Comparison

util/sasl/scram.lua @ 3101:9e4439378cf8

util.sasl.scram: Fix in nonce check of client-final-message.
author Tobias Markmann <tm@ayena.de>
date Sat, 22 May 2010 13:59:58 +0200
parent 3100:6731dff05c99
child 3102:5cd408e36359
comparison
equal deleted inserted replaced
3100:6731dff05c99 3101:9e4439378cf8
160 160
161 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then 161 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then
162 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; 162 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";
163 end 163 end
164 164
165 if self.state.nonce ~= self.state.servernonce then 165 if self.state.nonce ~= self.state.clientnonce..self.state.servernonce then
166 return "failure", "malformed-request", "Wrong nonce in client-second-message."; 166 return "failure", "malformed-request", "Wrong nonce in client-final-message.";
167 end 167 end
168 168
169 local SaltedPassword = self.state.salted_password; 169 local SaltedPassword = self.state.salted_password;
170 local ClientKey = HMAC_f(SaltedPassword, "Client Key") 170 local ClientKey = HMAC_f(SaltedPassword, "Client Key")
171 local ServerKey = HMAC_f(SaltedPassword, "Server Key") 171 local ServerKey = HMAC_f(SaltedPassword, "Server Key")