pike.git / lib / modules / Crypto.pmod / SCRAM.pike

version» Context lines:

pike.git/lib/modules/Crypto.pmod/SCRAM.pike:29:   }      private string(7bit) randomstring() {    return encode64(random_string(18));   }      private .MAC.State HMAC(string(8bit) key) {    return H->HMAC(key);   }    - private array proofsignature(string(8bit) salted_password) { + private string(7bit) clientproof(string(8bit) salted_password) {    .MAC.State hmacsaltedpw = HMAC(salted_password);    salted_password = hmacsaltedpw([string(8bit)]ClientKey); -  return ({ -  salted_password ^ HMAC(H->hash(salted_password))(first), -  HMAC(hmacsaltedpw([string(8bit)]ServerKey))(first) -  }); +  // Returns ServerSignature through nonce +  nonce = encode64(HMAC(hmacsaltedpw([string(8bit)]ServerKey))(first)); +  return encode64(salted_password ^ HMAC(H->hash(salted_password))(first));   }      //! Step 0 in the SCRAM handshake, prior to creating the object,   //! you need to have agreed with your peer on the hashfunction to be used.   //!   //! @param h   //! The hash object on which the SCRAM object should base its   //! operations. Typical input is @[Crypto.SHA256].   //!   //! @note
pike.git/lib/modules/Crypto.pmod/SCRAM.pike:155:    line = [string(8bit)]sprintf("c=biws,r=%s", r);    first = sprintf("%s,r=%s,s=%s,i=%d,%s", first[3..], r, salt, iters, line);    if (pass != "")    pass = Standards.IDNA.to_ascii(pass);    salt = MIME.decode_base64(salt);    nonce = [string(8bit)]sprintf("%s,%s,%d", pass, salt, iters);    if (!(r = .SCRAM_get_salted_password(H, nonce))) {    r = [string(8bit)]H->pbkdf2(pass, salt, iters, H->digest_size());    .SCRAM_set_salted_password(r, H, nonce);    } -  [salt, nonce] = proofsignature(r); +  salt = sprintf("%s,p=%s", line, clientproof(r));    first = 0; // Free memory -  salt = sprintf("%s,p=%s", line, encode64(salt)); +     } else    salt = 0;    return [string(7bit)]salt;   }      //! Final server-side step in the SCRAM handshake.   //!   //! @param line   //! The received client-final challenge and response from the client.   //!
pike.git/lib/modules/Crypto.pmod/SCRAM.pike:185:   //! the response was unparseable.   string(7bit) server_3(Stdio.Buffer|string(8bit) line,    string(8bit) salted_password) {    constant format = "c=biws,r=%s,p=%s";    string r, p;    if (!catch([r, p] = stringp(line)    ? array_sscanf([string]line, format)    : [array(string)](line->sscanf(format)))    && r == nonce) {    first += sprintf("c=biws,r=%s", r); -  [r, nonce] = proofsignature(salted_password); -  p = MIME.decode_base64(p) == r && sprintf("v=%s", encode64(nonce)); +  p = p == clientproof(salted_password) && sprintf("v=%s", nonce);    }    return [string(7bit)]p;   }      //! Final client-side step in the SCRAM handshake. If we get this far, the   //! server has already verified that we supplied the correct credentials.   //! If this step fails, it means the server does not have our   //! credentials at all and is an imposter.   //!   //! @param line   //! The received server-final verification response.   //!   //! @returns   //! True if the server is valid, false if the server is invalid.   int(0..1) client_3(Stdio.Buffer|string(8bit) line) {    constant format = "v=%s";    string v;    return !catch([v] = stringp(line)    ? array_sscanf([string]line, format)    : [array(string)](line->sscanf(format))) -  && MIME.decode_base64(v) == nonce; +  && v == nonce;   }