prosody
bc37c6758f3a
util/sasl/scram.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

util/sasl/scram.lua @ 5868:bc37c6758f3a

util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
author Kim Alvefur <zash@zash.se>
date Sun, 13 Oct 2013 00:29:47 +0200
parent 5867:72d49d1e2d11
child 5869:35780ef2d689
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
1 -- sasl.lua v0.4
3094
5f625411b463 util.sasl: 2009 -> 2010 in copyright header.
Tobias Markmann <tm@ayena.de>
parents: 2648
diff changeset
2 -- Copyright (C) 2008-2010 Tobias Markmann
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
3 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
4 -- All rights reserved.
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
5 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
7 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
11 --
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
13
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
14 local s_match = string.match;
2198
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
15 local type = type
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
16 local base64 = require "util.encodings".base64;
5537
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 5301
diff changeset
17 local hmac_sha1 = require "util.hashes".hmac_sha1;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
18 local sha1 = require "util.hashes".sha1;
5538
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
19 local Hi = require "util.hashes".scram_Hi_sha1;
2196
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state.
Tobias Markmann <tm@ayena.de>
parents: 2194
diff changeset
20 local generate_uuid = require "util.uuid".generate;
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
21 local saslprep = require "util.encodings".stringprep.saslprep;
5301
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
22 local nodeprep = require "util.encodings".stringprep.nodeprep;
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
23 local log = require "util.logger".init("sasl");
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
24 local t_concat = table.concat;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
25 local char = string.char;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
26 local byte = string.byte;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
27
4113
65482a852c4d util.sasl.*: Add 'sasl.' prefix to module names
Matthew Wild <mwild1@gmail.com>
parents: 3981
diff changeset
28 module "sasl.scram"
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
29
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
30 --=========================
3374
ce52f1d5cb74 util.sasl.scram: Reference actual RFC instead of the draft.
Tobias Markmann <tm@ayena.de>
parents: 3206
diff changeset
31 --SASL SCRAM-SHA-1 according to RFC 5802
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
32
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
33 --[[
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
34 Supported Authentication Backends
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
35
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
36 scram_{MECH}:
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
37 -- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_'
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
38 function(username, realm)
3205
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
39 return stored_key, server_key, iteration_count, salt, state;
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
40 end
5836
fa8cfe830fef util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'.
Tobias Markmann <tm@ayena.de>
parents: 5835
diff changeset
41
fa8cfe830fef util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'.
Tobias Markmann <tm@ayena.de>
parents: 5835
diff changeset
42 Supported Channel Binding Backends
fa8cfe830fef util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'.
Tobias Markmann <tm@ayena.de>
parents: 5835
diff changeset
43
fa8cfe830fef util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'.
Tobias Markmann <tm@ayena.de>
parents: 5835
diff changeset
44 'tls-unique' according to RFC 5929
3097
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
45 ]]
9341ef1a3345 util.sasl.scram: Adding documentation on SCRAM authentication backend.
Tobias Markmann <tm@ayena.de>
parents: 3096
diff changeset
46
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
47 local default_i = 4096
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
48
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
49 local xor_map = {0;1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;1;0;3;2;5;4;7;6;9;8;11;10;13;12;15;14;2;3;0;1;6;7;4;5;10;11;8;9;14;15;12;13;3;2;1;0;7;6;5;4;11;10;9;8;15;14;13;12;4;5;6;7;0;1;2;3;12;13;14;15;8;9;10;11;5;4;7;6;1;0;3;2;13;12;15;14;9;8;11;10;6;7;4;5;2;3;0;1;14;15;12;13;10;11;8;9;7;6;5;4;3;2;1;0;15;14;13;12;11;10;9;8;8;9;10;11;12;13;14;15;0;1;2;3;4;5;6;7;9;8;11;10;13;12;15;14;1;0;3;2;5;4;7;6;10;11;8;9;14;15;12;13;2;3;0;1;6;7;4;5;11;10;9;8;15;14;13;12;3;2;1;0;7;6;5;4;12;13;14;15;8;9;10;11;4;5;6;7;0;1;2;3;13;12;15;14;9;8;11;10;5;4;7;6;1;0;3;2;14;15;12;13;10;11;8;9;6;7;4;5;2;3;0;1;15;14;13;12;11;10;9;8;7;6;5;4;3;2;1;0;};
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
50
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
51 local result = {};
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
52 local function binaryXOR( a, b )
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
53 for i=1, #a do
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
54 local x, y = byte(a, i), byte(b, i);
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
55 local lowx, lowy = x % 16, y % 16;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
56 local hix, hiy = (x - lowx) / 16, (y - lowy) / 16;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
57 local lowr, hir = xor_map[lowx * 16 + lowy + 1], xor_map[hix * 16 + hiy + 1];
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
58 local r = hir * 16 + lowr;
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
59 result[i] = char(r)
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
60 end
2314
c2e1bde4d84d Redo merge with Waqas' PBKDF2 optimizations.
Tobias Markmann <tm@ayena.de>
parents: 2290
diff changeset
61 return t_concat(result);
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
62 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
63
5301
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
64 local function validate_username(username, _nodeprep)
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
65 -- check for forbidden char sequences
2198
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
66 for eq in username:gmatch("=(.?.?)") do
4204
edd7b0610c2c util.sasl.scram: Fix bug in validate_username function. (Thanks Florob)
Tobias Markmann <tm@ayena.de>
parents: 4113
diff changeset
67 if eq ~= "2C" and eq ~= "3D" then
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3405
diff changeset
68 return false
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3405
diff changeset
69 end
2198
d18b4d22b8da Making interop with libpurple. (Thanks darkrain).
Tobias Markmann <tm@ayena.de>
parents: 2197
diff changeset
70 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
71
4204
edd7b0610c2c util.sasl.scram: Fix bug in validate_username function. (Thanks Florob)
Tobias Markmann <tm@ayena.de>
parents: 4113
diff changeset
72 -- replace =2C with , and =3D with =
edd7b0610c2c util.sasl.scram: Fix bug in validate_username function. (Thanks Florob)
Tobias Markmann <tm@ayena.de>
parents: 4113
diff changeset
73 username = username:gsub("=2C", ",");
2265
7fe644057dc2 util.sasl.scram: Making =2D and =3D substitution actually work.
Tobias Markmann <tm@ayena.de>
parents: 2255
diff changeset
74 username = username:gsub("=3D", "=");
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
75
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
76 -- apply SASLprep
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
77 username = saslprep(username);
5301
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
78
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
79 if username and _nodeprep ~= false then
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
80 username = (_nodeprep or nodeprep)(username);
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
81 end
6279caf921f1 util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
Waqas Hussain <waqas20@gmail.com>
parents: 4368
diff changeset
82
4368
916834f22d1b util.sasl.scram: Return proper error and don't touch datastores on empty username.
Waqas Hussain <waqas20@gmail.com>
parents: 4204
diff changeset
83 return username and #username>0 and username;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
84 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
85
3155
c713fa2ba80c SASL: Minor cleanup.
Waqas Hussain <waqas20@gmail.com>
parents: 3154
diff changeset
86 local function hashprep(hashname)
c713fa2ba80c SASL: Minor cleanup.
Waqas Hussain <waqas20@gmail.com>
parents: 3154
diff changeset
87 return hashname:lower():gsub("-", "_");
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
88 end
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
89
3205
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
90 function getAuthenticationDatabaseSHA1(password, salt, iteration_count)
3118
95ddd75ed3c5 util.sasl.scram: Fixing logic error in argument checking.
Tobias Markmann <tm@ayena.de>
parents: 3107
diff changeset
91 if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
92 return false, "inappropriate argument types"
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
93 end
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
94 if iteration_count < 4096 then
3194
b308450740b0 util.sasl.scram: Fixed a log level.
Waqas Hussain <waqas20@gmail.com>
parents: 3123
diff changeset
95 log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
96 end
5538
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
97 local salted_password = Hi(password, salt, iteration_count);
3205
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
98 local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
99 local server_key = hmac_sha1(salted_password, "Server Key");
2dcd826bbbc6 mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
Tobias Markmann <tm@ayena.de>
parents: 3196
diff changeset
100 return true, stored_key, server_key
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
101 end
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
102
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
103 local function scram_gen(hash_name, H_f, HMAC_f)
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
104 local function scram_hash(self, message)
5833
b1fa865ee6b2 util.sasl.scram: Use self.profile.cb for detection whether channel binding is supported or not.
Tobias Markmann <tm@ayena.de>
parents: 5829
diff changeset
105 local support_channel_binding = false;
b1fa865ee6b2 util.sasl.scram: Use self.profile.cb for detection whether channel binding is supported or not.
Tobias Markmann <tm@ayena.de>
parents: 5829
diff changeset
106 if self.profile.cb then support_channel_binding = true; end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
107
3106
f4341cac3ae1 util.sasl.scram: Fixing issue #177.
Tobias Markmann <tm@ayena.de>
parents: 3104
diff changeset
108 if type(message) ~= "string" or #message == 0 then return "failure", "malformed-request" end
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
109 local state = self.state;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
110 if not state then
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
111 -- we are processing client_first_message
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
112 local client_first_message = message;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
113
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
114 -- TODO: fail if authzid is provided, since we don't support them yet
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
115 local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, name, clientnonce
5867
72d49d1e2d11 util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias)
Kim Alvefur <zash@zash.se>
parents: 5856
diff changeset
116 = client_first_message:match("^(([ynp])=?([%a%-]*),(.*),)n=(.*),r=([^,]*).*");
3100
6731dff05c99 util.sasl.scram: Parsing client-first-message in a more strict way. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3099
diff changeset
117
5844
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
118 if not gs2_cbind_flag then
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
119 return "failure", "malformed-request";
5839
a65b56348034 util.sasl.scram: Checking the GS2 header for valid start flag.
