equal
deleted
inserted
replaced
15 local type = type |
15 local type = type |
16 local string = string |
16 local string = string |
17 local base64 = require "util.encodings".base64; |
17 local base64 = require "util.encodings".base64; |
18 local hmac_sha1 = require "util.hashes".hmac_sha1; |
18 local hmac_sha1 = require "util.hashes".hmac_sha1; |
19 local sha1 = require "util.hashes".sha1; |
19 local sha1 = require "util.hashes".sha1; |
|
20 local Hi = require "util.hashes".scram_Hi_sha1; |
20 local generate_uuid = require "util.uuid".generate; |
21 local generate_uuid = require "util.uuid".generate; |
21 local saslprep = require "util.encodings".stringprep.saslprep; |
22 local saslprep = require "util.encodings".stringprep.saslprep; |
22 local nodeprep = require "util.encodings".stringprep.nodeprep; |
23 local nodeprep = require "util.encodings".stringprep.nodeprep; |
23 local log = require "util.logger".init("sasl"); |
24 local log = require "util.logger".init("sasl"); |
24 local t_concat = table.concat; |
25 local t_concat = table.concat; |
63 result[i] = char(r) |
64 result[i] = char(r) |
64 end |
65 end |
65 return t_concat(result); |
66 return t_concat(result); |
66 end |
67 end |
67 |
68 |
68 -- hash algorithm independent Hi(PBKDF2) implementation |
|
69 function Hi(hmac, str, salt, i) |
|
70 local Ust = hmac(str, salt.."\0\0\0\1"); |
|
71 local res = Ust; |
|
72 for n=1,i-1 do |
|
73 local Und = hmac(str, Ust) |
|
74 res = binaryXOR(res, Und) |
|
75 Ust = Und |
|
76 end |
|
77 return res |
|
78 end |
|
79 |
|
80 local function validate_username(username, _nodeprep) |
69 local function validate_username(username, _nodeprep) |
81 -- check for forbidden char sequences |
70 -- check for forbidden char sequences |
82 for eq in username:gmatch("=(.?.?)") do |
71 for eq in username:gmatch("=(.?.?)") do |
83 if eq ~= "2C" and eq ~= "3D" then |
72 if eq ~= "2C" and eq ~= "3D" then |
84 return false |
73 return false |
108 return false, "inappropriate argument types" |
97 return false, "inappropriate argument types" |
109 end |
98 end |
110 if iteration_count < 4096 then |
99 if iteration_count < 4096 then |
111 log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.") |
100 log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.") |
112 end |
101 end |
113 local salted_password = Hi(hmac_sha1, password, salt, iteration_count); |
102 local salted_password = Hi(password, salt, iteration_count); |
114 local stored_key = sha1(hmac_sha1(salted_password, "Client Key")) |
103 local stored_key = sha1(hmac_sha1(salted_password, "Client Key")) |
115 local server_key = hmac_sha1(salted_password, "Server Key"); |
104 local server_key = hmac_sha1(salted_password, "Server Key"); |
116 return true, stored_key, server_key |
105 return true, stored_key, server_key |
117 end |
106 end |
118 |
107 |