diff --git a/chat/protocols/xmpp/test/test_saslPrep.js b/chat/protocols/xmpp/test/test_saslPrep.js
new file mode 100644
index 0000000000..6de8eee649
--- /dev/null
+++ b/chat/protocols/xmpp/test/test_saslPrep.js
@@ -0,0 +1,68 @@
+/* Any copyright is dedicated to the Public Domain.
+* http://creativecommons.org/publicdomain/zero/1.0/ */
+
+Components.utils.import("resource://gre/modules/Services.jsm");
+
+var xmppAuth = {};
+Services.scriptloader.loadSubScript("resource:///modules/xmpp-authmechs.jsm",
+ xmppAuth);
+
+// RFC 4013 3.Examples
+var TEST_DATA = [
+ {
+ // SOFT HYPHEN mapped to nothing.
+ input: "I\u00adX",
+ output: "IX",
+ isError: false
+ },
+ {
+ // No transformation.
+ input: "user",
+ output: "user",
+ isError: false
+ },
+ {
+ // Case preserved, will not match #2.
+ input: "USER",
+ output: "USER",
+ isError: false
+ },
+ {
+ // Output is NFKC, input in ISO 8859-1.
+ input: "\u00aa",
+ output: "a",
+ isError: false
+ },
+ {
+ // Output is NFKC, will match #1.
+ input: "\u2168",
+ output: "IX",
+ isError: false
+ },
+ {
+ // Error - prohibited character.
+ input: "\u0007",
+ output: "",
+ isError: true
+ },
+ {
+ // Error - bidirectional check.
+ input: "\u0627\u0031",
+ output: "",
+ isError: true
+ }
+];
+
+function run_test() {
+ for (let current of TEST_DATA) {
+ try{
+ let result = xmppAuth.saslPrep(current.input);
+ equal(current.isError, false);
+ equal(result, current.output);
+ } catch (e) {
+ equal(current.isError, true);
+ }
+ }
+
+ run_next_test();
+}
diff --git a/chat/protocols/xmpp/test/xpcshell.ini b/chat/protocols/xmpp/test/xpcshell.ini
index 40046e6829..0cae8f07b7 100644
--- a/chat/protocols/xmpp/test/xpcshell.ini
+++ b/chat/protocols/xmpp/test/xpcshell.ini
@@ -4,3 +4,4 @@ tail =
[test_dnsSrv.js]
[test_parseJidAndNormalization.js]
+[test_saslPrep.js]
diff --git a/chat/protocols/xmpp/xmpp-authmechs.jsm b/chat/protocols/xmpp/xmpp-authmechs.jsm
index eb03089237..f19413cb4e 100644
--- a/chat/protocols/xmpp/xmpp-authmechs.jsm
+++ b/chat/protocols/xmpp/xmpp-authmechs.jsm
@@ -14,23 +14,404 @@ this.EXPORTED_SYMBOLS = ["XMPPAuthMechanisms"];
var {classes: Cc, interfaces: Ci, utils: Cu} = Components;
+Cu.import("resource://services-crypto/utils.js");
Cu.import("resource:///modules/xmpp-xml.jsm");
-/* Handle PLAIN authorization mechanism */
-function PlainAuth(username, password, domain) {
- let data = "\0"+ username + "\0" + password;
+// Handle PLAIN authorization mechanism.
+function* PlainAuth(aUsername, aPassword, aDomain) {
+ let data = "\0"+ aUsername + "\0" + aPassword;
+
// btoa for Unicode, see https://developer.mozilla.org/en-US/docs/DOM/window.btoa
- this._base64Data = btoa(unescape(encodeURIComponent(data)));
+ let base64Data = btoa(unescape(encodeURIComponent(data)));
+
+ let stanza = yield {
+ send: Stanza.node("auth", Stanza.NS.sasl, {mechanism: "PLAIN"},
+ base64Data),
+ log: ' (base64 encoded username and password not logged)'
+ };
+
+ if (stanza.localName != "success")
+ throw "Didn't receive the expected auth success stanza.";
}
-PlainAuth.prototype = {
- next: function(aStanza) {
- return {
- done: true,
- send: Stanza.node("auth", Stanza.NS.sasl, {mechanism: "PLAIN"},
- this._base64Data),
- log: ' (base64 encoded username and password not logged)'
- };
- }
+
+// Handle SCRAM-SHA-1 authorization mechanism.
+const RFC3454 = {
+ A1: "\u0221|[\u0234-\u024f]|[\u02ae-\u02af]|[\u02ef-\u02ff]|\
+[\u0350-\u035f]|[\u0370-\u0373]|[\u0376-\u0379]|[\u037b-\u037d]|\
+[\u037f-\u0383]|\u038b|\u038d|\u03a2|\u03cf|[\u03f7-\u03ff]|\u0487|\
+\u04cf|[\u04f6-\u04f7]|[\u04fa-\u04ff]|[\u0510-\u0530]|\
+[\u0557-\u0558]|\u0560|\u0588|[\u058b-\u0590]|\u05a2|\u05ba|\
+[\u05c5-\u05cf]|[\u05eb-\u05ef]|[\u05f5-\u060b]|[\u060d-\u061a]|\
+[\u061c-\u061e]|\u0620|[\u063b-\u063f]|[\u0656-\u065f]|\
+[\u06ee-\u06ef]|\u06ff|\u070e|[\u072d-\u072f]|[\u074b-\u077f]|\
+[\u07b2-\u0900]|\u0904|[\u093a-\u093b]|[\u094e-\u094f]|\
+[\u0955-\u0957]|[\u0971-\u0980]|\u0984|[\u098d-\u098e]|\
+[\u0991-\u0992]|\u09a9|\u09b1|[\u09b3-\u09b5]|[\u09ba-\u09bb]|\u09bd|\
+[\u09c5-\u09c6]|[\u09c9-\u09ca]|[\u09ce-\u09d6]|[\u09d8-\u09db]|\
+\u09de|[\u09e4-\u09e5]|[\u09fb-\u0a01]|[\u0a03-\u0a04]|\
+[\u0a0b-\u0a0e]|[\u0a11-\u0a12]|\u0a29|\u0a31|\u0a34|\u0a37|\
+[\u0a3a-\u0a3b]|\u0a3d|[\u0a43-\u0a46]|[\u0a49-\u0a4a]|\
+[\u0a4e-\u0a58]|\u0a5d|[\u0a5f-\u0a65]|[\u0a75-\u0a80]|\u0a84|\u0a8c|\
+\u0a8e|\u0a92|\u0aa9|\u0ab1|\u0ab4|[\u0aba-\u0abb]|\u0ac6|\u0aca|\
+[\u0ace-\u0acf]|[\u0ad1-\u0adf]|[\u0ae1-\u0ae5]|[\u0af0-\u0b00]|\
+\u0b04|[\u0b0d-\u0b0e]|[\u0b11-\u0b12]|\u0b29|\u0b31|[\u0b34-\u0b35]|\
+[\u0b3a-\u0b3b]|[\u0b44-\u0b46]|[\u0b49-\u0b4a]|[\u0b4e-\u0b55]|\
+[\u0b58-\u0b5b]|\u0b5e|[\u0b62-\u0b65]|[\u0b71-\u0b81]|\u0b84|\
+[\u0b8b-\u0b8d]|\u0b91|[\u0b96-\u0b98]|\u0b9b|\u0b9d|[\u0ba0-\u0ba2]|\
+[\u0ba5-\u0ba7]|[\u0bab-\u0bad]|\u0bb6|[\u0bba-\u0bbd]|\
+[\u0bc3-\u0bc5]|\u0bc9|[\u0bce-\u0bd6]|[\u0bd8-\u0be6]|\
+[\u0bf3-\u0c00]|\u0c04|\u0c0d|\u0c11|\u0c29|\u0c34|[\u0c3a-\u0c3d]|\
+\u0c45|\u0c49|[\u0c4e-\u0c54]|[\u0c57-\u0c5f]|[\u0c62-\u0c65]|\
+[\u0c70-\u0c81]|\u0c84|\u0c8d|\u0c91|\u0ca9|\u0cb4|[\u0cba-\u0cbd]|\
+\u0cc5|\u0cc9|[\u0cce-\u0cd4]|[\u0cd7-\u0cdd]|\u0cdf|[\u0ce2-\u0ce5]|\
+[\u0cf0-\u0d01]|\u0d04|\u0d0d|\u0d11|\u0d29|[\u0d3a-\u0d3d]|\
+[\u0d44-\u0d45]|\u0d49|[\u0d4e-\u0d56]|[\u0d58-\u0d5f]|\
+[\u0d62-\u0d65]|[\u0d70-\u0d81]|\u0d84|[\u0d97-\u0d99]|\u0db2|\u0dbc|\
+[\u0dbe-\u0dbf]|[\u0dc7-\u0dc9]|[\u0dcb-\u0dce]|\u0dd5|\u0dd7|\
+[\u0de0-\u0df1]|[\u0df5-\u0e00]|[\u0e3b-\u0e3e]|[\u0e5c-\u0e80]|\
+\u0e83|[\u0e85-\u0e86]|\u0e89|[\u0e8b-\u0e8c]|[\u0e8e-\u0e93]|\u0e98|\
+\u0ea0|\u0ea4|\u0ea6|[\u0ea8-\u0ea9]|\u0eac|\u0eba|[\u0ebe-\u0ebf]|\
+\u0ec5|\u0ec7|[\u0ece-\u0ecf]|[\u0eda-\u0edb]|[\u0ede-\u0eff]|\u0f48|\
+[\u0f6b-\u0f70]|[\u0f8c-\u0f8f]|\u0f98|\u0fbd|[\u0fcd-\u0fce]|\
+[\u0fd0-\u0fff]|\u1022|\u1028|\u102b|[\u1033-\u1035]|[\u103a-\u103f]|\
+[\u105a-\u109f]|[\u10c6-\u10cf]|[\u10f9-\u10fa]|[\u10fc-\u10ff]|\
+[\u115a-\u115e]|[\u11a3-\u11a7]|[\u11fa-\u11ff]|\u1207|\u1247|\u1249|\
+[\u124e-\u124f]|\u1257|\u1259|[\u125e-\u125f]|\u1287|\u1289|\
+[\u128e-\u128f]|\u12af|\u12b1|[\u12b6-\u12b7]|\u12bf|\u12c1|\
+[\u12c6-\u12c7]|\u12cf|\u12d7|\u12ef|\u130f|\u1311|[\u1316-\u1317]|\
+\u131f|\u1347|[\u135b-\u1360]|[\u137d-\u139f]|[\u13f5-\u1400]|\
+[\u1677-\u167f]|[\u169d-\u169f]|[\u16f1-\u16ff]|\u170d|\
+[\u1715-\u171f]|[\u1737-\u173f]|[\u1754-\u175f]|\u176d|\u1771|\
+[\u1774-\u177f]|[\u17dd-\u17df]|[\u17ea-\u17ff]|\u180f|\
+[\u181a-\u181f]|[\u1878-\u187f]|[\u18aa-\u1dff]|[\u1e9c-\u1e9f]|\
+[\u1efa-\u1eff]|[\u1f16-\u1f17]|[\u1f1e-\u1f1f]|[\u1f46-\u1f47]|\
+[\u1f4e-\u1f4f]|\u1f58|\u1f5a|\u1f5c|\u1f5e|[\u1f7e-\u1f7f]|\u1fb5|\
+\u1fc5|[\u1fd4-\u1fd5]|\u1fdc|[\u1ff0-\u1ff1]|\u1ff5|\u1fff|\
+[\u2053-\u2056]|[\u2058-\u205e]|[\u2064-\u2069]|[\u2072-\u2073]|\
+[\u208f-\u209f]|[\u20b2-\u20cf]|[\u20eb-\u20ff]|[\u213b-\u213c]|\
+[\u214c-\u2152]|[\u2184-\u218f]|[\u23cf-\u23ff]|[\u2427-\u243f]|\
+[\u244b-\u245f]|\u24ff|[\u2614-\u2615]|\u2618|[\u267e-\u267f]|\
+[\u268a-\u2700]|\u2705|[\u270a-\u270b]|\u2728|\u274c|\u274e|\
+[\u2753-\u2755]|\u2757|[\u275f-\u2760]|[\u2795-\u2797]|\u27b0|\
+[\u27bf-\u27cf]|[\u27ec-\u27ef]|[\u2b00-\u2e7f]|\u2e9a|\
+[\u2ef4-\u2eff]|[\u2fd6-\u2fef]|[\u2ffc-\u2fff]|\u3040|\
+[\u3097-\u3098]|[\u3100-\u3104]|[\u312d-\u3130]|\u318f|\
+[\u31b8-\u31ef]|[\u321d-\u321f]|[\u3244-\u3250]|[\u327c-\u327e]|\
+[\u32cc-\u32cf]|\u32ff|[\u3377-\u337a]|[\u33de-\u33df]|\u33ff|\
+[\u4db6-\u4dff]|[\u9fa6-\u9fff]|[\ua48d-\ua48f]|[\ua4c7-\uabff]|\
+[\ud7a4-\ud7ff]|[\ufa2e-\ufa2f]|[\ufa6b-\ufaff]|[\ufb07-\ufb12]|\
+[\ufb18-\ufb1c]|\ufb37|\ufb3d|\ufb3f|\ufb42|\ufb45|[\ufbb2-\ufbd2]|\
+[\ufd40-\ufd4f]|[\ufd90-\ufd91]|[\ufdc8-\ufdcf]|[\ufdfd-\ufdff]|\
+[\ufe10-\ufe1f]|[\ufe24-\ufe2f]|[\ufe47-\ufe48]|\ufe53|\ufe67|\
+[\ufe6c-\ufe6f]|\ufe75|[\ufefd-\ufefe]|\uff00|[\uffbf-\uffc1]|\
+[\uffc8-\uffc9]|[\uffd0-\uffd1]|[\uffd8-\uffd9]|[\uffdd-\uffdf]|\
+\uffe7|[\uffef-\ufff8]|[\u{10000}-\u{102ff}]|\u{1031f}|\
+[\u{10324}-\u{1032f}]|[\u{1034b}-\u{103ff}]|[\u{10426}-\u{10427}]|\
+[\u{1044e}-\u{1cfff}]|[\u{1d0f6}-\u{1d0ff}]|[\u{1d127}-\u{1d129}]|\
+[\u{1d1de}-\u{1d3ff}]|\u{1d455}|\u{1d49d}|[\u{1d4a0}-\u{1d4a1}]|\
+[\u{1d4a3}-\u{1d4a4}]|[\u{1d4a7}-\u{1d4a8}]|\u{1d4ad}|\u{1d4ba}|\
+\u{1d4bc}|\u{1d4c1}|\u{1d4c4}|\u{1d506}|[\u{1d50b}-\u{1d50c}]|\
+\u{1d515}|\u{1d51d}|\u{1d53a}|\u{1d53f}|\u{1d545}|\
+[\u{1d547}-\u{1d549}]|\u{1d551}|[\u{1d6a4}-\u{1d6a7}]|\
