scram/validate.c

Go to the documentation of this file.
00001 /* validate.c --- Validate consistency of SCRAM tokens.
00002  * Copyright (C) 2009  Simon Josefsson
00003  *
00004  * This file is part of GNU SASL Library.
00005  *
00006  * GNU SASL Library is free software; you can redistribute it and/or
00007  * modify it under the terms of the GNU Lesser General Public License
00008  * as published by the Free Software Foundation; either version 2.1 of
00009  * the License, or (at your option) any later version.
00010  *
00011  * GNU SASL Library is distributed in the hope that it will be useful,
00012  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00014  * Lesser General Public License for more details.
00015  *
00016  * You should have received a copy of the GNU Lesser General Public
00017  * License along with GNU SASL Library; if not, write to the Free
00018  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
00019  * Boston, MA 02110-1301, USA.
00020  *
00021  */
00022 
00023 #ifdef HAVE_CONFIG_H
00024 # include "config.h"
00025 #endif
00026 
00027 /* Get prototypes. */
00028 #include "validate.h"
00029 
00030 /* Get strcmp, strlen. */
00031 #include <string.h>
00032 
00033 bool
00034 scram_valid_client_first (struct scram_client_first *cf)
00035 {
00036   /* Check that cbflag is one of permitted values. */
00037   switch (cf->cbflag)
00038     {
00039     case 'p':
00040     case 'n':
00041     case 'y':
00042       break;
00043 
00044     default:
00045       return false;
00046     }
00047 
00048   /* Check that cbname is only set when cbflag is p. */
00049   if (cf->cbflag == 'p' && cf->cbname == NULL)
00050     return false;
00051   else if (cf->cbflag != 'p' && cf->cbname != NULL)
00052     return false;
00053 
00054   /* FIXME check that cbname matches [A-Za-z0-9.-]. */
00055 
00056   /* We require a non-zero username string. */
00057   if (cf->username == NULL || *cf->username == '\0')
00058     return false;
00059 
00060   /* We require a non-zero client nonce. */
00061   if (cf->client_nonce == NULL || *cf->client_nonce == '\0')
00062     return false;
00063 
00064   /* Nonce cannot contain ','. */
00065   if (strchr (cf->client_nonce, ','))
00066     return false;
00067 
00068   return true;
00069 }
00070 
00071 bool
00072 scram_valid_server_first (struct scram_server_first *sf)
00073 {
00074   /* We require a non-zero nonce. */
00075   if (sf->nonce == NULL || *sf->nonce == '\0')
00076     return false;
00077 
00078   /* Nonce cannot contain ','. */
00079   if (strchr (sf->nonce, ','))
00080     return false;
00081 
00082   /* We require a non-zero salt. */
00083   if (sf->salt == NULL || *sf->salt == '\0')
00084     return false;
00085 
00086   /* FIXME check that salt is valid base64. */
00087   if (strchr (sf->salt, ','))
00088     return false;
00089 
00090   if (sf->iter == 0)
00091     return false;
00092 
00093   return true;
00094 }
00095 
00096 bool
00097 scram_valid_client_final (struct scram_client_final *cl)
00098 {
00099   /* We require a non-zero cbind. */
00100   if (cl->cbind == NULL || *cl->cbind == '\0')
00101     return false;
00102 
00103   /* FIXME check that cbind is valid base64. */
00104   if (strchr (cl->cbind, ','))
00105     return false;
00106 
00107   /* We require a non-zero nonce. */
00108   if (cl->nonce == NULL || *cl->nonce == '\0')
00109     return false;
00110 
00111   /* Nonce cannot contain ','. */
00112   if (strchr (cl->nonce, ','))
00113     return false;
00114 
00115   /* We require a non-zero proof. */
00116   if (cl->proof == NULL || *cl->proof == '\0')
00117     return false;
00118 
00119   /* FIXME check that proof is valid base64. */
00120   if (strchr (cl->proof, ','))
00121     return false;
00122 
00123   return true;
00124 }
00125 
00126 bool
00127 scram_valid_server_final (struct scram_server_final *sl)
00128 {
00129   /* We require a non-zero verifier. */
00130   if (sl->verifier == NULL || *sl->verifier == '\0')
00131     return false;
00132 
00133   /* FIXME check that verifier is valid base64. */
00134   if (strchr (sl->verifier, ','))
00135     return false;
00136 
00137   return true;
00138 }