48 local username = "n=" .. value_safe(stream.username); |
48 local username = "n=" .. value_safe(stream.username); |
49 local c_nonce = base64(crypto.rand.bytes(15)); |
49 local c_nonce = base64(crypto.rand.bytes(15)); |
50 local nonce = "r=" .. c_nonce; |
50 local nonce = "r=" .. c_nonce; |
51 local client_first_message_bare = username .. "," .. nonce; |
51 local client_first_message_bare = username .. "," .. nonce; |
52 local cbind_data = ""; |
52 local cbind_data = ""; |
53 local gs2_cbind_flag = "n" -- TODO channel binding |
53 local gs2_cbind_flag = "y"; |
|
54 if name == "SCRAM-SHA-1-PLUS" then |
|
55 cbind_data = stream.conn:socket():getfinished(); |
|
56 gs2_cbind_flag = "p=tls-unique"; |
|
57 end |
54 local gs2_header = gs2_cbind_flag .. ",,"; |
58 local gs2_header = gs2_cbind_flag .. ",,"; |
55 local client_first_message = gs2_header .. client_first_message_bare; |
59 local client_first_message = gs2_header .. client_first_message_bare; |
56 local cont, server_first_message = coroutine.yield(client_first_message); |
60 local cont, server_first_message = coroutine.yield(client_first_message); |
57 if cont ~= "challenge" then return false end |
61 if cont ~= "challenge" then return false end |
58 |
62 |
96 |
100 |
97 return function (stream, mechanisms, preference, supported) |
101 return function (stream, mechanisms, preference, supported) |
98 if stream.username and (stream.password or (stream.client_key or stream.server_key)) then |
102 if stream.username and (stream.password or (stream.client_key or stream.server_key)) then |
99 mechanisms["SCRAM-SHA-1"] = scram; |
103 mechanisms["SCRAM-SHA-1"] = scram; |
100 preference["SCRAM-SHA-1"] = 99; |
104 preference["SCRAM-SHA-1"] = 99; |
101 -- TODO SCRAM-SHA-1-PLUS |
105 local sock = stream.conn:ssl() and stream.conn:socket(); |
|
106 if sock and sock.getfinished then |
|
107 mechanisms["SCRAM-SHA-1-PLUS"] = scram; |
|
108 preference["SCRAM-SHA-1-PLUS"] = 100 |
|
109 end |
102 end |
110 end |
103 end |
111 end |