Mercurial Mercurial > prosody > prosody / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
util/sasl/scram.lua
changeset 5538 62089c9c142d
parent 5537 15464633d8fb
child 5776 bd0ff8ae98a8
equal deleted inserted replaced
5537:15464633d8fb 5538:62089c9c142d 
    15 local type = type
 
    15 local type = type
 
    16 local string = string
 
    16 local string = string
 
    17 local base64 = require "util.encodings".base64;
 
    17 local base64 = require "util.encodings".base64;
 
    18 local hmac_sha1 = require "util.hashes".hmac_sha1;
 
    18 local hmac_sha1 = require "util.hashes".hmac_sha1;
 
    19 local sha1 = require "util.hashes".sha1;
 
    19 local sha1 = require "util.hashes".sha1;
 
       
    20 local Hi = require "util.hashes".scram_Hi_sha1;
 
    20 local generate_uuid = require "util.uuid".generate;
 
    21 local generate_uuid = require "util.uuid".generate;
 
    21 local saslprep = require "util.encodings".stringprep.saslprep;
 
    22 local saslprep = require "util.encodings".stringprep.saslprep;
 
    22 local nodeprep = require "util.encodings".stringprep.nodeprep;
 
    23 local nodeprep = require "util.encodings".stringprep.nodeprep;
 
    23 local log = require "util.logger".init("sasl");
 
    24 local log = require "util.logger".init("sasl");
 
    24 local t_concat = table.concat;
 
    25 local t_concat = table.concat;
 
    63 		result[i] = char(r)
 
    64 		result[i] = char(r)
 
    64 	end
 
    65 	end
 
    65 	return t_concat(result);
 
    66 	return t_concat(result);
 
    66 end
 
    67 end
 
    67 
    68 
    68 -- hash algorithm independent Hi(PBKDF2) implementation
 
       
    69 function Hi(hmac, str, salt, i)
 
       
    70 	local Ust = hmac(str, salt.."\0\0\0\1");
 
       
    71 	local res = Ust;
 
       
    72 	for n=1,i-1 do
 
       
    73 		local Und = hmac(str, Ust)
 
       
    74 		res = binaryXOR(res, Und)
 
       
    75 		Ust = Und
 
       
    76 	end
 
       
    77 	return res
 
       
    78 end
 
       
    79 
       
    80 local function validate_username(username, _nodeprep)
 
    69 local function validate_username(username, _nodeprep)
 
    81 	-- check for forbidden char sequences
 
    70 	-- check for forbidden char sequences
 
    82 	for eq in username:gmatch("=(.?.?)") do
 
    71 	for eq in username:gmatch("=(.?.?)") do
 
    83 		if eq ~= "2C" and eq ~= "3D" then
 
    72 		if eq ~= "2C" and eq ~= "3D" then
 
    84 			return false
 
    73 			return false
 
   108 		return false, "inappropriate argument types"
 
    97 		return false, "inappropriate argument types"
 
   109 	end
 
    98 	end
 
   110 	if iteration_count < 4096 then
 
    99 	if iteration_count < 4096 then
 
   111 		log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
 
   100 		log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
 
   112 	end
 
   101 	end
 
   113 	local salted_password = Hi(hmac_sha1, password, salt, iteration_count);
 
   102 	local salted_password = Hi(password, salt, iteration_count);
 
   114 	local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
 
   103 	local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
 
   115 	local server_key = hmac_sha1(salted_password, "Server Key");
 
   104 	local server_key = hmac_sha1(salted_password, "Server Key");
 
   116 	return true, stored_key, server_key
 
   105 	return true, stored_key, server_key
 
   117 end
 
   106 end
 
   118 
   107
prosody