diff options
Diffstat (limited to 'util/sasl')
| -rw-r--r-- | util/sasl/anonymous.lua | 7 | ||||
| -rw-r--r-- | util/sasl/digest-md5.lua | 1 | ||||
| -rw-r--r-- | util/sasl/external.lua | 1 | ||||
| -rw-r--r-- | util/sasl/plain.lua | 1 | ||||
| -rw-r--r-- | util/sasl/scram.lua | 24 |
5 files changed, 27 insertions, 7 deletions
diff --git a/util/sasl/anonymous.lua b/util/sasl/anonymous.lua index 6201db32..de98a5e2 100644 --- a/util/sasl/anonymous.lua +++ b/util/sasl/anonymous.lua @@ -12,9 +12,10 @@ -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -local generate_uuid = require "util.uuid".generate; +local generate_random_id = require "util.id".medium; local _ENV = nil; +-- luacheck: std none --========================= --SASL ANONYMOUS according to RFC 4505 @@ -28,10 +29,10 @@ anonymous: end ]] -local function anonymous(self, message) +local function anonymous(self, message) -- luacheck: ignore 212/message local username; repeat - username = generate_uuid(); + username = generate_random_id():lower(); until self.profile.anonymous(self, username, self.realm); self.username = username; return "success" diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua index 695dd2a3..7542a037 100644 --- a/util/sasl/digest-md5.lua +++ b/util/sasl/digest-md5.lua @@ -26,6 +26,7 @@ local generate_uuid = require "util.uuid".generate; local nodeprep = require "util.encodings".stringprep.nodeprep; local _ENV = nil; +-- luacheck: std none --========================= --SASL DIGEST-MD5 according to RFC 2831 diff --git a/util/sasl/external.lua b/util/sasl/external.lua index 5ba90190..ce50743e 100644 --- a/util/sasl/external.lua +++ b/util/sasl/external.lua @@ -1,6 +1,7 @@ local saslprep = require "util.encodings".stringprep.saslprep; local _ENV = nil; +-- luacheck: std none local function external(self, message) message = saslprep(message); diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua index cd59b1ac..00c6bd20 100644 --- a/util/sasl/plain.lua +++ b/util/sasl/plain.lua @@ -17,6 +17,7 @@ local nodeprep = require "util.encodings".stringprep.nodeprep; local log = require "util.logger".init("sasl"); local _ENV = nil; +-- luacheck: std none -- ================================ -- SASL PLAIN according to RFC 4616 diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 4e20dbb9..043f328b 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -26,6 +26,7 @@ local char = string.char; local byte = string.byte; local _ENV = nil; +-- luacheck: std none --========================= --SASL SCRAM-SHA-1 according to RFC 5802 @@ -46,7 +47,18 @@ Supported Channel Binding Backends local default_i = 4096 -local xor_map = {0;1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;1;0;3;2;5;4;7;6;9;8;11;10;13;12;15;14;2;3;0;1;6;7;4;5;10;11;8;9;14;15;12;13;3;2;1;0;7;6;5;4;11;10;9;8;15;14;13;12;4;5;6;7;0;1;2;3;12;13;14;15;8;9;10;11;5;4;7;6;1;0;3;2;13;12;15;14;9;8;11;10;6;7;4;5;2;3;0;1;14;15;12;13;10;11;8;9;7;6;5;4;3;2;1;0;15;14;13;12;11;10;9;8;8;9;10;11;12;13;14;15;0;1;2;3;4;5;6;7;9;8;11;10;13;12;15;14;1;0;3;2;5;4;7;6;10;11;8;9;14;15;12;13;2;3;0;1;6;7;4;5;11;10;9;8;15;14;13;12;3;2;1;0;7;6;5;4;12;13;14;15;8;9;10;11;4;5;6;7;0;1;2;3;13;12;15;14;9;8;11;10;5;4;7;6;1;0;3;2;14;15;12;13;10;11;8;9;6;7;4;5;2;3;0;1;15;14;13;12;11;10;9;8;7;6;5;4;3;2;1;0;}; +local xor_map = { + 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,1,0,3,2,5,4,7,6,9,8,11,10, + 13,12,15,14,2,3,0,1,6,7,4,5,10,11,8,9,14,15,12,13,3,2,1,0,7,6,5, + 4,11,10,9,8,15,14,13,12,4,5,6,7,0,1,2,3,12,13,14,15,8,9,10,11,5, + 4,7,6,1,0,3,2,13,12,15,14,9,8,11,10,6,7,4,5,2,3,0,1,14,15,12,13, + 10,11,8,9,7,6,5,4,3,2,1,0,15,14,13,12,11,10,9,8,8,9,10,11,12,13, + 14,15,0,1,2,3,4,5,6,7,9,8,11,10,13,12,15,14,1,0,3,2,5,4,7,6,10, + 11,8,9,14,15,12,13,2,3,0,1,6,7,4,5,11,10,9,8,15,14,13,12,3,2,1, + 0,7,6,5,4,12,13,14,15,8,9,10,11,4,5,6,7,0,1,2,3,13,12,15,14,9,8, + 11,10,5,4,7,6,1,0,3,2,14,15,12,13,10,11,8,9,6,7,4,5,2,3,0,1,15, + 14,13,12,11,10,9,8,7,6,5,4,3,2,1,0, +}; local result = {}; local function binaryXOR( a, b ) @@ -148,7 +160,7 @@ local function scram_gen(hash_name, H_f, HMAC_f) end self.username = username; - -- retreive credentials + -- retrieve credentials local stored_key, server_key, salt, iteration_count; if self.profile.plain then local password, status = self.profile.plain(self, username, self.realm) @@ -237,10 +249,14 @@ end local function init(registerMechanism) local function registerSCRAMMechanism(hash_name, hash, hmac_hash) - registerMechanism("SCRAM-"..hash_name, {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash)); + registerMechanism("SCRAM-"..hash_name, + {"plain", "scram_"..(hashprep(hash_name))}, + scram_gen(hash_name:lower(), hash, hmac_hash)); -- register channel binding equivalent - registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash), {"tls-unique"}); + registerMechanism("SCRAM-"..hash_name.."-PLUS", + {"plain", "scram_"..(hashprep(hash_name))}, + scram_gen(hash_name:lower(), hash, hmac_hash), {"tls-unique"}); end registerSCRAMMechanism("SHA-1", sha1, hmac_sha1); |