bitbot-3.11-fork/modules/sasl/scram.py

import base64, enum, hashlib, hmac, os, typing

# IANA Hash Function Textual Names
# https://tools.ietf.org/html/rfc5802#section-4
# https://www.iana.org/assignments/hash-function-text-names/
# MD2 has been removed as it's unacceptably weak
ALGORITHMS = [
    "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"]

SCRAM_ERRORS = [
    "invalid-encoding",
    "extensions-not-supported", # unrecognized 'm' value
    "invalid-proof",
    "channel-bindings-dont-match",
    "server-does-support-channel-binding",
    "channel-binding-not-supported",
    "unsupported-channel-binding-type",
    "unknown-user",
    "invalid-username-encoding", # invalid utf8 or bad SASLprep
    "no-resources",
    "other-error"
]

def _scram_nonce() -> bytes:
    return base64.b64encode(os.urandom(32))
def _scram_escape(s: bytes) -> bytes:
    return s.replace(b"=", b"=3D").replace(b",", b"=2C")
def _scram_unescape(s: bytes) -> bytes:
    return s.replace(b"=3D", b"=").replace(b"=2C", b",")
def _scram_xor(s1: bytes, s2: bytes) -> bytes:
    return bytes(a ^ b for a, b in zip(s1, s2))

class SCRAMState(enum.Enum):
    Uninitialised = 0
    ClientFirst = 1
    ClientFinal = 2
    Success = 3
    Failed = 4
    VerifyFailed = 5

class SCRAMError(Exception):
    pass

class SCRAM(object):
    def __init__(self, algo: str, username: str, password: str):
        if not algo in ALGORITHMS:
            raise ValueError("Unknown SCRAM algorithm '%s'" % algo)

        self._algo = algo.replace("-", "") # SHA-1 -> SHA1
        self._username = username.encode("utf8")
        self._password = password.encode("utf8")

        self.state = SCRAMState.Uninitialised
        self.error = ""
        self.raw_error = ""

        self._client_first = b""
        self._salted_password = b""
        self._auth_message = b""

    def _get_pieces(self, data: bytes) -> typing.Dict[bytes, bytes]:
        pieces = (piece.split(b"=", 1) for piece in data.split(b","))
        return dict((piece[0], piece[1]) for piece in pieces)

    def _hmac(self, key: bytes, msg: bytes) -> bytes:
        return hmac.new(key, msg, self._algo).digest()
    def _hash(self, msg: bytes) -> bytes:
        return hashlib.new(self._algo, msg).digest()

    def _constant_time_compare(self, b1: bytes, b2: bytes):
        return hmac.compare_digest(b1, b2)

    def client_first(self) -> bytes:
        self.state = SCRAMState.ClientFirst
        self._client_first = b"n=%s,r=%s" % (
            _scram_escape(self._username), _scram_nonce())

        # n,,n=<username>,r=<nonce>
        return b"n,,%s" % self._client_first

    def server_first(self, data: bytes) -> bytes:
        self.state = SCRAMState.ClientFinal

        pieces = self._get_pieces(data)
        nonce = pieces[b"r"] # server combines your nonce with it's own
        salt = base64.b64decode(pieces[b"s"]) # salt is b64encoded
        iterations = int(pieces[b"i"])

        salted_password = hashlib.pbkdf2_hmac(self._algo, self._password,
            salt, iterations, dklen=None)
        self._salted_password = salted_password

        client_key = self._hmac(salted_password, b"Client Key")
        stored_key = self._hash(client_key)

        channel = base64.b64encode(b"n,,")
        auth_noproof = b"c=%s,r=%s" % (channel, nonce)
        auth_message = b"%s,%s,%s" % (self._client_first, data, auth_noproof)
        self._auth_message = auth_message

        client_signature = self._hmac(stored_key, auth_message)
        client_proof_xor = _scram_xor(client_key, client_signature)
        client_proof = base64.b64encode(client_proof_xor)

        # c=<b64encode("n,,")>,r=<nonce>,p=<proof>
        return b"%s,p=%s" % (auth_noproof, client_proof)

    def server_final(self, data: bytes) -> bool:
        pieces = self._get_pieces(data)
        if b"e" in pieces:
            error = pieces[b"e"].decode("utf8")
            self.raw_error = error
            if error in SCRAM_ERRORS:
                self.error = error
            else:
                self.error = "other-error"

            self.state = SCRAMState.Failed
            return False

        verifier = base64.b64decode(pieces[b"v"])

        server_key = self._hmac(self._salted_password, b"Server Key")
        server_signature = self._hmac(server_key, self._auth_message)

        if server_signature == verifier:
            self.state = SCRAMState.Success
            return True
        else:
            self.state = SCRAMState.VerifyFailed
            return False
uuid.uuid4() is not random enough for a nonce (sasl.scram) 2019-02-06 21:49:24 +00:00			`import base64, enum, hashlib, hmac, os, typing`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
Restrict scram algorithms to IANA Hash Function Textual Names (sasl.scram) 2019-02-06 22:28:50 +00:00			`# IANA Hash Function Textual Names`
			`# https://tools.ietf.org/html/rfc5802#section-4`
			`# https://www.iana.org/assignments/hash-function-text-names/`
Never allow use of MD2 (sasl.scram) 2019-02-12 23:52:09 +00:00			`# MD2 has been removed as it's unacceptably weak`
Restrict scram algorithms to IANA Hash Function Textual Names (sasl.scram) 2019-02-06 22:28:50 +00:00			`ALGORITHMS = [`
Never allow use of MD2 (sasl.scram) 2019-02-12 23:52:09 +00:00			`"MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"]`
Restrict scram algorithms to IANA Hash Function Textual Names (sasl.scram) 2019-02-06 22:28:50 +00:00
SCRAM.error should be within standardised errors (put raw in self.raw_error) 2019-02-15 20:09:32 +00:00			`SCRAM_ERRORS = [`
			`"invalid-encoding",`
			`"extensions-not-supported", # unrecognized 'm' value`
			`"invalid-proof",`
			`"channel-bindings-dont-match",`
			`"server-does-support-channel-binding",`
			`"channel-binding-not-supported",`
			`"unsupported-channel-binding-type",`
			`"unknown-user",`
Typo in comment, 'of' -> 'or' (sasl.scram) 2019-02-15 20:12:13 +00:00			`"invalid-username-encoding", # invalid utf8 or bad SASLprep`
SCRAM.error should be within standardised errors (put raw in self.raw_error) 2019-02-15 20:09:32 +00:00			`"no-resources",`
			`"other-error"`
			`]`

Add type annotations to scram util functions (sasl) 2019-02-06 21:05:20 +00:00			`def _scram_nonce() -> bytes:`
uuid.uuid4() is not random enough for a nonce (sasl.scram) 2019-02-06 21:49:24 +00:00			`return base64.b64encode(os.urandom(32))`
Add type annotations to scram util functions (sasl) 2019-02-06 21:05:20 +00:00			`def _scram_escape(s: bytes) -> bytes:`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00			`return s.replace(b"=", b"=3D").replace(b",", b"=2C")`
Add type annotations to scram util functions (sasl) 2019-02-06 21:05:20 +00:00			`def _scram_unescape(s: bytes) -> bytes:`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00			`return s.replace(b"=3D", b"=").replace(b"=2C", b",")`
Add type annotations to scram util functions (sasl) 2019-02-06 21:05:20 +00:00			`def _scram_xor(s1: bytes, s2: bytes) -> bytes:`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00			`return bytes(a ^ b for a, b in zip(s1, s2))`

			`class SCRAMState(enum.Enum):`
			`Uninitialised = 0`
			`ClientFirst = 1`
			`ClientFinal = 2`
			`Success = 3`
Set SCRAM state to just `Failure` if there's a server-final-message error (sasl) 2019-02-06 15:41:31 +00:00			`Failed = 4`
			`VerifyFailed = 5`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
			`class SCRAMError(Exception):`
			`pass`

			`class SCRAM(object):`
Add type hints to SCRAM ctor (sasl.scram) 2019-02-06 22:33:30 +00:00			`def __init__(self, algo: str, username: str, password: str):`
Restrict scram algorithms to IANA Hash Function Textual Names (sasl.scram) 2019-02-06 22:28:50 +00:00			`if not algo in ALGORITHMS:`
			`raise ValueError("Unknown SCRAM algorithm '%s'" % algo)`

			`self._algo = algo.replace("-", "") # SHA-1 -> SHA1`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00			`self._username = username.encode("utf8")`
			`self._password = password.encode("utf8")`

			`self.state = SCRAMState.Uninitialised`
Default `error` to `""`, `_client_first`/`_salted_password`/`_auth_message` to `b""` (sasl.scram) 2019-02-06 22:36:25 +00:00			`self.error = ""`
SCRAM.error should be within standardised errors (put raw in self.raw_error) 2019-02-15 20:09:32 +00:00			`self.raw_error = ""`
Handle error on server-final-message (sasl.scram) 2019-02-06 15:28:17 +00:00
Default `error` to `""`, `_client_first`/`_salted_password`/`_auth_message` to `b""` (sasl.scram) 2019-02-06 22:36:25 +00:00			`self._client_first = b""`
			`self._salted_password = b""`
			`self._auth_message = b""`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
Type annotate scram.py and don't pass base64 data to scram.py functions 2019-02-06 08:50:19 +00:00			`def _get_pieces(self, data: bytes) -> typing.Dict[bytes, bytes]:`
Fix mypy linting issue with dict creation (scram.py) 2019-02-06 11:09:45 +00:00			`pieces = (piece.split(b"=", 1) for piece in data.split(b","))`
			`return dict((piece[0], piece[1]) for piece in pieces)`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
Type annotate scram.py and don't pass base64 data to scram.py functions 2019-02-06 08:50:19 +00:00			`def _hmac(self, key: bytes, msg: bytes) -> bytes:`
`hmac.digest` -> `hmac.new` (the former is too new) (sasl.scram) 2019-02-15 01:21:24 +00:00			`return hmac.new(key, msg, self._algo).digest()`
Type annotate scram.py and don't pass base64 data to scram.py functions 2019-02-06 08:50:19 +00:00			`def _hash(self, msg: bytes) -> bytes:`
Split hash and hmac logic out to their own functions (sasl.scram) 2019-02-05 22:53:55 +00:00			`return hashlib.new(self._algo, msg).digest()`

Use `hmac.compare_digest` to do a constant-time compare (sasl.scram) 2019-02-12 11:50:37 +00:00			`def _constant_time_compare(self, b1: bytes, b2: bytes):`
			`return hmac.compare_digest(b1, b2)`

Type annotate scram.py and don't pass base64 data to scram.py functions 2019-02-06 08:50:19 +00:00			`def client_first(self) -> bytes:`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00			`self.state = SCRAMState.ClientFirst`
			`self._client_first = b"n=%s,r=%s" % (`
			`_scram_escape(self._username), _scram_nonce())`
Add more comments, re-seperate out self._ variables and seperate some compound function calls on to different lines for readability (sasl.scram) 2019-02-06 22:58:16 +00:00
			`# n,,n=<username>,r=<nonce>`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00			`return b"n,,%s" % self._client_first`

Type annotate scram.py and don't pass base64 data to scram.py functions 2019-02-06 08:50:19 +00:00			`def server_first(self, data: bytes) -> bytes:`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00			`self.state = SCRAMState.ClientFinal`

Type annotate scram.py and don't pass base64 data to scram.py functions 2019-02-06 08:50:19 +00:00			`pieces = self._get_pieces(data)`
Add more comments, re-seperate out self._ variables and seperate some compound function calls on to different lines for readability (sasl.scram) 2019-02-06 22:58:16 +00:00			`nonce = pieces[b"r"] # server combines your nonce with it's own`
			`salt = base64.b64decode(pieces[b"s"]) # salt is b64encoded`
			`iterations = int(pieces[b"i"])`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
Add more comments, re-seperate out self._ variables and seperate some compound function calls on to different lines for readability (sasl.scram) 2019-02-06 22:58:16 +00:00			`salted_password = hashlib.pbkdf2_hmac(self._algo, self._password,`
			`salt, iterations, dklen=None)`
			`self._salted_password = salted_password`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
Add more comments, re-seperate out self._ variables and seperate some compound function calls on to different lines for readability (sasl.scram) 2019-02-06 22:58:16 +00:00			`client_key = self._hmac(salted_password, b"Client Key")`
Split hash and hmac logic out to their own functions (sasl.scram) 2019-02-05 22:53:55 +00:00			`stored_key = self._hash(client_key)`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
			`channel = base64.b64encode(b"n,,")`
			`auth_noproof = b"c=%s,r=%s" % (channel, nonce)`
Add more comments, re-seperate out self._ variables and seperate some compound function calls on to different lines for readability (sasl.scram) 2019-02-06 22:58:16 +00:00			`auth_message = b"%s,%s,%s" % (self._client_first, data, auth_noproof)`
			`self._auth_message = auth_message`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
Add more comments, re-seperate out self._ variables and seperate some compound function calls on to different lines for readability (sasl.scram) 2019-02-06 22:58:16 +00:00			`client_signature = self._hmac(stored_key, auth_message)`
			`client_proof_xor = _scram_xor(client_key, client_signature)`
			`client_proof = base64.b64encode(client_proof_xor)`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
Add more comments, re-seperate out self._ variables and seperate some compound function calls on to different lines for readability (sasl.scram) 2019-02-06 22:58:16 +00:00			`# c=<b64encode("n,,")>,r=<nonce>,p=<proof>`
Don't use string concat when we're already using %s formatting (sasl.scram) 2019-02-06 23:04:26 +00:00			`return b"%s,p=%s" % (auth_noproof, client_proof)`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
"+" as part of a SASL handshake is irc-specific so remove it from scram.py 2019-02-06 11:07:50 +00:00			`def server_final(self, data: bytes) -> bool:`
Type annotate scram.py and don't pass base64 data to scram.py functions 2019-02-06 08:50:19 +00:00			`pieces = self._get_pieces(data)`
Handle error on server-final-message (sasl.scram) 2019-02-06 15:28:17 +00:00			`if b"e" in pieces:`
SCRAM.error should be within standardised errors (put raw in self.raw_error) 2019-02-15 20:09:32 +00:00			`error = pieces[b"e"].decode("utf8")`
			`self.raw_error = error`
			`if error in SCRAM_ERRORS:`
			`self.error = error`
			`else:`
			`self.error = "other-error"`

Set SCRAM state to just `Failure` if there's a server-final-message error (sasl) 2019-02-06 15:41:31 +00:00			`self.state = SCRAMState.Failed`
Handle error on server-final-message (sasl.scram) 2019-02-06 15:28:17 +00:00			`return False`

Use `hmac.compare_digest` to do a constant-time compare (sasl.scram) 2019-02-12 11:50:37 +00:00			`verifier = base64.b64decode(pieces[b"v"])`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
Split hash and hmac logic out to their own functions (sasl.scram) 2019-02-05 22:53:55 +00:00			`server_key = self._hmac(self._salted_password, b"Server Key")`
			`server_signature = self._hmac(server_key, self._auth_message)`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00
SCRAM doesn't need constant_time_compare, nonces prevent replay (scram.py) 2019-02-12 23:47:24 +00:00			`if server_signature == verifier:`
Move sasl.py to a directory module and move SCRAM logic to a different file, move `github/module.py` to `github/__init__.py` 2019-02-05 15:54:20 +00:00			`self.state = SCRAMState.Success`
"+" as part of a SASL handshake is irc-specific so remove it from scram.py 2019-02-06 11:07:50 +00:00			`return True`
Use `hmac.compare_digest` to do a constant-time compare (sasl.scram) 2019-02-12 11:50:37 +00:00			`else:`
			`self.state = SCRAMState.VerifyFailed`
			`return False`