Tobias Markmann <tm@ayena.de>
parents: 5837
diff changeset
120 end
a65b56348034 util.sasl.scram: Checking the GS2 header for valid start flag.
Tobias Markmann <tm@ayena.de>
parents: 5837
diff changeset
121
5844
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
122 if support_channel_binding and gs2_cbind_flag == "y" then
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
123 -- "y" -> client does support channel binding
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
124 -- but thinks the server does not.
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
125 return "failure", "malformed-request";
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
126 end
5844
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
127
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
128 if gs2_cbind_flag == "n" then
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
129 -- "n" -> client doesn't support channel binding.
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
130 support_channel_binding = false;
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
131 end
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
132
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
133 if support_channel_binding and gs2_cbind_flag == "p" then
5829
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
134 -- check whether we support the proposed channel binding type
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
135 if not self.profile.cb[gs2_cbind_name] then
5829
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
136 return "failure", "malformed-request", "Proposed channel binding type isn't supported.";
40c16475194e Check whether we support the proposed channel binding type.
Tobias Markmann <tm@ayena.de>
parents: 5828
diff changeset
137 end
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
138 else
5844
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
139 -- no channel binding,
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
140 gs2_cbind_name = nil;
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
141 end
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
142
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
143 name = validate_username(name, self.profile.nodeprep);
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
144 if not name then
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
145 log("debug", "Username violates either SASLprep or contains forbidden character sequences.")
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
146 return "failure", "malformed-request", "Invalid username.";
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
147 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
148
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
149 -- retreive credentials
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
150 local stored_key, server_key, salt, iteration_count;
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
151 if self.profile.plain then
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
152 local password, state = self.profile.plain(self, name, self.realm)
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
153 if state == nil then return "failure", "not-authorized"
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
154 elseif state == false then return "failure", "account-disabled" end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
155
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
156 password = saslprep(password);
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
157 if not password then
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
158 log("debug", "Password violates SASLprep.");
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
159 return "failure", "not-authorized", "Invalid password."
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
160 end
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
161
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
162 salt = generate_uuid();
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
163 iteration_count = default_i;
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
164
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
165 local succ = false;
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
166 succ, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count);
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
167 if not succ then
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
168 log("error", "Generating authentication database failed. Reason: %s", stored_key);
3104
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
169 return "failure", "temporary-auth-failure";
32150b4a8603 util.sasl.scram: Providing an API function to generate a salted password for the SCRAM-SHA-1 mechanism.
Tobias Markmann <tm@ayena.de>
parents: 3103
diff changeset
170 end
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
171 elseif self.profile["scram_"..hashprep(hash_name)] then
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
172 local state;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
173 stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self, name, self.realm);
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
174 if state == nil then return "failure", "not-authorized"
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
175 elseif state == false then return "failure", "account-disabled" end
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
176 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
177
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
178 local nonce = clientnonce .. generate_uuid();
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
179 local server_first_message = "r="..nonce..",s="..base64.encode(salt)..",i="..iteration_count;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
180 self.state = {
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
181 gs2_header = gs2_header;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
182 gs2_cbind_name = gs2_cbind_name;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
183 name = name;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
184 nonce = nonce;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
185
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
186 server_key = server_key;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
187 stored_key = stored_key;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
188 client_first_message = client_first_message;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
189 server_first_message = server_first_message;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
190 }
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
191 return "challenge", server_first_message
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
192 else
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
193 -- we are processing client_final_message
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
194 local client_final_message = message;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
195
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
196 local channelbinding, nonce, proof = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)");
5835
a5f4de8c0b40 util.sasl.scram: Validate channel binding data of client final message.
Tobias Markmann <tm@ayena.de>
parents: 5833
diff changeset
197
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
198 if not proof or not nonce or not channelbinding then
5840
4b484e8feafc sasl.util.scarm: Rearrage some code so it makes more sense.
Tobias Markmann <tm@ayena.de>
parents: 5839
diff changeset
199 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";
4b484e8feafc sasl.util.scarm: Rearrage some code so it makes more sense.
Tobias Markmann <tm@ayena.de>
parents: 5839
diff changeset
200 end
4b484e8feafc sasl.util.scarm: Rearrage some code so it makes more sense.
