Annotate

util/sasl/scram.lua @ 8196:bc2bcfa63b43

net.http: Expose defaults
author Kim Alvefur <zash@zash.se>
date Fri, 07 Jul 2017 20:30:52 +0200
parent 8095:57192cf193c7
child 8382:e5d00bf4a4d5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
1 -- sasl.lua v0.4
3094
5f625411b463 util.sasl: 2009 -> 2010 in copyright header.
Tobias Markmann <tm@ayena.de>
parents: 2648
diff changeset
2 -- Copyright (C) 2008-2010 Tobias Markmann
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
3 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
4 -- All rights reserved.
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
5 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
7 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
11 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
13
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
14 local s_match = string.match;
2198
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
15 local type = type
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
16 local base64 = require "util.encodings".base64;
5537
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 5301
diff changeset
17 local hmac_sha1 = require "util.hashes".hmac_sha1;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
18 local sha1 = require "util.hashes".sha1;
5538
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
19 local Hi = require "util.hashes".scram_Hi_sha1;
2196
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state.
Tobias Markmann <tm@ayena.de>
parents: 2194
diff changeset
20 local generate_uuid = require "util.uuid".generate;
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
21 local saslprep = require "util.encodings".stringprep.saslprep;
5301
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
22 local nodeprep = require "util.encodings".stringprep.nodeprep;
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
23 local log = require "util.logger".init("sasl");
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
24 local t_concat = table.concat;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
25 local char = string.char;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
26 local byte = string.byte;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
27
6786
3deeb38d79ab util.sasl.scram: Get rid of module call
Kim Alvefur <zash@zash.se>
parents: 5871
diff changeset
28 local _ENV = nil;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
29
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
30 --=========================
3374
ce52f1d5cb74 util.sasl.scram: Reference actual RFC instead of the draft.
Tobias Markmann <tm@ayena.de>
parents: 3206
diff changeset
31 --SASL SCRAM-SHA-1 according to RFC 5802
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
32
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
33 --[[
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
34 Supported Authentication Backends
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
35
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
36 scram_{MECH}:
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
37 -- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_'
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
38 function(username, realm)
3205
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
39 return stored_key, server_key, iteration_count, salt, state;
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
40 end
5836
fa8cfe830fef util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'.
Tobias Markmann <tm@ayena.de>
parents: 5835
diff changeset
41
fa8cfe830fef util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'.
Tobias Markmann <tm@ayena.de>
parents: 5835
diff changeset
42 Supported Channel Binding Backends
fa8cfe830fef util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'.
Tobias Markmann <tm@ayena.de>
parents: 5835
diff changeset
43
fa8cfe830fef util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'.
Tobias Markmann <tm@ayena.de>
parents: 5835
diff changeset
44 'tls-unique' according to RFC 5929
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
45 ]]
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
46
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
47 local default_i = 4096
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
48
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
49 local xor_map = {0;1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;1;0;3;2;5;4;7;6;9;8;11;10;13;12;15;14;2;3;0;1;6;7;4;5;10;11;8;9;14;15;12;13;3;2;1;0;7;6;5;4;11;10;9;8;15;14;13;12;4;5;6;7;0;1;2;3;12;13;14;15;8;9;10;11;5;4;7;6;1;0;3;2;13;12;15;14;9;8;11;10;6;7;4;5;2;3;0;1;14;15;12;13;10;11;8;9;7;6;5;4;3;2;1;0;15;14;13;12;11;10;9;8;8;9;10;11;12;13;14;15;0;1;2;3;4;5;6;7;9;8;11;10;13;12;15;14;1;0;3;2;5;4;7;6;10;11;8;9;14;15;12;13;2;3;0;1;6;7;4;5;11;10;9;8;15;14;13;12;3;2;1;0;7;6;5;4;12;13;14;15;8;9;10;11;4;5;6;7;0;1;2;3;13;12;15;14;9;8;11;10;5;4;7;6;1;0;3;2;14;15;12;13;10;11;8;9;6;7;4;5;2;3;0;1;15;14;13;12;11;10;9;8;7;6;5;4;3;2;1;0;};
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
50
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
51 local result = {};
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
52 local function binaryXOR( a, b )
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
53 for i=1, #a do
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
54 local x, y = byte(a, i), byte(b, i);
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
55 local lowx, lowy = x % 16, y % 16;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
56 local hix, hiy = (x - lowx) / 16, (y - lowy) / 16;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
57 local lowr, hir = xor_map[lowx * 16 + lowy + 1], xor_map[hix * 16 + hiy + 1];
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
58 local r = hir * 16 + lowr;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
59 result[i] = char(r)
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
60 end
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
61 return t_concat(result);
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
62 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
63
5301
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
64 local function validate_username(username, _nodeprep)
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
65 -- check for forbidden char sequences
2198
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
66 for eq in username:gmatch("=(.?.?)") do
4204
edd7b0610c2c util.sasl.scram: Fix bug in validate_username function. (Thanks Florob)
Tobias Markmann <tm@ayena.de>
parents: 4113
diff changeset
67 if eq ~= "2C" and eq ~= "3D" then
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3405
diff changeset
68 return false
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3405
diff changeset
69 end
2198
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
70 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
71
4204
edd7b0610c2c util.sasl.scram: Fix bug in validate_username function. (Thanks Florob)
Tobias Markmann <tm@ayena.de>
parents: 4113
diff changeset
72 -- replace =2C with , and =3D with =
edd7b0610c2c util.sasl.scram: Fix bug in validate_username function. (Thanks Florob)
Tobias Markmann <tm@ayena.de>
parents: 4113
diff changeset
73 username = username:gsub("=2C", ",");
2265
7fe644057dc2 util.sasl.scram: Making =2D and =3D substitution actually work.
Tobias Markmann <tm@ayena.de>
parents: 2255
diff changeset
74 username = username:gsub("=3D", "=");
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
75
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
76 -- apply SASLprep
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
77 username = saslprep(username);
5301
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
78
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
79 if username and _nodeprep ~= false then
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
80 username = (_nodeprep or nodeprep)(username);
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
81 end
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
82
4368
916834f22d1b util.sasl.scram: Return proper error and don't touch datastores on empty username.
Waqas Hussain <waqas20@gmail.com>
parents: 4204
diff changeset
83 return username and #username>0 and username;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
84 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
85
3155
c713fa2ba80c SASL: Minor cleanup.
Waqas Hussain <waqas20@gmail.com>
parents: 3154
diff changeset
86 local function hashprep(hashname)
c713fa2ba80c SASL: Minor cleanup.
Waqas Hussain <waqas20@gmail.com>
parents: 3154
diff changeset
87 return hashname:lower():gsub("-", "_");
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
88 end
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
89
6786
3deeb38d79ab util.sasl.scram: Get rid of module call
Kim Alvefur <zash@zash.se>
parents: 5871
diff changeset
90 local function getAuthenticationDatabaseSHA1(password, salt, iteration_count)
3118
95ddd75ed3c5 util.sasl.scram: Fixing logic error in argument checking.
Tobias Markmann <tm@ayena.de>
parents: 3107
diff changeset
91 if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
92 return false, "inappropriate argument types"
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
93 end
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
94 if iteration_count < 4096 then
3194
b308450740b0 util.sasl.scram: Fixed a log level.
Waqas Hussain <waqas20@gmail.com>
parents: 3123
diff changeset
95 log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
96 end
5538
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
97 local salted_password = Hi(password, salt, iteration_count);
3205
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
98 local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
99 local server_key = hmac_sha1(salted_password, "Server Key");
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
100 return true, stored_key, server_key
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
101 end
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
102
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
103 local function scram_gen(hash_name, H_f, HMAC_f)
5870
61f748d363e1 util.sasl.scram: Cache profile name instead of concatenating when used
Kim Alvefur <zash@zash.se>
parents: 5869
diff changeset
104 local profile_name = "scram_" .. hashprep(hash_name);
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
105 local function scram_hash(self, message)
5833
b1fa865ee6b2 util.sasl.scram: Use self.profile.cb for detection whether channel binding is supported or not.
