Commit graph

22 commits

Author SHA1 Message Date
jesopo
a7d3fd93fc hmac.digest -> hmac.new (the former is too new) (sasl.scram) 2019-02-15 01:21:39 +00:00
jesopo
460d56eb74 Never allow use of MD2 (sasl.scram) 2019-02-12 23:52:09 +00:00
jesopo
ac958384fe SCRAM doesn't need constant_time_compare, nonces prevent replay (scram.py) 2019-02-12 23:47:24 +00:00
jesopo
9667b8a6e0 Move constant-time compare function to utils.security 2019-02-12 11:57:49 +00:00
jesopo
305b998a52 Use hmac.compare_digest to do a constant-time compare (sasl.scram) 2019-02-12 11:50:37 +00:00
jesopo
7dd1eca7ae Don't use string concat when we're already using %s formatting (sasl.scram) 2019-02-06 23:04:26 +00:00
jesopo
65766a093a Add more comments, re-seperate out self._ variables and seperate some compound
function calls on to different lines for readability (sasl.scram)
2019-02-06 22:58:16 +00:00
jesopo
c77d8aaac8 Default error to "", _client_first/_salted_password/_auth_message to b""
(sasl.scram)
2019-02-06 22:36:25 +00:00
jesopo
1bac2f67de Add type hints to SCRAM ctor (sasl.scram) 2019-02-06 22:33:30 +00:00
jesopo
50a8de2792 Restrict scram algorithms to IANA Hash Function Textual Names (sasl.scram) 2019-02-06 22:28:50 +00:00
jesopo
4e3e782519 Remove pointless local auth_message variable (sasl.scram) 2019-02-06 22:00:23 +00:00
jesopo
bffd43648d uuid.uuid4() is not random enough for a nonce (sasl.scram) 2019-02-06 21:49:24 +00:00
jesopo
67252833c4 Remove pointless local salted_password variable (sasl.scram) 2019-02-06 21:19:25 +00:00
jesopo
cbdd8d6fc9 Remove pointless local assign of self._password (sasl.scram) 2019-02-06 21:16:55 +00:00
jesopo
90b540d5dc Add type annotations to scram util functions (sasl) 2019-02-06 21:05:20 +00:00
jesopo
c006435fa1 Set SCRAM state to just Failure if there's a server-final-message error (sasl) 2019-02-06 15:41:31 +00:00
jesopo
cfa590eef7 Handle error on server-final-message (sasl.scram) 2019-02-06 15:28:17 +00:00
jesopo
0004a8a59c Fix mypy linting issue with dict creation (scram.py) 2019-02-06 11:09:45 +00:00
jesopo
a7554b835e "+" as part of a SASL handshake is irc-specific so remove it from scram.py 2019-02-06 11:07:50 +00:00
jesopo
6b4bb7cdba Type annotate scram.py and don't pass base64 data to scram.py functions 2019-02-06 08:50:19 +00:00
jesopo
aa7aa17ec1 Split hash and hmac logic out to their own functions (sasl.scram) 2019-02-05 22:53:55 +00:00
jesopo
1fe20a2c98 Move sasl.py to a directory module and move SCRAM logic to a different file,
move `github/module.py` to `github/__init__.py`
2019-02-05 15:54:20 +00:00