prosody
6f56170ea986
plugins/mod_dialback.lua
Software / code / prosody
Comparison
plugins/mod_dialback.lua @ 11556:6f56170ea986 0.11
mod_dialback: Use constant-time comparison with hmac
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 12 May 2021 14:00:53 +0100 |
| parent | 8518:0de0018bdf91 |
| child | 11557:6be890ca492e |
comparison
equal
deleted
inserted
replaced
| 11555:65dcc175ef5b | 11556:6f56170ea986 |
|---|---|
| 11 local log = module._log; | 11 local log = module._log; |
| 12 | 12 |
| 13 local st = require "util.stanza"; | 13 local st = require "util.stanza"; |
| 14 local sha256_hash = require "util.hashes".sha256; | 14 local sha256_hash = require "util.hashes".sha256; |
| 15 local sha256_hmac = require "util.hashes".hmac_sha256; | 15 local sha256_hmac = require "util.hashes".hmac_sha256; |
| 16 local secure_equals = require "util.hashes".equals; | |
| 16 local nameprep = require "util.encodings".stringprep.nameprep; | 17 local nameprep = require "util.encodings".stringprep.nameprep; |
| 17 local uuid_gen = require"util.uuid".generate; | 18 local uuid_gen = require"util.uuid".generate; |
| 18 | 19 |
| 19 local xmlns_stream = "http://etherx.jabber.org/streams"; | 20 local xmlns_stream = "http://etherx.jabber.org/streams"; |
| 20 | 21 |
| 54 session.sends2s(st.stanza("db:result", { from = session.from_host, to = session.to_host }):text(session.dialback_key)); | 55 session.sends2s(st.stanza("db:result", { from = session.from_host, to = session.to_host }):text(session.dialback_key)); |
| 55 session.log("debug", "sent dialback key on outgoing s2s stream"); | 56 session.log("debug", "sent dialback key on outgoing s2s stream"); |
| 56 end | 57 end |
| 57 | 58 |
| 58 function verify_dialback(id, to, from, key) | 59 function verify_dialback(id, to, from, key) |
| 59 return key == generate_dialback(id, to, from); | 60 return secure_equals(key, generate_dialback(id, to, from)); |
| 60 end | 61 end |
| 61 | 62 |
| 62 module:hook("stanza/jabber:server:dialback:verify", function(event) | 63 module:hook("stanza/jabber:server:dialback:verify", function(event) |
| 63 local origin, stanza = event.origin, event.stanza; | 64 local origin, stanza = event.origin, event.stanza; |
| 64 | 65 |
