From 9b76b557ecaece2a5fa862ea4dc75ed613e3fbf0 Mon Sep 17 00:00:00 2001 From: Patrick Okraku Date: Wed, 1 Nov 2023 19:12:32 +0100 Subject: Added support for SCRAM-SHA-1, SCRAM-SHA-256 and SCRAM-SHA-512 --- src/common/scram.h | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 src/common/scram.h (limited to 'src/common/scram.h') diff --git a/src/common/scram.h b/src/common/scram.h new file mode 100644 index 00000000..d8f1429c --- /dev/null +++ b/src/common/scram.h @@ -0,0 +1,51 @@ +/* HexChat + * Copyright (C) 2023 Patrick Okraku + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ +#ifndef HEXCHAT_SCRAM_H +#define HEXCHAT_SCRAM_H + +#include "config.h" +#ifdef USE_OPENSSL +#include + +typedef struct +{ + const EVP_MD *digest; + size_t digest_size; + char *username; + char *password; + char *client_nonce_b64; + char *client_first_message_bare; + unsigned char *salted_password; + char *auth_message; + char *error; + int step; +} scram_session; + +typedef enum +{ + SCRAM_ERROR = 0, + SCRAM_IN_PROGRESS, + SCRAM_SUCCESS +} scram_status; + +scram_session *scram_create_session (const char *digset, const char *username, const char *password); +void scram_free_session (scram_session *session); +scram_status scram_process (scram_session *session, const char *input, char **output, size_t *output_len); + +#endif +#endif \ No newline at end of file -- cgit 1.4.1 From c82ad321713dbbe77ff861dc2fa29954c214000c Mon Sep 17 00:00:00 2001 From: Patrick Okraku Date: Mon, 6 Nov 2023 15:04:15 +0100 Subject: SASL SCRAM: Apply changes from code review --- src/common/inbound.c | 2 +- src/common/scram.c | 14 ++++++++++++-- src/common/scram.h | 2 +- 3 files changed, 14 insertions(+), 4 deletions(-) (limited to 'src/common/scram.h') diff --git a/src/common/inbound.c b/src/common/inbound.c index 9b38f7c7..e8cfd0b5 100644 --- a/src/common/inbound.c +++ b/src/common/inbound.c @@ -1985,7 +1985,7 @@ scram_authenticate (server *serv, const char *data, const char *digest, if (serv->scram_session == NULL) { - serv->scram_session = scram_create_session (digest, user, password); + serv->scram_session = scram_session_create (digest, user, password); if (serv->scram_session == NULL) { diff --git a/src/common/scram.c b/src/common/scram.c index 529abd5d..b9f2beb0 100644 --- a/src/common/scram.c +++ b/src/common/scram.c @@ -35,7 +35,7 @@ #endif scram_session -*scram_create_session (const char *digest, const char *username, const char *password) +*scram_session_create (const char *digest, const char *username, const char *password) { scram_session *session; const EVP_MD *md; @@ -162,10 +162,12 @@ process_server_first (scram_session *session, const char *data, char **output, { if (!strncmp (params[i], "r=", 2)) { + g_free (server_nonce_b64); server_nonce_b64 = g_strdup (params[i] + 2); } else if (!strncmp (params[i], "s=", 2)) { + g_free (salt); salt = g_strdup (params[i] + 2); } else if (!strncmp (params[i], "i=", 2)) @@ -180,6 +182,8 @@ process_server_first (scram_session *session, const char *data, char **output, *salt == '\0' || iteration_count == 0) { session->error = g_strdup_printf ("Invalid server-first-message: %s", data); + g_free (server_nonce_b64); + g_free (salt); return SCRAM_ERROR; } @@ -219,6 +223,10 @@ process_server_first (scram_session *session, const char *data, char **output, // StoredKey := H(ClientKey) if (!create_SHA (session, client_key, session->digest_size, stored_key, &stored_key_len)) { + g_free (client_final_message_without_proof); + g_free (server_nonce_b64); + g_free (salt); + g_free (client_key); return SCRAM_ERROR; } @@ -241,10 +249,12 @@ process_server_first (scram_session *session, const char *data, char **output, *output_len = strlen (*output); g_free (server_nonce_b64); - g_free (client_final_message_without_proof); g_free (salt); + g_free (client_final_message_without_proof); + g_free (client_key); g_free (client_signature); g_free (client_proof); + g_free (client_proof_b64); session->step++; return SCRAM_IN_PROGRESS; diff --git a/src/common/scram.h b/src/common/scram.h index d8f1429c..68672448 100644 --- a/src/common/scram.h +++ b/src/common/scram.h @@ -43,7 +43,7 @@ typedef enum SCRAM_SUCCESS } scram_status; -scram_session *scram_create_session (const char *digset, const char *username, const char *password); +scram_session *scram_session_create (const char *digset, const char *username, const char *password); void scram_free_session (scram_session *session); scram_status scram_process (scram_session *session, const char *input, char **output, size_t *output_len); -- cgit 1.4.1 From 681a88d6df2ad67e3d590fada15322b1b3ee08af Mon Sep 17 00:00:00 2001 From: Patrick Okraku Date: Sun, 12 Nov 2023 12:45:08 +0100 Subject: SASL SCRAM: renamed scram_free_session to scram_session_free --- src/common/inbound.c | 6 +++--- src/common/scram.c | 2 +- src/common/scram.h | 2 +- src/common/server.c | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) (limited to 'src/common/scram.h') diff --git a/src/common/inbound.c b/src/common/inbound.c index e8cfd0b5..fdee2ecc 100644 --- a/src/common/inbound.c +++ b/src/common/inbound.c @@ -2012,7 +2012,7 @@ scram_authenticate (server *serv, const char *data, const char *digest, { // Authentication succeeded tcp_sendf (serv, "AUTHENTICATE +\r\n"); - g_clear_pointer (&serv->scram_session, scram_free_session); + g_clear_pointer (&serv->scram_session, scram_session_free); } else if (status == SCRAM_ERROR) { @@ -2025,7 +2025,7 @@ scram_authenticate (server *serv, const char *data, const char *digest, g_info ("SASL SCRAM authentication failed: %s", serv->scram_session->error); } - g_clear_pointer (&serv->scram_session, scram_free_session); + g_clear_pointer (&serv->scram_session, scram_session_free); } } #endif @@ -2076,7 +2076,7 @@ void inbound_sasl_error (server *serv) { #ifdef USE_OPENSSL - g_clear_pointer (&serv->scram_session, scram_free_session); + g_clear_pointer (&serv->scram_session, scram_session_free); #endif /* Just abort, not much we can do */ tcp_sendf (serv, "AUTHENTICATE *\r\n"); diff --git a/src/common/scram.c b/src/common/scram.c index b9f2beb0..b39199de 100644 --- a/src/common/scram.c +++ b/src/common/scram.c @@ -59,7 +59,7 @@ scram_session } void -scram_free_session (scram_session *session) +scram_session_free (scram_session *session) { if (session == NULL) { diff --git a/src/common/scram.h b/src/common/scram.h index 68672448..ffe22037 100644 --- a/src/common/scram.h +++ b/src/common/scram.h @@ -44,7 +44,7 @@ typedef enum } scram_status; scram_session *scram_session_create (const char *digset, const char *username, const char *password); -void scram_free_session (scram_session *session); +void scram_session_free (scram_session *session); scram_status scram_process (scram_session *session, const char *input, char **output, size_t *output_len); #endif diff --git a/src/common/server.c b/src/common/server.c index 97f8425d..c78ce900 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -1766,7 +1766,7 @@ server_set_defaults (server *serv) g_free (serv->nick_prefixes); g_free (serv->nick_modes); #ifdef USE_OPENSSL - g_clear_pointer (&serv->scram_session, scram_free_session); + g_clear_pointer (&serv->scram_session, scram_session_free); #endif serv->chantypes = g_strdup ("#&!+"); serv->chanmodes = g_strdup ("beI,k,l"); @@ -1940,7 +1940,7 @@ server_free (server *serv) if (serv->ctx) _SSL_context_free (serv->ctx); - g_clear_pointer (&serv->scram_session, scram_free_session); + g_clear_pointer (&serv->scram_session, scram_session_free); #endif fe_server_callback (serv); -- cgit 1.4.1