SCRAM::getAuthMessage() - Code Metrics - Inspection of "Remove --ignore-platform-reqs" - fabiang/sasl - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 889d97...c2f052 )

by Fabian

created 2021-02-17 14:30 UTC

SCRAM::getAuthMessage() A

↳ Parent: SCRAM

Complexity

Conditions	1
Paths	1

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	2
CRAP Score	1

Importance

Changes

Metric	Value
dl	0
loc	4
ccs	2
cts	2
cp	1
rs	10
c	0
b	0
f	0
cc	1
nc	1
nop	0
crap	1

<?php

/**
 * Sasl library.
 *
 * Copyright (c) 2002-2003 Richard Heyes,
 *               2014-2021 Fabian Grutschus
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * o Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 * o Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.|
 * o The names of the authors may not be used to endorse or promote
 *   products derived from this software without specific prior written
 *   permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * @author Jehan <[email protected]>
 */

namespace Fabiang\Sasl\Authentication;

use Fabiang\Sasl\Authentication\AbstractAuthentication;
use Fabiang\Sasl\Options;
use Fabiang\Sasl\Exception\InvalidArgumentException;

/**
 * Implementation of SCRAM-* SASL mechanisms.
 * SCRAM mechanisms have 3 main steps (initial response, response to the server challenge, then server signature
 * verification) which keep state-awareness. Therefore a single class instanciation must be done and reused for the whole
 * authentication process.
 *
 * @author Jehan <[email protected]>
 */
class SCRAM extends AbstractAuthentication implements ChallengeAuthenticationInterface, VerificationInterface
{

    private $hashAlgo;
    private $hash;
    private $hmac;
    private $gs2Header;
    private $cnonce;
    private $firstMessageBare;
    private $saltedPassword;
    private $authMessage;

    /**
     * Construct a SCRAM-H client where 'H' is a cryptographic hash function.
     *
     * @param Options $options
     * @param string  $hash The name cryptographic hash function 'H' as registered by IANA in the "Hash Function Textual
     * Names" registry.
     * @link http://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xml "Hash Function Textual
     * Names"
     * format of core PHP hash function.
     * @throws InvalidArgumentException
     */
    public function __construct(Options $options, $hash)
    {
        parent::__construct($options);

        // Though I could be strict, I will actually also accept the naming used in the PHP core hash framework.
        // For instance "sha1" is accepted, while the registered hash name should be "SHA-1".
        $normalizedHash = str_replace('-', '', strtolower($hash));

        $hashAlgos = hash_algos();
        if (!in_array($normalizedHash, $hashAlgos)) {
            throw new InvalidArgumentException("Invalid SASL mechanism type '$hash'");
        }

        $this->hash = function ($data) use ($normalizedHash) {
            return hash($normalizedHash, $data, true);
        };

        $this->hmac = function ($key, $str, $raw) use ($normalizedHash) {
            return hash_hmac($normalizedHash, $str, $key, $raw);
        };

        $this->hashAlgo = $normalizedHash;
    }

    /**
     * Provides the (main) client response for SCRAM-H.
     *
     * @param  string $challenge The challenge sent by the server.
     * If the challenge is null or an empty string, the result will be the "initial response".
     * @return string|false      The response (binary, NOT base64 encoded)
     */
    public function createResponse($challenge = null)
    {
        $authcid = $this->formatName($this->options->getAuthcid());
        if (empty($authcid)) {
            return false;
        }

        $authzid = $this->options->getAuthzid();
        if (!empty($authzid)) {
            $authzid = $this->formatName($authzid);
        }

        if (empty($challenge)) {
            return $this->generateInitialResponse($authcid, $authzid);
        } else {
            return $this->generateResponse($challenge, $this->options->getSecret());
        }
    }

    /**
     * Prepare a name for inclusion in a SCRAM response.
     *
     * @param string $username a name to be prepared.
     * @return string the reformated name.
     */
    private function formatName($username)
    {
        return str_replace(array('=', ','), array('=3D', '=2C'), $username);
    }

    /**
     * Generate the initial response which can be either sent directly in the first message or as a response to an empty
     * server challenge.
     *
     * @param string $authcid Prepared authentication identity.
     * @param string $authzid Prepared authorization identity.
     * @return string The SCRAM response to send.
     */
    private function generateInitialResponse($authcid, $authzid)
    {
        $gs2CbindFlag   = 'n,';
        $this->gs2Header = $gs2CbindFlag . (!empty($authzid) ? 'a=' . $authzid : '') . ',';

        // I must generate a client nonce and "save" it for later comparison on second response.
        $this->cnonce = $this->generateCnonce();

        $this->firstMessageBare = 'n=' . $authcid . ',r=' . $this->cnonce;
        return $this->gs2Header . $this->firstMessageBare;
    }

