mirror of
https://github.com/ZoiteChat/zoitechat.git
synced 2026-03-10 16:00:18 +00:00
321 lines
8.5 KiB
C
321 lines
8.5 KiB
C
/* ZoiteChat
|
|
* Copyright (C) 2023 Patrick Okraku
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
|
|
*/
|
|
|
|
#include "zoitechat.h"
|
|
|
|
#ifdef USE_OPENSSL
|
|
|
|
#include "scram.h"
|
|
#include <openssl/hmac.h>
|
|
#include <openssl/rand.h>
|
|
|
|
#define NONCE_LENGTH 18
|
|
#define CLIENT_KEY "Client Key"
|
|
#define SERVER_KEY "Server Key"
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
|
#define EVP_MD_CTX_new(ctx) EVP_MD_CTX_create(ctx)
|
|
#define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy(ctx)
|
|
#endif
|
|
|
|
scram_session
|
|
*scram_session_create (const char *digest, const char *username, const char *password)
|
|
{
|
|
scram_session *session;
|
|
const EVP_MD *md;
|
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
|
OpenSSL_add_all_algorithms ();
|
|
#endif
|
|
md = EVP_get_digestbyname (digest);
|
|
|
|
if (md == NULL)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
session = g_new0 (scram_session, 1);
|
|
session->digest = md;
|
|
session->digest_size = EVP_MD_size (md);
|
|
session->username = g_strdup (username);
|
|
session->password = g_strdup (password);
|
|
return session;
|
|
}
|
|
|
|
void
|
|
scram_session_free (scram_session *session)
|
|
{
|
|
if (session == NULL)
|
|
{
|
|
return;
|
|
}
|
|
|
|
g_free (session->username);
|
|
g_free (session->password);
|
|
g_free (session->client_nonce_b64);
|
|
g_free (session->client_first_message_bare);
|
|
g_free (session->salted_password);
|
|
g_free (session->auth_message);
|
|
g_free (session->error);
|
|
|
|
g_free (session);
|
|
}
|
|
|
|
static int
|
|
create_nonce (void *buffer, size_t length)
|
|
{
|
|
return RAND_bytes (buffer, length);
|
|
}
|
|
|
|
static int
|
|
create_SHA (scram_session *session, const unsigned char *input, size_t input_len,
|
|
unsigned char *output, unsigned int *output_len)
|
|
{
|
|
EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
|
|
|
|
if (!EVP_DigestInit_ex (md_ctx, session->digest, NULL))
|
|
{
|
|
session->error = g_strdup ("Message digest initialization failed");
|
|
EVP_MD_CTX_free (md_ctx);
|
|
return SCRAM_ERROR;
|
|
}
|
|
|
|
if (!EVP_DigestUpdate (md_ctx, input, input_len))
|
|
{
|
|
session->error = g_strdup ("Message digest update failed");
|
|
EVP_MD_CTX_free (md_ctx);
|
|
return SCRAM_ERROR;
|
|
}
|
|
|
|
if (!EVP_DigestFinal_ex (md_ctx, output, output_len))
|
|
{
|
|
session->error = g_strdup ("Message digest finalization failed");
|
|
EVP_MD_CTX_free (md_ctx);
|
|
return SCRAM_ERROR;
|
|
}
|
|
|
|
EVP_MD_CTX_free (md_ctx);
|
|
return SCRAM_IN_PROGRESS;
|
|
}
|
|
|
|
static scram_status
|
|
process_client_first (scram_session *session, char **output, size_t *output_len)
|
|
{
|
|
char nonce[NONCE_LENGTH];
|
|
|
|
if (!create_nonce (nonce, NONCE_LENGTH))
|
|
{
|
|
session->error = g_strdup ("Could not create client nonce");
|
|
return SCRAM_ERROR;
|
|
}
|
|
|
|
session->client_nonce_b64 = g_base64_encode ((guchar *) nonce, NONCE_LENGTH);
|
|
*output = g_strdup_printf ("n,,n=%s,r=%s", session->username, session->client_nonce_b64);
|
|
*output_len = strlen (*output);
|
|
session->client_first_message_bare = g_strdup (*output + 3);
|
|
session->step++;
|
|
return SCRAM_IN_PROGRESS;
|
|
}
|
|
|
|
static scram_status
|
|
process_server_first (scram_session *session, const char *data, char **output,
|
|
size_t *output_len)
|
|
{
|
|
char **params, *client_final_message_without_proof, *salt, *server_nonce_b64,
|
|
*client_proof_b64;
|
|
unsigned char *client_key, stored_key[EVP_MAX_MD_SIZE], *client_signature, *client_proof;
|
|
unsigned int i, param_count, iteration_count, client_key_len, stored_key_len;
|
|
gsize salt_len = 0;
|
|
size_t client_nonce_len;
|
|
|
|
params = g_strsplit (data, ",", -1);
|
|
param_count = g_strv_length (params);
|
|
|
|
if (param_count < 3)
|
|
{
|
|
session->error = g_strdup_printf ("Invalid server-first-message: %s", data);
|
|
g_strfreev (params);
|
|
return SCRAM_ERROR;
|
|
}
|
|
|
|
server_nonce_b64 = NULL;
|
|
salt = NULL;
|
|
iteration_count = 0;
|
|
|
|
for (i = 0; i < param_count; i++)
|
|
{
|
|
if (!strncmp (params[i], "r=", 2))
|
|
{
|
|
g_free (server_nonce_b64);
|
|
server_nonce_b64 = g_strdup (params[i] + 2);
|
|
}
|
|
else if (!strncmp (params[i], "s=", 2))
|
|
{
|
|
g_free (salt);
|
|
salt = g_strdup (params[i] + 2);
|
|
}
|
|
else if (!strncmp (params[i], "i=", 2))
|
|
{
|
|
