mirror
/
oragono
镜像自地址 https://github.com/oragono/oragono
关注 1
点赞 0
派生 0
代码 工单 0 版本发布 69 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
4758 提交
21 分支
目录树: 00255586cc
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '00255586cc'
${ noResults }
oragono/vendor/github.com/xdg-go/scram/client_conv.go

client_conv.go 4.0KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 
  1. // Copyright 2018 by David A. Golden. All rights reserved.

  2. //

  3. // Licensed under the Apache License, Version 2.0 (the "License"); you may

  4. // not use this file except in compliance with the License. You may obtain

  5. // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

  6. 

  7. package scram

  8. 

  9. import (

  10. 	"crypto/hmac"

  11. 	"encoding/base64"

  12. 	"errors"

  13. 	"fmt"

  14. 	"strings"

  15. )

  16. 

  17. type clientState int

  18. 

  19. const (

  20. 	clientStarting clientState = iota

  21. 	clientFirst

  22. 	clientFinal

  23. 	clientDone

  24. )

  25. 

  26. // ClientConversation implements the client-side of an authentication

  27. // conversation with a server.  A new conversation must be created for

  28. // each authentication attempt.

  29. type ClientConversation struct {

  30. 	client   *Client

  31. 	nonceGen NonceGeneratorFcn

  32. 	hashGen  HashGeneratorFcn

  33. 	minIters int

  34. 	state    clientState

  35. 	valid    bool

  36. 	gs2      string

  37. 	nonce    string

  38. 	c1b      string

  39. 	serveSig []byte

  40. }

  41. 

  42. // Step takes a string provided from a server (or just an empty string for the

  43. // very first conversation step) and attempts to move the authentication

  44. // conversation forward.  It returns a string to be sent to the server or an

  45. // error if the server message is invalid.  Calling Step after a conversation

  46. // completes is also an error.

  47. func (cc *ClientConversation) Step(challenge string) (response string, err error) {

  48. 	switch cc.state {

  49. 	case clientStarting:

  50. 		cc.state = clientFirst

  51. 		response, err = cc.firstMsg()

  52. 	case clientFirst:

  53. 		cc.state = clientFinal

  54. 		response, err = cc.finalMsg(challenge)

  55. 	case clientFinal:

  56. 		cc.state = clientDone

  57. 		response, err = cc.validateServer(challenge)

  58. 	default:

  59. 		response, err = "", errors.New("Conversation already completed")

  60. 	}

  61. 	return

  62. }

  63. 

  64. // Done returns true if the conversation is completed or has errored.

  65. func (cc *ClientConversation) Done() bool {

  66. 	return cc.state == clientDone

  67. }

  68. 

  69. // Valid returns true if the conversation successfully authenticated with the

  70. // server, including counter-validation that the server actually has the

  71. // user's stored credentials.

  72. func (cc *ClientConversation) Valid() bool {

  73. 	return cc.valid

  74. }

  75. 

  76. func (cc *ClientConversation) firstMsg() (string, error) {

  77. 	// Values are cached for use in final message parameters

  78. 	cc.gs2 = cc.gs2Header()

  79. 	cc.nonce = cc.client.nonceGen()

  80. 	cc.c1b = fmt.Sprintf("n=%s,r=%s", encodeName(cc.client.username), cc.nonce)

  81. 

  82. 	return cc.gs2 + cc.c1b, nil

  83. }

  84. 

  85. func (cc *ClientConversation) finalMsg(s1 string) (string, error) {

  86. 	msg, err := parseServerFirst(s1)

  87. 	if err != nil {

  88. 		return "", err

  89. 	}

  90. 

  91. 	// Check nonce prefix and update

  92. 	if !strings.HasPrefix(msg.nonce, cc.nonce) {

  93. 		return "", errors.New("server nonce did not extend client nonce")

  94. 	}

  95. 	cc.nonce = msg.nonce

  96. 

  97. 	// Check iteration count vs minimum

  98. 	if msg.iters < cc.minIters {

  99. 		return "", fmt.Errorf("server requested too few iterations (%d)", msg.iters)

  100. 	}

  101. 

  102. 	// Create client-final-message-without-proof

  103. 	c2wop := fmt.Sprintf(

  104. 		"c=%s,r=%s",

  105. 		base64.StdEncoding.EncodeToString([]byte(cc.gs2)),

  106. 		cc.nonce,

  107. 	)

  108. 

  109. 	// Create auth message

  110. 	authMsg := cc.c1b + "," + s1 + "," + c2wop

  111. 

  112. 	// Get derived keys from client cache

  113. 	dk := cc.client.getDerivedKeys(KeyFactors{Salt: string(msg.salt), Iters: msg.iters})

  114. 

  115. 	// Create proof as clientkey XOR clientsignature

  116. 	clientSignature := computeHMAC(cc.hashGen, dk.StoredKey, []byte(authMsg))

  117. 	clientProof := xorBytes(dk.ClientKey, clientSignature)

  118. 	proof := base64.StdEncoding.EncodeToString(clientProof)

  119. 

  120. 	// Cache ServerSignature for later validation

  121. 	cc.serveSig = computeHMAC(cc.hashGen, dk.ServerKey, []byte(authMsg))

  122. 

  123. 	return fmt.Sprintf("%s,p=%s", c2wop, proof), nil

  124. }

  125. 

  126. func (cc *ClientConversation) validateServer(s2 string) (string, error) {

  127. 	msg, err := parseServerFinal(s2)

  128. 	if err != nil {

  129. 		return "", err

  130. 	}

  131. 

  132. 	if len(msg.err) > 0 {

  133. 		return "", fmt.Errorf("server error: %s", msg.err)

  134. 	}

  135. 

  136. 	if !hmac.Equal(msg.verifier, cc.serveSig) {

  137. 		return "", errors.New("server validation failed")

  138. 	}

  139. 

  140. 	cc.valid = true

  141. 	return "", nil

  142. }

  143. 

  144. func (cc *ClientConversation) gs2Header() string {

  145. 	if cc.client.authzID == "" {

  146. 		return "n,,"

  147. 	}

  148. 	return fmt.Sprintf("n,%s,", encodeName(cc.client.authzID))

  149. }