prosody
a5f4de8c0b40
util/sasl/scram.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

util/sasl/scram.lua @ 5835:a5f4de8c0b40

util.sasl.scram: Validate channel binding data of client final message.
author Tobias Markmann <tm@ayena.de>
date Mon, 17 Jan 2011 16:50:21 +0100
parent 5833:b1fa865ee6b2
child 5836:fa8cfe830fef
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
1 -- sasl.lua v0.4
3094
5f625411b463 util.sasl: 2009 -> 2010 in copyright header.
Tobias Markmann <tm@ayena.de>
parents: 2648
diff changeset
2 -- Copyright (C) 2008-2010 Tobias Markmann
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
3 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
4 -- All rights reserved.
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
5 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
7 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
11 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
13
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
14 local s_match = string.match;
2198
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
15 local type = type
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
16 local string = string
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
17 local tostring = tostring;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
18 local base64 = require "util.encodings".base64;
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
19 local hmac_sha1 = require "util.hmac".sha1;
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
20 local sha1 = require "util.hashes".sha1;
2196
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state.
Tobias Markmann <tm@ayena.de>
parents: 2194
diff changeset
21 local generate_uuid = require "util.uuid".generate;
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
22 local saslprep = require "util.encodings".stringprep.saslprep;
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
23 local log = require "util.logger".init("sasl");
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
24 local t_concat = table.concat;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
25 local char = string.char;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
26 local byte = string.byte;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
27
2206
Tobias Markmann <tm@ayena.de>
parents: 2205
diff changeset
28 module "scram"
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
29
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
30 --=========================
3374
ce52f1d5cb74 util.sasl.scram: Reference actual RFC instead of the draft.
Tobias Markmann <tm@ayena.de>
parents: 3206
diff changeset
31 --SASL SCRAM-SHA-1 according to RFC 5802
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
32
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
33 --[[
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
34 Supported Authentication Backends
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
35
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
36 scram_{MECH}:
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
37 -- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_'
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
38 function(username, realm)
3205
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
39 return stored_key, server_key, iteration_count, salt, state;
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
40 end
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
41 ]]
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
42
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
43 local default_i = 4096
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
44
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
45 local function bp( b )
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
46 local result = ""
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
47 for i=1, b:len() do
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
48 result = result.."\\"..b:byte(i)
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
49 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
50 return result
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
51 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
52
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
53 local xor_map = {0;1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;1;0;3;2;5;4;7;6;9;8;11;10;13;12;15;14;2;3;0;1;6;7;4;5;10;11;8;9;14;15;12;13;3;2;1;0;7;6;5;4;11;10;9;8;15;14;13;12;4;5;6;7;0;1;2;3;12;13;14;15;8;9;10;11;5;4;7;6;1;0;3;2;13;12;15;14;9;8;11;10;6;7;4;5;2;3;0;1;14;15;12;13;10;11;8;9;7;6;5;4;3;2;1;0;15;14;13;12;11;10;9;8;8;9;10;11;12;13;14;15;0;1;2;3;4;5;6;7;9;8;11;10;13;12;15;14;1;0;3;2;5;4;7;6;10;11;8;9;14;15;12;13;2;3;0;1;6;7;4;5;11;10;9;8;15;14;13;12;3;2;1;0;7;6;5;4;12;13;14;15;8;9;10;11;4;5;6;7;0;1;2;3;13;12;15;14;9;8;11;10;5;4;7;6;1;0;3;2;14;15;12;13;10;11;8;9;6;7;4;5;2;3;0;1;15;14;13;12;11;10;9;8;7;6;5;4;3;2;1;0;};
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
54
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
55 local result = {};
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
56 local function binaryXOR( a, b )
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
57 for i=1, #a do
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
58 local x, y = byte(a, i), byte(b, i);
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
59 local lowx, lowy = x % 16, y % 16;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
60 local hix, hiy = (x - lowx) / 16, (y - lowy) / 16;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
61 local lowr, hir = xor_map[lowx * 16 + lowy + 1], xor_map[hix * 16 + hiy + 1];
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
62 local r = hir * 16 + lowr;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
63 result[i] = char(r)
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
64 end
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
65 return t_concat(result);
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
66 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
67
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
68 -- hash algorithm independent Hi(PBKDF2) implementation
3405
b1efe62c3c37 util.sasl.scram: Made function Hi public.
