diff options
author | Florian Zeitz <florob@babelmonkeys.de> | 2013-04-28 02:28:42 +0200 |
---|---|---|
committer | Florian Zeitz <florob@babelmonkeys.de> | 2013-04-28 02:28:42 +0200 |
commit | b6199cf81a4c1fd605a84be830e3ee5d8aff639b (patch) | |
tree | 902b97c09c14427e90b5c8b1bf056d54f1650397 /util | |
parent | 1dc0a831cfd7372d5d76c54bd897e93c198a3a37 (diff) | |
download | prosody-b6199cf81a4c1fd605a84be830e3ee5d8aff639b.tar.gz prosody-b6199cf81a4c1fd605a84be830e3ee5d8aff639b.zip |
util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Diffstat (limited to 'util')
-rw-r--r-- | util/sasl/scram.lua | 15 |
1 files changed, 2 insertions, 13 deletions
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 1ba12460..cf2f0ede 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -17,6 +17,7 @@ local string = string local base64 = require "util.encodings".base64; local hmac_sha1 = require "util.hashes".hmac_sha1; local sha1 = require "util.hashes".sha1; +local Hi = require "util.hashes".scram_Hi_sha1; local generate_uuid = require "util.uuid".generate; local saslprep = require "util.encodings".stringprep.saslprep; local nodeprep = require "util.encodings".stringprep.nodeprep; @@ -65,18 +66,6 @@ local function binaryXOR( a, b ) return t_concat(result); end --- hash algorithm independent Hi(PBKDF2) implementation -function Hi(hmac, str, salt, i) - local Ust = hmac(str, salt.."\0\0\0\1"); - local res = Ust; - for n=1,i-1 do - local Und = hmac(str, Ust) - res = binaryXOR(res, Und) - Ust = Und - end - return res -end - local function validate_username(username, _nodeprep) -- check for forbidden char sequences for eq in username:gmatch("=(.?.?)") do @@ -110,7 +99,7 @@ function getAuthenticationDatabaseSHA1(password, salt, iteration_count) if iteration_count < 4096 then log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.") end - local salted_password = Hi(hmac_sha1, password, salt, iteration_count); + local salted_password = Hi(password, salt, iteration_count); local stored_key = sha1(hmac_sha1(salted_password, "Client Key")) local server_key = hmac_sha1(salted_password, "Server Key"); return true, stored_key, server_key |