Use OpenSSL to generate the nonce.
This commit is contained in:
parent
2a8547ce2b
commit
9547bd112f
5 changed files with 28 additions and 98 deletions
|
|
@ -11,7 +11,6 @@
|
|||
4B1295F11337C37E00154B25 /* ObjXMPP.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4BC559911337A65400E345C7 /* ObjXMPP.framework */; };
|
||||
4B1295F21337C3CF00154B25 /* ObjFW.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4BC559D61337ABD300E345C7 /* ObjFW.framework */; };
|
||||
4BC559D71337ABD300E345C7 /* ObjFW.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4BC559D61337ABD300E345C7 /* ObjFW.framework */; };
|
||||
4BC559EB1337AC0900E345C7 /* arc4random_uniform.m in Sources */ = {isa = PBXBuildFile; fileRef = 4BC559D91337AC0900E345C7 /* arc4random_uniform.m */; };
|
||||
4BC559EC1337AC0900E345C7 /* XMPPAuthenticator.h in Headers */ = {isa = PBXBuildFile; fileRef = 4BC559DA1337AC0900E345C7 /* XMPPAuthenticator.h */; settings = {ATTRIBUTES = (Public, ); }; };
|
||||
4BC559ED1337AC0900E345C7 /* XMPPAuthenticator.m in Sources */ = {isa = PBXBuildFile; fileRef = 4BC559DB1337AC0900E345C7 /* XMPPAuthenticator.m */; };
|
||||
4BC559EE1337AC0900E345C7 /* XMPPConnection.h in Headers */ = {isa = PBXBuildFile; fileRef = 4BC559DC1337AC0900E345C7 /* XMPPConnection.h */; settings = {ATTRIBUTES = (Public, ); }; };
|
||||
|
|
@ -56,7 +55,6 @@
|
|||
4B1295EE1337BD5F00154B25 /* test.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = test.m; path = tests/test.m; sourceTree = SOURCE_ROOT; };
|
||||
4BC559911337A65400E345C7 /* ObjXMPP.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = ObjXMPP.framework; sourceTree = BUILT_PRODUCTS_DIR; };
|
||||
4BC559D61337ABD300E345C7 /* ObjFW.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ObjFW.framework; path = ../../../../Library/Frameworks/ObjFW.framework; sourceTree = "<group>"; };
|
||||
4BC559D91337AC0900E345C7 /* arc4random_uniform.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = arc4random_uniform.m; path = src/arc4random_uniform.m; sourceTree = SOURCE_ROOT; };
|
||||
4BC559DA1337AC0900E345C7 /* XMPPAuthenticator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XMPPAuthenticator.h; path = src/XMPPAuthenticator.h; sourceTree = SOURCE_ROOT; };
|
||||
4BC559DB1337AC0900E345C7 /* XMPPAuthenticator.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = XMPPAuthenticator.m; path = src/XMPPAuthenticator.m; sourceTree = SOURCE_ROOT; };
|
||||
4BC559DC1337AC0900E345C7 /* XMPPConnection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XMPPConnection.h; path = src/XMPPConnection.h; sourceTree = SOURCE_ROOT; };
|
||||
|
|
@ -171,7 +169,6 @@
|
|||
4BC559FD1337AC1800E345C7 /* XMPPSCRAMAuth.m */,
|
||||
4BC559FE1337AC1800E345C7 /* XMPPStanza.h */,
|
||||
4BC559FF1337AC1800E345C7 /* XMPPStanza.m */,
|
||||
4BC559D91337AC0900E345C7 /* arc4random_uniform.m */,
|
||||
);
|
||||
path = ObjXMPP;
|
||||
sourceTree = "<group>";
|
||||
|
|
@ -290,7 +287,6 @@
|
|||
isa = PBXSourcesBuildPhase;
|
||||
buildActionMask = 2147483647;
|
||||
files = (
|
||||
4BC559EB1337AC0900E345C7 /* arc4random_uniform.m in Sources */,
|
||||
4BC559ED1337AC0900E345C7 /* XMPPAuthenticator.m in Sources */,
|
||||
4BC559EF1337AC0900E345C7 /* XMPPConnection.m in Sources */,
|
||||
4BC559F11337AC0900E345C7 /* XMPPExceptions.m in Sources */,
|
||||
|
|
@ -396,6 +392,11 @@
|
|||
GCC_PRECOMPILE_PREFIX_HEADER = YES;
|
||||
GCC_VERSION = 4.2;
|
||||
INFOPLIST_FILE = Info.plist;
|
||||
OTHER_LDFLAGS = (
|
||||
"-lcrypto",
|
||||
"-L/opt/local/lib",
|
||||
"-lidn",
|
||||
);
|
||||
PRODUCT_NAME = "$(TARGET_NAME)";
|
||||
WRAPPER_EXTENSION = framework;
|
||||
};
|
||||
|
|
@ -414,6 +415,11 @@
|
|||
GCC_PRECOMPILE_PREFIX_HEADER = YES;
|
||||
GCC_VERSION = 4.2;
|
||||
INFOPLIST_FILE = Info.plist;
|
||||
OTHER_LDFLAGS = (
|
||||
"-lcrypto",
|
||||
"-L/opt/local/lib",
|
||||
"-lidn",
|
||||
);
|
||||
PRODUCT_NAME = "$(TARGET_NAME)";
|
||||
WRAPPER_EXTENSION = framework;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ AS_IF([test x"$enable_static" = x"yes" -o x"$enable_shared" = x"no"], [
|
|||
])
|
||||
|
||||
AC_CHECK_LIB(objopenssl, main, [
|
||||
LIBS="$LIBS -lobjopenssl"
|
||||
LIBS="$LIBS -lobjopenssl -lcrypto"
|
||||
], [
|
||||
AC_MSG_ERROR(You need ObjOpenSSL installed!)
