mirror
/
KtIrc
mirror of https://github.com/csmith/KtIrc
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 20 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
167 Commits
2 Branches
Tree: 2c12fac16c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2c12fac16c'
${ noResults }
KtIrc/src/main/kotlin/com/dmdirc/ktirc/sasl/ScramMechanism.kt

ScramMechanism.kt 7.7KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184 
  1. package com.dmdirc.ktirc.sasl

  2. 

  3. import com.dmdirc.ktirc.IrcClient

  4. import com.dmdirc.ktirc.SaslConfig

  5. import com.dmdirc.ktirc.messages.sendAuthenticationMessage

  6. import com.dmdirc.ktirc.util.logger

  7. import java.security.MessageDigest

  8. import java.security.SecureRandom

  9. import javax.crypto.Mac

  10. import javax.crypto.spec.SecretKeySpec

  11. import kotlin.experimental.xor

  12. import kotlin.random.asKotlinRandom

  13. 

  14. internal class ScramMechanism(private val algorithm: String, override val priority: Int, private val saslConfig: SaslConfig) : SaslMechanism {

  15. 

  16.     private val log by logger()

  17. 

  18.     override val ircName = "SCRAM-${algorithm.toUpperCase()}"

  19. 

  20.     override fun handleAuthenticationEvent(client: IrcClient, data: ByteArray?) {

  21.         val state = client.scramState

  22.         try {

  23.             when (state.scramStage) {

  24.                 ScramStage.SendingFirstMessage -> client.sendFirstMessage(state)

  25.                 ScramStage.SendingSecondMessage -> client.sendSecondMessage(state, data.parse())

  26.                 ScramStage.Finishing -> client.validateAndFinish(state, data.parse())

  27.             }

  28.         } catch (ex: ScramException) {

  29.             client.abortScram(ex.localizedMessage)

  30.         }

  31.     }

  32. 

  33.     private fun IrcClient.sendFirstMessage(state: ScramState) {

  34.         state.scramStage = ScramStage.SendingSecondMessage

  35.         sendScramMessage(

  36.                 "n,,", // No channel binding, no impersonation

  37.                 ScramMessageType.AuthName to saslConfig.username.escape(),

  38.                 ScramMessageType.Nonce to state.clientNonce)

  39.     }

  40. 

  41.     private fun IrcClient.sendSecondMessage(state: ScramState, data: Map<ScramMessageType, String>) {

  42.         if (ScramMessageType.FutureExtensions in data)

  43.             throw ScramException("Unsupported extension received: ${data[ScramMessageType.FutureExtensions]}")

  44.         if (ScramMessageType.Error in data)

  45.             throw ScramException("Error received from server: ${data[ScramMessageType.Error]}")

  46. 

  47.         state.iterCount = data[ScramMessageType.IterationCount]?.toIntOrNull()

  48.                 ?: throw ScramException("No iteration count provided")

  49.         state.salt = data[ScramMessageType.Salt]?.fromBase64() ?: throw ScramException("No salt provided")

  50.         state.serverNonce = data[ScramMessageType.Nonce] ?: throw ScramException("No server salt provided")

  51. 

  52.         state.saltedPassword = pbkdf2(saslConfig.password.toByteArray(), state.salt, state.iterCount)

  53.         val clientKey = hmac(state.saltedPassword, "Client Key".toByteArray())

  54.         val storedKey = hash(clientKey)

  55.         state.authMessage = buildScramMessage(

  56.                 ScramMessageType.AuthName to saslConfig.username.escape(),

  57.                 ScramMessageType.Nonce to state.clientNonce,

  58.                 ScramMessageType.Nonce to state.serverNonce,

  59.                 ScramMessageType.Salt to state.salt.toBase64(),

  60.                 ScramMessageType.IterationCount to state.iterCount.toString(),

  61.                 ScramMessageType.ChannelBinding to "n,,".toByteArray().toBase64(),

  62.                 ScramMessageType.Nonce to state.serverNonce).toByteArray()

  63.         val clientSignature = hmac(storedKey, state.authMessage)

  64.         val clientProof = clientKey.xor(clientSignature)

  65. 

  66.         state.scramStage = ScramStage.Finishing

  67.         sendScramMessage(

  68.                 "",

  69.                 ScramMessageType.ChannelBinding to "n,,".toByteArray().toBase64(),

  70.                 ScramMessageType.Nonce to state.serverNonce,

  71.                 ScramMessageType.ClientProof to clientProof.toBase64()

  72.         )

  73.     }

  74. 

  75.     private fun IrcClient.validateAndFinish(state: ScramState, data: Map<ScramMessageType, String>) {

  76.         if (ScramMessageType.FutureExtensions in data)

  77.             throw ScramException("Unsupported extension received: ${data[ScramMessageType.FutureExtensions]}")

  78.         if (ScramMessageType.Error in data)

  79.             throw ScramException("Error received from server: ${data[ScramMessageType.Error]}")

  80. 

