[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gsasl branch, master, updated. gsasl-1-2-60-g564c03e
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gsasl branch, master, updated. gsasl-1-2-60-g564c03e |
|
Date: |
Thu, 10 Sep 2009 09:53:47 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=564c03ecd428b9c9f6a1147d6bd9d7efc6e85ad0
The branch, master has been updated
via 564c03ecd428b9c9f6a1147d6bd9d7efc6e85ad0 (commit)
from ee0ecf34304b1f089bac8ec72e522d5fe532f4a3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 564c03ecd428b9c9f6a1147d6bd9d7efc6e85ad0
Author: Simon Josefsson <address@hidden>
Date: Thu Sep 10 11:53:43 2009 +0200
SCRAM: Protocol works (but no crypto).
-----------------------------------------------------------------------
Summary of changes:
lib/scram/client.c | 16 ++++++
lib/scram/parser.c | 128 ++++++++++++++++++++++++++++++++++++++++++++++++++
lib/scram/parser.h | 6 ++
lib/scram/printer.c | 28 ++++++++++-
lib/scram/printer.h | 5 ++-
lib/scram/server.c | 23 +++++++++
lib/scram/tokens.c | 18 +++++--
lib/scram/tokens.h | 9 ++++
lib/scram/validate.c | 28 ++++++++---
lib/scram/validate.h | 4 +-
10 files changed, 248 insertions(+), 17 deletions(-)
diff --git a/lib/scram/client.c b/lib/scram/client.c
index ea8e59c..666f52a 100644
--- a/lib/scram/client.c
+++ b/lib/scram/client.c
@@ -45,6 +45,7 @@ struct scram_client_state
struct scram_client_first cf;
struct scram_server_first sf;
struct scram_client_final cl;
+ struct scram_server_final sl;
};
int
@@ -152,6 +153,21 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
break;
}
+ case 2:
+ {
+ if (strlen (input) != input_len)
+ return GSASL_MECHANISM_PARSE_ERROR;
+
+ if (scram_parse_server_final (input, &state->sl) < 0)
+ return GSASL_MECHANISM_PARSE_ERROR;
+
+ /* FIXME verify verifier. */
+
+ state->step++;
+ return GSASL_OK;
+ break;
+ }
+
default:
break;
}
diff --git a/lib/scram/parser.c b/lib/scram/parser.c
index eab6ad9..d83b55f 100644
--- a/lib/scram/parser.c
+++ b/lib/scram/parser.c
@@ -231,3 +231,131 @@ scram_parse_server_first (const char *str,
return 0;
}
+
+int
+scram_parse_client_final (const char *str,
+ struct scram_client_final *cl)
+{
+ /* Minimum client final string is 'c=biws,r=ab,p=ab=='. */
+ if (strlen (str) < 18)
+ return -1;
+
+ if (*str++ != 'c')
+ return -1;
+
+ if (*str++ != '=')
+ return -1;
+
+ {
+ char *p;
+ size_t len;
+
+ p = strchr (str, ',');
+ if (!p)
+ return -1;
+
+ len = p - str;
+
+ cl->cbind = malloc (len + 1);
+ if (!cl->cbind)
+ return -1;
+
+ memcpy (cl->cbind, str, len);
+ cl->cbind[len] = '\0';
+
+ /* FIXME base64 decode cbind */
+
+ str = p;
+ }
+
+ if (*str++ != ',')
+ return -1;
+
+ if (*str++ != 'r')
+ return -1;
+
+ if (*str++ != '=')
+ return -1;
+
+ {
+ char *p;
+ size_t len;
+
+ p = strchr (str, ',');
+ if (!p)
+ return -1;
+
+ len = p - str;
+
+ cl->nonce = malloc (len + 1);
+ if (!cl->nonce)
+ return -1;
+
+ memcpy (cl->nonce, str, len);
+ cl->nonce[len] = '\0';
+
+ str = p;
+ }
+
+ /* FIXME check that any extension fields follow valid syntax. */
+
+ if (*str++ != ',')
+ return -1;
+
+ if (*str++ != 'p')
+ return -1;
+
+ if (*str++ != '=')
+ return -1;
+
+ {
+ size_t len = strlen (str);
+
+ cl->proof = malloc (len + 1);
+ if (!cl->proof)
+ return -1;
+
+ memcpy (cl->proof, str, len);
+ cl->proof[len] = '\0';
+
+ /* FIXME base64 decode proof */
+ }
+
+ if (scram_valid_client_final (cl) < 0)
+ return -1;
+
+ return 0;
+}
+
+int
+scram_parse_server_final (const char *str,
+ struct scram_server_final *sl)
+{
+ /* Minimum client final string is 'v=ab=='. */
+ if (strlen (str) < 6)
+ return -1;
+