+[\u{1d7ca}-\u{1d7cd}]|[\u{1d800}-\u{1fffd}]|[\u{2a6d7}-\u{2f7ff}]|\
+[\u{2fa1e}-\u{2fffd}]|[\u{30000}-\u{3fffd}]|[\u{40000}-\u{4fffd}]|\
+[\u{50000}-\u{5fffd}]|[\u{60000}-\u{6fffd}]|[\u{70000}-\u{7fffd}]|\
+[\u{80000}-\u{8fffd}]|[\u{90000}-\u{9fffd}]|[\u{a0000}-\u{afffd}]|\
+[\u{b0000}-\u{bfffd}]|[\u{c0000}-\u{cfffd}]|[\u{d0000}-\u{dfffd}]|\
+\u{e0000}|[\u{e0002}-\u{e001f}]|[\u{e0080}-\u{efffd}]",
+ B1: "\u00ad|\u034f|\u1806|[\u180b-\u180d]|[\u200b-\u200d]|\u2060|\
+[\ufe00-\ufe0f]|\ufeff",
+ C12: "\u00a0|\u1680|[\u2000-\u200b]|\u202f|\u205f|\u3000",
+ C21: "[\u0000-\u001f]|\u007f",
+ C22: "[\u0080-\u009f]|\u06dd|\u070f|\u180e|\u200c|\u200d|\u2028|\u2029|\
+[\u2060-\u2063]|[\u206a-\u206f]|\ufeff|[\ufff9-\ufffc]",
+ C3: "[\ue000-\uf8ff]|[\u{f0000}-\u{ffffd}]|[\u{100000}-\u{10fffd}]",
+ C4: "[\ufdd0-\ufdef]|[\ufffe-\uffff]|[\u{1fffe}-\u{1ffff}]|\
+[\u{2fffe}-\u{2ffff}]|[\u{3fffe}-\u{3ffff}]|[\u{4fffe}-\u{4ffff}]|\
+[\u{5fffe}-\u{5ffff}]|[\u{6fffe}-\u{6ffff}]|[\u{7fffe}-\u{7ffff}]|\
+[\u{8fffe}-\u{8ffff}]|[\u{9fffe}-\u{9ffff}]|[\u{afffe}-\u{affff}]|\
+[\u{bfffe}-\u{bffff}]|[\u{cfffe}-\u{cffff}]|[\u{dfffe}-\u{dffff}]|\
+[\u{efffe}-\u{effff}]|[\u{ffffe}-\u{fffff}]|[\u{10fffe}-\u{10ffff}]",
+ C5: "[\ud800-\udfff]",
+ C6: "\ufff9|[\ufffa-\ufffd]",
+ C7: "[\u2ff0-\u2ffb]",
+ C8: "\u0340|\u0341|\u200e|\u200f|[\u202a-\u202e]|[\u206a-\u206f]",
+ C9: "\u{e0001}|[\u{e0020}-\u{e007f}]",
+ D1: "\u05be|\u05c0|\u05c3|[\u05d0-\u05ea]|[\u05f0-\u05f4]|\u061b|\u061f|\
+[\u0621-\u063a]|[\u0640-\u064a]|[\u066d-\u066f]|[\u0671-\u06d5]|\
+\u06dd|[\u06e5-\u06e6]|[\u06fa-\u06fe]|[\u0700-\u070d]|\u0710|\
+[\u0712-\u072c]|[\u0780-\u07a5]|\u07b1|\u200f|\ufb1d|[\ufb1f-\ufb28]|\
+[\ufb2a-\ufb36]|[\ufb38-\ufb3c]|\ufb3e|[\ufb40-\ufb41]|\
+[\ufb43-\ufb44]|[\ufb46-\ufbb1]|[\ufbd3-\ufd3d]|[\ufd50-\ufd8f]|\
+[\ufd92-\ufdc7]|[\ufdf0-\ufdfc]|[\ufe70-\ufe74]|[\ufe76-\ufefc]",
+ D2: "[\u0041-\u005a]|[\u0061-\u007a]|\u00aa|\u00b5|\u00ba|[\u00c0-\u00d6]|\
+[\u00d8-\u00f6]|[\u00f8-\u0220]|[\u0222-\u0233]|[\u0250-\u02ad]|\
+[\u02b0-\u02b8]|[\u02bb-\u02c1]|[\u02d0-\u02d1]|[\u02e0-\u02e4]|\
+\u02ee|\u037a|\u0386|[\u0388-\u038a]|\u038c|[\u038e-\u03a1]|\
+[\u03a3-\u03ce]|[\u03d0-\u03f5]|[\u0400-\u0482]|[\u048a-\u04ce]|\
+[\u04d0-\u04f5]|[\u04f8-\u04f9]|[\u0500-\u050f]|[\u0531-\u0556]|\
+[\u0559-\u055f]|[\u0561-\u0587]|\u0589|\u0903|[\u0905-\u0939]|\
+[\u093d-\u0940]|[\u0949-\u094c]|\u0950|[\u0958-\u0961]|\
+[\u0964-\u0970]|[\u0982-\u0983]|[\u0985-\u098c]|[\u098f-\u0990]|\
+[\u0993-\u09a8]|[\u09aa-\u09b0]|\u09b2|[\u09b6-\u09b9]|\
+[\u09be-\u09c0]|[\u09c7-\u09c8]|[\u09cb-\u09cc]|\u09d7|\
