diff options
author | George Hazan <ghazan@miranda.im> | 2020-07-01 14:45:01 +0300 |
---|---|---|
committer | George Hazan <ghazan@miranda.im> | 2020-07-01 14:45:01 +0300 |
commit | f10699e580b3eead1cb9c250822abbbc626eb3e3 (patch) | |
tree | 732540d8c618787c4244fc9fb6d8d8ca8fdb7e80 /protocols | |
parent | 4ac1dc06f30c240089da5cdeba6cbf46cd598a1e (diff) |
TLS 1.3 support:
Netlib_GetTlsUnique - new function to retrieve TLS binding data for an opened socket
Diffstat (limited to 'protocols')
-rw-r--r-- | protocols/JabberG/src/jabber_secur.cpp | 26 | ||||
-rw-r--r-- | protocols/JabberG/src/jabber_secur.h | 6 | ||||
-rwxr-xr-x | protocols/JabberG/src/jabber_thread.cpp | 8 |
3 files changed, 28 insertions, 12 deletions
diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp index 67bc2b1ae7..d3f640f194 100644 --- a/protocols/JabberG/src/jabber_secur.cpp +++ b/protocols/JabberG/src/jabber_secur.cpp @@ -206,11 +206,18 @@ char* TMD5Auth::getChallenge(const char *challenge) /////////////////////////////////////////////////////////////////////////////////////////
// SCRAM-SHA-1 authorization
-TScramAuth::TScramAuth(ThreadData *info, bool bPlus) :
- TJabberAuth(info),
- bindingData(bPlus ? "p=tls-unique,," : "n,,")
+TScramAuth::TScramAuth(ThreadData *info, void *pData, size_t cbLen) :
+ TJabberAuth(info)
{
- szName = (bPlus) ? "SCRAM-SHA-1-PLUS" : "SCRAM-SHA-1";
+ if (pData) {
+ szName = "SCRAM-SHA-1-PLUS";
+ bindFlag = "p=tls-unique,,";
+ bindData.append(pData, cbLen);
+ }
+ else {
+ szName = "SCRAM-SHA-1";
+ bindFlag = "n,,";
+ }
}
TScramAuth::~TScramAuth()
@@ -247,7 +254,7 @@ char* TScramAuth::getInitialRequest() CMStringA buf(FORMAT, "n=%s,r=%s", info->conn.username, cnonce);
msg1 = mir_strdup(buf);
- buf.Insert(0, bindingData);
+ buf.Insert(0, bindFlag);
return mir_base64_encode(buf, buf.GetLength());
}
@@ -257,8 +264,13 @@ char* TScramAuth::getChallenge(const char *challenge) ptrA snonce, salt;
int ind = -1;
- ptrA chl((char*)mir_base64_decode(challenge, &chlLen));
- ptrA cbd(mir_base64_encode(bindingData, mir_strlen(bindingData)));
+ ptrA chl((char *)mir_base64_decode(challenge, &chlLen)), cbd;
+ if (bindData.isEmpty())
+ cbd = mir_base64_encode(bindFlag, mir_strlen(bindFlag));
+ else {
+ bindData.appendBefore((void*)bindFlag, mir_strlen(bindFlag));
+ cbd = mir_base64_encode(bindData.data(), bindData.length());
+ }
for (char *p = strtok(NEWSTR_ALLOCA(chl), ","); p != nullptr; p = strtok(nullptr, ",")) {
if (*p == 'r' && p[1] == '=') { // snonce
diff --git a/protocols/JabberG/src/jabber_secur.h b/protocols/JabberG/src/jabber_secur.h index fa3d7531da..dc098213bf 100644 --- a/protocols/JabberG/src/jabber_secur.h +++ b/protocols/JabberG/src/jabber_secur.h @@ -84,11 +84,11 @@ class TScramAuth : public TJabberAuth {
typedef TJabberAuth CSuper;
- const char *bindingData;
- char *cnonce = 0, *msg1 = 0, *serverSignature = 0;
+ char *bindFlag, *cnonce = 0, *msg1 = 0, *serverSignature = 0;
+ MBinBuffer bindData;
public:
- TScramAuth(ThreadData*, bool);
+ TScramAuth(ThreadData*, void *pData = nullptr, size_t cbLen = 0);
~TScramAuth();
char* getInitialRequest() override;
diff --git a/protocols/JabberG/src/jabber_thread.cpp b/protocols/JabberG/src/jabber_thread.cpp index 69d039957d..77ea881769 100755 --- a/protocols/JabberG/src/jabber_thread.cpp +++ b/protocols/JabberG/src/jabber_thread.cpp @@ -629,12 +629,16 @@ void CJabberProto::PerformAuthentication(ThreadData *info) if (auth == nullptr && m_isScramPlusAvailable) {
m_isScramPlusAvailable = false;
- auth = new TScramAuth(info, true);
+
+ int len = 0;
+ void *pBuf = Netlib_GetTlsUnique(info->s, len);
+ if (pBuf)
+ auth = new TScramAuth(info, pBuf, len);
}
if (auth == nullptr && m_isScramAvailable) {
m_isScramAvailable = false;
- auth = new TScramAuth(info, false);
+ auth = new TScramAuth(info);
}
if (auth == nullptr && m_isMd5Available) {
|