From b73cbae8a5e49f7f3300e7c028e570ad8a58e46d Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Wed, 12 Jan 2011 21:29:37 +0100 Subject: Adding some code for channel binding advertising. --- util/sasl/scram.lua | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) (limited to 'util/sasl') diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 530ef5a0..fbe3547b 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -14,6 +14,7 @@ local s_match = string.match; local type = type local string = string +local tostring = tostring; local base64 = require "util.encodings".base64; local hmac_sha1 = require "util.hmac".sha1; local sha1 = require "util.hashes".sha1; @@ -110,6 +111,8 @@ function getAuthenticationDatabaseSHA1(password, salt, iteration_count) return true, stored_key, server_key end +local support_channel_binding = true; + local function scram_gen(hash_name, H_f, HMAC_f) local function scram_hash(self, message) if not self.state then self["state"] = {} end @@ -118,15 +121,26 @@ local function scram_gen(hash_name, H_f, HMAC_f) if not self.state.name then -- we are processing client_first_message local client_first_message = message; - + log("debug", client_first_message); -- TODO: fail if authzid is provided, since we don't support them yet self.state["client_first_message"] = client_first_message; - self.state["gs2_cbind_flag"], self.state["authzid"], self.state["name"], self.state["clientnonce"] - = client_first_message:match("^(%a),(.*),n=(.*),r=([^,]*).*"); + self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"] + = client_first_message:match("^(%a)=?([%a%-]*),(.*),n=(.*),r=([^,]*).*"); -- we don't do any channel binding yet - if self.state.gs2_cbind_flag ~= "n" and self.state.gs2_cbind_flag ~= "y" then - return "failure", "malformed-request"; + log("debug", "Decoded: cbind_flag: %s, cbind_name: %s, authzid: %s, name: %s, clientnonce: %s", tostring(self.state.gs2_cbind_flag), + tostring(self.state.gs2_cbind_name), + tostring(self.state.authzid), + tostring(self.state.name), + tostring(self.state.clientnonce)); + if support_channel_binding then + if string.sub(self.state.gs2_cbind_flag, 0, 1) == "y" then + return "failure", "malformed-request"; + end + else + if self.state.gs2_cbind_flag ~= "n" and self.state.gs2_cbind_flag ~= "y" then + return "failure", "malformed-request"; + end end if not self.state.name or not self.state.clientnonce then @@ -179,7 +193,7 @@ local function scram_gen(hash_name, H_f, HMAC_f) else -- we are processing client_final_message local client_final_message = message; - + log("debug", "client_final_message: %s", client_final_message); self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)"); if not self.state.proof or not self.state.nonce or not self.state.channelbinding then @@ -213,6 +227,9 @@ end function init(registerMechanism) local function registerSCRAMMechanism(hash_name, hash, hmac_hash) registerMechanism("SCRAM-"..hash_name, {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash)); + + -- register channel binding equivalent + registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash)); end registerSCRAMMechanism("SHA-1", sha1, hmac_sha1); -- cgit v1.2.3 From 1e72875d5263b9478b257b27a3784dcd7fc4dcc3 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Sat, 15 Jan 2011 17:59:15 +0100 Subject: Check whether we support the proposed channel binding type. --- util/sasl/scram.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'util/sasl') diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index fbe3547b..76e9c152 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -137,6 +137,11 @@ local function scram_gen(hash_name, H_f, HMAC_f) if string.sub(self.state.gs2_cbind_flag, 0, 1) == "y" then return "failure", "malformed-request"; end + + -- check whether we support the proposed channel binding type + if not self.profile.cb[self.state.gs2_cbind_name] then + return "failure", "malformed-request", "Proposed channel binding type isn't supported."; + end else if self.state.gs2_cbind_flag ~= "n" and self.state.gs2_cbind_flag ~= "y" then return "failure", "malformed-request"; -- cgit v1.2.3 From e7a197972565c5a0e3f1fa538c693f115ebdb7e8 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 17 Jan 2011 16:50:21 +0100 Subject: util.sasl.scram: Use self.profile.cb for detection whether channel binding is supported or not. --- util/sasl/scram.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'util/sasl') diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 76e9c152..cb50390d 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -111,12 +111,12 @@ function getAuthenticationDatabaseSHA1(password, salt, iteration_count) return true, stored_key, server_key end -local support_channel_binding = true; - local function scram_gen(hash_name, H_f, HMAC_f) local function scram_hash(self, message) if not self.state then self["state"] = {} end - + local support_channel_binding = false; + if self.profile.cb then support_channel_binding = true; end + if type(message) ~= "string" or #message == 0 then return "failure", "malformed-request" end if not self.state.name then -- we are processing client_first_message -- cgit v1.2.3 From 9e938f0e7c47c76bef0734195c4384e1239a087b Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 17 Jan 2011 16:50:21 +0100 Subject: util.sasl.scram: Validate channel binding data of client final message. --- util/sasl/scram.lua | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'util/sasl') diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index cb50390d..66cc941d 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -200,9 +200,18 @@ local function scram_gen(hash_name, H_f, HMAC_f) local client_final_message = message; log("debug", "client_final_message: %s", client_final_message); self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)"); - - if not self.state.proof or not self.state.nonce or not self.state.channelbinding then - return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; + + if self.state.gs2_cbind_name then + local client_gs2_header = base64.decode(self.state.channelbinding) + local our_client_gs2_header = "p="..self.state.gs2_cbind_name..","..self.state["authzid"]..","..self.profile.cb[self.state.gs2_cbind_name](self); + + if client_gs2_header ~= our_client_gs2_header then + return "failure", "malformed-request", "Invalid channel binding value."; + end + else + if not self.state.proof or not self.state.nonce or not self.state.channelbinding then + return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; + end end if self.state.nonce ~= self.state.clientnonce..self.state.servernonce then -- cgit v1.2.3 From dd1571b3905d0c388c78920c20bbaa15c709445f Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 17 Jan 2011 16:50:21 +0100 Subject: util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'. --- util/sasl/scram.