|
||||
])
|
||||
|
|
|
|||
|
|
@ -18,9 +18,7 @@ SRCS = XMPPAuthenticator.m \
|
|||
XMPPSCRAMAuth.m \
|
||||
XMPPStanza.m
|
||||
|
||||
INCLUDES := ${SRCS:.m=.h}
|
||||
|
||||
SRCS += arc4random_uniform.m
|
||||
INCLUDES = ${SRCS:.m=.h}
|
||||
|
||||
include ../buildsys.mk
|
||||
|
||||
|
|
|
|||
|
|
@ -23,16 +23,16 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/rand.h>
|
||||
|
||||
#import "XMPPSCRAMAuth.h"
|
||||
#import "XMPPExceptions.h"
|
||||
|
||||
#define HMAC_IPAD 0x36
|
||||
#define HMAC_OPAD 0x5c
|
||||
|
||||
#ifndef HAVE_ARC4RANDOM_UNIFORM
|
||||
extern uint32_t arc4random_uniform(uint32_t);
|
||||
#endif
|
||||
|
||||
@implementation XMPPSCRAMAuth
|
||||
+ SCRAMAuthWithAuthcid: (OFString*)authcid
|
||||
password: (OFString*)password
|
||||
|
|
@ -348,15 +348,22 @@ extern uint32_t arc4random_uniform(uint32_t);
|
|||
|
||||
- (OFString*)XMPP_genNonce
|
||||
{
|
||||
OFMutableString *nonce = [OFMutableString string];
|
||||
uint32_t res, i;
|
||||
uint8_t buf[64];
|
||||
size_t i;
|
||||
|
||||
assert(RAND_pseudo_bytes(buf, 64) >= 0);
|
||||
|
||||
for (i = 0; i < 64; i++) {
|
||||
while ((res = arc4random_uniform('~' - '!' + 1) + '!') == ',');
|
||||
[nonce appendFormat: @"%c", res];
|
||||
uint8_t tmp = (buf[i] % ('~' - '!')) + '!';
|
||||
|
||||
while (tmp == ',')
|
||||
tmp = ((buf[i] >> 1) % ('~' - '!')) + '!';
|
||||
|
||||
buf[i] = tmp;
|
||||
}
|
||||
|
||||
return nonce;
|
||||
return [OFString stringWithCString: (char*)buf
|
||||
length: 64];
|
||||
}
|
||||
|
||||
- (uint8_t*)XMPP_HMACWithKey: (OFDataArray*)key
|
||||
|
|
|
|||
|
|
@ -1,81 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 1996, David Mazieres <dm@uun.org>
|
||||
* Copyright (c) 2008, Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Arc4 random number generator for OpenBSD.
|
||||
*
|
||||
* This code is derived from section 17.1 of Applied Cryptography,
|
||||
* second edition, which describes a stream cipher allegedly
|
||||
* compatible with RSA Labs "RC4" cipher (the actual description of
|
||||
* which is a trade secret). The same algorithm is used as a stream
|
||||
* cipher called "arcfour" in Tatu Ylonen's ssh package.
|
||||
*
|
||||
* RC4 is a registered trademark of RSA Laboratories.
|
||||
*/
|
||||
|
||||
#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || \
|
||||
defined(__APPLE__)
|
||||
# include <stdlib.h>
|
||||
#else
|
||||
# include <bsd/stdlib.h>
|
||||
#endif
|
||||
#include <stdint.h>
|
||||
|
||||
/*
|
||||
* Calculate a uniformly distributed random number less than upper_bound
|
||||
* avoiding "modulo bias".
|
||||
*
|
||||
* Uniformity is achieved by generating new random numbers until the one
|
||||
* returned is outside the range [0, 2**32 % upper_bound). This
|
||||
* guarantees the selected random number will be inside
|
||||
* [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
|
||||
* after reduction modulo upper_bound.
|
||||
*/
|
||||
uint32_t
|
||||
arc4random_uniform(uint32_t upper_bound)
|
||||
{
|
||||
uint32_t r, min;
|
||||
|
||||
if (upper_bound < 2)
|
||||
return 0;
|
||||
|
||||
#if (ULONG_MAX > 0xffffffffUL)
|
||||
min = 0x100000000UL % upper_bound;
|
||||
#else
|
||||
/* Calculate (2**32 % upper_bound) avoiding 64-bit math */
|
||||
if (upper_bound > 0x80000000)
|
||||
min = 1 + ~upper_bound; /* 2**32 - upper_bound */
|
||||
else {
|
||||
/* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
|
||||
min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This could theoretically loop forever but each retry has
|
||||
* p > 0.5 (worst case, usually far better) of selecting a
|
||||
* number inside the range we need, so it should rarely need
|
||||
* to re-roll.
|
||||
*/
|
||||
for (;;) {
|
||||
r = arc4random();
|
||||
if (r >= min)
|
||||
break;
|
||||
}
|
||||
|
||||
return r % upper_bound;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue