• file
• latest
• revisions
• annotate
• diff
• comparison
• raw

util/sasl/scram.lua@41d42d253a1d (annotated)

util/sasl/scram.lua

Tue, 17 Nov 2009 00:56:41 +0100

author

Tobias Markmann <tm@ayena.de>

date

Tue, 17 Nov 2009 00:56:41 +0100

changeset 2190

41d42d253a1d

child 2192

614c839c30c5

permissions

-rw-r--r--

Initial commit of SCRAM SASL mechanism.

2190 41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	1	-- sasl.lua v0.4
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	2	-- Copyright (C) 2008-2009 Tobias Markmann
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	3	--
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	4	-- All rights reserved.
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	5	--
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	6	-- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	7	--
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	8	-- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	9	-- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	10	-- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	11	--
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	12	-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	13
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	14	local s_match = string.match;
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	15
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	16	local base64 = require "util.encodings".base64;
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	17	local xor = require "bit".bxor
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	18	local hmac_sha1 = require "util.hmac".sha1;
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	19	local sha1 = require "util.hashes".sha1;
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	20
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	21	module "plain"
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	22
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	23	--=========================
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	24	--SASL SCRAM-SHA-1 according to draft-ietf-sasl-scram-10
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	25	local default_i = 4096
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	26
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	27	local function bp( b )
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	28	local result = ""
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	29	for i=1, b:len() do
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	30	result = result.."\\"..b:byte(i)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	31	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	32	return result
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	33	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	34
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	35	local function binaryXOR( a, b )
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	36	if string.len(a) > string.len(b) then
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	37	b = string.rep("\0", a:len() - b:len())..b
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	38	elseif string.len(a) < string.len(b) then
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	39	a = string.rep("\0", b:len() - a:len())..a
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	40	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	41	local result = ""
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	42	for i=1, a:len() do
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	43	result = result..string.char(xor(a:byte(i), b:byte(i)))
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	44	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	45	return result
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	46	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	47
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	48	-- hash algorithm independent Hi(PBKDF2) implementation
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	49	local function Hi(hmac, str, salt, i)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	50	local Ust = hmac(str, salt.."\0\0\0\1");
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	51	local res = Ust;
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	52	for n=1,i-1 do
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	53	Und = hmac(str, Ust)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	54	res = binaryXOR(res, Und)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	55	Ust = Und
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	56	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	57	return res
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	58	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	59
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	60	local function validate_username(username)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	61	-- check for forbidden char sequences
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	62
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	63	-- replace =2D with , and =3D with =
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	64
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	65	-- apply SASLprep
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	66	return username;
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	67	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	68
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	69	local function scram_sha_1(self, message)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	70	if not self.state then self["state"] = {} end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	71
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	72	if not self.state.name then
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	73	-- we are processing client_first_message
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	74	self.state["name"] = string.match(client_first_message, "n=(.+),r=")
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	75	self.state["clientnonce"] = string.match(client_first_message, "r=([^,]+)")
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	76
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	77	self.state.name = validate_username(self.state.name);
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	78	if not self.state.name then
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	79	return "failure", "malformed-request";
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	80	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	81	else
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	82	-- we are processing client_final_message
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	83	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	84	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	85
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	86	function init(registerMechanism)
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	87	registerMechanism("SCRAM-SHA-1", {"plain"}, scram_sha_1);
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	88	end
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	89
41d42d253a1d Initial commit of SCRAM SASL mechanism. Tobias Markmann <tm@ayena.de> parents: diff changeset	90	return _M;