+[\u09dc-\u09dd]|[\u09df-\u09e1]|[\u09e6-\u09f1]|[\u09f4-\u09fa]|\
+[\u0a05-\u0a0a]|[\u0a0f-\u0a10]|[\u0a13-\u0a28]|[\u0a2a-\u0a30]|\
+[\u0a32-\u0a33]|[\u0a35-\u0a36]|[\u0a38-\u0a39]|[\u0a3e-\u0a40]|\
+[\u0a59-\u0a5c]|\u0a5e|[\u0a66-\u0a6f]|[\u0a72-\u0a74]|\u0a83|\
+[\u0a85-\u0a8b]|\u0a8d|[\u0a8f-\u0a91]|[\u0a93-\u0aa8]|\
+[\u0aaa-\u0ab0]|[\u0ab2-\u0ab3]|[\u0ab5-\u0ab9]|[\u0abd-\u0ac0]|\
+\u0ac9|[\u0acb-\u0acc]|\u0ad0|\u0ae0|[\u0ae6-\u0aef]|[\u0b02-\u0b03]|\
+[\u0b05-\u0b0c]|[\u0b0f-\u0b10]|[\u0b13-\u0b28]|[\u0b2a-\u0b30]|\
+[\u0b32-\u0b33]|[\u0b36-\u0b39]|[\u0b3d-\u0b3e]|\u0b40|\
+[\u0b47-\u0b48]|[\u0b4b-\u0b4c]|\u0b57|[\u0b5c-\u0b5d]|\
+[\u0b5f-\u0b61]|[\u0b66-\u0b70]|\u0b83|[\u0b85-\u0b8a]|\
+[\u0b8e-\u0b90]|[\u0b92-\u0b95]|[\u0b99-\u0b9a]|\u0b9c|\
+[\u0b9e-\u0b9f]|[\u0ba3-\u0ba4]|[\u0ba8-\u0baa]|[\u0bae-\u0bb5]|\
+[\u0bb7-\u0bb9]|[\u0bbe-\u0bbf]|[\u0bc1-\u0bc2]|[\u0bc6-\u0bc8]|\
+[\u0bca-\u0bcc]|\u0bd7|[\u0be7-\u0bf2]|[\u0c01-\u0c03]|\
+[\u0c05-\u0c0c]|[\u0c0e-\u0c10]|[\u0c12-\u0c28]|[\u0c2a-\u0c33]|\
+[\u0c35-\u0c39]|[\u0c41-\u0c44]|[\u0c60-\u0c61]|[\u0c66-\u0c6f]|\
+[\u0c82-\u0c83]|[\u0c85-\u0c8c]|[\u0c8e-\u0c90]|[\u0c92-\u0ca8]|\
+[\u0caa-\u0cb3]|[\u0cb5-\u0cb9]|\u0cbe|[\u0cc0-\u0cc4]|\
+[\u0cc7-\u0cc8]|[\u0cca-\u0ccb]|[\u0cd5-\u0cd6]|\u0cde|\
+[\u0ce0-\u0ce1]|[\u0ce6-\u0cef]|[\u0d02-\u0d03]|[\u0d05-\u0d0c]|\
+[\u0d0e-\u0d10]|[\u0d12-\u0d28]|[\u0d2a-\u0d39]|[\u0d3e-\u0d40]|\
+[\u0d46-\u0d48]|[\u0d4a-\u0d4c]|\u0d57|[\u0d60-\u0d61]|\
+[\u0d66-\u0d6f]|[\u0d82-\u0d83]|[\u0d85-\u0d96]|[\u0d9a-\u0db1]|\
+[\u0db3-\u0dbb]|\u0dbd|[\u0dc0-\u0dc6]|[\u0dcf-\u0dd1]|\
+[\u0dd8-\u0ddf]|[\u0df2-\u0df4]|[\u0e01-\u0e30]|[\u0e32-\u0e33]|\
+[\u0e40-\u0e46]|[\u0e4f-\u0e5b]|[\u0e81-\u0e82]|\u0e84|\
+[\u0e87-\u0e88]|\u0e8a|\u0e8d|[\u0e94-\u0e97]|[\u0e99-\u0e9f]|\
+[\u0ea1-\u0ea3]|\u0ea5|\u0ea7|[\u0eaa-\u0eab]|[\u0ead-\u0eb0]|\
+[\u0eb2-\u0eb3]|\u0ebd|[\u0ec0-\u0ec4]|\u0ec6|[\u0ed0-\u0ed9]|\
+[\u0edc-\u0edd]|[\u0f00-\u0f17]|[\u0f1a-\u0f34]|\u0f36|\u0f38|\
+[\u0f3e-\u0f47]|[\u0f49-\u0f6a]|\u0f7f|\u0f85|[\u0f88-\u0f8b]|\
+[\u0fbe-\u0fc5]|[\u0fc7-\u0fcc]|\u0fcf|[\u1000-\u1021]|\
+[\u1023-\u1027]|[\u1029-\u102a]|\u102c|\u1031|\u1038|[\u1040-\u1057]|\
+[\u10a0-\u10c5]|[\u10d0-\u10f8]|\u10fb|[\u1100-\u1159]|\
+[\u115f-\u11a2]|[\u11a8-\u11f9]|[\u1200-\u1206]|[\u1208-\u1246]|\
+\u1248|[\u124a-\u124d]|[\u1250-\u1256]|\u1258|[\u125a-\u125d]|\
+[\u1260-\u1286]|\u1288|[\u128a-\u128d]|[\u1290-\u12ae]|\u12b0|\
+[\u12b2-\u12b5]|[\u12b8-\u12be]|\u12c0|[\u12c2-\u12c5]|\