Tobias Markmann <tm@ayena.de>
parents: 5829
diff changeset
106 local support_channel_binding = false;
b1fa865ee6b2 util.sasl.scram: Use self.profile.cb for detection whether channel binding is supported or not.
Tobias Markmann <tm@ayena.de>
parents: 5829
diff changeset
107 if self.profile.cb then support_channel_binding = true; end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
108
3106
f4341cac3ae1 util.sasl.scram: Fixing issue #177.
Tobias Markmann <tm@ayena.de>
parents: 3104
diff changeset
109 if type(message) ~= "string" or #message == 0 then return "failure", "malformed-request" end
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
110 local state = self.state;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
111 if not state then
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
112 -- we are processing client_first_message
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
113 local client_first_message = message;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
114
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
115 -- TODO: fail if authzid is provided, since we don't support them yet
5871
e80916ce8d32 util.sasl.scram: Rename variable for clarity
Kim Alvefur <zash@zash.se>
parents: 5870
diff changeset
116 local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, client_first_message_bare, username, clientnonce
5869
35780ef2d689 util.sasl.scram: Rewrite patterns and capture client-first-message-bare, client-final-message-without-proof
Kim Alvefur <zash@zash.se>
parents: 5868
diff changeset
117 = s_match(client_first_message, "^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$");
3100
6731dff05c99 util.sasl.scram: Parsing client-first-message in a more strict way. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3099
diff changeset
118
5844
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
119 if not gs2_cbind_flag then
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
120 return "failure", "malformed-request";
5839
a65b56348034 util.sasl.scram: Checking the GS2 header for valid start flag.
Tobias Markmann <tm@ayena.de>
parents: 5837
diff changeset
121 end
a65b56348034 util.sasl.scram: Checking the GS2 header for valid start flag.
Tobias Markmann <tm@ayena.de>
parents: 5837
diff changeset
122
5844
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
123 if support_channel_binding and gs2_cbind_flag == "y" then
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
124 -- "y" -> client does support channel binding
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
125 -- but thinks the server does not.
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
126 return "failure", "malformed-request";
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
127 end
5844
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
128
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
129 if gs2_cbind_flag == "n" then
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
130 -- "n" -> client doesn't support channel binding.
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
131 support_channel_binding = false;
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
132 end
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
133
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
134 if support_channel_binding and gs2_cbind_flag == "p" then
5829
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
135 -- check whether we support the proposed channel binding type
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
136 if not self.profile.cb[gs2_cbind_name] then
5829
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
137 return "failure", "malformed-request", "Proposed channel binding type isn't supported.";
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
138 end
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
139 else
5844
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
140 -- no channel binding,
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
141 gs2_cbind_name = nil;
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
142 end
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
143
5871
e80916ce8d32 util.sasl.scram: Rename variable for clarity
Kim Alvefur <zash@zash.se>
parents: 5870
diff changeset
144 username = validate_username(username, self.profile.nodeprep);
e80916ce8d32 util.sasl.scram: Rename variable for clarity
Kim Alvefur <zash@zash.se>
parents: 5870
diff changeset
145 if not username then
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
146 log("debug", "Username violates either SASLprep or contains forbidden character sequences.")
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
147 return "failure", "malformed-request", "Invalid username.";
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
148 end
8095
57192cf193c7 util.sasl.plain,scram: Record username in sasl state earlier
Kim Alvefur <zash@zash.se>
parents: 7218
diff changeset
149 self.username = username;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
150
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
151 -- retreive credentials
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
152 local stored_key, server_key, salt, iteration_count;
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
153 if self.profile.plain then
7216
65e36b81d56a util.sasl.scram: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 6786
diff changeset
154 local password, status = self.profile.plain(self, username, self.realm)
65e36b81d56a util.sasl.scram: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 6786
diff changeset
155 if status == nil then return "failure", "not-authorized"
65e36b81d56a util.sasl.scram: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 6786
diff changeset
156 elseif status == false then return "failure", "account-disabled" end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
157
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
158 password = saslprep(password);
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
159 if not password then
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
160 log("debug", "Password violates SASLprep.");
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
161 return "failure", "not-authorized", "Invalid password."
