prosody
2dcd826bbbc6
util/sasl/scram.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

util/sasl/scram.lua @ 3205:2dcd826bbbc6

mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
author Tobias Markmann <tm@ayena.de>
date Tue, 08 Jun 2010 10:47:55 +0200
parent 3196:d35b181a895a
child 3206:ff1d3f751da1
comparison
equal deleted inserted replaced
3197:f1db45e89317 3205:2dcd826bbbc6
33 Supported Authentication Backends 33 Supported Authentication Backends
34 34
35 scram_{MECH}: 35 scram_{MECH}:
36 -- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_' 36 -- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_'
37 function(username, realm) 37 function(username, realm)
38 return salted_password, iteration_count, salt, state; 38 return stored_key, server_key, iteration_count, salt, state;
39 end 39 end
40 ]] 40 ]]
41 41
42 local default_i = 4096 42 local default_i = 4096
43 43
95 95
96 local function hashprep(hashname) 96 local function hashprep(hashname)
97 return hashname:lower():gsub("-", "_"); 97 return hashname:lower():gsub("-", "_");
98 end 98 end
99 99
100 function saltedPasswordSHA1(password, salt, iteration_count) 100 function getAuthenticationDatabaseSHA1(password, salt, iteration_count)
101 local salted_password
102 if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then 101 if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then
103 return false, "inappropriate argument types" 102 return false, "inappropriate argument types"
104 end 103 end
105 if iteration_count < 4096 then 104 if iteration_count < 4096 then
106 log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.") 105 log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
107 end 106 end
108 107 local salted_password = Hi(hmac_sha1, password, salt, iteration_count);
109 return true, Hi(hmac_sha1, password, salt, iteration_count); 108 local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
109 local server_key = hmac_sha1(salted_password, "Server Key");
110 return true, stored_key, server_key
110 end 111 end
111 112
112 local function scram_gen(hash_name, H_f, HMAC_f) 113 local function scram_gen(hash_name, H_f, HMAC_f)
113 local function scram_hash(self, message) 114 local function scram_hash(self, message)
114 if not self.state then self["state"] = {} end 115 if not self.state then self["state"] = {} end