# HG changeset patch # User Kim Alvefur # Date 1491586544 -7200 # Node ID c99db51723091a224aab3c0cdaca477779d8a6c2 # Parent 3c732f1d990c251758e53824f9991a218c6a3a72 util.sasl.scram: Add support for authenticating with pre-hashed password diff -r 3c732f1d990c -r c99db5172309 util/sasl/scram.lua --- a/util/sasl/scram.lua Sat Jun 04 13:37:06 2016 +0200 +++ b/util/sasl/scram.lua Fri Apr 07 19:35:44 2017 +0200 @@ -66,13 +66,27 @@ local channel_binding = "c=" .. base64(cbind_input); local client_final_message_without_proof = channel_binding .. "," .. nonce; - local SaltedPassword = Hi(Normalize(stream.password), salt, i); - local ClientKey = HMAC(SaltedPassword, "Client Key"); + local SaltedPassword; + local ClientKey; + local ServerKey; + + if stream.client_key and stream.server_key then + ClientKey = stream.client_key; + ServerKey = stream.server_key; + else + if stream.salted_password then + SaltedPassword = stream.salted_password; + elseif stream.password then + SaltedPassword = Hi(Normalize(stream.password), salt, i); + end + ServerKey = HMAC(SaltedPassword, "Server Key"); + ClientKey = HMAC(SaltedPassword, "Client Key"); + end + local StoredKey = H(ClientKey); local AuthMessage = client_first_message_bare .. "," .. server_first_message .. "," .. client_final_message_without_proof; local ClientSignature = HMAC(StoredKey, AuthMessage); local ClientProof = XOR(ClientKey, ClientSignature); - local ServerKey = HMAC(SaltedPassword, "Server Key"); local ServerSignature = HMAC(ServerKey, AuthMessage); local proof = "p=" .. base64(ClientProof);