+[\u12c8-\u12ce]|[\u12d0-\u12d6]|[\u12d8-\u12ee]|[\u12f0-\u130e]|\
+\u1310|[\u1312-\u1315]|[\u1318-\u131e]|[\u1320-\u1346]|\
+[\u1348-\u135a]|[\u1361-\u137c]|[\u13a0-\u13f4]|[\u1401-\u1676]|\
+[\u1681-\u169a]|[\u16a0-\u16f0]|[\u1700-\u170c]|[\u170e-\u1711]|\
+[\u1720-\u1731]|[\u1735-\u1736]|[\u1740-\u1751]|[\u1760-\u176c]|\
+[\u176e-\u1770]|[\u1780-\u17b6]|[\u17be-\u17c5]|[\u17c7-\u17c8]|\
+[\u17d4-\u17da]|\u17dc|[\u17e0-\u17e9]|[\u1810-\u1819]|\
+[\u1820-\u1877]|[\u1880-\u18a8]|[\u1e00-\u1e9b]|[\u1ea0-\u1ef9]|\
+[\u1f00-\u1f15]|[\u1f18-\u1f1d]|[\u1f20-\u1f45]|[\u1f48-\u1f4d]|\
+[\u1f50-\u1f57]|\u1f59|\u1f5b|\u1f5d|[\u1f5f-\u1f7d]|[\u1f80-\u1fb4]|\
+[\u1fb6-\u1fbc]|\u1fbe|[\u1fc2-\u1fc4]|[\u1fc6-\u1fcc]|\
+[\u1fd0-\u1fd3]|[\u1fd6-\u1fdb]|[\u1fe0-\u1fec]|[\u1ff2-\u1ff4]|\
+[\u1ff6-\u1ffc]|\u200e|\u2071|\u207f|\u2102|\u2107|[\u210a-\u2113]|\
+\u2115|[\u2119-\u211d]|\u2124|\u2126|\u2128|[\u212a-\u212d]|\
+[\u212f-\u2131]|[\u2133-\u2139]|[\u213d-\u213f]|[\u2145-\u2149]|\
+[\u2160-\u2183]|[\u2336-\u237a]|\u2395|[\u249c-\u24e9]|\
+[\u3005-\u3007]|[\u3021-\u3029]|[\u3031-\u3035]|[\u3038-\u303c]|\
+[\u3041-\u3096]|[\u309d-\u309f]|[\u30a1-\u30fa]|[\u30fc-\u30ff]|\
+[\u3105-\u312c]|[\u3131-\u318e]|[\u3190-\u31b7]|[\u31f0-\u321c]|\
+[\u3220-\u3243]|[\u3260-\u327b]|[\u327f-\u32b0]|[\u32c0-\u32cb]|\
+[\u32d0-\u32fe]|[\u3300-\u3376]|[\u337b-\u33dd]|[\u33e0-\u33fe]|\
+[\u3400-\u4db5]|[\u4e00-\u9fa5]|[\ua000-\ua48c]|[\uac00-\ud7a3]|\
+[\ud800-\ufa2d]|[\ufa30-\ufa6a]|[\ufb00-\ufb06]|[\ufb13-\ufb17]|\
+[\uff21-\uff3a]|[\uff41-\uff5a]|[\uff66-\uffbe]|[\uffc2-\uffc7]|\
+[\uffca-\uffcf]|[\uffd2-\uffd7]|[\uffda-\uffdc]|[\u{10300}-\u{1031e}]|\
+[\u{10320}-\u{10323}]|[\u{10330}-\u{1034a}]|[\u{10400}-\u{10425}]|\
+[\u{10428}-\u{1044d}]|[\u{1d000}-\u{1d0f5}]|[\u{1d100}-\u{1d126}]|\
+[\u{1d12a}-\u{1d166}]|[\u{1d16a}-\u{1d172}]|[\u{1d183}-\u{1d184}]|\
+[\u{1d18c}-\u{1d1a9}]|[\u{1d1ae}-\u{1d1dd}]|[\u{1d400}-\u{1d454}]|\
+[\u{1d456}-\u{1d49c}]|[\u{1d49e}-\u{1d49f}]|\u{1d4a2}|\
+[\u{1d4a5}-\u{1d4a6}]|[\u{1d4a9}-\u{1d4ac}]|[\u{1d4ae}-\u{1d4b9}]|\
+\u{1d4bb}|[\u{1d4bd}-\u{1d4c0}]|[\u{1d4c2}-\u{1d4c3}]|\
+[\u{1d4c5}-\u{1d505}]|[\u{1d507}-\u{1d50a}]|[\u{1d50d}-\u{1d514}]|\
+[\u{1d516}-\u{1d51c}]|[\u{1d51e}-\u{1d539}]|[\u{1d53b}-\u{1d53e}]|\
+[\u{1d540}-\u{1d544}]|\u{1d546}|[\u{1d54a}-\u{1d550}]|\
+[\u{1d552}-\u{1d6a3}]|[\u{1d6a8}-\u{1d7c9}]|[\u{20000}-\u{2a6d6}]|\
+[\u{2f800}-\u{2fa1d}]|[\u{f0000}-\u{ffffd}]|[\u{100000}-\u{10fffd}]"
};
-var XMPPAuthMechanisms = {"PLAIN": PlainAuth};
+// Generates a random nonce and returns a base64 encoded string.