  81.         val serverKey = hmac(state.saltedPassword, "Server Key".toByteArray())

  82.         val expectedServerSignature = hmac(serverKey, state.authMessage).toBase64()

  83.         val receivedServerSignature = data[ScramMessageType.ServerVerifier]

  84.                 ?: throw ScramException("No server verifier received")

  85. 

  86.         if (expectedServerSignature != receivedServerSignature) {

  87.             throw ScramException("Server signature does not match")

  88.         }

  89.         sendAuthenticationMessage("+")

  90.     }

  91. 

  92.     private fun IrcClient.abortScram(reason: String) {

  93.         log.warning { "Aborting SCRAM authentication: $reason" }

  94.         sendAuthenticationMessage("*")

  95.     }

  96. 

  97.     private fun IrcClient.sendScramMessage(prefix: String = "", vararg entries: Pair<ScramMessageType, String>) =

  98.             sendAuthenticationData("$prefix${buildScramMessage(*entries)}")

  99. 

  100.     private fun buildScramMessage(vararg entries: Pair<ScramMessageType, String>) = entries.joinToString(",") { (k, v) -> "${k.prefix}=$v" }

  101. 

  102.     private fun ByteArray?.parse(): Map<ScramMessageType, String> {

  103.         return if (this == null || this.isEmpty())

  104.             emptyMap()

  105.         else

  106.             String(this).split(',').map {

  107.                 getMessageType(it[0]) to it.substring(2).unescape()

  108.             }.toMap()

  109.     }

  110. 

  111.     private fun String.escape() = replace("=", "=3D").replace(",", "=2C")

  112.     private fun String.unescape() = replace("=2C", ",").replace("=3D", "=")

  113. 

  114.     private fun hmac(keyMaterial: ByteArray, input: ByteArray): ByteArray {

  115.         return with(Mac.getInstance("hmac${algorithm.replace("-", "")}")) {

  116.             init(SecretKeySpec(keyMaterial, algorithm))

  117.             doFinal(input)

  118.         }

  119.     }

  120. 

  121.     private fun hash(input: ByteArray): ByteArray {

  122.         return with(MessageDigest.getInstance(algorithm.replace("-", ""))) {

  123.             digest(input)

  124.         }

  125.     }

  126. 

  127.     private fun pbkdf2(keyMaterial: ByteArray, initialSalt: ByteArray, iterations: Int): ByteArray {

  128.         var salt = initialSalt + 0x00 + 0x00 + 0x00 + 0x01

  129.         var result: ByteArray? = null

  130.         repeat(iterations) {

  131.             salt = hmac(keyMaterial, salt)

  132.             result = result?.xor(salt) ?: salt

  133.         }

  134.         return result ?: ByteArray(0)

  135.     }

  136. 

  137.     private val IrcClient.scramState: ScramState

  138.         get() = with(serverState.sasl) {

  139.             (mechanismState as? ScramState ?: ScramState()).apply {

  140.                 mechanismState = this

  141.             }

  142.         }

  143. 

  144.     private fun ByteArray.xor(other: ByteArray): ByteArray = zip(other) { a, b -> a.xor(b) }.toByteArray()

  145. 

  146. }

  147. 

  148. private class ScramException(message: String) : RuntimeException(message)

  149. 

  150. private fun newNonce(): String {

  151.     val charPool: List<Char> = (' '..'~') - ',' - '='

  152.     val random = SecureRandom().asKotlinRandom()

  153.     return (0..31).map { charPool.random(random) }.joinToString("")

  154. }

  155. 

  156. internal class ScramState(

  157.         var scramStage: ScramStage = ScramStage.SendingFirstMessage,

  158.         val clientNonce: String = newNonce(),

  159.         var serverNonce: String = "",

  160.         var iterCount: Int = 1,

  161.         var salt: ByteArray = ByteArray(0),

  162.         var saltedPassword: ByteArray = ByteArray(0),

  163.         var authMessage: ByteArray = ByteArray(0))

  164. 

  165. internal enum class ScramStage {

  166.     SendingFirstMessage,

  167.     SendingSecondMessage,

  168.     Finishing

  169. }

  170. 

  171. internal enum class ScramMessageType(val prefix: Char) {

  172.     AuthName('n'),

  173.     FutureExtensions('m'),

  174.     Nonce('r'),

  175.     ChannelBinding('c'),

  176.     Salt('s'),

  177.     IterationCount('i'),

  178.     ClientProof('p'),

  179.     ServerVerifier('v'),

  180.     Error('e'),

  181. }

  182. 

  183. private fun getMessageType(prefix: Char) =

  184.         ScramMessageType.values().firstOrNull { it.prefix == prefix } ?: ScramMessageType.Error