diff options
Diffstat (limited to 'protocols')
| -rw-r--r-- | protocols/jabber/jabber.c | 2 | ||||
| -rw-r--r-- | protocols/jabber/jabber.h | 17 | ||||
| -rw-r--r-- | protocols/jabber/sasl.c | 260 | 
3 files changed, 266 insertions, 13 deletions
| diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 11a90ff4..2fa19c0f 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -377,6 +377,8 @@ static void jabber_logout(struct im_connection *ic)  	g_free(jd->muc_host);  	g_free(jd->username);  	g_free(jd->me); +	g_free(jd->challenge.cnonce); +	g_free(jd->challenge.server_signature);  	g_free(jd);  	jabber_connections = g_slist_remove(jabber_connections, ic); diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index d76ee08f..3445e4d7 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -77,6 +77,16 @@ typedef enum {  	JCFLAG_ALWAYS_USE_NICKS = 2,  } jabber_chat_flags_t; +typedef enum { +	JCHALLENGE_DIGEST_MD5, +	JCHALLENGE_SCRAM +} jabber_challenge_t; + +typedef enum { +	JSCRAM_SHA1   = 0x0001, +	JSCRAM_SHA256 = 0x0002 +} jabber_scram_t; +  struct jabber_data {  	struct im_connection *ic; @@ -94,6 +104,13 @@ struct jabber_data {  	char *me;               /* bare jid */  	char *internal_jid; +	struct { +		jabber_challenge_t type; +		int scram_algo; +		char *cnonce; +		char *server_signature; +	} challenge; +  	const struct oauth2_service *oauth2_service;  	char *oauth2_access_token; diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 7778af1f..c8aad776 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -22,11 +22,13 @@  \***************************************************************************/  #include <ctype.h> +#include <gcrypt.h>  #include "jabber.h"  #include "base64.h"  #include "oauth2.h"  #include "oauth.h" +#include "sha1.h"  const struct oauth2_service oauth2_service_google =  { @@ -38,13 +40,27 @@ const struct oauth2_service oauth2_service_google =  	"6C-Zgf7Tr7gEQTPlBhMUgo7R",  }; +static int is_ascii(const char *str) +{ +	if (!str) { +		return 0; +	} + +	while (*str) { +		if (*str++ & 0x80) +			return 0; +	} + +	return 1; +} +  xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)  {  	struct im_connection *ic = data;  	struct jabber_data *jd = ic->proto_data;  	struct xt_node *c, *reply;  	char *s; -	int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_anonymous = 0; +	int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_anonymous = 0, sup_scram = 0;  	int want_oauth = FALSE, want_hipchat = FALSE, want_anonymous = FALSE;  	GString *mechs; @@ -71,24 +87,33 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)  	mechs = g_string_new("");  	c = node->children;  	while ((c = xt_find_node(c, "mechanism"))) { -		if (c->text && g_strcasecmp(c->text, "PLAIN") == 0) { -			sup_plain = 1; -		} else if (c->text && g_strcasecmp(c->text, "DIGEST-MD5") == 0) { -			sup_digest = 1; -		} else if (c->text && g_strcasecmp(c->text, "ANONYMOUS") == 0) { -			sup_anonymous = 1; -		} else if (c->text && g_strcasecmp(c->text, "X-OAUTH2") == 0) { -			sup_gtalk = 1; -		} -  		if (c->text) { +			if (g_strcasecmp(c->text, "PLAIN") == 0) { +				sup_plain = 1; +			} else if (g_strcasecmp(c->text, "DIGEST-MD5") == 0) { +				sup_digest = 1; +			} else if (g_strcasecmp(c->text, "ANONYMOUS") == 0) { +				sup_anonymous = 1; +			} else if (g_strcasecmp(c->text, "X-OAUTH2") == 0) { +				sup_gtalk = 1; +			} else if (g_strcasecmp(c->text, "SCRAM-SHA-1") == 0) { +				sup_scram = JSCRAM_SHA1; +			} else if (g_strcasecmp(c->text, "SCRAM-SHA-256") == 0) { +				sup_scram = JSCRAM_SHA256; +			} +  			g_string_append_printf(mechs, " %s", c->text);  		}  		c = c->next;  	} -	if (!want_oauth && !sup_plain && !sup_digest) { +	if (sup_scram && (!is_ascii(jd->username) || !is_ascii(ic->acc->pass))) { +		imcb_log(ic, "Username/password contains non-ascii characters, SCRAM authentication disabled"); +		sup_scram = 0; +	} + +	if (!want_oauth && !want_anonymous && !sup_plain && !sup_digest && !sup_scram) {  		if (sup_gtalk) {  			imcb_error(ic, "This server requires OAuth "  			           "(supported schemes:%s)", mechs->str); @@ -139,11 +164,47 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)  		imc_logout(ic, FALSE);  		xt_free_node(reply);  		return XT_ABORT; +	} else if (sup_scram) { +		GString *gs; +		int len; +		unsigned char cnonce_bin[30]; +		char *cnonce; + +		if (sup_scram & JSCRAM_SHA256) { +			jd->challenge.type = JCHALLENGE_SCRAM; +			jd->challenge.scram_algo = GCRY_MD_SHA256; +			xt_add_attr(reply, "mechanism", "SCRAM-SHA-256"); +		} else if (sup_scram & JSCRAM_SHA1) { +			jd->challenge.type = JCHALLENGE_SCRAM; +			jd->challenge.scram_algo = GCRY_MD_SHA1; +			xt_add_attr(reply, "mechanism", "SCRAM-SHA-1"); +		} else { +			imcb_error(ic, "Unknown scram method"); /* Just in case, but we should not get here */ +			return XT_ABORT; +		} + +		gs = g_string_sized_new(128); + +		random_bytes(cnonce_bin, sizeof(cnonce_bin)); +		cnonce = base64_encode(cnonce_bin, sizeof(cnonce_bin)); + +		jd->challenge.cnonce = cnonce; + +		/* XXX: Saslprep username */ +		g_string_append_printf(gs, "n,,n=%s,r=%s", jd->username, cnonce); + +		len = gs->len; +		s = g_string_free(gs, FALSE); + +		reply->text = base64_encode((unsigned char *)s , len); +		reply->text_len = strlen(reply->text); +		g_free(s);  	} else if (sup_digest && !(jd->ssl && sup_plain)) {  		/* Only try DIGEST-MD5 if there's no SSL/TLS or if PLAIN isn't supported.  		 * Which in practice means "don't bother with DIGEST-MD5 most of the time".  		 * It's weak, pointless over TLS, and often breaks with some servers (hi openfire) */ +		jd->challenge.type = JCHALLENGE_DIGEST_MD5;  		xt_add_attr(reply, "mechanism", "DIGEST-MD5");  		/* The rest will be done later, when we receive a <challenge/>. */ @@ -266,7 +327,7 @@ char *sasl_get_part(char *data, char *field)  	}  } -xt_status sasl_pkt_challenge(struct xt_node *node, gpointer data) +static xt_status sasl_pkt_challenge_digest_md5(struct xt_node *node, gpointer data)  {  	struct im_connection *ic = data;  	struct jabber_data *jd = ic->proto_data; @@ -385,6 +446,175 @@ silent_error:  	return ret;  } +static void hmac(int algo, unsigned char *key, size_t key_len, unsigned char *buf, size_t buf_len, unsigned char *out) +{ +	gcry_md_hd_t digest; +	unsigned char *tmp; + +	gcry_md_open(&digest, algo, GCRY_MD_FLAG_HMAC); +	gcry_md_setkey(digest, key, key_len); +	gcry_md_write(digest, buf, buf_len); + +	tmp = gcry_md_read(digest, 0); +	memcpy(out, tmp, gcry_md_get_algo_dlen(algo)); + +	gcry_md_close(digest); +} + +static xt_status sasl_pkt_challenge_scram(struct xt_node *node, gpointer data) +{ +	struct im_connection *ic = data; +	struct jabber_data *jd = ic->proto_data; +	struct xt_node *reply_pkt = NULL; +	xt_status ret = XT_ABORT; +	char *random = NULL, *salt64 = NULL, *iter_str = NULL, *encoded_proof = NULL, +	     *reply = NULL, *client_first_bare = NULL, *server_first = NULL, +	     *client_final_noproof = NULL, *auth_message = NULL, *client_final = NULL; +	unsigned char *salt = NULL; +	size_t salt_len, iter_count; + +	int algo = jd->challenge.scram_algo; +	size_t md_len = gcry_md_get_algo_dlen(algo); + +	unsigned char client_key[md_len]; +	unsigned char client_proof[md_len]; +	unsigned char client_signature[md_len]; +	unsigned char salted_password[md_len]; +	unsigned char server_key[md_len]; +	unsigned char server_signature[md_len]; +	unsigned char stored_key[md_len]; + +	if (node->text_len == 0) { +		goto error; +	} + +	server_first = frombase64(node->text); + +	random = sasl_get_part(server_first, "r"); +	salt64 = sasl_get_part(server_first, "s"); +	iter_str = sasl_get_part(server_first, "i"); +	iter_count = atoi(iter_str); + +	if (strncmp(random, jd->challenge.cnonce, strlen(jd->challenge.cnonce)) != 0) { +		imcb_error(ic, "Server nonce doesn't start with client nonce"); +		goto error; +	} + +	// XXX: Normalize password with saslprep + +	salt_len = base64_decode(salt64, &salt); + +	if (gcry_kdf_derive(ic->acc->pass, strlen(ic->acc->pass), +			GCRY_KDF_PBKDF2, algo, +			salt, salt_len, iter_count, +			sizeof(salted_password), salted_password) != 0) { +		imcb_error(ic, "gcrypt went booboo :("); +		goto error; +	} + +	hmac(algo, salted_password, sizeof(salted_password), (unsigned char *)"Client Key", 10, client_key); + +	gcry_md_hash_buffer(algo, stored_key, client_key, sizeof(client_key)); + +	client_first_bare = g_strdup_printf("n=%s,r=%s", jd->username, jd->challenge.cnonce); +	client_final_noproof = g_strdup_printf("c=biws,r=%s", random); + +	auth_message = g_strdup_printf("%s,%s,%s", client_first_bare, server_first, client_final_noproof); + +	hmac(algo, stored_key, sizeof(stored_key), (unsigned char *)auth_message, strlen(auth_message), client_signature); + +	for (size_t i = 0; i < sizeof(client_key); i++) { +		client_proof[i] = client_key[i] ^ client_signature[i]; +	} + +	encoded_proof = base64_encode(client_proof, sizeof(client_proof)); + +	hmac(algo, salted_password, sizeof(salted_password), (unsigned char *)"Server Key", 10, server_key); +	hmac(algo, server_key, sizeof(server_key), (unsigned char *)auth_message, strlen(auth_message), server_signature); + +	jd->challenge.server_signature = base64_encode(server_signature, sizeof(server_signature)); + +	client_final = g_strdup_printf("%s,p=%s", client_final_noproof, encoded_proof); +	reply = tobase64(client_final); +	reply_pkt = xt_new_node("response", reply, NULL); +	xt_add_attr(reply_pkt, "xmlns", XMLNS_SASL); + +	if (!jabber_write_packet(ic, reply_pkt)) { +		goto silent_error; +	} + +	ret = XT_HANDLED; +	goto silent_error; + +error: +	imcb_error(ic, "Incorrect SASL challenge received"); +	imc_logout(ic, FALSE); + +silent_error: +	g_free(random); +	g_free(salt64); +	g_free(salt); +	g_free(iter_str); +	g_free(encoded_proof); +	g_free(client_first_bare); +	g_free(client_final_noproof); +	g_free(client_final); +	g_free(auth_message); +	g_free(reply); +	g_free(jd->challenge.cnonce); +	jd->challenge.cnonce = NULL; +	xt_free_node(reply_pkt); +	return ret; +} + +xt_status sasl_pkt_challenge(struct xt_node *node, gpointer data) +{ +	struct im_connection *ic = data; +	struct jabber_data *jd = ic->proto_data; + +	switch (jd->challenge.type) { +	case JCHALLENGE_DIGEST_MD5: +		return sasl_pkt_challenge_digest_md5(node, data); + +	case JCHALLENGE_SCRAM: +		return sasl_pkt_challenge_scram(node, data); + +	default: +		imcb_error(ic, "Invalid challenge type"); +		return XT_ABORT; +	} +} + +static xt_status sasl_pkt_validate_scram_success(struct xt_node *node, gpointer data) +{ +	struct im_connection *ic = data; +	struct jabber_data *jd = ic->proto_data; +	char *v, *dec; +	xt_status ret = XT_HANDLED; + +	if (node->text_len == 0) { +		imcb_error(ic, "Server didn't send signature"); +		imc_logout(ic, FALSE); +		ret = XT_ABORT; +		goto error; +	} + +	dec = frombase64(node->text); +	v = sasl_get_part(dec, "v"); + +	if (g_strcmp0(v, jd->challenge.server_signature) != 0) { +		imcb_error(ic, "Invalid server signature"); +		imc_logout(ic, FALSE); +		ret = XT_ABORT; +		goto error; +	} + +error: +	g_free(jd->challenge.server_signature); +	jd->challenge.server_signature = NULL; +	return ret; +} +  xt_status sasl_pkt_result(struct xt_node *node, gpointer data)  {  	struct im_connection *ic = data; @@ -402,6 +632,10 @@ xt_status sasl_pkt_result(struct xt_node *node, gpointer data)  		imcb_log(ic, "Authentication finished");  		jd->flags |= JFLAG_AUTHENTICATED | JFLAG_STREAM_RESTART; +		if (jd->challenge.type == JCHALLENGE_SCRAM) { +			return sasl_pkt_validate_scram_success(node, data); +		} +  		if (jd->flags & JFLAG_HIPCHAT) {  			return hipchat_handle_success(ic, node);  		} | 
