Add more comments, re-seperate out self._ variables and seperate some compound
function calls on to different lines for readability (sasl.scram)
This commit is contained in:
jesopo
parent
f94f233eb3
commit
65766a093a
1 changed files with 15 additions and 11 deletions
|
|
@ -55,31 +55,35 @@ class SCRAM(object):
|
||||||
self.state = SCRAMState.ClientFirst
|
self.state = SCRAMState.ClientFirst
|
||||||
self._client_first = b"n=%s,r=%s" % (
|
self._client_first = b"n=%s,r=%s" % (
|
||||||
_scram_escape(self._username), _scram_nonce())
|
_scram_escape(self._username), _scram_nonce())
|
||||||
|
|
||||||
|
# n,,n=<username>,r=<nonce>
|
||||||
return b"n,,%s" % self._client_first
|
return b"n,,%s" % self._client_first
|
||||||
|
|
||||||
def server_first(self, data: bytes) -> bytes:
|
def server_first(self, data: bytes) -> bytes:
|
||||||
self.state = SCRAMState.ClientFinal
|
self.state = SCRAMState.ClientFinal
|
||||||
|
|
||||||
pieces = self._get_pieces(data)
|
pieces = self._get_pieces(data)
|
||||||
nonce = pieces[b"r"]
|
nonce = pieces[b"r"] # server combines your nonce with it's own
|
||||||
salt = base64.b64decode(pieces[b"s"])
|
salt = base64.b64decode(pieces[b"s"]) # salt is b64encoded
|
||||||
iterations = pieces[b"i"]
|
iterations = int(pieces[b"i"])
|
||||||
|
|
||||||
self._salted_password = hashlib.pbkdf2_hmac(self._algo, self._password,
|
salted_password = hashlib.pbkdf2_hmac(self._algo, self._password,
|
||||||
salt, int(iterations), dklen=None)
|
salt, iterations, dklen=None)
|
||||||
|
self._salted_password = salted_password
|
||||||
|
|
||||||
client_key = self._hmac(self._salted_password, b"Client Key")
|
client_key = self._hmac(salted_password, b"Client Key")
|
||||||
stored_key = self._hash(client_key)
|
stored_key = self._hash(client_key)
|
||||||
|
|
||||||
channel = base64.b64encode(b"n,,")
|
channel = base64.b64encode(b"n,,")
|
||||||
auth_noproof = b"c=%s,r=%s" % (channel, nonce)
|
auth_noproof = b"c=%s,r=%s" % (channel, nonce)
|
||||||
self._auth_message = b"%s,%s,%s" % (
|
auth_message = b"%s,%s,%s" % (self._client_first, data, auth_noproof)
|
||||||
self._client_first, data, auth_noproof)
|
self._auth_message = auth_message
|
||||||
|
|
||||||
client_signature = self._hmac(stored_key, self._auth_message)
|
client_signature = self._hmac(stored_key, auth_message)
|
||||||
client_proof = base64.b64encode(
|
client_proof_xor = _scram_xor(client_key, client_signature)
|
||||||
_scram_xor(client_key, client_signature))
|
client_proof = base64.b64encode(client_proof_xor)
|
||||||
|
|
||||||
|
# c=<b64encode("n,,")>,r=<nonce>,p=<proof>
|
||||||
return auth_noproof + (b",p=%s" % client_proof)
|
return auth_noproof + (b",p=%s" % client_proof)
|
||||||
|
|
||||||
def server_final(self, data: bytes) -> bool:
|
def server_final(self, data: bytes) -> bool:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue