changeset
util.sasl.scram: Add support for authenticating with pre-hashed password
Fri, 07 Apr 2017 19:35:44 +0200
- author
- Kim Alvefur <zash@zash.se>
- date
- Fri, 07 Apr 2017 19:35:44 +0200
- changeset 407
- c99db5172309
- parent 406
- 3c732f1d990c
- child 408
- 635cbd979d7b
util.sasl.scram: Add support for authenticating with pre-hashed password
| util/sasl/scram.lua | file | annotate | diff | comparison | revisions |
--- a/util/sasl/scram.lua Sat Jun 04 13:37:06 2016 +0200 +++ b/util/sasl/scram.lua Fri Apr 07 19:35:44 2017 +0200 @@ -66,13 +66,27 @@ local channel_binding = "c=" .. base64(cbind_input); local client_final_message_without_proof = channel_binding .. "," .. nonce; - local SaltedPassword = Hi(Normalize(stream.password), salt, i); - local ClientKey = HMAC(SaltedPassword, "Client Key"); + local SaltedPassword; + local ClientKey; + local ServerKey; + + if stream.client_key and stream.server_key then + ClientKey = stream.client_key; + ServerKey = stream.server_key; + else + if stream.salted_password then + SaltedPassword = stream.salted_password; + elseif stream.password then + SaltedPassword = Hi(Normalize(stream.password), salt, i); + end + ServerKey = HMAC(SaltedPassword, "Server Key"); + ClientKey = HMAC(SaltedPassword, "Client Key"); + end + local StoredKey = H(ClientKey); local AuthMessage = client_first_message_bare .. "," .. server_first_message .. "," .. client_final_message_without_proof; local ClientSignature = HMAC(StoredKey, AuthMessage); local ClientProof = XOR(ClientKey, ClientSignature); - local ServerKey = HMAC(SaltedPassword, "Server Key"); local ServerSignature = HMAC(ServerKey, AuthMessage); local proof = "p=" .. base64(ClientProof);