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
162 end
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
163
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
164 salt = generate_uuid();
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
165 iteration_count = default_i;
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
166
7217
0a43b7ffa3af util.sasl.scram: Remove unused initial value [luacheck]
Kim Alvefur <zash@zash.se>
parents: 7216
diff changeset
167 local succ;
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
168 succ, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count);
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
169 if not succ then
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
170 log("error", "Generating authentication database failed. Reason: %s", stored_key);
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
171 return "failure", "temporary-auth-failure";
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
172 end
5870
61f748d363e1 util.sasl.scram: Cache profile name instead of concatenating when used
Kim Alvefur <zash@zash.se>
parents: 5869
diff changeset
173 elseif self.profile[profile_name] then
7216
65e36b81d56a util.sasl.scram: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 6786
diff changeset
174 local status;
65e36b81d56a util.sasl.scram: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 6786
diff changeset
175 stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm);
7218
6226307f6ac4 util.sasl.scram: Rename variable in places missed in 65e36b81d56a (thanks mt)
Kim Alvefur <zash@zash.se>
parents: 7217
diff changeset
176 if status == nil then return "failure", "not-authorized"
6226307f6ac4 util.sasl.scram: Rename variable in places missed in 65e36b81d56a (thanks mt)
Kim Alvefur <zash@zash.se>
parents: 7217
diff changeset
177 elseif status == false then return "failure", "account-disabled" end
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
178 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
179
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
180 local nonce = clientnonce .. generate_uuid();
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
181 local server_first_message = "r="..nonce..",s="..base64.encode(salt)..",i="..iteration_count;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
182 self.state = {
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
183 gs2_header = gs2_header;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
184 gs2_cbind_name = gs2_cbind_name;
5871
e80916ce8d32 util.sasl.scram: Rename variable for clarity
Kim Alvefur <zash@zash.se>
parents: 5870
diff changeset
185 username = username;
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
186 nonce = nonce;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
187
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
188 server_key = server_key;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
189 stored_key = stored_key;
5869
35780ef2d689 util.sasl.scram: Rewrite patterns and capture client-first-message-bare, client-final-message-without-proof
Kim Alvefur <zash@zash.se>
parents: 5868
diff changeset
190 client_first_message_bare = client_first_message_bare;
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
191 server_first_message = server_first_message;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
192 }
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
193 return "challenge", server_first_message
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
194 else
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
195 -- we are processing client_final_message
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
196 local client_final_message = message;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
197
5869
35780ef2d689 util.sasl.scram: Rewrite patterns and capture client-first-message-bare, client-final-message-without-proof
Kim Alvefur <zash@zash.se>
parents: 5868
diff changeset
198 local client_final_message_without_proof, channelbinding, nonce, proof
35780ef2d689 util.sasl.scram: Rewrite patterns and capture client-first-message-bare, client-final-message-without-proof
Kim Alvefur <zash@zash.se>
parents: 5868
diff changeset
199 = s_match(client_final_message, "(c=([^,]*),r=([^,]*),?.-),p=(.*)$");
5835
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
200
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
201 if not proof or not nonce or not channelbinding then
5840
4b484e8feafc sasl.util.scarm: Rearrage some code so it makes more sense.
Tobias Markmann <tm@ayena.de>
parents: 5839
diff changeset
202 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";
4b484e8feafc sasl.util.scarm: Rearrage some code so it makes more sense.
Tobias Markmann <tm@ayena.de>
parents: 5839
diff changeset
203 end
4b484e8feafc sasl.util.scarm: Rearrage some code so it makes more sense.
