void CJabberProto::ConvertPasswords()
{
ptrT passw(JSetStringCrypt(m_szModuleName, NULL, "LoginPassword"));
if (passw == NULL)
return;
setTString("Password", passw);
delSetting("LoginPassword");
for (HANDLE hContact = db_find_first(m_szModuleName); hContact; hContact = db_find_next(hContact, m_szModuleName)) {
if ((passw = JSetStringCrypt(m_szModuleName, hContact, "LoginPassword")) == NULL)
continue;
setTString(hContact, "Password", passw);
delSetting(hContact, "LoginPassword");
}
for (int i = 0;; i++) {
char varName[100];
mir_snprintf(varName, sizeof(varName), "rcMuc_%d_server", i);
ptrA str(getStringA(NULL, varName));
if (str == NULL)
break;
mir_snprintf(varName, sizeof(varName), "rcMuc_%d", i);
if ((passw = JSetStringCrypt(m_szModuleName, NULL, varName)) != NULL) {
delSetting(varName);
mir_snprintf(varName, sizeof(varName), "password_rcMuc_%d", i);
setTString(varName, passw);
}
}
}
char* TPlainAuth::getInitialRequest()
{
T2Utf uname(info->conn.username), passw(info->conn.password);
size_t size = 2 * mir_strlen(uname) + mir_strlen(passw) + mir_strlen(info->conn.server) + 4;
char *toEncode = (char*)alloca(size);
if (bOld)
size = mir_snprintf(toEncode, size, "%s@%s%c%s%c%s", uname, info->conn.server, 0, uname, 0, passw);
else
size = mir_snprintf(toEncode, size, "%c%s%c%s", 0, uname, 0, passw);
return mir_base64_encode((PBYTE)toEncode, (int)size);
}
char* TScramAuth::getChallenge(const TCHAR *challenge)
{
unsigned chlLen, saltLen = 0;
ptrA snonce, salt;
int ind = -1;
ptrA chl((char*)mir_base64_decode(_T2A(challenge), &chlLen));
for (char *p = strtok(NEWSTR_ALLOCA(chl), ","); p != NULL; p = strtok(NULL, ",")) {
if (*p == 'r' && p[1] == '=') { // snonce
if (strncmp(cnonce, p + 2, mir_strlen(cnonce)))
return NULL;
snonce = mir_strdup(p + 2);
}
else if (*p == 's' && p[1] == '=') // salt
salt = (char*)mir_base64_decode(p + 2, &saltLen);
else if (*p == 'i' && p[1] == '=')
ind = atoi(p + 2);
}
if (snonce == NULL || salt == NULL || ind == -1)
return NULL;
ptrA passw(mir_utf8encodeT(info->conn.password));
size_t passwLen = mir_strlen(passw);
BYTE saltedPassw[MIR_SHA1_HASH_SIZE];
Hi(saltedPassw, passw, passwLen, salt, saltLen, ind);
BYTE clientKey[MIR_SHA1_HASH_SIZE];
mir_hmac_sha1(clientKey, saltedPassw, sizeof(saltedPassw), (BYTE*)"Client Key", 10);
BYTE storedKey[MIR_SHA1_HASH_SIZE];
mir_sha1_ctx ctx;
mir_sha1_init(&ctx);
mir_sha1_append(&ctx, clientKey, MIR_SHA1_HASH_SIZE);
mir_sha1_finish(&ctx, storedKey);
char authmsg[4096];
int authmsgLen = mir_snprintf(authmsg, _countof(authmsg), "%s,%s,c=biws,r=%s", msg1, chl, snonce);
BYTE clientSig[MIR_SHA1_HASH_SIZE];
mir_hmac_sha1(clientSig, storedKey, sizeof(storedKey), (BYTE*)authmsg, authmsgLen);
BYTE clientProof[MIR_SHA1_HASH_SIZE];
for (unsigned j = 0; j < sizeof(clientKey); j++)
clientProof[j] = clientKey[j] ^ clientSig[j];
/* Calculate the server signature */
BYTE serverKey[MIR_SHA1_HASH_SIZE];
mir_hmac_sha1(serverKey, saltedPassw, sizeof(saltedPassw), (BYTE*)"Server Key", 10);