+ if (*str++ != 'v')
+ return -1;
+
+ if (*str++ != '=')
+ return -1;
+
+ {
+ size_t len = strlen (str);
+
+ sl->verifier = malloc (len + 1);
+ if (!sl->verifier)
+ return -1;
+
+ memcpy (sl->verifier, str, len);
+ sl->verifier[len] = '\0';
+
+ /* FIXME base64 decode verifier */
+ }
+
+ if (scram_valid_server_final (sl) < 0)
+ return -1;
+
+ return 0;
+}
diff --git a/lib/scram/parser.h b/lib/scram/parser.h
index 17ff895..24e7e19 100644
--- a/lib/scram/parser.h
+++ b/lib/scram/parser.h
@@ -32,4 +32,10 @@ extern int scram_parse_client_first (const char *str,
extern int scram_parse_server_first (const char *str,
struct scram_server_first *cf);
+extern int scram_parse_client_final (const char *str,
+ struct scram_client_final *cl);
+
+extern int scram_parse_server_final (const char *str,
+ struct scram_server_final *sl);
+
#endif /* SCRAM_PARSER_H */
diff --git a/lib/scram/printer.c b/lib/scram/printer.c
index c69b05a..f8ceee7 100644
--- a/lib/scram/printer.c
+++ b/lib/scram/printer.c
@@ -120,19 +120,41 @@ scram_print_server_first (struct scram_server_first *sf,
char **out)
OUT. Returns 0 on success, -1 on invalid token, and -2 on memory
allocation errors. */
int
-scram_print_client_final (struct scram_client_final *cf, char **out)
+scram_print_client_final (struct scram_client_final *cl, char **out)
{
int n;
/* Below we assume fields are sensible, so first verify that to
avoid crashes. */
- if (!scram_valid_client_final (cf))
+ if (!scram_valid_client_final (cl))
return -1;
/* FIXME base64 cbind/proof */
n = asprintf (out, "c=%s,r=%s,p=%s",
- cf->cbind, cf->nonce, cf->proof);
+ cl->cbind, cl->nonce, cl->proof);
+ if (n <= 0 || *out == NULL)
+ return -1;
+
+ return 0;
+}
+
+/* Print SCRAM server-final token into newly allocated output string
+ OUT. Returns 0 on success, -1 on invalid token, and -2 on memory
+ allocation errors. */
+int
+scram_print_server_final (struct scram_server_final *sl, char **out)
+{
+ int n;
+
+ /* Below we assume fields are sensible, so first verify that to
+ avoid crashes. */
+ if (!scram_valid_server_final (sl))
+ return -1;
+
+ /* FIXME base64 verifier */
+
+ n = asprintf (out, "v=%s", sl->verifier);
if (n <= 0 || *out == NULL)
return -1;
diff --git a/lib/scram/printer.h b/lib/scram/printer.h
index 34a95a7..d4a0cb3 100644
--- a/lib/scram/printer.h
+++ b/lib/scram/printer.h
@@ -33,6 +33,9 @@ extern int
scram_print_server_first (struct scram_server_first *cf, char **out);
extern int
-scram_print_client_final (struct scram_client_final *cf, char **out);
+scram_print_client_final (struct scram_client_final *cl, char **out);
+
+extern int
+scram_print_server_final (struct scram_server_final *sl, char **out);
#endif /* SCRAM_PRINTER_H */
diff --git a/lib/scram/server.c b/lib/scram/server.c
index 7e7cbf7..9067452 100644
--- a/lib/scram/server.c
+++ b/lib/scram/server.c
@@ -45,6 +45,8 @@ struct scram_server_state
char snonce[SNONCE_ENTROPY_BYTES + 1];
struct scram_client_first cf;
struct scram_server_first sf;
+ struct scram_client_final cl;
+ struct scram_server_final sl;
};
int
@@ -132,6 +134,26 @@ _gsasl_scram_sha1_server_step (Gsasl_session * sctx,
break;
}
+ case 1:
+ {
+ if (strlen (input) != input_len)
+ return GSASL_MECHANISM_PARSE_ERROR;
+
+ if (scram_parse_client_final (input, &state->cl) < 0)
+ return GSASL_MECHANISM_PARSE_ERROR;
+
+ state->sl.verifier = strdup ("verifier");
+
+ rc = scram_print_server_final (&state->sl, output);
+ if (rc != 0)
+ return GSASL_MALLOC_ERROR;
+ *output_len = strlen (*output);
+
+ state->step++;
+ return GSASL_OK;
+ break;
+ }
+
default:
break;
}
