From 3813c8e151beafef2f3e790573a59897c654b734 Mon Sep 17 00:00:00 2001 From: George Hazan Date: Tue, 3 Dec 2024 19:47:31 +0300 Subject: fixes #4074 (XEP-0480: SASL Upgrade Tasks support) --- protocols/JabberG/src/jabber_proto.h | 4 ++++ protocols/JabberG/src/jabber_sasl2.cpp | 32 ++++++-------------------------- protocols/JabberG/src/jabber_thread.cpp | 7 +++++-- 3 files changed, 15 insertions(+), 28 deletions(-) (limited to 'protocols/JabberG/src') diff --git a/protocols/JabberG/src/jabber_proto.h b/protocols/JabberG/src/jabber_proto.h index 969f59ee9b..922a0be3cc 100644 --- a/protocols/JabberG/src/jabber_proto.h +++ b/protocols/JabberG/src/jabber_proto.h @@ -123,6 +123,10 @@ public: virtual ~TUpgradeTask() {} + __forceinline const char *getInitData() const { + return szInitData; + } + __forceinline const char *getName() const { return szName; } diff --git a/protocols/JabberG/src/jabber_sasl2.cpp b/protocols/JabberG/src/jabber_sasl2.cpp index b63350acd9..8f3a2fefa8 100644 --- a/protocols/JabberG/src/jabber_sasl2.cpp +++ b/protocols/JabberG/src/jabber_sasl2.cpp @@ -47,35 +47,13 @@ struct TScramTask : public TUpgradeTask ptrA szInit((char *)mir_base64_decode(szInitData, &cbNonce)); ptrA szNonce((char*)mir_base64_decode(szInit.get() + 2, &cbNonce)); ptrA szSalt((char *)mir_base64_decode(pszSalt, &cbSalt)); - ptrA cbd(mir_base64_encode("n,,", 3)), chl(mir_strdup("")), msg1(mir_strdup("")); int hashSize = EVP_MD_size(hashMethod); uint8_t saltedPassw[EVP_MAX_MD_SIZE]; Hi(hashMethod, saltedPassw, info->conn.password, mir_strlen(info->conn.password), szSalt, cbSalt, iterations); - uint8_t clientKey[EVP_MAX_MD_SIZE]; - unsigned int len; - HMAC(hashMethod, saltedPassw, hashSize, (uint8_t *)"Client Key", 10, clientKey, &len); - - uint8_t storedKey[EVP_MAX_MD_SIZE]; - { - EVP_MD_CTX *pctx = EVP_MD_CTX_new(); - EVP_DigestInit(pctx, hashMethod); - EVP_DigestUpdate(pctx, clientKey, hashSize); - EVP_DigestFinal(pctx, storedKey, &len); - EVP_MD_CTX_free(pctx); - } - - uint8_t clientSig[EVP_MAX_MD_SIZE]; - CMStringA authmsg(FORMAT, "%s,%s,c=%s,r=%s", msg1, chl.get(), cbd.get(), szNonce.get()); - HMAC(hashMethod, storedKey, hashSize, (uint8_t *)authmsg.c_str(), authmsg.GetLength(), clientSig, &len); - - uint8_t clientProof[EVP_MAX_MD_SIZE]; - for (int j = 0; j < hashSize; j++) - clientProof[j] = clientKey[j] ^ clientSig[j]; - - ptrA szEncoded(mir_base64_encode(clientProof, hashSize)); + ptrA szEncoded(mir_base64_encode(saltedPassw, hashSize)); auto *pHash = dest << XCHILD("hash", szEncoded); pHash << XATTR("xmlns", "urn:xmpp:scram-upgrade:0"); return true; @@ -95,8 +73,8 @@ void CJabberProto::OnProcessUpgrade(const TiXmlElement *n, ThreadData *info) pTask = new TScramTask(info, szMechanism, EVP_sha256(), 520); else if (!mir_strcmp(szMechanism, "UPGR-SCRAM-SHA-384")) pTask = new TScramTask(info, szMechanism, EVP_sha384(), 530); - else if (!mir_strcmp(szMechanism, "UPGR-SCRAM-SHA-512")) - pTask = new TScramTask(info, szMechanism, EVP_sha512(), 540); + //else if (!mir_strcmp(szMechanism, "UPGR-SCRAM-SHA-512")) + //pTask = new TScramTask(info, szMechanism, EVP_sha512(), 540); else { debugLogA("Unsupported mechanism for upgrade: %s, skipping", szMechanism); return; @@ -126,9 +104,11 @@ void CJabberProto::OnProcessContinue(const TiXmlElement *node, ThreadData *info) return; } - pTask->setInitData(XmlGetChildText(node, "additional-data")); info->m_saslUpgrade = pTask; + if (auto *pszInitData = XmlGetChildText(node, "additional-data")) + pTask->setInitData(pszInitData); + XmlNode next("next"); next << XATTR("xmlns", JABBER_FEAT_SASL2) << XATTR("task", pTask->getName()); info->send(next); diff --git a/protocols/JabberG/src/jabber_thread.cpp b/protocols/JabberG/src/jabber_thread.cpp index baa5120188..f1db58dd1e 100644 --- a/protocols/JabberG/src/jabber_thread.cpp +++ b/protocols/JabberG/src/jabber_thread.cpp @@ -709,8 +709,8 @@ void CJabberProto::OnProcessFeatures(const TiXmlElement *node, ThreadData *info) // dunno why we need to handle that } } - // else if (!mir_strcmp(c->Name(), "upgrade") && c->Attribute("xmlns", "urn:xmpp:sasl:upgrade:0")) - // OnProcessUpgrade(c, info); + else if (!mir_strcmp(c->Name(), "upgrade") && c->Attribute("xmlns", "urn:xmpp:sasl:upgrade:0")) + OnProcessUpgrade(c, info); } } else if (!mir_strcmp(pszName, "session")) @@ -833,6 +833,9 @@ void CJabberProto::OnProcessSuccess(const TiXmlElement *node, ThreadData *info) return; } + if (m_hasSasl2 && !pszFinal && info->m_saslUpgrade) + pszFinal = info->m_saslUpgrade->getInitData(); + if (!m_arAuthMechs[0].validateLogin(pszFinal)) { info->send(""); return; -- cgit v1.2.3