Tobias Markmann <tm@ayena.de>
parents: 5839
diff changeset
201
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
202 local client_gs2_header = base64.decode(channelbinding)
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
203 local our_client_gs2_header = state["gs2_header"]
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
204 if state.gs2_cbind_name then
5840
4b484e8feafc sasl.util.scarm: Rearrage some code so it makes more sense.
Tobias Markmann <tm@ayena.de>
parents: 5839
diff changeset
205 -- we support channelbinding, so check if the value is valid
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
206 our_client_gs2_header = our_client_gs2_header .. self.profile.cb[state.gs2_cbind_name](self);
5867
72d49d1e2d11 util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias)
Kim Alvefur <zash@zash.se>
parents: 5856
diff changeset
207 end
72d49d1e2d11 util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias)
Kim Alvefur <zash@zash.se>
parents: 5856
diff changeset
208 if client_gs2_header ~= our_client_gs2_header then
72d49d1e2d11 util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias)
Kim Alvefur <zash@zash.se>
parents: 5856
diff changeset
209 return "failure", "malformed-request", "Invalid channel binding value.";
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
210 end
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
211
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
212 if nonce ~= state.nonce then
3101
9e4439378cf8 util.sasl.scram: Fix in nonce check of client-final-message.
Tobias Markmann <tm@ayena.de>
parents: 3100
diff changeset
213 return "failure", "malformed-request", "Wrong nonce in client-final-message.";
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
214 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
215
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
216 local ServerKey = state.server_key;
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
217 local StoredKey = state.stored_key;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5538
diff changeset
218
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
219 local AuthMessage = "n=" .. s_match(state.client_first_message,"n=(.+)") .. "," .. state.server_first_message .. "," .. s_match(client_final_message, "(.+),p=.+")
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
220 local ClientSignature = HMAC_f(StoredKey, AuthMessage)
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
221 local ClientKey = binaryXOR(ClientSignature, base64.decode(proof))
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
222 local ServerSignature = HMAC_f(ServerKey, AuthMessage)
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
223
3206
ff1d3f751da1 util.sasl.scram: Authenticate clients by calculated StoredKey instead of ClientProof.
Tobias Markmann <tm@ayena.de>
parents: 3205
diff changeset
224 if StoredKey == H_f(ClientKey) then
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
225 local server_final_message = "v="..base64.encode(ServerSignature);
5868
bc37c6758f3a util.sasl.scram: Create the state table as late as possible, keep state in locals for faster access
Kim Alvefur <zash@zash.se>
parents: 5867
diff changeset
226 self["username"] = state.name;
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
227 return "success", server_final_message;
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
228 else
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
229 return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated.";
2199
08a6b91bfe7b SASLprep usernames and passwords.
Tobias Markmann <tm@ayena.de>
parents: 2198
diff changeset
230 end
2196
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state.
Tobias Markmann <tm@ayena.de>
parents: 2194
diff changeset
231 end
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
232 end
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
233 return scram_hash;
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
234 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
235
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
236 function init(registerMechanism)
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
237 local function registerSCRAMMechanism(hash_name, hash, hmac_hash)
3122
579f17b9f948 util.sasl.*: Adjusting authentication provider names. All '-' replaced with '_'
Tobias Markmann <tm@ayena.de>
parents: 3118
diff changeset
238 registerMechanism("SCRAM-"..hash_name, {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash));
5844
4f545674b0bc util.sasl.scram: Simplify validation of client-first-message
Kim Alvefur <zash@zash.se>
parents: 5843
diff changeset
239
5828
24de22c01f8d Adding some code for channel binding advertising.
Tobias Markmann <tm@ayena.de>
parents: 3981
diff changeset
240 -- register channel binding equivalent
5841
1b0c7e7c6be8 Only advertise mechanisms needing channel binding if a channel binding backend is avaliable.
Tobias Markmann <tm@ayena.de>
parents: 5840
diff changeset
241 registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash), {"tls-unique"});
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
242 end
3099
2c4d06e7e3d3 util.sasl.scram: Check nonce in client final message. Check channel binding flag in client first message. Adding some TODOs on more strict parsing. (thanks Marc Santamaria)
Tobias Markmann <tm@ayena.de>
parents: 3098
diff changeset
243
3096
e69282792686 util.sasl: Abstracting out the hash function used since SCRAM is independent of it. Adding scram-{mech} authentication backend support.
Tobias Markmann <tm@ayena.de>
parents: 3094
diff changeset
244 registerSCRAMMechanism("SHA-1", sha1, hmac_sha1);
2194
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
245 end
41d42d253a1d Initial commit of SCRAM SASL mechanism.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
246
3107
6d576a66ca63 util.sasl.scram: Adjusting authentication backend name to conform with the style already used by the plain module.
Tobias Markmann <tm@ayena.de>
parents: 3106
diff changeset
247 return _M;