Split hash and hmac logic out to their own functions (sasl.scram)
This commit is contained in:
parent
5d51a283bb
commit
aa7aa17ec1
1 changed files with 10 additions and 7 deletions
|
@ -34,6 +34,11 @@ class SCRAM(object):
|
||||||
data = base64.b64decode(message)
|
data = base64.b64decode(message)
|
||||||
return data, dict(piece.split(b"=", 1) for piece in data.split(b","))
|
return data, dict(piece.split(b"=", 1) for piece in data.split(b","))
|
||||||
|
|
||||||
|
def _hmac(self, key, msg):
|
||||||
|
return hmac.digest(key, msg, self._algo)
|
||||||
|
def _hash(self, msg):
|
||||||
|
return hashlib.new(self._algo, msg).digest()
|
||||||
|
|
||||||
def client_first(self):
|
def client_first(self):
|
||||||
self.state = SCRAMState.ClientFirst
|
self.state = SCRAMState.ClientFirst
|
||||||
# start SCRAM handshake
|
# start SCRAM handshake
|
||||||
|
@ -55,15 +60,15 @@ class SCRAM(object):
|
||||||
int(iterations), dklen=None)
|
int(iterations), dklen=None)
|
||||||
self._salted_password = salted_password
|
self._salted_password = salted_password
|
||||||
|
|
||||||
client_key = hmac.digest(salted_password, b"Client Key", self._algo)
|
client_key = self._hmac(salted_password, b"Client Key")
|
||||||
stored_key = hashlib.new(self._algo, client_key).digest()
|
stored_key = self._hash(client_key)
|
||||||
|
|
||||||
channel = base64.b64encode(b"n,,")
|
channel = base64.b64encode(b"n,,")
|
||||||
auth_noproof = b"c=%s,r=%s" % (channel, nonce)
|
auth_noproof = b"c=%s,r=%s" % (channel, nonce)
|
||||||
auth_message = b"%s,%s,%s" % (self._client_first, data, auth_noproof)
|
auth_message = b"%s,%s,%s" % (self._client_first, data, auth_noproof)
|
||||||
self._auth_message = auth_message
|
self._auth_message = auth_message
|
||||||
|
|
||||||
client_signature = hmac.digest(stored_key, auth_message, self._algo)
|
client_signature = self._hmac(stored_key, auth_message)
|
||||||
client_proof = base64.b64encode(
|
client_proof = base64.b64encode(
|
||||||
_scram_xor(client_key, client_signature))
|
_scram_xor(client_key, client_signature))
|
||||||
|
|
||||||
|
@ -74,10 +79,8 @@ class SCRAM(object):
|
||||||
data, pieces = self._get_data(message)
|
data, pieces = self._get_data(message)
|
||||||
verifier = pieces[b"v"]
|
verifier = pieces[b"v"]
|
||||||
|
|
||||||
server_key = hmac.digest(self._salted_password, b"Server Key",
|
server_key = self._hmac(self._salted_password, b"Server Key")
|
||||||
self._algo)
|
server_signature = self._hmac(server_key, self._auth_message)
|
||||||
server_signature = hmac.digest(server_key, self._auth_message,
|
|
||||||
self._algo)
|
|
||||||
|
|
||||||
if server_signature != base64.b64decode(verifier):
|
if server_signature != base64.b64decode(verifier):
|
||||||
self.state = SCRAMState.VerifyFailed
|
self.state = SCRAMState.VerifyFailed
|
||||||
|
|
Loading…
Reference in a new issue