Software / code / verse
Changeset
407:c99db5172309
util.sasl.scram: Add support for authenticating with pre-hashed password
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 07 Apr 2017 19:35:44 +0200 |
| parents | 406:3c732f1d990c |
| children | 408:635cbd979d7b |
| files | util/sasl/scram.lua |
| diffstat | 1 files changed, 17 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/util/sasl/scram.lua Sat Jun 04 13:37:06 2016 +0200 +++ b/util/sasl/scram.lua Fri Apr 07 19:35:44 2017 +0200 @@ -66,13 +66,27 @@ local channel_binding = "c=" .. base64(cbind_input); local client_final_message_without_proof = channel_binding .. "," .. nonce; - local SaltedPassword = Hi(Normalize(stream.password), salt, i); - local ClientKey = HMAC(SaltedPassword, "Client Key"); + local SaltedPassword; + local ClientKey; + local ServerKey; + + if stream.client_key and stream.server_key then + ClientKey = stream.client_key; + ServerKey = stream.server_key; + else + if stream.salted_password then + SaltedPassword = stream.salted_password; + elseif stream.password then + SaltedPassword = Hi(Normalize(stream.password), salt, i); + end + ServerKey = HMAC(SaltedPassword, "Server Key"); + ClientKey = HMAC(SaltedPassword, "Client Key"); + end + local StoredKey = H(ClientKey); local AuthMessage = client_first_message_bare .. "," .. server_first_message .. "," .. client_final_message_without_proof; local ClientSignature = HMAC(StoredKey, AuthMessage); local ClientProof = XOR(ClientKey, ClientSignature); - local ServerKey = HMAC(SaltedPassword, "Server Key"); local ServerSignature = HMAC(ServerKey, AuthMessage); local proof = "p=" .. base64(ClientProof);