    /**
     * Parses and verifies a non-empty SCRAM challenge.
     *
     * @param  string $challenge The SCRAM challenge
     * @return string|false      The response to send; false in case of wrong challenge or if an initial response has not
     * been generated first.
     */
    private function generateResponse($challenge, $password)
    {
        $matches = array();

        $serverMessageRegexp = "#^r=([\x21-\x2B\x2D-\x7E/]+)"
            . ",s=((?:[A-Za-z0-9/+]{4})*(?:[A-Za-z0-9/+]{3}=|[A-Za-z0-9/+]{2}==)?)"
            . ",i=([0-9]*)(,[A-Za-z]=[^,])*$#";
        if (!isset($this->cnonce, $this->gs2Header) || !preg_match($serverMessageRegexp, $challenge, $matches)) {
            return false;
        }
        $nonce = $matches[1];
        $salt  = base64_decode($matches[2]);
        if (!$salt) {
            // Invalid Base64.
            return false;
        }
        $i = intval($matches[3]);

        $cnonce = substr($nonce, 0, strlen($this->cnonce));
        if ($cnonce !== $this->cnonce) {
            // Invalid challenge! Are we under attack?
            return false;
        }

        $channelBinding       = 'c=' . base64_encode($this->gs2Header);
        $finalMessage         = $channelBinding . ',r=' . $nonce;
        $saltedPassword       = $this->hi($password, $salt, $i);
        $this->saltedPassword = $saltedPassword;
        $clientKey            = call_user_func($this->hmac, $saltedPassword, "Client Key", true);
        $storedKey            = call_user_func($this->hash, $clientKey, true);
        $authMessage          = $this->firstMessageBare . ',' . $challenge . ',' . $finalMessage;
        $this->authMessage    = $authMessage;
        $clientSignature      = call_user_func($this->hmac, $storedKey, $authMessage, true);
        $clientProof          = $clientKey ^ $clientSignature;
        $proof                = ',p=' . base64_encode($clientProof);

        return $finalMessage . $proof;
    }

    /**
     * Hi() call, which is essentially PBKDF2 (RFC-2898) with HMAC-H() as the pseudorandom function.
     *
     * @param string $str  The string to hash.
     * @param string $salt The salt value.
     * @param int $i The   iteration count.
     */
    private function hi($str, $salt, $i)
    {
        $int1   = "\0\0\0\1";
        $ui     = call_user_func($this->hmac, $str, $salt . $int1, true);
        $result = $ui;
        for ($k = 1; $k < $i; $k++) {
            $ui     = call_user_func($this->hmac, $str, $ui, true);
            $result = $result ^ $ui;
        }
        return $result;
    }

    /**
     * SCRAM has also a server verification step. On a successful outcome, it will send additional data which must
     * absolutely be checked against this function. If this fails, the entity which we are communicating with is probably
     * not the server as it has not access to your ServerKey.
     *
     * @param string $data The additional data sent along a successful outcome.
     * @return bool Whether the server has been authenticated.
     * If false, the client must close the connection and consider to be under a MITM attack.
     */
    public function verify($data)
    {
        $verifierRegexp = '#^v=((?:[A-Za-z0-9/+]{4})*(?:[A-Za-z0-9/+]{3}=|[A-Za-z0-9/+]{2}==)?)$#';

        $matches = array();
        if (!isset($this->saltedPassword, $this->authMessage) || !preg_match($verifierRegexp, $data, $matches)) {
            // This cannot be an outcome, you never sent the challenge's response.
            return false;
        }

        $verifier                = $matches[1];
        $proposedServerSignature = base64_decode($verifier);
        $serverKey               = call_user_func($this->hmac, $this->saltedPassword, "Server Key", true);
        $serverSignature         = call_user_func($this->hmac, $serverKey, $this->authMessage, true);

        return $proposedServerSignature === $serverSignature;
    }

    /**
     * @return string
     */
    public function getCnonce()
    {
        return $this->cnonce;
    }

    public function getSaltedPassword()
    {
        return $this->saltedPassword;
    }