Waqas Hussain <waqas20@gmail.com>
parents: 3374
diff changeset
69 function Hi(hmac, str, salt, i)
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
70 local Ust = hmac(str, salt.."\0\0\0\1");
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3405
diff changeset
71 local res = Ust;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
72 for n=1,i-1 do
2255
92e329e1cd99 Make some more variables to locals.
Tobias Markmann <tm@ayena.de>
parents: 2210
diff changeset
73 local Und = hmac(str, Ust)
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
74 res = binaryXOR(res, Und)
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
75 Ust = Und
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
76 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
77 return res
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
78 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
79
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
80 local function validate_username(username)
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
81 -- check for forbidden char sequences
2198
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
82 for eq in username:gmatch("=(.?.?)") do
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
83 if eq ~= "2D" and eq ~= "3D" then
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3405
diff changeset
84 return false
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3405
diff changeset
85 end
2198
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
86 end
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
87
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
88 -- replace =2D with , and =3D with =
2265
7fe644057dc2 util.sasl.scram: Making =2D and =3D substitution actually work.
Tobias Markmann <tm@ayena.de>
parents: 2255
diff changeset
89 username = username:gsub("=2D", ",");
7fe644057dc2 util.sasl.scram: Making =2D and =3D substitution actually work.
Tobias Markmann <tm@ayena.de>
parents: 2255
diff changeset
90 username = username:gsub("=3D", "=");
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
91
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
92 -- apply SASLprep
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
93 username = saslprep(username);
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
94 return username;
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
95 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
96
3155
c713fa2ba80c SASL: Minor cleanup.
Waqas Hussain <waqas20@gmail.com>
parents: 3154
diff changeset
97 local function hashprep(hashname)
c713fa2ba80c SASL: Minor cleanup.
Waqas Hussain <waqas20@gmail.com>
parents: 3154
diff changeset
98 return hashname:lower():gsub("-", "_");
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
99 end
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
100
3205
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
101 function getAuthenticationDatabaseSHA1(password, salt, iteration_count)
3118
95ddd75ed3c5 util.sasl.scram: Fixing logic error in argument checking.
Tobias Markmann <tm@ayena.de>
parents: 3107
diff changeset
102 if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
103 return false, "inappropriate argument types"
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
104 end
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
105 if iteration_count < 4096 then
3194
b308450740b0 util.sasl.scram: Fixed a log level.
Waqas Hussain <waqas20@gmail.com>
parents: 3123
diff changeset
106 log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
107 end
3205
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
108 local salted_password = Hi(hmac_sha1, password, salt, iteration_count);
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
109 local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
110 local server_key = hmac_sha1(salted_password, "Server Key");
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
111 return true, stored_key, server_key
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
112 end
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
113
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
114 local function scram_gen(hash_name, H_f, HMAC_f)
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
115 local function scram_hash(self, message)
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
116 if not self.state then self["state"] = {} end
5833
b1fa865ee6b2 util.sasl.scram: Use self.profile.cb for detection whether channel binding is supported or not.
Tobias Markmann <tm@ayena.de>
parents: 5829
diff changeset
117 local support_channel_binding = false;
b1fa865ee6b2 util.sasl.scram: Use self.profile.cb for detection whether channel binding is supported or not.
Tobias Markmann <tm@ayena.de>
parents: 5829
diff changeset
118 if self.profile.cb then support_channel_binding = true; end
b1fa865ee6b2 util.sasl.scram: Use self.profile.cb for detection whether channel binding is supported or not.
