_encode(buf, cbLen);
+ CMStringA buf(FORMAT, "c=%s,r=%s,p=%s", cbd.get(), snonce.get(), encproof.get());
+ return mir_base64_encode(buf, buf.GetLength());
}
bool TScramAuth::validateLogin(const char *challenge)
|