Ignore:
Timestamp:
2015-05-31T02:40:04Z (9 years ago)
Author:
dequis <dx@…>
Children:
85dabae
Parents:
95fdf22
git-author:
dequis <dx@…> (11-04-15 22:24:13)
git-committer:
dequis <dx@…> (31-05-15 02:40:04)
Message:

msn/soap: remove MSNP15 SSO crypto code

File:
1 edited

Legend:

Unmodified
Added
Removed
  • protocols/msn/soap.c

    r95fdf22 r6a89740  
    174174                if (!(md->flags & MSN_REAUTHING)) {
    175175                        /* Nonce shouldn't actually be touched for re-auths. */
    176                         msn_soap_passport_sso_request(soap_req->ic, "blaataap");
     176                        msn_soap_passport_sso_request(soap_req->ic);
    177177                        md->flags |= MSN_REAUTHING;
    178178                }
     
    259259
    260260struct msn_soap_passport_sso_data {
    261         char *nonce;
    262         char *secret;
    263261        char *error;
    264262        char *redirect;
     
    269267        struct msn_soap_passport_sso_data *sd = soap_req->data;
    270268        struct im_connection *ic = soap_req->ic;
    271         struct msn_data *md = ic->proto_data;
    272269        char pass[MAX_PASSPORT_PWLEN + 1];
    273270
     
    275272                soap_req->url = sd->redirect;
    276273                sd->redirect = NULL;
    277         }
    278         /* MS changed this URL and broke the old MSN-specific one. The generic
    279            one works, forwarding us to a msn.com URL that works. Takes an extra
    280            second, but that's better than not being able to log in at all. :-/
    281         else if( g_str_has_suffix( ic->acc->user, "@msn.com" ) )
    282                 soap_req->url = g_strdup( SOAP_PASSPORT_SSO_URL_MSN );
    283         */
    284         else {
     274        } else {
    285275                soap_req->url = g_strdup(SOAP_PASSPORT_SSO_URL);
    286276        }
     
    289279        pass[MAX_PASSPORT_PWLEN] = '\0';
    290280        soap_req->payload = g_markup_printf_escaped(SOAP_PASSPORT_SSO_PAYLOAD,
    291                                                     ic->acc->user, pass, md->pp_policy);
     281                                                    ic->acc->user, pass);
    292282
    293283        return MSN_SOAP_OK;
     
    297287{
    298288        struct msn_soap_req_data *soap_req = data;
    299         struct msn_soap_passport_sso_data *sd = soap_req->data;
    300         struct msn_data *md = soap_req->ic->proto_data;
    301         struct xt_node *p;
     289        struct msn_data *md = soap_req->ic->proto_data;
    302290        char *id;
    303291
     
    306294        }
    307295        id += strlen(id) - 1;
    308         if (*id == '1' &&
    309             (p = xt_find_path(node, "../../wst:RequestedProofToken/wst:BinarySecret")) &&
    310             p->text) {
    311                 sd->secret = g_strdup(p->text);
    312         }
    313296
    314297        *id -= '1';
     
    349332};
    350333
    351 static char *msn_key_fuckery(char *key, int key_len, char *type)
    352 {
    353         unsigned char hash1[20 + strlen(type) + 1];
    354         unsigned char hash2[20];
    355         char *ret;
    356 
    357         sha1_hmac(key, key_len, type, 0, hash1);
    358         strcpy((char *) hash1 + 20, type);
    359         sha1_hmac(key, key_len, (char *) hash1, sizeof(hash1) - 1, hash2);
    360 
    361         /* This is okay as hash1 is read completely before it's overwritten. */
    362         sha1_hmac(key, key_len, (char *) hash1, 20, hash1);
    363         sha1_hmac(key, key_len, (char *) hash1, sizeof(hash1) - 1, hash1);
    364 
    365         ret = g_malloc(24);
    366         memcpy(ret, hash2, 20);
    367         memcpy(ret + 20, hash1, 4);
    368         return ret;
    369 }
    370 
    371334static int msn_soap_passport_sso_handle_response(struct msn_soap_req_data *soap_req)
    372335{
     