Tobias Markmann <tm@ayena.de>
parents: 5839
diff changeset
204
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
205 local client_gs2_header = base64.decode(channelbinding)
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
206 local our_client_gs2_header = state["gs2_header"]
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
207 if state.gs2_cbind_name then
5840
4b484e8feafc sasl.util.scarm: Rearrage some code so it makes more sense.
Tobias Markmann <tm@ayena.de>
parents: 5839
diff changeset
208 -- we support channelbinding, so check if the value is valid
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
209 our_client_gs2_header = our_client_gs2_header .. self.profile.cb[state.gs2_cbind_name](self);
5867
72d49d1e2d11 util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias)
Kim Alvefur <zash@zash.se>
parents: 5856
diff changeset
210 end
72d49d1e2d11 util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias)
Kim Alvefur <zash@zash.se>
parents: 5856
diff changeset
211 if client_gs2_header ~= our_client_gs2_header then
72d49d1e2d11 util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias)
Kim Alvefur <zash@zash.se>
parents: 5856
diff changeset
212 return "failure", "malformed-request", "Invalid channel binding value.";
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
213 end
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
214
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
215 if nonce ~= state.nonce then
3101
9e4439378cf8 util.sasl.scram: Fix in nonce check of client-final-message.
Tobias Markmann <tm@ayena.de>
parents: 3100
diff changeset
216 return "failure", "malformed-request", "Wrong nonce in client-final-message.";
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
217 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
218
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
219 local ServerKey = state.server_key;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
220 local StoredKey = state.stored_key;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
221
5869
35780ef2d689 util.sasl.scram: Rewrite patterns and capture client-first-message-bare, client-final-message-without-proof
Kim Alvefur <zash@zash.se>
parents: 5868
diff changeset
222 local AuthMessage = state.client_first_message_bare .. "," .. state.server_first_message .. "," .. client_final_message_without_proof
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
223 local ClientSignature = HMAC_f(StoredKey, AuthMessage)
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
224 local ClientKey = binaryXOR(ClientSignature, base64.decode(proof))
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
225 local ServerSignature = HMAC_f(ServerKey, AuthMessage)
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
226
3206
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
227 if StoredKey == H_f(ClientKey) then
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
228 local server_final_message = "v="..base64.encode(ServerSignature);
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
229 return "success", server_final_message;
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
230 else
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
231 return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated.";
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
232 end
2196
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state.
Tobias Markmann <tm@ayena.de>
parents: 2194
diff changeset
233 end
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
234 end
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
235 return scram_hash;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
236 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
237
6786
3deeb38d79ab util.sasl.scram: Get rid of module call
Kim Alvefur <zash@zash.se>
parents: 5871
diff changeset
238 local function init(registerMechanism)
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
239 local function registerSCRAMMechanism(hash_name, hash, hmac_hash)
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
240 registerMechanism("SCRAM-"..hash_name, {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash));
5844
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
241
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
242 -- register channel binding equivalent
5841
1b0c7e7c6be8 Only advertise mechanisms needing channel binding if a channel binding backend is avaliable.
Tobias Markmann <tm@ayena.de>
parents: 5840
diff changeset
243 registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash), {"tls-unique"});
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
244 end
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
245
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
246 registerSCRAMMechanism("SHA-1", sha1, hmac_sha1);
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
247 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
248
6786
3deeb38d79ab util.sasl.scram: Get rid of module call
Kim Alvefur <zash@zash.se>
parents: 5871
diff changeset
249 return {
3deeb38d79ab util.sasl.scram: Get rid of module call
Kim Alvefur <zash@zash.se>
parents: 5871
diff changeset
250 getAuthenticationDatabaseSHA1 = getAuthenticationDatabaseSHA1;
3deeb38d79ab util.sasl.scram: Get rid of module call
Kim Alvefur <zash@zash.se>
parents: 5871
diff changeset
251 init = init;
3deeb38d79ab util.sasl.scram: Get rid of module call
Kim Alvefur <zash@zash.se>
parents: 5871
diff changeset
252 }