    public function getAuthMessage()
    {
        return $this->authMessage;
    }

    public function getHashAlgo()
    {
        return $this->hashAlgo;
    }
}


1		<?php
2
3		/**
4		* Sasl library.
5		*
6		* Copyright (c) 2002-2003 Richard Heyes,
7		* 2014-2021 Fabian Grutschus
8		* All rights reserved.
9		*
10		* Redistribution and use in source and binary forms, with or without
11		* modification, are permitted provided that the following conditions
12		* are met:
13		*
14		* o Redistributions of source code must retain the above copyright
15		* notice, this list of conditions and the following disclaimer.
16		* o Redistributions in binary form must reproduce the above copyright
17		* notice, this list of conditions and the following disclaimer in the
18		* documentation and/or other materials provided with the distribution.\|
19		* o The names of the authors may not be used to endorse or promote
20		* products derived from this software without specific prior written
21		* permission.
22		*
23		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24		* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25		* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26		* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27		* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29		* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30		* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31		* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32		* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
33		* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34		*
35		* @author Jehan <[email protected]>
36		*/
37
38		namespace Fabiang\Sasl\Authentication;
39
40		use Fabiang\Sasl\Authentication\AbstractAuthentication;
41		use Fabiang\Sasl\Options;
42		use Fabiang\Sasl\Exception\InvalidArgumentException;
43
44		/**
45		* Implementation of SCRAM-* SASL mechanisms.
46		* SCRAM mechanisms have 3 main steps (initial response, response to the server challenge, then server signature
47		* verification) which keep state-awareness. Therefore a single class instanciation must be done and reused for the whole
48		* authentication process.
49		*
50		* @author Jehan <[email protected]>
51		*/
52		class SCRAM extends AbstractAuthentication implements ChallengeAuthenticationInterface, VerificationInterface
53		{
54
55		private $hashAlgo;
56		private $hash;
57		private $hmac;
58		private $gs2Header;
59		private $cnonce;
60		private $firstMessageBare;
61		private $saltedPassword;
62		private $authMessage;
63
64		/**
65		* Construct a SCRAM-H client where 'H' is a cryptographic hash function.
66		*
67		* @param Options $options
68		* @param string $hash The name cryptographic hash function 'H' as registered by IANA in the "Hash Function Textual
69		* Names" registry.
70		* @link http://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xml "Hash Function Textual
71		* Names"
72		* format of core PHP hash function.
73		* @throws InvalidArgumentException
74		*/
75	4	public function __construct(Options $options, $hash)
76		{
77	4	parent::__construct($options);
78
79		// Though I could be strict, I will actually also accept the naming used in the PHP core hash framework.
80		// For instance "sha1" is accepted, while the registered hash name should be "SHA-1".
81	4	$normalizedHash = str_replace('-', '', strtolower($hash));
82
83	4	$hashAlgos = hash_algos();
84	4	if (!in_array($normalizedHash, $hashAlgos)) {
85	1	throw new InvalidArgumentException("Invalid SASL mechanism type '$hash'");
86		}
87
88		$this->hash = function ($data) use ($normalizedHash) {
89	1	return hash($normalizedHash, $data, true);
90		};
91
92	1	$this->hmac = function ($key, $str, $raw) use ($normalizedHash) {
93	1	return hash_hmac($normalizedHash, $str, $key, $raw);
94		};
95
96	4	$this->hashAlgo = $normalizedHash;
97	4	}
98
99		/**
100		* Provides the (main) client response for SCRAM-H.
101		*
102		* @param string $challenge The challenge sent by the server.
103		* If the challenge is null or an empty string, the result will be the "initial response".
104		* @return string\|false The response (binary, NOT base64 encoded)
105		*/
106	3	public function createResponse($challenge = null)
107		{
108	3	$authcid = $this->formatName($this->options->getAuthcid());
109	3	if (empty($authcid)) {
110	1	return false;
111		}
112
113	2	$authzid = $this->options->getAuthzid();
114	2	if (!empty($authzid)) {
115	2	$authzid = $this->formatName($authzid);
116		}
117
118	2	if (empty($challenge)) {
119	2	return $this->generateInitialResponse($authcid, $authzid);
120		} else {
121	1	return $this->generateResponse($challenge, $this->options->getSecret());
122		}
123		}
124
125		/**
126		* Prepare a name for inclusion in a SCRAM response.
127		*
128		* @param string $username a name to be prepared.
129		* @return string the reformated name.
130		*/
131	1	private function formatName($username)
132		{
133	1	return str_replace(array('=', ','), array('=3D', '=2C'), $username);
134		}
135
136		/**
