Add more comments, re-seperate out self._ variables and seperate some compound

function calls on to different lines for readability (sasl.scram)
This commit is contained in:
jesopo 2019-02-06 22:58:16 +00:00
parent f94f233eb3
commit 65766a093a

View file

@ -55,31 +55,35 @@ class SCRAM(object):
self.state = SCRAMState.ClientFirst
self._client_first = b"n=%s,r=%s" % (
_scram_escape(self._username), _scram_nonce())
# n,,n=<username>,r=<nonce>
return b"n,,%s" % self._client_first
def server_first(self, data: bytes) -> bytes:
self.state = SCRAMState.ClientFinal
pieces = self._get_pieces(data)
nonce = pieces[b"r"]
salt = base64.b64decode(pieces[b"s"])
iterations = pieces[b"i"]
nonce = pieces[b"r"] # server combines your nonce with it's own
salt = base64.b64decode(pieces[b"s"]) # salt is b64encoded
iterations = int(pieces[b"i"])
self._salted_password = hashlib.pbkdf2_hmac(self._algo, self._password,
salt, int(iterations), dklen=None)
salted_password = hashlib.pbkdf2_hmac(self._algo, self._password,
salt, iterations, dklen=None)
self._salted_password = salted_password
client_key = self._hmac(self._salted_password, b"Client Key")
client_key = self._hmac(salted_password, b"Client Key")
stored_key = self._hash(client_key)
channel = base64.b64encode(b"n,,")
auth_noproof = b"c=%s,r=%s" % (channel, nonce)
self._auth_message = b"%s,%s,%s" % (
self._client_first, data, auth_noproof)
auth_message = b"%s,%s,%s" % (self._client_first, data, auth_noproof)
self._auth_message = auth_message
client_signature = self._hmac(stored_key, self._auth_message)
client_proof = base64.b64encode(
_scram_xor(client_key, client_signature))
client_signature = self._hmac(stored_key, auth_message)
client_proof_xor = _scram_xor(client_key, client_signature)
client_proof = base64.b64encode(client_proof_xor)
# c=<b64encode("n,,")>,r=<nonce>,p=<proof>
return auth_noproof + (b",p=%s" % client_proof)
def server_final(self, data: bytes) -> bool: