verse
f95e797895ee
util/sasl/scram.lua
Software / code / verse
Comparison
util/sasl/scram.lua @ 356:f95e797895ee
SCRAM: Add channel binding support (SCRAM-SHA-1-PLUS)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 18 Sep 2014 19:03:15 +0200 |
| parent | 355:dfe095fcf89c |
| child | 358:a8f6fd6a70ed |
comparison
equal
deleted
inserted
replaced
| 355:dfe095fcf89c | 356:f95e797895ee |
|---|---|
| 48 local username = "n=" .. value_safe(stream.username); | 48 local username = "n=" .. value_safe(stream.username); |
| 49 local c_nonce = base64(crypto.rand.bytes(15)); | 49 local c_nonce = base64(crypto.rand.bytes(15)); |
| 50 local nonce = "r=" .. c_nonce; | 50 local nonce = "r=" .. c_nonce; |
| 51 local client_first_message_bare = username .. "," .. nonce; | 51 local client_first_message_bare = username .. "," .. nonce; |
| 52 local cbind_data = ""; | 52 local cbind_data = ""; |
| 53 local gs2_cbind_flag = "n" -- TODO channel binding | 53 local gs2_cbind_flag = "y"; |
| 54 if name == "SCRAM-SHA-1-PLUS" then | |
| 55 cbind_data = stream.conn:socket():getfinished(); | |
| 56 gs2_cbind_flag = "p=tls-unique"; | |
| 57 end | |
| 54 local gs2_header = gs2_cbind_flag .. ",,"; | 58 local gs2_header = gs2_cbind_flag .. ",,"; |
| 55 local client_first_message = gs2_header .. client_first_message_bare; | 59 local client_first_message = gs2_header .. client_first_message_bare; |
| 56 local cont, server_first_message = coroutine.yield(client_first_message); | 60 local cont, server_first_message = coroutine.yield(client_first_message); |
| 57 if cont ~= "challenge" then return false end | 61 if cont ~= "challenge" then return false end |
| 58 | 62 |
| 96 | 100 |
| 97 return function (stream, mechanisms, preference, supported) | 101 return function (stream, mechanisms, preference, supported) |
| 98 if stream.username and (stream.password or (stream.client_key or stream.server_key)) then | 102 if stream.username and (stream.password or (stream.client_key or stream.server_key)) then |
| 99 mechanisms["SCRAM-SHA-1"] = scram; | 103 mechanisms["SCRAM-SHA-1"] = scram; |
| 100 preference["SCRAM-SHA-1"] = 99; | 104 preference["SCRAM-SHA-1"] = 99; |
| 101 -- TODO SCRAM-SHA-1-PLUS | 105 local sock = stream.conn:ssl() and stream.conn:socket(); |
| 106 if sock and sock.getfinished then | |
| 107 mechanisms["SCRAM-SHA-1-PLUS"] = scram; | |
| 108 preference["SCRAM-SHA-1-PLUS"] = 100 | |
| 109 end | |
| 102 end | 110 end |
| 103 end | 111 end |