137		* Generate the initial response which can be either sent directly in the first message or as a response to an empty
138		* server challenge.
139		*
140		* @param string $authcid Prepared authentication identity.
141		* @param string $authzid Prepared authorization identity.
142		* @return string The SCRAM response to send.
143		*/
144	1	private function generateInitialResponse($authcid, $authzid)
145		{
146	1	$gs2CbindFlag = 'n,';
147	1	$this->gs2Header = $gs2CbindFlag . (!empty($authzid) ? 'a=' . $authzid : '') . ',';
148
149		// I must generate a client nonce and "save" it for later comparison on second response.
150	1	$this->cnonce = $this->generateCnonce();
151
152	1	$this->firstMessageBare = 'n=' . $authcid . ',r=' . $this->cnonce;
153	1	return $this->gs2Header . $this->firstMessageBare;
154		}
155
156		/**
157		* Parses and verifies a non-empty SCRAM challenge.
158		*
159		* @param string $challenge The SCRAM challenge
160		* @return string\|false The response to send; false in case of wrong challenge or if an initial response has not
161		* been generated first.
162		*/
163	3	private function generateResponse($challenge, $password)
164		{
165	3	$matches = array();
166
167		$serverMessageRegexp = "#^r=([\x21-\x2B\x2D-\x7E/]+)"
168		. ",s=((?:[A-Za-z0-9/+]{4})*(?:[A-Za-z0-9/+]{3}=\|[A-Za-z0-9/+]{2}==)?)"
169	3	. ",i=([0-9])(,[A-Za-z]=[^,])$#";
170	3	if (!isset($this->cnonce, $this->gs2Header) \|\| !preg_match($serverMessageRegexp, $challenge, $matches)) {
171	1	return false;
172		}
173	2	$nonce = $matches[1];
174	2	$salt = base64_decode($matches[2]);
175	2	if (!$salt) {
176		// Invalid Base64.
177		return false;
178		}
179	2	$i = intval($matches[3]);
180
181	2	$cnonce = substr($nonce, 0, strlen($this->cnonce));
182	2	if ($cnonce !== $this->cnonce) {
183		// Invalid challenge! Are we under attack?
184	1	return false;
185		}
186
187	1	$channelBinding = 'c=' . base64_encode($this->gs2Header);
188	1	$finalMessage = $channelBinding . ',r=' . $nonce;
189	1	$saltedPassword = $this->hi($password, $salt, $i);
190	1	$this->saltedPassword = $saltedPassword;
191	1	$clientKey = call_user_func($this->hmac, $saltedPassword, "Client Key", true);
192	1	$storedKey = call_user_func($this->hash, $clientKey, true);
193	1	$authMessage = $this->firstMessageBare . ',' . $challenge . ',' . $finalMessage;
194	1	$this->authMessage = $authMessage;
195	1	$clientSignature = call_user_func($this->hmac, $storedKey, $authMessage, true);
196	1	$clientProof = $clientKey ^ $clientSignature;
197	1	$proof = ',p=' . base64_encode($clientProof);
198
199	1	return $finalMessage . $proof;
200		}
201
202		/**
203		* Hi() call, which is essentially PBKDF2 (RFC-2898) with HMAC-H() as the pseudorandom function.
204		*
205		* @param string $str The string to hash.
206		* @param string $salt The salt value.
207		* @param int $i The iteration count.
208		*/
209	1	private function hi($str, $salt, $i)
210		{
211	1	$int1 = "\0\0\0\1";
212	1	$ui = call_user_func($this->hmac, $str, $salt . $int1, true);
213	1	$result = $ui;
214	1	for ($k = 1; $k < $i; $k++) {
215	1	$ui = call_user_func($this->hmac, $str, $ui, true);
216	1	$result = $result ^ $ui;
217		}
218	1	return $result;
219		}
220
221		/**
222		* SCRAM has also a server verification step. On a successful outcome, it will send additional data which must
223		* absolutely be checked against this function. If this fails, the entity which we are communicating with is probably
224		* not the server as it has not access to your ServerKey.
225		*
226		* @param string $data The additional data sent along a successful outcome.
227		* @return bool Whether the server has been authenticated.
228		* If false, the client must close the connection and consider to be under a MITM attack.
229		*/
230	2	public function verify($data)
231		{
232	2	$verifierRegexp = '#^v=((?:[A-Za-z0-9/+]{4})*(?:[A-Za-z0-9/+]{3}=\|[A-Za-z0-9/+]{2}==)?)$#';
233
234	2	$matches = array();
235	2	if (!isset($this->saltedPassword, $this->authMessage) \|\| !preg_match($verifierRegexp, $data, $matches)) {
236		// This cannot be an outcome, you never sent the challenge's response.
237	1	return false;
238		}
239
240	1	$verifier = $matches[1];
241	1	$proposedServerSignature = base64_decode($verifier);
242	1	$serverKey = call_user_func($this->hmac, $this->saltedPassword, "Server Key", true);
243	1	$serverSignature = call_user_func($this->hmac, $serverKey, $this->authMessage, true);
244
245	1	return $proposedServerSignature === $serverSignature;
246		}
247
248		/**
249		* @return string
250		*/
251	1	public function getCnonce()
252		{
253	1	return $this->cnonce;
254		}
255
256	1	public function getSaltedPassword()
257		{
258	1	return $this->saltedPassword;
259		}
260
261	1	public function getAuthMessage()
262		{
263	1	return $this->authMessage;
264		}
265
266	1	public function getHashAlgo()
267		{
268	1	return $this->hashAlgo;
269		}
270		}
271

fabiang / sasl

Push — master ( 889d97...c2f052 )

SCRAM::getAuthMessage() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like