+// aLength in bytes.
+function createNonce(aLength) {
+ // RFC 5802 (5.1): Printable ASCII except ",".
+ // We guarantee a vaild nonce value using base64 encoding.
+ return btoa(CryptoUtils.generateRandomBytes(aLength));
+}
+
+// Parses the string of server's response (aChallenge) into an object.
+function parseChallenge(aChallenge) {
+ let attributes = {};
+ aChallenge.split(",").forEach(value => {
+ let match = /^(\w)=([\s\S]*)$/.exec(value);
+ if (match)
+ attributes[match[1]] = match[2];
+ });
+ return attributes;
+}
+
+// RFC 4013 and RFC 3454: Stringprep Profile for User Names and Passwords.
+function saslPrep(aString) {
+ // RFC 4013 2.1: non-ASCII space characters (RFC 3454 C.1.2) mapped to space.
+ let retVal = aString.replace(new RegExp(RFC3454.C12, "u"), " ");
+
+ // RFC 4013 2.1: RFC 3454 3.1, B.1: Map certain codepoints to nothing.
+ retVal = retVal.replace(new RegExp(RFC3454.B1, "u"), "");
+
+ // RFC 4013 2.2 asks for Unicode normalization form KC, which corresponds to
+ // RFC 3454 B.2.
+ retVal = retVal.normalize("NFKC");
+
+ // RFC 4013 2.3: Prohibited Output and 2.5: Unassigned Code Points.
+ let matchStr =
+ RFC3454.C12 + "|" + RFC3454.C21 + "|" + RFC3454.C22 + "|" + RFC3454.C3 +
+ "|" + RFC3454.C4 + "|" + RFC3454.C5 + "|" + RFC3454.C6 + "|" + RFC3454.C7 +
+ "|" + RFC3454.C8 + "|" + RFC3454.C9 + "|" + RFC3454.A1;
+ let match = new RegExp(matchStr, "u").test(retVal);
+ if (match)
+ throw "String contains prohibited characters";
+
+ // RFC 4013 2.4: Bidirectional Characters.
+ let r = new RegExp(RFC3454.D1, "u").test(retVal);
+ let l = new RegExp(RFC3454.D2, "u").test(retVal);
+ if (l && r)
+ throw "String must not contain LCat and RandALCat characters together";
+ else if (r) {
+ let matchFirst = new RegExp("^(" + RFC3454.D1 + ")", "u").test(retVal);
+ let matchLast = new RegExp("(" + RFC3454.D1 + ")$", "u").test(retVal);
+ if (!matchFirst || !matchLast)
+ throw "A RandALCat character must be the first and the last character";
+ }
+
+ return retVal;
+}
+
+// Converts aName to saslname.
+function saslName(aName) {
+ // RFC 5802 (5.1): the client SHOULD prepare the username using the "SASLprep".
+ // The characters ’,’ or ’=’ in usernames are sent as ’=2C’ and
+ // ’=3D’ respectively.
+ let saslName = saslPrep(aName).replace(/=/g,"=3D").replace(/,/g, "=2C");
+ if (!saslName)
+ throw "Name is not valid";
+
+ return saslName;
+}
+
+// Converts aMessage to array of bytes then apply SHA-1 hashing.
+function bytesAndSHA1(aMessage) {
+ let hasher =
+ Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+ hasher.init(hasher.SHA1);
+
+ return CryptoUtils.digestBytes(aMessage, hasher);
+}
+
+function* scramSHA1Auth(aUsername, aPassword, aDomain) {
+ // RFC 5802 (5): SCRAM Authentication Exchange.
+ const gs2Header = "n,,";
+ let cNonce = createNonce(32);
+
+ let clientFirstMessageBare =
+ "n=" + saslName(aUsername) + ",r=" + cNonce;
+ let clientFirstMessage = gs2Header + clientFirstMessageBare;
+
+ let receivedStanza = yield {
+ send: Stanza.node("auth", Stanza.NS.sasl, {mechanism: "SCRAM-SHA-1"},
+ btoa(clientFirstMessage))
+ };
+
+ if (receivedStanza.localName != "challenge")
+ throw "Not authorized";
+
+ // RFC 5802 (3): SCRAM Algorithm Overview.
+ let decodedChallenge = atob(receivedStanza.innerText);
+
+ // Expected to contain the user’s iteration count (i) and the user’s
+ // salt (s), and the server appends its own nonce to the client-specified
+ // one (r).
+ let attributes = parseChallenge(decodedChallenge);
+ if (attributes.hasOwnProperty("e"))
+ throw "Authentication failed: " + attributes.e;
+ else if (!attributes.hasOwnProperty("i") ||
+ !attributes.hasOwnProperty("s") ||
+ !attributes.hasOwnProperty("r")) {
+ throw "Unexpected response: " + decodedChallenge;
+ }
+ if (!attributes.r.startsWith(cNonce))
+ throw "Nonce is not correct";
+
+ let clientFinalMessageWithoutProof =
+ "c=" + btoa(gs2Header) + ",r=" + attributes.r;
+
+ // Calculate ClientProof.
+
+ // SaltedPassword := Hi(Normalize(password), salt, i)
+ // Normalize using saslPrep.
+ // dkLen MUST be equal to the SHA-1 digest size.
+ let saltedPassword =
+ CryptoUtils.pbkdf2Generate(saslPrep(aPassword), atob(attributes.s),
+ parseInt(attributes.i), 20);
+
+ // ClientKey := HMAC(SaltedPassword, "Client Key")
+ let saltedPasswordHasher =
+ CryptoUtils.makeHMACHasher(Ci.nsICryptoHMAC.SHA1,
+ CryptoUtils.makeHMACKey(saltedPassword));
+ let clientKey = CryptoUtils.digestBytes("Client Key", saltedPasswordHasher);
+
+ // StoredKey := H(ClientKey)
+ let storedKey = bytesAndSHA1(clientKey);
+
+ let authMessage =
+ clientFirstMessageBare + "," + decodedChallenge + "," +
+ clientFinalMessageWithoutProof;
+
+ // ClientSignature := HMAC(StoredKey, AuthMessage)
+ let storedKeyHasher =
+ CryptoUtils.makeHMACHasher(Ci.nsICryptoHMAC.SHA1,
+ CryptoUtils.makeHMACKey(storedKey));
+ let clientSignature = CryptoUtils.digestBytes(authMessage, storedKeyHasher);
+
+ // ClientProof := ClientKey XOR ClientSignature
+ let clientProof = CryptoUtils.xor(clientKey, clientSignature);
+
+ // Calculate ServerSignature.
+
+ // ServerKey := HMAC(SaltedPassword, "Server Key")
+ let serverKey = CryptoUtils.digestBytes("Server Key", saltedPasswordHasher);
+
+ // ServerSignature := HMAC(ServerKey, AuthMessage)
+ let serverKeyHasher =
+ CryptoUtils.makeHMACHasher(Ci.nsICryptoHMAC.SHA1,
+ CryptoUtils.makeHMACKey(serverKey));
+ let serverSignature = CryptoUtils.digestBytes(authMessage, serverKeyHasher);
+
+ let clientFinalMessage =
+ clientFinalMessageWithoutProof + ",p=" + btoa(clientProof);
+
+ receivedStanza = yield {
+ send: Stanza.node("response", Stanza.NS.sasl, null, btoa(clientFinalMessage)),
+ log: ' (base64 encoded SCRAM response containing password not logged)'
+ };
+
+ // Only check server signature if we succeed to authenticate.
+ if (receivedStanza.localName != "success")
+ throw "Didn't receive the expected auth success stanza.";
+
+ let decodedResponse = atob(receivedStanza.innerText);
+
+ // Expected to contain a base64-encoded ServerSignature (v).
+ attributes = parseChallenge(decodedResponse);
+ if (!attributes.hasOwnProperty("v"))
+ throw "Unexpected response: " + decodedResponse;
+
+ // Compare ServerSignature with our ServerSignature which we calculated in
+ // _generateResponse.
+ let serverSignatureResponse = atob(attributes.v);
+ if (serverSignature != serverSignatureResponse)
+ throw "Server signature does not match";
+}
+
+var XMPPAuthMechanisms = {"PLAIN": PlainAuth, "SCRAM-SHA-1": scramSHA1Auth};
diff --git a/chat/protocols/xmpp/xmpp-session.jsm b/chat/protocols/xmpp/xmpp-session.jsm
index e6fac7f805..48c689d7f5 100644
--- a/chat/protocols/xmpp/xmpp-session.jsm
+++ b/chat/protocols/xmpp/xmpp-session.jsm
@@ -425,9 +425,9 @@ XMPPSession.prototype = {
_("connection.error.noCompatibleAuthMec"));
return;
}
- let authMec = new authMechanisms[selectedMech](this._jid.node,
- this._password,
- this._domain);
+ let authMec = authMechanisms[selectedMech](this._jid.node,
+ this._password,
+ this._domain);
this._password = null;
this._account.reportConnecting(_("connection.authenticating"));
@@ -437,8 +437,10 @@ XMPPSession.prototype = {
authDialog: function(aAuthMec, aStanza) {
if (aStanza && aStanza.localName == "failure") {
let errorMsg = "authenticationFailure";
- if (aStanza.getElement(["not-authorized"]))
+ if (aStanza.getElement(["not-authorized"]) ||
+ aStanza.getElement(["bad-auth"])) {
errorMsg = "notAuthorized";
+ }
this.onError(Ci.prplIAccount.ERROR_AUTHENTICATION_FAILED,
_("connection.error." + errorMsg));
return;
@@ -454,20 +456,12 @@ XMPPSession.prototype = {
return;
}
- if (result.send)
- this.send(result.send.getXML(), result.log);
- if (result.done)
- this.onXmppStanza = this.stanzaListeners.authResult;
- },
- authResult: function(aStanza) {
- if (aStanza.localName != "success") {
- this.onError(Ci.prplIAccount.ERROR_AUTHENTICATION_FAILED,
- _("connection.error.notAuthorized"));
- return;
+ if (result.value && result.value.send)
+ this.send(result.value.send.getXML(), result.value.log);
+ if (result.done) {
+ this.startStream();
+ this.onXmppStanza = this.stanzaListeners.startBind;
}
-
- this.startStream();
- this.onXmppStanza = this.stanzaListeners.startBind;
},
startBind: function(aStanza) {
if (!aStanza.getElement(["bind"])) {