X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=util%2Fsasl%2Fscram.lua;h=cf2f0ede940c3e8eb3696192487efe2b80848c9d;hb=082e265af83ea25d8203d12114c6cf1b5cef810a;hp=1340423cd932e3d3ae1117dd57bdb2ba80bd2e26;hpb=bca1a48421947ca7d627c23433effed81a1d91f2;p=prosody.git

diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 1340423c..cf2f0ede 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -15,19 +15,21 @@ local s_match = string.match;
 local type = type
 local string = string
 local base64 = require "util.encodings".base64;
-local hmac_sha1 = require "util.hmac".sha1;
+local hmac_sha1 = require "util.hashes".hmac_sha1;
 local sha1 = require "util.hashes".sha1;
+local Hi = require "util.hashes".scram_Hi_sha1;
 local generate_uuid = require "util.uuid".generate;
 local saslprep = require "util.encodings".stringprep.saslprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 local log = require "util.logger".init("sasl");
 local t_concat = table.concat;
 local char = string.char;
 local byte = string.byte;
 
-module "scram"
+module "sasl.scram"
 
 --=========================
---SASL SCRAM-SHA-1 according to draft-ietf-sasl-scram-10
+--SASL SCRAM-SHA-1 according to RFC 5802
 
 --[[
 Supported Authentication Backends
@@ -35,7 +37,7 @@ Supported Authentication Backends
 scram_{MECH}:
 	-- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_'
 	function(username, realm)
-		return salted_password, iteration_count, salt, state;
+		return stored_key, server_key, iteration_count, salt, state;
 	end
 ]]
 
@@ -64,51 +66,43 @@ local function binaryXOR( a, b )
 	return t_concat(result);
 end
 
--- hash algorithm independent Hi(PBKDF2) implementation
-local function Hi(hmac, str, salt, i)
-	local Ust = hmac(str, salt.."\0\0\0\1");
-	local res = Ust;	
-	for n=1,i-1 do
-		local Und = hmac(str, Ust)
-		res = binaryXOR(res, Und)
-		Ust = Und
-	end
-	return res
-end
-
-local function validate_username(username)
+local function validate_username(username, _nodeprep)
 	-- check for forbidden char sequences
 	for eq in username:gmatch("=(.?.?)") do
-		if eq ~= "2D" and eq ~= "3D" then
-			return false 
-		end 
+		if eq ~= "2C" and eq ~= "3D" then
+			return false
+		end
 	end
 	
-	-- replace =2D with , and =3D with =
-	username = username:gsub("=2D", ",");
+	-- replace =2C with , and =3D with =
+	username = username:gsub("=2C", ",");
 	username = username:gsub("=3D", "=");
 	
 	-- apply SASLprep
 	username = saslprep(username);
-	return username;
+
+	if username and _nodeprep ~= false then
+		username = (_nodeprep or nodeprep)(username);
+	end
+
+	return username and #username>0 and username;
 end
 
-local function hashprep( hashname ) 
-	local hash = hashname:lower()
-	hash = hash:gsub("-", "_")
-	return hash
+local function hashprep(hashname)
+	return hashname:lower():gsub("-", "_");
 end
 
-function saltedPasswordSHA1(password, salt, iteration_count)
-	local salted_password
+function getAuthenticationDatabaseSHA1(password, salt, iteration_count)
 	if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then
 		return false, "inappropriate argument types"
 	end
 	if iteration_count < 4096 then
 		log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
 	end
-
-	return true, Hi(hmac_sha1, password, salt, iteration_count);
+	local salted_password = Hi(password, salt, iteration_count);
+	local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
+	local server_key = hmac_sha1(salted_password, "Server Key");
+	return true, stored_key, server_key
 end
 
 local function scram_gen(hash_name, H_f, HMAC_f)
@@ -134,7 +128,7 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 				return "failure", "malformed-request", "Channel binding isn't support at this time.";
 			end
 		
-			self.state.name = validate_username(self.state.name);
+			self.state.name = validate_username(self.state.name, self.profile.nodeprep);
 			if not self.state.name then
 				log("debug", "Username violates either SASLprep or contains forbidden character sequences.")
 				return "failure", "malformed-request", "Invalid username.";
@@ -144,7 +138,7 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 			
 			-- retreive credentials
 			if self.profile.plain then
-				local password, state = self.profile.plain(self.state.name, self.realm)
+				local password, state = self.profile.plain(self, self.state.name, self.realm)
 				if state == nil then return "failure", "not-authorized"
 				elseif state == false then return "failure", "account-disabled" end
 				
@@ -158,17 +152,18 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 				self.state.iteration_count = default_i;
 
 				local succ = false;
-				succ, self.state.salted_password = saltedPasswordSHA1(password, self.state.salt, default_i, self.state.iteration_count);
+				succ, self.state.stored_key, self.state.server_key = getAuthenticationDatabaseSHA1(password, self.state.salt, default_i, self.state.iteration_count);
 				if not succ then
-					log("error", "Generating salted password failed. Reason: %s", self.state.salted_password);
+					log("error", "Generating authentication database failed. Reason: %s", self.state.stored_key);
 					return "failure", "temporary-auth-failure";
 				end
 			elseif self.profile["scram_"..hashprep(hash_name)] then
-				local salted_password, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self.state.name, self.realm);
+				local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self, self.state.name, self.realm);
 				if state == nil then return "failure", "not-authorized"
 				elseif state == false then return "failure", "account-disabled" end
 				
-				self.state.salted_password = salted_password;
+				self.state.stored_key = stored_key;
+				self.state.server_key = server_key;
 				self.state.iteration_count = iteration_count;
 				self.state.salt = salt
 			end
@@ -190,16 +185,15 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 				return "failure", "malformed-request", "Wrong nonce in client-final-message.";
 			end
 			
-			local SaltedPassword = self.state.salted_password;
-			local ClientKey = HMAC_f(SaltedPassword, "Client Key")
-			local ServerKey = HMAC_f(SaltedPassword, "Server Key")
-			local StoredKey = H_f(ClientKey)
+			local ServerKey = self.state.server_key;
+			local StoredKey = self.state.stored_key;
+			
 			local AuthMessage = "n=" .. s_match(self.state.client_first_message,"n=(.+)") .. "," .. self.state.server_first_message .. "," .. s_match(client_final_message, "(.+),p=.+")
 			local ClientSignature = HMAC_f(StoredKey, AuthMessage)
-			local ClientProof     = binaryXOR(ClientKey, ClientSignature)
+			local ClientKey = binaryXOR(ClientSignature, base64.decode(self.state.proof))
 			local ServerSignature = HMAC_f(ServerKey, AuthMessage)
 
-			if base64.encode(ClientProof) == self.state.proof then
+			if StoredKey == H_f(ClientKey) then
 				local server_final_message = "v="..base64.encode(ServerSignature);
 				self["username"] = self.state.name;
 				return "success", server_final_message;