TLS 1.3 support:

Netlib_GetTlsUnique - new function to retrieve TLS binding data for an opened socket

3 files changed, 28 insertions, 12 deletions

diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp
index 67bc2b1ae7..d3f640f194 100644
--- a/protocols/JabberG/src/jabber_secur.cpp
+++ b/protocols/JabberG/src/jabber_secur.cpp
@@ -206,11 +206,18 @@ char* TMD5Auth::getChallenge(const char *challenge)
 /////////////////////////////////////////////////////////////////////////////////////////

 // SCRAM-SHA-1 authorization

 

-TScramAuth::TScramAuth(ThreadData *info, bool bPlus) :

-	TJabberAuth(info),

-	bindingData(bPlus ? "p=tls-unique,," : "n,,")

+TScramAuth::TScramAuth(ThreadData *info, void *pData, size_t cbLen) :

+	TJabberAuth(info)

 {

-	szName = (bPlus) ? "SCRAM-SHA-1-PLUS" : "SCRAM-SHA-1";

+	if (pData) {

+		szName = "SCRAM-SHA-1-PLUS";

+		bindFlag = "p=tls-unique,,";

+		bindData.append(pData, cbLen);

+	}

+	else {

+		szName = "SCRAM-SHA-1";

+		bindFlag = "n,,";

+	}	

 }

 

 TScramAuth::~TScramAuth()

@@ -247,7 +254,7 @@ char* TScramAuth::getInitialRequest()
 	CMStringA buf(FORMAT, "n=%s,r=%s", info->conn.username, cnonce);

 	msg1 = mir_strdup(buf);

 

-	buf.Insert(0, bindingData);

+	buf.Insert(0, bindFlag);

 	return mir_base64_encode(buf, buf.GetLength());

 }

 

@@ -257,8 +264,13 @@ char* TScramAuth::getChallenge(const char *challenge)
 	ptrA snonce, salt;

 	int ind = -1;

 

-	ptrA chl((char*)mir_base64_decode(challenge, &chlLen));

-	ptrA cbd(mir_base64_encode(bindingData, mir_strlen(bindingData)));

+	ptrA chl((char *)mir_base64_decode(challenge, &chlLen)), cbd;

+	if (bindData.isEmpty())

+		cbd = mir_base64_encode(bindFlag, mir_strlen(bindFlag));

+	else {

+		bindData.appendBefore((void*)bindFlag, mir_strlen(bindFlag));

+		cbd = mir_base64_encode(bindData.data(), bindData.length());

+	}

 

 	for (char *p = strtok(NEWSTR_ALLOCA(chl), ","); p != nullptr; p = strtok(nullptr, ",")) {

 		if (*p == 'r' && p[1] == '=') { // snonce

diff --git a/protocols/JabberG/src/jabber_secur.h b/protocols/JabberG/src/jabber_secur.h
index fa3d7531da..dc098213bf 100644
--- a/protocols/JabberG/src/jabber_secur.h
+++ b/protocols/JabberG/src/jabber_secur.h
@@ -84,11 +84,11 @@ class TScramAuth : public TJabberAuth
 {

 	typedef TJabberAuth CSuper;

 

-	const char *bindingData;

-	char *cnonce = 0, *msg1 = 0, *serverSignature = 0;

+	char *bindFlag, *cnonce = 0, *msg1 = 0, *serverSignature = 0;

+	MBinBuffer bindData;

 

 public:

-	TScramAuth(ThreadData*, bool);

+	TScramAuth(ThreadData*, void *pData = nullptr, size_t cbLen = 0);

 	~TScramAuth();

 

 	char* getInitialRequest() override;

diff --git a/protocols/JabberG/src/jabber_thread.cpp b/protocols/JabberG/src/jabber_thread.cpp
index 69d039957d..77ea881769 100755
--- a/protocols/JabberG/src/jabber_thread.cpp
+++ b/protocols/JabberG/src/jabber_thread.cpp
@@ -629,12 +629,16 @@ void CJabberProto::PerformAuthentication(ThreadData *info)
 

 	if (auth == nullptr && m_isScramPlusAvailable) {

 		m_isScramPlusAvailable = false;

-		auth = new TScramAuth(info, true);

+		

+		int len = 0;

+		void *pBuf = Netlib_GetTlsUnique(info->s, len);

+		if (pBuf)

+			auth = new TScramAuth(info, pBuf, len);

 	}

 

 	if (auth == nullptr && m_isScramAvailable) {

 		m_isScramAvailable = false;

-		auth = new TScramAuth(info, false);

+		auth = new TScramAuth(info);

 	}

 

 	if (auth == nullptr && m_isMd5Available) {