Merge with Tobias.

2 files changed, 68 insertions, 38 deletions

diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index c07e2978..3007d565 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -14,7 +14,7 @@ local error = error;
 local ipairs = ipairs;
 local hashes = require "util.hashes";
 local jid_bare = require "util.jid".bare;
-local saltedPasswordSHA1 = require "util.sasl.scram".saltedPasswordSHA1;
+local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1;
 local config = require "core.configmanager";
 local usermanager = require "core.usermanager";
 local generate_uuid = require "util.uuid".generate;
@@ -22,6 +22,10 @@ local new_sasl = require "util.sasl".new;
 local nodeprep = require "util.encodings".stringprep.nodeprep;
 local hosts = hosts;
 
+-- TODO: remove these two lines in near future
+local hmac_sha1 = require "util.hmac".sha1;
+local sha1 = require "util.hashes".sha1;
+
 local prosody = _G.prosody;
 
 local is_cyrus = usermanager.is_cyrus;
@@ -52,11 +56,26 @@ function new_hashpass_provider(host)
 		if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then
 			return nil, "Auth failed. Stored salt and iteration count information is not complete.";
 		end
-
-		local valid, binpass = saltedPasswordSHA1(password, credentials.salt, credentials.iteration_count);
-		local hexpass = binpass:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
-
-		if valid and hexpass == credentials.hashpass then
+		
+		local valid, stored_key, server_key
+		
+		-- convert hexpass to stored_key and server_key
+		-- TODO: remove this in near future
+		if credentials.hashpass then
+			valid = true;
+			local salted_password = credentials.hashpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end);
+			credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key")):gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+			credentials.server_key = hmac_sha1(salted_password, "Server Key"):gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+			credentials.hashpass = nil
+			datamanager.store(username, host, "accounts", credentials);
+		end
+		
+		local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count);
+		
+		local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+		local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+		
+		if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key then
 			return true;
 		else
 			return nil, "Auth failed. Invalid username, password, or password hash information.";
@@ -67,17 +86,14 @@ function new_hashpass_provider(host)
 		if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end
 		local account = datamanager.load(username, host, "accounts");
 		if account then
-			if account.iteration_count == nil then
-				account.iteration_count = iteration_count;
-			end
-
-			if account.salt == nil then
-				account.salt = generate_uuid();
-			end
-
-			local valid, binpass = saltedPasswordSHA1(password, account.salt, account.iteration_count);
-			local hexpass = binpass:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
-			account.hashpass = hexpass;
+			account.salt = account.salt or generate_uuid();
+			account.iteration_count = account.iteration_count or iteration_count;
+			local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
+			local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+			local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+			
+			account.stored_key = stored_key_hex
+			account.server_key = server_key_hex
 
 			account.password = nil;
 			return datamanager.store(username, host, "accounts", account);
@@ -102,9 +118,10 @@ function new_hashpass_provider(host)
 	function provider.create_user(username, password)
 		if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end
 		local salt = generate_uuid();
-		local valid, binpass = saltedPasswordSHA1(password, salt, iteration_count);
-		local hexpass = binpass:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
-		return datamanager.store(username, host, "accounts", {hashpass = hexpass, salt = salt, iteration_count = iteration_count});
+		local valid, stored_key, server_key = saltedPasswordSHA1(password, salt, iteration_count);
+		local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+		local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+		return datamanager.store(username, host, "accounts", {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count});
 	end
 
