[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gsasl branch, master, updated. gsasl-1-2-80-gff3667c
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gsasl branch, master, updated. gsasl-1-2-80-gff3667c |
|
Date: |
Fri, 11 Sep 2009 10:15:24 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=ff3667c8b22564f4c48e275aa70a200f8554a110
The branch, master has been updated
via ff3667c8b22564f4c48e275aa70a200f8554a110 (commit)
from ce5b4cc9ef03558f68333cc376f43acb700dc531 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ff3667c8b22564f4c48e275aa70a200f8554a110
Author: Simon Josefsson <address@hidden>
Date: Fri Sep 11 12:15:20 2009 +0200
SCRAM: Check server signature.
-----------------------------------------------------------------------
Summary of changes:
lib/scram/client.c | 36 +++++++++++++++++++++++++++++++++---
lib/scram/server.c | 6 +++++-
2 files changed, 38 insertions(+), 4 deletions(-)
diff --git a/lib/scram/client.c b/lib/scram/client.c
index 8d230dc..53752d5 100644
--- a/lib/scram/client.c
+++ b/lib/scram/client.c
@@ -48,6 +48,7 @@ struct scram_client_state
{
int step;
char *cfmb; /* client first message bare */
+ char *serversignature;
struct scram_client_first cf;
struct scram_server_first sf;
struct scram_client_final cl;
@@ -145,7 +146,7 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
{
const char *p;
- /* FIXME */
+ /* We don't support channel bindings. */
state->cf.cbflag = 'n';
p = gsasl_property_get (sctx, GSASL_AUTHID);
@@ -292,7 +293,6 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
rc = gsasl_hmac_sha1 (storedkey, 20,
authmessage, strlen (authmessage),
&clientsignature);
- free (authmessage);
free (storedkey);
if (rc != 0)
return rc;
@@ -307,6 +307,35 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
rc = gsasl_base64_to (clientproof, 20, &state->cl.proof, NULL);
if (rc != 0)
return rc;
+
+ /* Generate ServerSignature, for comparison in next step. */
+ {
+ char *serverkey;
+ char *serversignature;
+
+ /* ServerKey := HMAC(SaltedPassword, "Server Key") */
+#define SERVER_KEY "Server Key"
+ rc = gsasl_hmac_sha1 (saltedpassword, 20,
+ SERVER_KEY, strlen (SERVER_KEY),
+ &serverkey);
+ if (rc != 0)
+ return rc;
+
+ /* ServerSignature := HMAC(ServerKey, AuthMessage) */
+ rc = gsasl_hmac_sha1 (serverkey, 20,
+ authmessage, strlen (authmessage),
+ &serversignature);
+ if (rc != 0)
+ return rc;
+
+ rc = gsasl_base64_to (serversignature, 20,
+ &state->serversignature, NULL);
+ free (serversignature);
+ if (rc != 0)
+ return rc;
+ }
+
+ free (authmessage);
}
rc = scram_print_client_final (&state->cl, output);
@@ -328,7 +357,8 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
if (scram_parse_server_final (input, &state->sl) < 0)
return GSASL_MECHANISM_PARSE_ERROR;
- /* FIXME verify verifier. */
+ if (strcmp (state->sl.verifier, state->serversignature) != 0)
+ return GSASL_AUTHENTICATION_ERROR;
state->step++;
return GSASL_OK;
diff --git a/lib/scram/server.c b/lib/scram/server.c
index e0c34c3..e484df7 100644
--- a/lib/scram/server.c
+++ b/lib/scram/server.c
@@ -125,6 +125,10 @@ _gsasl_scram_sha1_server_step (Gsasl_session * sctx,
if (scram_parse_client_first (input, &state->cf) < 0)
return GSASL_MECHANISM_PARSE_ERROR;
+ /* We don't support channel bindings. */
+ if (state->cf.cbflag != 'n')
+ return GSASL_AUTHENTICATION_ERROR;
+
{
const char *p;
@@ -317,7 +321,7 @@ _gsasl_scram_sha1_server_step (Gsasl_session * sctx,
char *serversignature;
/* ServerSignature := HMAC(ServerKey, AuthMessage) */
- rc = gsasl_hmac_sha1 (storedkey, 20,
+ rc = gsasl_hmac_sha1 (serverkey, 20,
authmessage, strlen (authmessage),
&serversignature);
if (rc != 0)
hooks/post-receive
--
GNU gsasl
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gsasl branch, master, updated. gsasl-1-2-80-gff3667c,
Simon Josefsson <=