Tobias Markmann <tm@ayena.de>
parents: 5829
diff changeset
119
3106
f4341cac3ae1 util.sasl.scram: Fixing issue #177.
Tobias Markmann <tm@ayena.de>
parents: 3104
diff changeset
120 if type(message) ~= "string" or #message == 0 then return "failure", "malformed-request" end
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
121 if not self.state.name then
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
122 -- we are processing client_first_message
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
123 local client_first_message = message;
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
124 log("debug", client_first_message);
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
125 -- TODO: fail if authzid is provided, since we don't support them yet
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
126 self.state["client_first_message"] = client_first_message;
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
127 self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"]
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
128 = client_first_message:match("^(%a)=?([%a%-]*),(.*),n=(.*),r=([^,]*).*");
3100
6731dff05c99 util.sasl.scram: Parsing client-first-message in a more strict way. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3099
diff changeset
129
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
130 -- we don't do any channel binding yet
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
131 log("debug", "Decoded: cbind_flag: %s, cbind_name: %s, authzid: %s, name: %s, clientnonce: %s", tostring(self.state.gs2_cbind_flag),
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
132 tostring(self.state.gs2_cbind_name),
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
133 tostring(self.state.authzid),
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
134 tostring(self.state.name),
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
135 tostring(self.state.clientnonce));
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
136 if support_channel_binding then
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
137 if string.sub(self.state.gs2_cbind_flag, 0, 1) == "y" then
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
138 return "failure", "malformed-request";
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
139 end
5829
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
140
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
141 -- check whether we support the proposed channel binding type
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
142 if not self.profile.cb[self.state.gs2_cbind_name] then
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
143 return "failure", "malformed-request", "Proposed channel binding type isn't supported.";
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
144 end
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
145 else
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
146 if self.state.gs2_cbind_flag ~= "n" and self.state.gs2_cbind_flag ~= "y" then
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
147 return "failure", "malformed-request";
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
148 end
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
149 end
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
150
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
151 if not self.state.name or not self.state.clientnonce then
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
152 return "failure", "malformed-request", "Channel binding isn't support at this time.";
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
153 end
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
154
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
155 self.state.name = validate_username(self.state.name);
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
156 if not self.state.name then
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
157 log("debug", "Username violates either SASLprep or contains forbidden character sequences.")
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
158 return "failure", "malformed-request", "Invalid username.";
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
159 end
2196
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state.
Tobias Markmann <tm@ayena.de>
parents: 2194
diff changeset
160
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
161 self.state["servernonce"] = generate_uuid();
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
162
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
163 -- retreive credentials
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
164 if self.profile.plain then
3981
2b0b8fe68df2 util.sasl.*, mod_auth_*, mod_saslauth: Pass SASL handler as first parameter to SASL profile callbacks.
Waqas Hussain <waqas20@gmail.com>
parents: 3540
diff changeset
165 local password, state = self.profile.plain(self, self.state.name, self.realm)
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
166 if state == nil then return "failure", "not-authorized"
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
167 elseif state == false then return "failure", "account-disabled" end
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
168
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
169 password = saslprep(password);
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
170 if not password then
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
171 log("debug", "Password violates SASLprep.");
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
172 return "failure", "not-authorized", "Invalid password."
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
173 end
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
174
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
175 self.state.salt = generate_uuid();
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
176 self.state.iteration_count = default_i;
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
177
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
178 local succ = false;
3206
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
179 succ, self.state.stored_key, self.state.server_key = getAuthenticationDatabaseSHA1(password, self.state.salt, default_i, self.state.iteration_count);
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
180 if not succ then
3206
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
181 log("error", "Generating authentication database failed. Reason: %s", self.state.stored_key);
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
182 return "failure", "temporary-auth-failure";
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
183 end
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
184 elseif self.profile["scram_"..hashprep(hash_name)] then
3981
2b0b8fe68df2 util.sasl.*, mod_auth_*, mod_saslauth: Pass SASL handler as first parameter to SASL profile callbacks.
Waqas Hussain <waqas20@gmail.com>
parents: 3540
diff changeset
185 local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self, self.state.name, self.realm);
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
186 if state == nil then return "failure", "not-authorized"
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
187 elseif state == false then return "failure", "account-disabled" end
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
188
3206
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
189 self.state.stored_key = stored_key;
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
190 self.state.server_key = server_key;
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
191 self.state.iteration_count = iteration_count;
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
192 self.state.salt = salt
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
193 end
2196
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state.
Tobias Markmann <tm@ayena.de>
parents: 2194
diff changeset
194
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
195 local server_first_message = "r="..self.state.clientnonce..self.state.servernonce..",s="..base64.encode(self.state.salt)..",i="..self.state.iteration_count;
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
196 self.state["server_first_message"] = server_first_message;
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
197 return "challenge", server_first_message
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
198 else
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
199 -- we are processing client_final_message
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
200 local client_final_message = message;
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
201 log("debug", "client_final_message: %s", client_final_message);
3102
5cd408e36359 util.sasl.scram: Parsing client-final-message in a more strict way. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3101
diff changeset
202 self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)");
5835
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
203
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
204 if self.state.gs2_cbind_name then
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
205 local client_gs2_header = base64.decode(self.state.channelbinding)
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
206 local our_client_gs2_header = "p="..self.state.gs2_cbind_name..","..self.state["authzid"]..","..self.profile.cb[self.state.gs2_cbind_name](self);
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
207
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
208 if client_gs2_header ~= our_client_gs2_header then
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
209 return "failure", "malformed-request", "Invalid channel binding value.";
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
210 end
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
211 else
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
212 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
213 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
214 end
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
215 end
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
216
3101
9e4439378cf8 util.sasl.scram: Fix in nonce check of client-final-message.
Tobias Markmann <tm@ayena.de>
parents: 3100
diff changeset
217 if self.state.nonce ~= self.state.clientnonce..self.state.servernonce then
9e4439378cf8 util.sasl.scram: Fix in nonce check of client-final-message.
Tobias Markmann <tm@ayena.de>
parents: 3100
diff changeset
218 return "failure", "malformed-request", "Wrong nonce in client-final-message.";
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
219 end
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
220
3206
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
221 local ServerKey = self.state.server_key;
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
222 local StoredKey = self.state.stored_key;
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
223
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
224 local AuthMessage = "n=" .. s_match(self.state.client_first_message,"n=(.+)") .. "," .. self.state.server_first_message .. "," .. s_match(client_final_message, "(.+),p=.+")
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
225 local ClientSignature = HMAC_f(StoredKey, AuthMessage)
3206
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
226 local ClientKey = binaryXOR(ClientSignature, base64.decode(self.state.proof))
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
227 local ServerSignature = HMAC_f(ServerKey, AuthMessage)
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
228
3206
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
229 if StoredKey == H_f(ClientKey) then
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
230 local server_final_message = "v="..base64.encode(ServerSignature);
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
231 self["username"] = self.state.name;
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
232 return "success", server_final_message;
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
233 else
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
234 return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated.";
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
235 end
2196
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state.
Tobias Markmann <tm@ayena.de>
parents: 2194
diff changeset
236 end
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
237 end
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
238 return scram_hash;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
239 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
240
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
241 function init(registerMechanism)
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
242 local function registerSCRAMMechanism(hash_name, hash, hmac_hash)
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
243 registerMechanism("SCRAM-"..hash_name, {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash));
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
244
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
245 -- register channel binding equivalent
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
246 registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash));
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
247 end
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
248
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
249 registerSCRAMMechanism("SHA-1", sha1, hmac_sha1);
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
250 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
251
3107
6d576a66ca63 util.sasl.scram: Adjusting authentication backend name to conform with the style already used by the plain module.
Tobias Markmann <tm@ayena.de>
parents: 3106
diff changeset
252 return _M;