106 |
106 |
107 local function scram_gen(hash_name, H_f, HMAC_f) |
107 local function scram_gen(hash_name, H_f, HMAC_f) |
108 local function scram_hash(self, message) |
108 local function scram_hash(self, message) |
109 if not self.state then self["state"] = {} end |
109 if not self.state then self["state"] = {} end |
110 |
110 |
|
111 if type(message) ~= "string" or #message == 0 then return "failure", "malformed-request" end |
111 if not self.state.name then |
112 if not self.state.name then |
112 -- we are processing client_first_message |
113 -- we are processing client_first_message |
113 local client_first_message = message; |
114 local client_first_message = message; |
114 |
115 |
115 -- TODO: fail if authzid is provided, since we don't support them yet |
116 -- TODO: fail if authzid is provided, since we don't support them yet |
167 |
168 |
168 local server_first_message = "r="..self.state.clientnonce..self.state.servernonce..",s="..base64.encode(self.state.salt)..",i="..self.state.iteration_count; |
169 local server_first_message = "r="..self.state.clientnonce..self.state.servernonce..",s="..base64.encode(self.state.salt)..",i="..self.state.iteration_count; |
169 self.state["server_first_message"] = server_first_message; |
170 self.state["server_first_message"] = server_first_message; |
170 return "challenge", server_first_message |
171 return "challenge", server_first_message |
171 else |
172 else |
172 if type(message) ~= "string" then return "failure", "malformed-request" end |
|
173 -- we are processing client_final_message |
173 -- we are processing client_final_message |
174 local client_final_message = message; |
174 local client_final_message = message; |
175 |
175 |
176 self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)"); |
176 self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)"); |
177 |
177 |