BYTE srvSig[MIR_SHA1_HASH_SIZE];
mir_hmac_sha1(srvSig, serverKey, sizeof(serverKey), (BYTE*)authmsg, authmsgLen);
serverSignature = mir_base64_encode((PBYTE)srvSig, sizeof(srvSig));
char buf[4096];
ptrA encproof(mir_base64_encode((PBYTE)clientProof, sizeof(clientProof)));
int cbLen = mir_snprintf(buf, "c=biws,r=%s,p=%s", snonce, encproof);
return mir_base64_encode((PBYTE)buf, cbLen);
}
char* TMD5Auth::getChallenge(const TCHAR *challenge)
{
if (iCallCount > 0)
return NULL;
iCallCount++;
unsigned resultLen;
ptrA text((char*)mir_base64_decode( _T2A(challenge), &resultLen));
TStringPairs pairs(text);
const char *realm = pairs["realm"], *nonce = pairs["nonce"];
char cnonce[40], tmpBuf[40];
DWORD digest[4], hash1[4], hash2[4];
mir_md5_state_t ctx;
Utils_GetRandom(digest, sizeof(digest));
mir_snprintf(cnonce, _countof(cnonce), "%08x%08x%08x%08x", htonl(digest[0]), htonl(digest[1]), htonl(digest[2]), htonl(digest[3]));
T2Utf uname(info->conn.username), passw(info->conn.password);
ptrA serv(mir_utf8encode(info->conn.server));
mir_md5_init(&ctx);
mir_md5_append(&ctx, (BYTE*)(char*)uname, (int)mir_strlen(uname));
mir_md5_append(&ctx, (BYTE*)":", 1);
mir_md5_append(&ctx, (BYTE*)realm, (int)mir_strlen(realm));
mir_md5_append(&ctx, (BYTE*)":", 1);
mir_md5_append(&ctx, (BYTE*)(char*)passw, (int)mir_strlen(passw));
mir_md5_finish(&ctx, (BYTE*)hash1);
mir_md5_init(&ctx);
mir_md5_append(&ctx, (BYTE*)hash1, 16);
mir_md5_append(&ctx, (BYTE*)":", 1);
mir_md5_append(&ctx, (BYTE*)nonce, (int)mir_strlen(nonce));
mir_md5_append(&ctx, (BYTE*)":", 1);
mir_md5_append(&ctx, (BYTE*)cnonce, (int)mir_strlen(cnonce));
mir_md5_finish(&ctx, (BYTE*)hash1);
mir_md5_init(&ctx);
mir_md5_append(&ctx, (BYTE*)"AUTHENTICATE:xmpp/", 18);
mir_md5_append(&ctx, (BYTE*)(char*)serv, (int)mir_strlen(serv));
mir_md5_finish(&ctx, (BYTE*)hash2);
mir_md5_init(&ctx);
mir_snprintf(tmpBuf, _countof(tmpBuf), "%08x%08x%08x%08x", htonl(hash1[0]), htonl(hash1[1]), htonl(hash1[2]), htonl(hash1[3]));
mir_md5_append(&ctx, (BYTE*)tmpBuf, (int)mir_strlen(tmpBuf));
mir_md5_append(&ctx, (BYTE*)":", 1);
mir_md5_append(&ctx, (BYTE*)nonce, (int)mir_strlen(nonce));
mir_snprintf(tmpBuf, _countof(tmpBuf), ":%08d:", iCallCount);
mir_md5_append(&ctx, (BYTE*)tmpBuf, (int)mir_strlen(tmpBuf));
mir_md5_append(&ctx, (BYTE*)cnonce, (int)mir_strlen(cnonce));
mir_md5_append(&ctx, (BYTE*)":auth:", 6);
mir_snprintf(tmpBuf, _countof(tmpBuf), "%08x%08x%08x%08x", htonl(hash2[0]), htonl(hash2[1]), htonl(hash2[2]), htonl(hash2[3]));
mir_md5_append(&ctx, (BYTE*)tmpBuf, (int)mir_strlen(tmpBuf));
mir_md5_finish(&ctx, (BYTE*)digest);
char *buf = (char*)alloca(8000);
int cbLen = mir_snprintf(buf, 8000,
"username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\",nc=%08d,"
"qop=auth,digest-uri=\"xmpp/%s\",charset=utf-8,response=%08x%08x%08x%08x",
uname, realm, nonce, cnonce, iCallCount, serv,
htonl(digest[0]), htonl(digest[1]), htonl(digest[2]), htonl(digest[3]));
return mir_base64_encode((PBYTE)buf, cbLen);
}