iteration_count = strtoul (params[i] + 2, NULL, 10);
|
|
}
|
|
}
|
|
|
|
g_strfreev (params);
|
|
|
|
if (server_nonce_b64 == NULL || *server_nonce_b64 == '\0' || salt == NULL ||
|
|
*salt == '\0' || iteration_count == 0)
|
|
{
|
|
session->error = g_strdup_printf ("Invalid server-first-message: %s", data);
|
|
g_free (server_nonce_b64);
|
|
g_free (salt);
|
|
return SCRAM_ERROR;
|
|
}
|
|
|
|
client_nonce_len = strlen (session->client_nonce_b64);
|
|
|
|
if (strlen (server_nonce_b64) < client_nonce_len ||
|
|
strncmp (server_nonce_b64, session->client_nonce_b64, client_nonce_len))
|
|
{
|
|
session->error = g_strdup_printf ("Invalid server nonce: %s", server_nonce_b64);
|
|
return SCRAM_ERROR;
|
|
}
|
|
|
|
g_base64_decode_inplace ((gchar *) salt, &salt_len);
|
|
|
|
session->salted_password = g_malloc (session->digest_size);
|
|
|
|
PKCS5_PBKDF2_HMAC (session->password, strlen (session->password), (unsigned char *) salt,
|
|
salt_len, iteration_count, session->digest, session->digest_size,
|
|
session->salted_password);
|
|
|
|
client_final_message_without_proof = g_strdup_printf ("c=biws,r=%s", server_nonce_b64);
|
|
|
|
session->auth_message = g_strdup_printf ("%s,%s,%s", session->client_first_message_bare,
|
|
data, client_final_message_without_proof);
|
|
|
|
client_key = g_malloc0 (session->digest_size);
|
|
|
|
HMAC (session->digest, session->salted_password, session->digest_size,
|
|
(unsigned char *) CLIENT_KEY, strlen (CLIENT_KEY), client_key, &client_key_len);
|
|
|
|
if (!create_SHA (session, client_key, session->digest_size, stored_key, &stored_key_len))
|
|
{
|
|
g_free (client_final_message_without_proof);
|
|
g_free (server_nonce_b64);
|
|
g_free (salt);
|
|
g_free (client_key);
|
|
return SCRAM_ERROR;
|
|
}
|
|
|
|
client_signature = g_malloc0 (session->digest_size);
|
|
HMAC (session->digest, stored_key, stored_key_len, (unsigned char *) session->auth_message,
|
|
strlen ((char *) session->auth_message), client_signature, NULL);
|
|
|
|
client_proof = g_malloc0 (client_key_len);
|
|
|
|
for (i = 0; i < client_key_len; i++)
|
|
{
|
|
client_proof[i] = client_key[i] ^ client_signature[i];
|
|
}
|
|
|
|
client_proof_b64 = g_base64_encode ((guchar *) client_proof, client_key_len);
|
|
|
|
*output = g_strdup_printf ("%s,p=%s", client_final_message_without_proof, client_proof_b64);
|
|
*output_len = strlen (*output);
|
|
|
|
g_free (server_nonce_b64);
|
|
g_free (salt);
|
|
g_free (client_final_message_without_proof);
|
|
g_free (client_key);
|
|
g_free (client_signature);
|
|
g_free (client_proof);
|
|
g_free (client_proof_b64);
|
|
|
|
session->step++;
|
|
return SCRAM_IN_PROGRESS;
|
|
}
|
|
|
|
static scram_status
|
|
process_server_final (scram_session *session, const char *data)
|
|
{
|
|
char *verifier;
|
|
unsigned char *server_key, *server_signature;
|
|
unsigned int server_key_len = 0, server_signature_len = 0;
|
|
gsize verifier_len = 0;
|
|
|
|
if (strlen (data) < 3 || (data[0] != 'v' && data[1] != '='))
|
|
{
|
|
return SCRAM_ERROR;
|
|
}
|
|
|
|
verifier = g_strdup (data + 2);
|
|
g_base64_decode_inplace (verifier, &verifier_len);
|
|
|
|
server_key = g_malloc0 (session->digest_size);
|
|
HMAC (session->digest, session->salted_password, session->digest_size,
|
|
(unsigned char *) SERVER_KEY, strlen (SERVER_KEY), server_key, &server_key_len);
|
|
|
|
server_signature = g_malloc0 (session->digest_size);
|
|
HMAC (session->digest, server_key, session->digest_size,
|
|
(unsigned char *) session->auth_message, strlen ((char *) session->auth_message),
|
|
server_signature, &server_signature_len);
|
|
|
|
if (verifier_len == server_signature_len &&
|
|
memcmp (verifier, server_signature, verifier_len) == 0)
|
|
{
|
|
g_free (verifier);
|
|
g_free (server_key);
|
|
g_free (server_signature);
|
|
return SCRAM_SUCCESS;
|
|
}
|
|
else
|
|
{
|
|
g_free (verifier);
|
|
g_free (server_key);
|
|
g_free (server_signature);
|
|
return SCRAM_ERROR;
|
|
}
|
|
}
|
|
|
|
scram_status
|
|
scram_process (scram_session *session, const char *input, char **output, size_t *output_len)
|
|
{
|
|
scram_status status;
|
|
|
|
switch (session->step)
|
|
{
|
|
case 0:
|
|
status = process_client_first (session, output, output_len);
|
|
break;
|
|
case 1:
|
|
status = process_server_first (session, input, output, output_len);
|
|
break;
|
|
case 2:
|
|
status = process_server_final (session, input);
|
|
break;
|
|
default:
|
|
*output = NULL;
|
|
*output_len = 0;
|
|
status = SCRAM_ERROR;
|
|
break;
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
#endif
|