 	function provider.get_sasl_handler()
@@ -124,9 +141,21 @@ function new_hashpass_provider(host)
 					usermanager.set_password(username, credentials.password, host);
 					credentials = datamanager.load(username, host, "accounts") or {};
 				end
-				local salted_password, iteration_count, salt = credentials.hashpass, credentials.iteration_count, credentials.salt;
-				salted_password = salted_password and salted_password:gsub("..", function(x) return string.char(tonumber(x, 16)); end);
-				return salted_password, iteration_count, salt, true;
+				
+				-- convert hexpass to stored_key and server_key
+				-- TODO: remove this in near future
+				if credentials.hashpass then
+					local salted_password = credentials.hashpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end);
+					credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key")):gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+					credentials.server_key = hmac_sha1(salted_password, "Server Key"):gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+					credentials.hashpass = nil
+					datamanager.store(username, host, "accounts", credentials);
+				end
+				
+				local stored_key, server_key, iteration_count, salt = credentials.stored_key, credentials.server_key, credentials.iteration_count, credentials.salt;
+				stored_key = stored_key and stored_key:gsub("..", function(x) return string.char(tonumber(x, 16)); end);
+				server_key = server_key and server_key:gsub("..", function(x) return string.char(tonumber(x, 16)); end);
+				return stored_key, server_key, iteration_count, salt, true;
 			end
 		};
 		return new_sasl(realm, testpass_authentication_profile);
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index c366a152..63f6f2fe 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -35,7 +35,7 @@ Supported Authentication Backends
 scram_{MECH}:
 	-- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_'
 	function(username, realm)
-		return salted_password, iteration_count, salt, state;
+		return stored_key, server_key, iteration_count, salt, state;
 	end
 ]]
 
@@ -97,16 +97,17 @@ local function hashprep(hashname)
 	return hashname:lower():gsub("-", "_");
 end
 
-function saltedPasswordSHA1(password, salt, iteration_count)
-	local salted_password
+function getAuthenticationDatabaseSHA1(password, salt, iteration_count)
 	if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then
 		return false, "inappropriate argument types"
 	end
 	if iteration_count < 4096 then
 		log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
 	end
-
-	return true, Hi(hmac_sha1, password, salt, iteration_count);
+	local salted_password = Hi(hmac_sha1, password, salt, iteration_count);
+	local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
+	local server_key = hmac_sha1(salted_password, "Server Key");
+	return true, stored_key, server_key
 end
 
 local function scram_gen(hash_name, H_f, HMAC_f)
@@ -156,17 +157,18 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 				self.state.iteration_count = default_i;
 
 				local succ = false;
-				succ, self.state.salted_password = saltedPasswordSHA1(password, self.state.salt, default_i, self.state.iteration_count);
+				succ, self.state.stored_key, self.state.server_key = getAuthenticationDatabaseSHA1(password, self.state.salt, default_i, self.state.iteration_count);
 				if not succ then
-					log("error", "Generating salted password failed. Reason: %s", self.state.salted_password);
+					log("error", "Generating authentication database failed. Reason: %s", self.state.stored_key);
 					return "failure", "temporary-auth-failure";
 				end
 			elseif self.profile["scram_"..hashprep(hash_name)] then
-				local salted_password, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self.state.name, self.realm);
+				local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self.state.name, self.realm);
 				if state == nil then return "failure", "not-authorized"
 				elseif state == false then return "failure", "account-disabled" end
 				
-				self.state.salted_password = salted_password;
+				self.state.stored_key = stored_key;
+				self.state.server_key = server_key;
 				self.state.iteration_count = iteration_count;
 				self.state.salt = salt
 			end
@@ -188,16 +190,15 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 				return "failure", "malformed-request", "Wrong nonce in client-final-message.";
 			end
 			
-			local SaltedPassword = self.state.salted_password;
-			local ClientKey = HMAC_f(SaltedPassword, "Client Key")
-			local ServerKey = HMAC_f(SaltedPassword, "Server Key")
-			local StoredKey = H_f(ClientKey)
+			local ServerKey = self.state.server_key;
+			local StoredKey = self.state.stored_key;
+			
 			local AuthMessage = "n=" .. s_match(self.state.client_first_message,"n=(.+)") .. "," .. self.state.server_first_message .. "," .. s_match(client_final_message, "(.+),p=.+")
 			local ClientSignature = HMAC_f(StoredKey, AuthMessage)
-			local ClientProof     = binaryXOR(ClientKey, ClientSignature)
+			local ClientKey = binaryXOR(ClientSignature, base64.decode(self.state.proof))
 			local ServerSignature = HMAC_f(ServerKey, AuthMessage)
 
-			if base64.encode(ClientProof) == self.state.proof then
+			if StoredKey == H_f(ClientKey) then
 				local server_final_message = "v="..base64.encode(ServerSignature);
 				self["username"] = self.state.name;
 				return "success", server_final_message;