2019-02-06 21:49:24 +00:00
|
|
|
import base64, enum, hashlib, hmac, os, typing
|
2019-02-05 15:54:20 +00:00
|
|
|
|
2019-02-06 22:28:50 +00:00
|
|
|
# IANA Hash Function Textual Names
|
|
|
|
# https://tools.ietf.org/html/rfc5802#section-4
|
|
|
|
# https://www.iana.org/assignments/hash-function-text-names/
|
2019-02-12 23:52:09 +00:00
|
|
|
# MD2 has been removed as it's unacceptably weak
|
2019-02-06 22:28:50 +00:00
|
|
|
ALGORITHMS = [
|
2019-02-12 23:52:09 +00:00
|
|
|
"MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"]
|
2019-02-06 22:28:50 +00:00
|
|
|
|
2019-02-15 20:09:32 +00:00
|
|
|
SCRAM_ERRORS = [
|
|
|
|
"invalid-encoding",
|
|
|
|
"extensions-not-supported", # unrecognized 'm' value
|
|
|
|
"invalid-proof",
|
|
|
|
"channel-bindings-dont-match",
|
|
|
|
"server-does-support-channel-binding",
|
|
|
|
"channel-binding-not-supported",
|
|
|
|
"unsupported-channel-binding-type",
|
|
|
|
"unknown-user",
|
2019-02-15 20:12:13 +00:00
|
|
|
"invalid-username-encoding", # invalid utf8 or bad SASLprep
|
2019-02-24 09:04:42 +00:00
|
|
|
"no-resources"
|
2019-02-15 20:09:32 +00:00
|
|
|
]
|
|
|
|
|
2019-02-06 21:05:20 +00:00
|
|
|
def _scram_nonce() -> bytes:
|
2019-02-06 21:49:24 +00:00
|
|
|
return base64.b64encode(os.urandom(32))
|
2019-02-06 21:05:20 +00:00
|
|
|
def _scram_escape(s: bytes) -> bytes:
|
2019-02-05 15:54:20 +00:00
|
|
|
return s.replace(b"=", b"=3D").replace(b",", b"=2C")
|
2019-02-06 21:05:20 +00:00
|
|
|
def _scram_unescape(s: bytes) -> bytes:
|
2019-02-05 15:54:20 +00:00
|
|
|
return s.replace(b"=3D", b"=").replace(b"=2C", b",")
|
2019-02-06 21:05:20 +00:00
|
|
|
def _scram_xor(s1: bytes, s2: bytes) -> bytes:
|
2019-02-05 15:54:20 +00:00
|
|
|
return bytes(a ^ b for a, b in zip(s1, s2))
|
|
|
|
|
|
|
|
class SCRAMState(enum.Enum):
|
|
|
|
Uninitialised = 0
|
|
|
|
ClientFirst = 1
|
|
|
|
ClientFinal = 2
|
|
|
|
Success = 3
|
2019-02-06 15:41:31 +00:00
|
|
|
Failed = 4
|
|
|
|
VerifyFailed = 5
|
2019-02-05 15:54:20 +00:00
|
|
|
|
|
|
|
class SCRAMError(Exception):
|
|
|
|
pass
|
|
|
|
|
|
|
|
class SCRAM(object):
|
2019-02-06 22:33:30 +00:00
|
|
|
def __init__(self, algo: str, username: str, password: str):
|
2019-02-06 22:28:50 +00:00
|
|
|
if not algo in ALGORITHMS:
|
|
|
|
raise ValueError("Unknown SCRAM algorithm '%s'" % algo)
|
|
|
|
|
|
|
|
self._algo = algo.replace("-", "") # SHA-1 -> SHA1
|
2019-02-05 15:54:20 +00:00
|
|
|
self._username = username.encode("utf8")
|
|
|
|
self._password = password.encode("utf8")
|
|
|
|
|
|
|
|
self.state = SCRAMState.Uninitialised
|
2019-02-06 22:36:25 +00:00
|
|
|
self.error = ""
|
2019-02-15 20:09:32 +00:00
|
|
|
self.raw_error = ""
|
2019-02-06 15:28:17 +00:00
|
|
|
|
2019-02-06 22:36:25 +00:00
|
|
|
self._client_first = b""
|
|
|
|
self._salted_password = b""
|
|
|
|
self._auth_message = b""
|
2019-02-05 15:54:20 +00:00
|
|
|
|
2019-02-06 08:50:19 +00:00
|
|
|
def _get_pieces(self, data: bytes) -> typing.Dict[bytes, bytes]:
|
2019-02-06 11:09:45 +00:00
|
|
|
pieces = (piece.split(b"=", 1) for piece in data.split(b","))
|
|
|
|
return dict((piece[0], piece[1]) for piece in pieces)
|
2019-02-05 15:54:20 +00:00
|
|
|
|
2019-02-06 08:50:19 +00:00
|
|
|
def _hmac(self, key: bytes, msg: bytes) -> bytes:
|
2019-02-15 01:21:24 +00:00
|
|
|
return hmac.new(key, msg, self._algo).digest()
|
2019-02-06 08:50:19 +00:00
|
|
|
def _hash(self, msg: bytes) -> bytes:
|
2019-02-05 22:53:55 +00:00
|
|
|
return hashlib.new(self._algo, msg).digest()
|
|
|
|
|
2019-02-12 11:50:37 +00:00
|
|
|
def _constant_time_compare(self, b1: bytes, b2: bytes):
|
|
|
|
return hmac.compare_digest(b1, b2)
|
|
|
|
|
2019-02-06 08:50:19 +00:00
|
|
|
def client_first(self) -> bytes:
|
2019-02-05 15:54:20 +00:00
|
|
|
self.state = SCRAMState.ClientFirst
|
|
|
|
self._client_first = b"n=%s,r=%s" % (
|
|
|
|
_scram_escape(self._username), _scram_nonce())
|
2019-02-06 22:58:16 +00:00
|
|
|
|
|
|
|
# n,,n=<username>,r=<nonce>
|
2019-02-05 15:54:20 +00:00
|
|
|
return b"n,,%s" % self._client_first
|
|
|
|
|
2019-02-06 08:50:19 +00:00
|
|
|
def server_first(self, data: bytes) -> bytes:
|
2019-02-05 15:54:20 +00:00
|
|
|
self.state = SCRAMState.ClientFinal
|
|
|
|
|
2019-02-06 08:50:19 +00:00
|
|
|
pieces = self._get_pieces(data)
|
2019-02-06 22:58:16 +00:00
|
|
|
nonce = pieces[b"r"] # server combines your nonce with it's own
|
|
|
|
salt = base64.b64decode(pieces[b"s"]) # salt is b64encoded
|
|
|
|
iterations = int(pieces[b"i"])
|
2019-02-05 15:54:20 +00:00
|
|
|
|
2019-02-06 22:58:16 +00:00
|
|
|
salted_password = hashlib.pbkdf2_hmac(self._algo, self._password,
|
|
|
|
salt, iterations, dklen=None)
|
|
|
|
self._salted_password = salted_password
|
2019-02-05 15:54:20 +00:00
|
|
|
|
2019-02-06 22:58:16 +00:00
|
|
|
client_key = self._hmac(salted_password, b"Client Key")
|
2019-02-05 22:53:55 +00:00
|
|
|
stored_key = self._hash(client_key)
|
2019-02-05 15:54:20 +00:00
|
|
|
|
|
|
|
channel = base64.b64encode(b"n,,")
|
|
|
|
auth_noproof = b"c=%s,r=%s" % (channel, nonce)
|
2019-02-06 22:58:16 +00:00
|
|
|
auth_message = b"%s,%s,%s" % (self._client_first, data, auth_noproof)
|
|
|
|
self._auth_message = auth_message
|
2019-02-05 15:54:20 +00:00
|
|
|
|
2019-02-06 22:58:16 +00:00
|
|
|
client_signature = self._hmac(stored_key, auth_message)
|
|
|
|
client_proof_xor = _scram_xor(client_key, client_signature)
|
|
|
|
client_proof = base64.b64encode(client_proof_xor)
|
2019-02-05 15:54:20 +00:00
|
|
|
|
2019-02-06 22:58:16 +00:00
|
|
|
# c=<b64encode("n,,")>,r=<nonce>,p=<proof>
|
2019-02-06 23:04:26 +00:00
|
|
|
return b"%s,p=%s" % (auth_noproof, client_proof)
|
2019-02-05 15:54:20 +00:00
|
|
|
|
2019-02-06 11:07:50 +00:00
|
|
|
def server_final(self, data: bytes) -> bool:
|
2019-02-06 08:50:19 +00:00
|
|
|
pieces = self._get_pieces(data)
|
2019-02-06 15:28:17 +00:00
|
|
|
if b"e" in pieces:
|
2019-02-15 20:09:32 +00:00
|
|
|
error = pieces[b"e"].decode("utf8")
|
|
|
|
self.raw_error = error
|
|
|
|
if error in SCRAM_ERRORS:
|
|
|
|
self.error = error
|
|
|
|
else:
|
|
|
|
self.error = "other-error"
|
|
|
|
|
2019-02-06 15:41:31 +00:00
|
|
|
self.state = SCRAMState.Failed
|
2019-02-06 15:28:17 +00:00
|
|
|
return False
|
|
|
|
|
2019-02-12 11:50:37 +00:00
|
|
|
verifier = base64.b64decode(pieces[b"v"])
|
2019-02-05 15:54:20 +00:00
|
|
|
|
2019-02-05 22:53:55 +00:00
|
|
|
server_key = self._hmac(self._salted_password, b"Server Key")
|
|
|
|
server_signature = self._hmac(server_key, self._auth_message)
|
2019-02-05 15:54:20 +00:00
|
|
|
|
2019-02-12 23:47:24 +00:00
|
|
|
if server_signature == verifier:
|
2019-02-05 15:54:20 +00:00
|
|
|
self.state = SCRAMState.Success
|
2019-02-06 11:07:50 +00:00
|
|
|
return True
|
2019-02-12 11:50:37 +00:00
|
|
|
else:
|
|
|
|
self.state = SCRAMState.VerifyFailed
|
|
|
|
return False
|