Software /
code /
prosody
Diff
util/sasl/scram.lua @ 3205:2dcd826bbbc6
mod_auth_internal_hashed: Store StoredKey and ServerKey instead of salted hashed password.
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Tue, 08 Jun 2010 10:47:55 +0200 |
parent | 3196:d35b181a895a |
child | 3206:ff1d3f751da1 |
line wrap: on
line diff
--- a/util/sasl/scram.lua Mon Jun 07 12:21:57 2010 +0100 +++ b/util/sasl/scram.lua Tue Jun 08 10:47:55 2010 +0200 @@ -35,7 +35,7 @@ scram_{MECH}: -- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_' function(username, realm) - return salted_password, iteration_count, salt, state; + return stored_key, server_key, iteration_count, salt, state; end ]] @@ -97,16 +97,17 @@ return hashname:lower():gsub("-", "_"); end -function saltedPasswordSHA1(password, salt, iteration_count) - local salted_password +function getAuthenticationDatabaseSHA1(password, salt, iteration_count) if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then return false, "inappropriate argument types" end if iteration_count < 4096 then log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.") end - - return true, Hi(hmac_sha1, password, salt, iteration_count); + local salted_password = Hi(hmac_sha1, password, salt, iteration_count); + local stored_key = sha1(hmac_sha1(salted_password, "Client Key")) + local server_key = hmac_sha1(salted_password, "Server Key"); + return true, stored_key, server_key end local function scram_gen(hash_name, H_f, HMAC_f)