func (s *ScramSuite) TestScramWithRFC5802TestVector(c *C) {
client := Mechanism.NewClient()
client.SetProperty(sasl.AuthID, "user")
client.SetProperty(sasl.Password, "pencil")
client.SetProperty(sasl.ClientNonce, "fyko+d2lbbFgONRv9qkxdawL")
t, err := client.Step(nil)
c.Check(err, IsNil)
c.Check(client.NeedsMore(), Equals, true)
c.Check(t, DeepEquals, sasl.Token(`n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL`))
rec := sasl.Token("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096")
t, err = client.Step(rec)
c.Check(err, IsNil)
c.Check(client.NeedsMore(), Equals, true)
c.Check(t, DeepEquals, sasl.Token(`c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=`))
rec = sasl.Token("v=rmF9pqV8S7suAoZWja4dJRkFsKQ=")
t, err = client.Step(rec)
c.Check(err, IsNil)
c.Check(client.NeedsMore(), Equals, false)
c.Check(t, IsNil)
}
func (s *DigestMD5) Test(c *C) {
client := Mechanism.NewClient()
c.Check(client.NeedsMore(), Equals, true)
client.SetProperty(sasl.AuthID, "chris")
client.SetProperty(sasl.Password, "secret")
client.SetProperty(sasl.Service, "imap")
//client.SetProperty(sasl.Realm, "elwood.innosoft.com")
client.SetProperty(sasl.QOP, "auth")
client.SetProperty(sasl.ClientNonce, "OA6MHXh6VqTrRk")
t, err := client.Step(nil)
c.Check(err, IsNil)
c.Check(client.NeedsMore(), Equals, true)
c.Check(t, IsNil)
rec := sasl.Token(`realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",algorithm=md5-sess,charset=utf-8`)
t, err = client.Step(rec)
c.Check(err, IsNil)
c.Check(client.NeedsMore(), Equals, true)
c.Check(t, DeepEquals, sasl.Token(`charset=utf-8,username="******",realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",nc=00000001,cnonce="OA6MHXh6VqTrRk",digest-uri="imap/elwood.innosoft.com",response=d388dad90d4bbd760a152321f2143af7,qop=auth`))
rec = sasl.Token("rspauth=ea40f60335c427b5527b84dbabcdfffd")
t, err = client.Step(rec)
c.Check(err, IsNil)
c.Check(client.NeedsMore(), Equals, true)
c.Check(t, IsNil)
t, err = client.Step(nil)
c.Check(err, IsNil)
c.Check(client.NeedsMore(), Equals, false)
c.Check(t, IsNil)
}
func (s *SASLPlain) Test(c *C) {
expected := sasl.Token("\x00foo\x00bar")
client := Mechanism.NewClient()
c.Check(client.NeedsMore(), Equals, true)
client.SetProperty(sasl.AuthID, "foo")
client.SetProperty(sasl.Password, "bar")
t, err := client.Step(nil)
c.Check(err, IsNil)
c.Check(client.NeedsMore(), Equals, true)
c.Check(t, DeepEquals, expected)
t, err = client.Step(nil)
c.Check(err, IsNil)
c.Check(client.NeedsMore(), Equals, false)
}
func (replyChallenge) challenge(user string, password string) (state, sasl.Token, error) {
ret := sasl.Token("\x00" + user + "\x00" + password)
return authenticateServer{}, ret, nil
}
func (c digestChallenge) challenge(props sasl.Properties, pairs sasl.AttributeValuePairs) (digestState, sasl.Token, error) {
var ok bool
user, ok := props[sasl.AuthID]
if !ok {
return c, nil, sasl.PropertyMissingError{sasl.AuthID}
}
password, ok := props[sasl.Password]
if !ok {
return c, nil, sasl.PropertyMissingError{sasl.Password}
}
authorizationID := props[sasl.AuthZID]
//realm, ok := props[sasl.Realm]
//if !ok {
// return c, nil, sasl.PropertyMissingError{sasl.Realm}
//}
realm, ok := pairs["realm"]
if !ok {
return c, nil, sasl.ErrMissingParameter
}
service, ok := props[sasl.Service]
if !ok {
return c, nil, sasl.PropertyMissingError{sasl.Service}
}
clientNonce, ok := props[sasl.ClientNonce]
if !ok {
return c, nil, sasl.PropertyMissingError{sasl.ClientNonce}
}
qop, ok := props[sasl.QOP]
if !ok {
return c, nil, sasl.PropertyMissingError{sasl.QOP}
}
serverNonce, ok := pairs["nonce"]
if !ok {
return c, nil, sasl.ErrMissingParameter
}
//TODO: check if pairs[qop] contains props[QOP]
digestURI := service + "/" + realm
a1 := c.a1(user, realm, password, serverNonce, clientNonce, authorizationID)
a2 := c.a2(digestURI, qop)
nc := fmt.Sprintf("%08x", 1)
kd := strings.Join([]string{
hex.EncodeToString(a1[:]),
serverNonce,
nc,
clientNonce,
qop,
hex.EncodeToString(a2[:]),
}, ":")
mdKd := md5.Sum([]byte(kd))
responseValue := hex.EncodeToString(mdKd[:])
ret := fmt.Sprintf(`charset=utf-8,username=%q,realm=%q,nonce=%q,nc=%s,cnonce=%q,digest-uri=%q,response=%s,qop=auth`,
user, realm, serverNonce, nc, clientNonce, digestURI, responseValue,
)
if authorizationID != "" {
ret = ret + ",authzid=\"" + authorizationID + "\""
}
return responseAuth{}, sasl.Token(ret), nil
}