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'util/sasl') diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 66cc941d..74854619 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -38,6 +38,10 @@ scram_{MECH}: function(username, realm) return stored_key, server_key, iteration_count, salt, state; end + +Supported Channel Binding Backends + +'tls-unique' according to RFC 5929 ]] local default_i = 4096 -- cgit v1.2.3 From bd085514c5801265370efd4d044cb8f992e67170 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 17 Jan 2011 16:50:21 +0100 Subject: util.sasl.scram: Remove some debugging output. --- util/sasl/scram.lua | 6 ------ 1 file changed, 6 deletions(-) (limited to 'util/sasl') diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 74854619..1b6d56c8 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -131,12 +131,6 @@ local function scram_gen(hash_name, H_f, HMAC_f) self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"] = client_first_message:match("^(%a)=?([%a%-]*),(.*),n=(.*),r=([^,]*).*"); - -- we don't do any channel binding yet - log("debug", "Decoded: cbind_flag: %s, cbind_name: %s, authzid: %s, name: %s, clientnonce: %s", tostring(self.state.gs2_cbind_flag), - tostring(self.state.gs2_cbind_name), - tostring(self.state.authzid), - tostring(self.state.name), - tostring(self.state.clientnonce)); if support_channel_binding then if string.sub(self.state.gs2_cbind_flag, 0, 1) == "y" then return "failure", "malformed-request"; -- cgit v1.2.3 From 051ca76fbe398f3e177386c212dafd78bc6ecbe4 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Sun, 6 Feb 2011 13:20:17 +0100 Subject: util.sasl.scram: Checking the GS2 header for valid start flag. --- util/sasl/scram.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'util/sasl') diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 1b6d56c8..19d0bf7b 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -131,6 +131,12 @@ local function scram_gen(hash_name, H_f, HMAC_f) self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"] = client_first_message:match("^(%a)=?([%a%-]*),(.*),n=(.*),r=([^,]*).*"); + -- check for invalid gs2_flag_type start + local gs2_flag_type == string.sub(self.state.gs2_cbind_flag, 0, 1) + if gs2_flag_type ~= "y" and gs2_flag_type ~= "n" and gs2_flag_type ~= "p" then + return "failure", "malformed-request", "The GS2 header has to start with 'y', 'n', or 'p'." + end + if support_channel_binding then if string.sub(self.state.gs2_cbind_flag, 0, 1) == "y" then return "failure", "malformed-request"; @@ -141,6 +147,7 @@ local function scram_gen(hash_name, H_f, HMAC_f) return "failure", "malformed-request", "Proposed channel binding type isn't supported."; end else + -- we don't support channelbinding, if self.state.gs2_cbind_flag ~= "n" and self.state.gs2_cbind_flag ~= "y" then return "failure", "malformed-request"; end -- cgit v1.2.3 From f575f1eb40aef2e7196badfe41d217b6f7fbf350 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Sun, 6 Feb 2011 13:39:32 +0100 Subject: sasl.util.scarm: Rearrage some code so it makes more sense. --- util/sasl/scram.lua | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'util/sasl') diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 19d0bf7b..ad26658b 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -132,7 +132,7 @@ local function scram_gen(hash_name, H_f, HMAC_f) = client_first_message:match("^(%a)=?([%a%-]*),(.*),n=(.*),r=([^,]*).*"); -- check for invalid gs2_flag_type start - local gs2_flag_type == string.sub(self.state.gs2_cbind_flag, 0, 1) + local gs2_flag_type = string.sub(self.state.gs2_cbind_flag, 0, 1) if gs2_flag_type ~= "y" and gs2_flag_type ~= "n" and gs2_flag_type ~= "p" then return "failure", "malformed-request", "The GS2 header has to start with 'y', 'n', or 'p'." end @@ -206,17 +206,18 @@ local function scram_gen(hash_name, H_f, HMAC_f) log("debug", "client_final_message: %s", client_final_message); self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)"); + if not self.state.proof or not self.state.nonce or not self.state.channelbinding then + return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; + end + if self.state.gs2_cbind_name then + -- we support channelbinding, so check if the value is valid local client_gs2_header = base64.decode(self.state.channelbinding) local our_client_gs2_header = "p="..self.state.gs2_cbind_name..","..self.state["authzid"]..","..self.profile.cb[self.state.gs2_cbind_name](self); if client_gs2_header ~= our_client_gs2_header then return "failure", "malformed-request", "Invalid channel binding value."; end - else - if not self.state.proof or not self.state.nonce or not self.state.channelbinding then - return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; - end end if self.state.nonce ~= self.state.clientnonce..self.state.servernonce then -- cgit v1.2.3 From 0a2715f365f2dc28c33933d486fecdb64daf7a89 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 7 Feb 2011 13:24:42 +0100 Subject: Only advertise mechanisms needing channel binding if a channel binding backend is avaliable. --- util/sasl/scram.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'util/sasl') diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index ad26658b..071de505 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -249,7 +249,7 @@ function init(registerMechanism) registerMechanism("SCRAM-"..hash_name, {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash)); -- register channel binding equivalent - registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash)); + registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash), {"tls-unique"}); end registerSCRAMMechanism("SHA-1", sha1, hmac_sha1); -- cgit v1.2.3