prosody: util/sasl/scram.lua@e091b308732f (annotated)

2194 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	1	-- sasl.lua v0.4
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	2	-- Copyright (C) 2008-2009 Tobias Markmann
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	3	--
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	4	-- All rights reserved.
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	5	--
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	6	-- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	7	--
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	8	-- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	9	-- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	10	-- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	11	--
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	12	-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	13
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	14	local s_match = string.match;
2198 d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	15	local type = type
d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	16	local string = string
2194 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	17	local base64 = require "util.encodings".base64;
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	18	local xor = require "bit".bxor
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	19	local hmac_sha1 = require "util.hmac".sha1;
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	20	local sha1 = require "util.hashes".sha1;
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	21	local generate_uuid = require "util.uuid".generate;
2199 08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	22	local saslprep = require "util.encodings".stringprep.saslprep;
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	23	local log = require "util.logger".init("sasl");
2194 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	24
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	25	module "plain"
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	26
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	27	--=========================
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	28	--SASL SCRAM-SHA-1 according to draft-ietf-sasl-scram-10
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	29	local default_i = 4096
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	30
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	31	local function bp( b )
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	32	local result = ""
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	33	for i=1, b:len() do
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	34	result = result.."\\"..b:byte(i)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	35	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	36	return result
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	37	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	38
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	39	local function binaryXOR( a, b )
2198 d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	40	if a:len() > b:len() then
2194 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	41	b = string.rep("\0", a:len() - b:len())..b
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	42	elseif string.len(a) < string.len(b) then
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	43	a = string.rep("\0", b:len() - a:len())..a
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	44	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	45	local result = ""
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	46	for i=1, a:len() do
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	47	result = result..string.char(xor(a:byte(i), b:byte(i)))
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	48	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	49	return result
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	50	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	51
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	52	-- hash algorithm independent Hi(PBKDF2) implementation
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	53	local function Hi(hmac, str, salt, i)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	54	local Ust = hmac(str, salt.."\0\0\0\1");
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	55	local res = Ust;
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	56	for n=1,i-1 do
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	57	Und = hmac(str, Ust)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	58	res = binaryXOR(res, Und)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	59	Ust = Und
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	60	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	61	return res
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	62	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	63
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	64	local function validate_username(username)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	65	-- check for forbidden char sequences
2198 d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	66	for eq in username:gmatch("=(.?.?)") do
d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	67	if eq ~= "2D" and eq ~= "3D" then
d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	68	return false
d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	69	end
d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	70	end
d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	71
2194 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	72	-- replace =2D with , and =3D with =
2205 e091b308732f Handle , and = in usernames for SCRAM. Tobias Markmann <tm@ayena.de> parents: 2199 diff changeset	73	username:gsub("=2D", ",");
e091b308732f Handle , and = in usernames for SCRAM. Tobias Markmann <tm@ayena.de> parents: 2199 diff changeset	74	username:gsub("=3D", "=");
2194 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	75
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	76	-- apply SASLprep
2199 08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	77	username = saslprep(username);
2194 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	78	return username;
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	79	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	80
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	81	local function scram_sha_1(self, message)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	82	if not self.state then self["state"] = {} end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	83
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	84	if not self.state.name then
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	85	-- we are processing client_first_message
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	86	local client_first_message = message;
2198 d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	87	self.state["client_first_message"] = client_first_message;
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	88	self.state["name"] = client_first_message:match("n=(.+),r=")
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	89	self.state["clientnonce"] = client_first_message:match("r=([^,]+)")
2194 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	90
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	91	if not self.state.name or not self.state.clientnonce then
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	92	return "failure", "malformed-request";
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	93	end
2199 08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	94
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	95	self.state.name = validate_username(self.state.name);
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	96	if not self.state.name then
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	97	log("debug", "Username violates either SASLprep or contains forbidden character sequences.")
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	98	return "failure", "malformed-request";
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	99	end
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	100
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	101	self.state["servernonce"] = generate_uuid();
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	102	self.state["salt"] = generate_uuid();
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	103
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	104	local server_first_message = "r="..self.state.clientnonce..self.state.servernonce..",s="..base64.encode(self.state.salt)..",i="..default_i;
2198 d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	105	self.state["server_first_message"] = server_first_message;
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	106	return "challenge", server_first_message
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	107	else
2198 d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	108	if type(message) ~= "string" then return "failure", "malformed-request" end
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	109	-- we are processing client_final_message
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	110	local client_final_message = message;
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	111
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	112	self.state["proof"] = client_final_message:match("p=(.+)");
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	113	self.state["nonce"] = client_final_message:match("r=(.+),p=");
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	114	self.state["channelbinding"] = client_final_message:match("c=(.+),r=");
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	115	if not self.state.proof or not self.state.nonce or not self.state.channelbinding then
2194 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	116	return "failure", "malformed-request";
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	117	end
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	118
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	119	local password;
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	120	if self.profile.plain then
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	121	password, state = self.profile.plain(self.state.name, self.realm)
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	122	if state == nil then return "failure", "not-authorized"
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	123	elseif state == false then return "failure", "account-disabled" end
2199 08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	124	password = saslprep(password);
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	125	if not password then
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	126	log("debug", "Password violates SASLprep.");
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	127	return "failure", "not-authorized"
08a6b91bfe7b SASLprep usernames and passwords. Tobias Markmann <tm@ayena.de> parents: 2198 diff changeset	128	end
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	129	end
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	130
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	131	local SaltedPassword = Hi(hmac_sha1, password, self.state.salt, default_i)
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	132	local ClientKey = hmac_sha1(SaltedPassword, "Client Key")
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	133	local ServerKey = hmac_sha1(SaltedPassword, "Server Key")
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	134	local StoredKey = sha1(ClientKey)
2198 d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	135	local AuthMessage = "n=" .. s_match(self.state.client_first_message,"n=(.+)") .. "," .. self.state.server_first_message .. "," .. s_match(client_final_message, "(.+),p=.+")
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	136	local ClientSignature = hmac_sha1(StoredKey, AuthMessage)
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	137	local ClientProof = binaryXOR(ClientKey, ClientSignature)
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	138	local ServerSignature = hmac_sha1(ServerKey, AuthMessage)
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	139
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	140	if base64.encode(ClientProof) == self.state.proof then
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	141	local server_final_message = "v="..base64.encode(ServerSignature);
2198 d18b4d22b8da Making interop with libpurple. (Thanks darkrain). Tobias Markmann <tm@ayena.de> parents: 2197 diff changeset	142	self["username"] = self.state.name;
2196 614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	143	return "success", server_final_message;
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	144	else
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	145	return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated.";
614c839c30c5 Completed SCRAM-SHA-1 implementation to a ready-to-test state. Tobias Markmann <tm@ayena.de> parents: 2194 diff changeset	146	end
2194 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	147	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	148	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	149
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	150	function init(registerMechanism)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	151	registerMechanism("SCRAM-SHA-1", {"plain"}, scram_sha_1);
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	152	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	153
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	154	return _M;

author	Tobias Markmann <tm@ayena.de>
	Thu, 19 Nov 2009 00:04:14 +0100
changeset 2205	e091b308732f
parent 2199	08a6b91bfe7b
child 2206	5f54100bb426
permissions	-rw-r--r--