prosody
62089c9c142d
util/sasl/scram.lua
Software / code / prosody
Comparison
util/sasl/scram.lua @ 5538:62089c9c142d
util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
| author | Florian Zeitz <florob@babelmonkeys.de> |
|---|---|
| date | Sun, 28 Apr 2013 02:28:42 +0200 |
| parent | 5537:15464633d8fb |
| child | 5776:bd0ff8ae98a8 |
comparison
equal
deleted
inserted
replaced
| 5537:15464633d8fb | 5538:62089c9c142d |
|---|---|
| 15 local type = type | 15 local type = type |
| 16 local string = string | 16 local string = string |
| 17 local base64 = require "util.encodings".base64; | 17 local base64 = require "util.encodings".base64; |
| 18 local hmac_sha1 = require "util.hashes".hmac_sha1; | 18 local hmac_sha1 = require "util.hashes".hmac_sha1; |
| 19 local sha1 = require "util.hashes".sha1; | 19 local sha1 = require "util.hashes".sha1; |
| 20 local Hi = require "util.hashes".scram_Hi_sha1; | |
| 20 local generate_uuid = require "util.uuid".generate; | 21 local generate_uuid = require "util.uuid".generate; |
| 21 local saslprep = require "util.encodings".stringprep.saslprep; | 22 local saslprep = require "util.encodings".stringprep.saslprep; |
| 22 local nodeprep = require "util.encodings".stringprep.nodeprep; | 23 local nodeprep = require "util.encodings".stringprep.nodeprep; |
| 23 local log = require "util.logger".init("sasl"); | 24 local log = require "util.logger".init("sasl"); |
| 24 local t_concat = table.concat; | 25 local t_concat = table.concat; |
| 63 result[i] = char(r) | 64 result[i] = char(r) |
| 64 end | 65 end |
| 65 return t_concat(result); | 66 return t_concat(result); |
| 66 end | 67 end |
| 67 | 68 |
| 68 -- hash algorithm independent Hi(PBKDF2) implementation | |
| 69 function Hi(hmac, str, salt, i) | |
| 70 local Ust = hmac(str, salt.."\0\0\0\1"); | |
| 71 local res = Ust; | |
| 72 for n=1,i-1 do | |
| 73 local Und = hmac(str, Ust) | |
| 74 res = binaryXOR(res, Und) | |
| 75 Ust = Und | |
| 76 end | |
| 77 return res | |
| 78 end | |
| 79 | |
| 80 local function validate_username(username, _nodeprep) | 69 local function validate_username(username, _nodeprep) |
| 81 -- check for forbidden char sequences | 70 -- check for forbidden char sequences |
| 82 for eq in username:gmatch("=(.?.?)") do | 71 for eq in username:gmatch("=(.?.?)") do |
| 83 if eq ~= "2C" and eq ~= "3D" then | 72 if eq ~= "2C" and eq ~= "3D" then |
| 84 return false | 73 return false |
| 108 return false, "inappropriate argument types" | 97 return false, "inappropriate argument types" |
| 109 end | 98 end |
| 110 if iteration_count < 4096 then | 99 if iteration_count < 4096 then |
| 111 log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.") | 100 log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.") |
| 112 end | 101 end |
| 113 local salted_password = Hi(hmac_sha1, password, salt, iteration_count); | 102 local salted_password = Hi(password, salt, iteration_count); |
| 114 local stored_key = sha1(hmac_sha1(salted_password, "Client Key")) | 103 local stored_key = sha1(hmac_sha1(salted_password, "Client Key")) |
| 115 local server_key = hmac_sha1(salted_password, "Server Key"); | 104 local server_key = hmac_sha1(salted_password, "Server Key"); |
| 116 return true, stored_key, server_key | 105 return true, stored_key, server_key |
| 117 end | 106 end |
| 118 | 107 |