@@ -149,6 +171,7 @@ _gsasl_scram_sha1_server_finish (Gsasl_session * sctx, void
*mech_data)
scram_free_client_first (&state->cf);
scram_free_server_first (&state->sf);
+ scram_free_client_final (&state->cl);
free (state);
}
diff --git a/lib/scram/tokens.c b/lib/scram/tokens.c
index ae67582..7b4a319 100644
--- a/lib/scram/tokens.c
+++ b/lib/scram/tokens.c
@@ -50,11 +50,19 @@ scram_free_server_first (struct scram_server_first * sf)
}
void
-scram_free_client_final (struct scram_client_final * cf)
+scram_free_client_final (struct scram_client_final * cl)
{
- free (cf->cbind);
- free (cf->nonce);
- free (cf->proof);
+ free (cl->cbind);
+ free (cl->nonce);
+ free (cl->proof);
- memset (cf, 0, sizeof (*cf));
+ memset (cl, 0, sizeof (*cl));
+}
+
+void
+scram_free_server_final (struct scram_server_final * sl)
+{
+ free (sl->verifier);
+
+ memset (sl, 0, sizeof (*sl));
}
diff --git a/lib/scram/tokens.h b/lib/scram/tokens.h
index 4f7534a..db4edb2 100644
--- a/lib/scram/tokens.h
+++ b/lib/scram/tokens.h
@@ -49,8 +49,17 @@ struct scram_client_final
char *proof;
};
+struct scram_server_final
+{
+ char *verifier;
+};
+
extern void scram_free_client_first (struct scram_client_first * cf);
extern void scram_free_server_first (struct scram_server_first * sf);
+extern void scram_free_client_final (struct scram_client_final * cl);
+
+extern void scram_free_server_final (struct scram_server_final * sl);
+
#endif /* SCRAM_TOKENS_H */
diff --git a/lib/scram/validate.c b/lib/scram/validate.c
index b3ea212..6f8cf74 100644
--- a/lib/scram/validate.c
+++ b/lib/scram/validate.c
@@ -98,32 +98,46 @@ scram_valid_server_first (struct scram_server_first *sf)
}
bool
-scram_valid_client_final (struct scram_client_final *cf)
+scram_valid_client_final (struct scram_client_final *cl)
{
/* We require a non-zero cbind. */
- if (cf->cbind == NULL || *cf->cbind == '\0')
+ if (cl->cbind == NULL || *cl->cbind == '\0')
return false;
/* FIXME check that cbind is valid base64. */
- if (strchr (cf->cbind, ','))
+ if (strchr (cl->cbind, ','))
return false;
/* We require a non-zero nonce. */
- if (cf->nonce == NULL || *cf->nonce == '\0')
+ if (cl->nonce == NULL || *cl->nonce == '\0')
return false;
/* Nonce cannot contain ','. */
- if (strchr (cf->nonce, ','))
+ if (strchr (cl->nonce, ','))
return false;
/* FIXME check that nonce is valid UTF-8. */
/* We require a non-zero proof. */
- if (cf->proof == NULL || *cf->proof == '\0')
+ if (cl->proof == NULL || *cl->proof == '\0')
return false;
/* FIXME check that proof is valid base64. */
- if (strchr (cf->proof, ','))
+ if (strchr (cl->proof, ','))
+ return false;
+
+ return true;
+}
+
+bool
+scram_valid_server_final (struct scram_server_final *sl)
+{
+ /* We require a non-zero verifier. */
+ if (sl->verifier == NULL || *sl->verifier == '\0')
+ return false;
+
+ /* FIXME check that verifier is valid base64. */
+ if (strchr (sl->verifier, ','))
return false;
return true;
diff --git a/lib/scram/validate.h b/lib/scram/validate.h
index f4d41ac..ba76896 100644
--- a/lib/scram/validate.h
+++ b/lib/scram/validate.h
@@ -33,6 +33,8 @@ extern bool scram_valid_client_first (struct
scram_client_first *cf);
extern bool scram_valid_server_first (struct scram_server_first *sf);
-extern bool scram_valid_client_final (struct scram_client_final *cf);
+extern bool scram_valid_client_final (struct scram_client_final *cl);
+
+extern bool scram_valid_server_final (struct scram_server_final *sl);
#endif /* SCRAM_VALIDATE_H */
hooks/post-receive
--
GNU gsasl
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gsasl branch, master, updated. gsasl-1-2-60-g564c03e,
Simon Josefsson <=