    374337        struct im_connection *ic = soap_req->ic;
    375338        struct msn_data *md = ic->proto_data;
    376         char *key1, *key2, *key3, *blurb64;
    377         int key1_len;
    378         unsigned char *padnonce, *des3res;
    379 
    380         struct {
    381                 unsigned int uStructHeaderSize; // 28. Does not count data
    382                 unsigned int uCryptMode; // CRYPT_MODE_CBC (1)
    383                 unsigned int uCipherType; // TripleDES (0x6603)
    384                 unsigned int uHashType; // SHA1 (0x8004)
    385                 unsigned int uIVLen;    // 8
    386                 unsigned int uHashLen;  // 20
    387                 unsigned int uCipherLen; // 72
    388                 unsigned char iv[8];
    389                 unsigned char hash[20];
    390                 unsigned char cipherbytes[72];
    391         } blurb = {
    392                 GUINT32_TO_LE(28),
    393                 GUINT32_TO_LE(1),
    394                 GUINT32_TO_LE(0x6603),
    395                 GUINT32_TO_LE(0x8004),
    396                 GUINT32_TO_LE(8),
    397                 GUINT32_TO_LE(20),
    398                 GUINT32_TO_LE(72),
    399         };
    400339
    401340        if (sd->redirect) {
     
    408347        }
    409348
    410         if (sd->secret == NULL) {
     349        if (md->tokens[0] == NULL) {
    411350                msn_auth_got_passport_token(ic, NULL, sd->error ? sd->error : soap_req->error);
    412351                return MSN_SOAP_OK;
    413352        }
    414353
    415         key1_len = base64_decode(sd->secret, (unsigned char **) &key1);
    416 
    417         key2 = msn_key_fuckery(key1, key1_len, "WS-SecureConversationSESSION KEY HASH");
    418         key3 = msn_key_fuckery(key1, key1_len, "WS-SecureConversationSESSION KEY ENCRYPTION");
    419 
    420         sha1_hmac(key2, 24, sd->nonce, 0, blurb.hash);
    421         padnonce = g_malloc(strlen(sd->nonce) + 8);
    422         strcpy((char *) padnonce, sd->nonce);
    423         memset(padnonce + strlen(sd->nonce), 8, 8);
    424 
    425         random_bytes(blurb.iv, 8);
    426 
    427         ssl_des3_encrypt((unsigned char *) key3, 24, padnonce, strlen(sd->nonce) + 8, blurb.iv, &des3res);
    428         memcpy(blurb.cipherbytes, des3res, 72);
    429 
    430         blurb64 = base64_encode((unsigned char *) &blurb, sizeof(blurb));
    431         msn_auth_got_passport_token(ic, blurb64, NULL);
    432 
    433         g_free(padnonce);
    434         g_free(blurb64);
    435         g_free(des3res);
    436         g_free(key1);
    437         g_free(key2);
    438         g_free(key3);
     354        msn_auth_got_passport_token(ic, md->tokens[0], NULL);
    439355
    440356        return MSN_SOAP_OK;
     
    445361        struct msn_soap_passport_sso_data *sd = soap_req->data;
    446362
    447         g_free(sd->nonce);
    448         g_free(sd->secret);
    449363        g_free(sd->error);
    450364        g_free(sd->redirect);
     
    454368}
    455369
    456 int msn_soap_passport_sso_request(struct im_connection *ic, const char *nonce)
     370int msn_soap_passport_sso_request(struct im_connection *ic)
    457371{
    458372        struct msn_soap_passport_sso_data *sd = g_new0(struct msn_soap_passport_sso_data, 1);
    459 
    460         sd->nonce = g_strdup(nonce);
    461373
    462374        return msn_soap_start(ic, sd, msn_soap_passport_sso_build_request,
Note: See TracChangeset for help on using the changeset viewer.