diff options
| -rw-r--r-- | Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp | 18 | ||||
| -rw-r--r-- | Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp | 40 | 
2 files changed, 55 insertions, 3 deletions
| diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp index ab61ef5..b55e5e4 100644 --- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp @@ -36,12 +36,13 @@ bool SCRAMSHA1ClientAuthenticator::setChallenge(const ByteArray& challenge) {  	if (step == Initial) {  		initialServerMessage = challenge; -		// TODO: Check if this is correct  		std::map<char, String> keys = parseMap(String(initialServerMessage.getData(), initialServerMessage.getSize())); + +		// Extract the salt  		ByteArray salt = Base64::decode(keys['s']); -		String clientServerNonce = keys['r'];  		// Extract the server nonce +		String clientServerNonce = keys['r'];  		if (clientServerNonce.getUTF8Size() <= clientnonce.getUTF8Size()) {  			return false;  		} @@ -50,7 +51,18 @@ bool SCRAMSHA1ClientAuthenticator::setChallenge(const ByteArray& challenge) {  			return false;  		}  		serverNonce = clientServerNonce.getSubstring(clientnonce.getUTF8Size(), clientServerNonce.npos()); -		int iterations = boost::lexical_cast<int>(keys['i'].getUTF8String()); + +		// Extract the number of iterations +		int iterations = 0; +		try { +			iterations = boost::lexical_cast<int>(keys['i'].getUTF8String()); +		} +		catch (const boost::bad_lexical_cast&) { +			return false; +		} +		if (iterations <= 0) { +			return false; +		}  		// Compute all the values needed for the server signature  		saltedPassword = PBKDF2::encode(StringPrep::getPrepared(getPassword(), StringPrep::SASLPrep), salt, iterations); diff --git a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp index 01adc18..6558ec7 100644 --- a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp +++ b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp @@ -14,6 +14,10 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture {  		CPPUNIT_TEST(testSetChallenge);  		CPPUNIT_TEST(testSetChallenge_InvalidClientNonce);  		CPPUNIT_TEST(testSetChallenge_OnlyClientNonce); +		CPPUNIT_TEST(testSetChallenge_InvalidIterations); +		CPPUNIT_TEST(testSetChallenge_ZeroIterations); +		CPPUNIT_TEST(testSetChallenge_NegativeIterations); +		CPPUNIT_TEST(testSetChallenge_MissingIterations);  		CPPUNIT_TEST(testSetFinalChallenge);  		CPPUNIT_TEST(testSetFinalChallenge_InvalidChallenge);  		CPPUNIT_TEST_SUITE_END(); @@ -86,6 +90,42 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture {  			CPPUNIT_ASSERT(!result);  		} +		void testSetChallenge_InvalidIterations() { +			SCRAMSHA1ClientAuthenticator testling("abcdefgh"); +			testling.setCredentials("user", "pass", ""); + +			bool result = testling.setChallenge(ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=bla")); + +			CPPUNIT_ASSERT(!result); +		} + +		void testSetChallenge_MissingIterations() { +			SCRAMSHA1ClientAuthenticator testling("abcdefgh"); +			testling.setCredentials("user", "pass", ""); + +			bool result = testling.setChallenge(ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK")); + +			CPPUNIT_ASSERT(!result); +		} + +		void testSetChallenge_ZeroIterations() { +			SCRAMSHA1ClientAuthenticator testling("abcdefgh"); +			testling.setCredentials("user", "pass", ""); + +			bool result = testling.setChallenge(ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=0")); + +			CPPUNIT_ASSERT(!result); +		} + +		void testSetChallenge_NegativeIterations() { +			SCRAMSHA1ClientAuthenticator testling("abcdefgh"); +			testling.setCredentials("user", "pass", ""); + +			bool result = testling.setChallenge(ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=-1")); + +			CPPUNIT_ASSERT(!result); +		} +  		void testSetFinalChallenge_InvalidChallenge() {  			SCRAMSHA1ClientAuthenticator testling("abcdefgh");  			testling.setCredentials("user", "pass", ""); | 
 Swift
 Swift