prosody
dd8265ca9327
plugins/mod_dialback.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_dialback.lua @ 7087:dd8265ca9327

mod_dialback: Follow XEP-0185 and use HMAC
author Kim Alvefur <zash@zash.se>
date Tue, 19 Jan 2016 21:31:02 +0100
parent 6424:89c42aff8510
child 7106:74798480b52e
comparison
equal deleted inserted replaced
7084:fdbe9ccac17d 7087:dd8265ca9327
10 10
11 local log = module._log; 11 local log = module._log;
12 12
13 local st = require "util.stanza"; 13 local st = require "util.stanza";
14 local sha256_hash = require "util.hashes".sha256; 14 local sha256_hash = require "util.hashes".sha256;
15 local sha256_hmac = require "util.hashes".hmac_sha256;
15 local nameprep = require "util.encodings".stringprep.nameprep; 16 local nameprep = require "util.encodings".stringprep.nameprep;
16 local check_cert_status = module:depends"s2s".check_cert_status; 17 local check_cert_status = module:depends"s2s".check_cert_status;
17 local uuid_gen = require"util.uuid".generate; 18 local uuid_gen = require"util.uuid".generate;
18 19
19 local xmlns_stream = "http://etherx.jabber.org/streams"; 20 local xmlns_stream = "http://etherx.jabber.org/streams";
20 21
21 local dialback_requests = setmetatable({}, { __mode = 'v' }); 22 local dialback_requests = setmetatable({}, { __mode = 'v' });
22 23
23 local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen()); 24 local dialback_secret = sha256_hash(module:get_option_string("dialback_secret", uuid_gen()), true);
24 local dwd = module:get_option_boolean("dialback_without_dialback", false); 25 local dwd = module:get_option_boolean("dialback_without_dialback", false);
25 26
26 function module.save() 27 function module.save()
27 return { dialback_secret = dialback_secret }; 28 return { dialback_secret = dialback_secret };
28 end 29 end
30 function module.restore(state) 31 function module.restore(state)
31 dialback_secret = state.dialback_secret; 32 dialback_secret = state.dialback_secret;
32 end 33 end
33 34
34 function generate_dialback(id, to, from) 35 function generate_dialback(id, to, from)
35 return sha256_hash(id..to..dialback_secret, true); 36 return sha256_hmac(dialback_secret, to .. ' ' .. from .. ' ' .. id, true);
36 end 37 end
37 38
38 function initiate_dialback(session) 39 function initiate_dialback(session)
39 -- generate dialback key 40 -- generate dialback key
40 session.dialback_key = generate_dialback(session.streamid, session.to_host, session.from_host); 41 session.dialback_key = generate_dialback(session.streamid, session.to_host, session.from_host);