vendor/github.com/xdg/scram/client.go - abstract-olt - Gitiles

 // Copyright 2018 by David A. Golden. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License"); you may
 // not use this file except in compliance with the License. You may obtain
 // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

 package scram

 import (
 	"sync"

 	"golang.org/x/crypto/pbkdf2"
 )

 // Client implements the client side of SCRAM authentication.  It holds
 // configuration values needed to initialize new client-side conversations for
 // a specific username, password and authorization ID tuple.  Client caches
 // the computationally-expensive parts of a SCRAM conversation as described in
 // RFC-5802.  If repeated authentication conversations may be required for a
 // user (e.g. disconnect/reconnect), the user's Client should be preserved.
 //
 // For security reasons, Clients have a default minimum PBKDF2 iteration count
 // of 4096.  If a server requests a smaller iteration count, an authentication
 // conversation will error.
 //
 // A Client can also be used by a server application to construct the hashed
 // authentication values to be stored for a new user.  See StoredCredentials()
 // for more.
 type Client struct {
 	sync.RWMutex
 	username string
 	password string
 	authzID  string
 	minIters int
 	nonceGen NonceGeneratorFcn
 	hashGen  HashGeneratorFcn
 	cache    map[KeyFactors]derivedKeys
 }

 func newClient(username, password, authzID string, fcn HashGeneratorFcn) *Client {
 	return &Client{
 		username: username,
 		password: password,
 		authzID:  authzID,
 		minIters: 4096,
 		nonceGen: defaultNonceGenerator,
 		hashGen:  fcn,
 		cache:    make(map[KeyFactors]derivedKeys),
 	}
 }

 // WithMinIterations changes minimum required PBKDF2 iteration count.
 func (c *Client) WithMinIterations(n int) *Client {
 	c.Lock()
 	defer c.Unlock()
 	c.minIters = n
 	return c
 }

 // WithNonceGenerator replaces the default nonce generator (base64 encoding of
 // 24 bytes from crypto/rand) with a custom generator.  This is provided for
 // testing or for users with custom nonce requirements.
 func (c *Client) WithNonceGenerator(ng NonceGeneratorFcn) *Client {
 	c.Lock()
 	defer c.Unlock()
 	c.nonceGen = ng
 	return c
 }

 // NewConversation constructs a client-side authentication conversation.
 // Conversations cannot be reused, so this must be called for each new
 // authentication attempt.
 func (c *Client) NewConversation() *ClientConversation {
 	c.RLock()
 	defer c.RUnlock()
 	return &ClientConversation{
 		client:   c,
 		nonceGen: c.nonceGen,
 		hashGen:  c.hashGen,
 		minIters: c.minIters,
 	}
 }

 func (c *Client) getDerivedKeys(kf KeyFactors) derivedKeys {
 	dk, ok := c.getCache(kf)
 	if !ok {
 		dk = c.computeKeys(kf)
 		c.setCache(kf, dk)
 	}
 	return dk
 }

 // GetStoredCredentials takes a salt and iteration count structure and
 // provides the values that must be stored by a server to authentication a
 // user.  These values are what the Server credential lookup function must
 // return for a given username.
 func (c *Client) GetStoredCredentials(kf KeyFactors) StoredCredentials {
 	dk := c.getDerivedKeys(kf)
 	return StoredCredentials{
 		KeyFactors: kf,
 		StoredKey:  dk.StoredKey,
 		ServerKey:  dk.ServerKey,
 	}
 }

 func (c *Client) computeKeys(kf KeyFactors) derivedKeys {
 	h := c.hashGen()
 	saltedPassword := pbkdf2.Key([]byte(c.password), []byte(kf.Salt), kf.Iters, h.Size(), c.hashGen)
 	clientKey := computeHMAC(c.hashGen, saltedPassword, []byte("Client Key"))

 	return derivedKeys{
 		ClientKey: clientKey,
 		StoredKey: computeHash(c.hashGen, clientKey),
 		ServerKey: computeHMAC(c.hashGen, saltedPassword, []byte("Server Key")),
 	}
 }

 func (c *Client) getCache(kf KeyFactors) (derivedKeys, bool) {
 	c.RLock()
 	defer c.RUnlock()
 	dk, ok := c.cache[kf]
 	return dk, ok
 }

 func (c *Client) setCache(kf KeyFactors, dk derivedKeys) {
 	c.Lock()
 	defer c.Unlock()
 	c.cache[kf] = dk
 	return
 }
	// Copyright 2018 by David A. Golden. All rights reserved.
	//
	// Licensed under the Apache License, Version 2.0 (the "License"); you may
	// not use this file except in compliance with the License. You may obtain
	// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

	package scram

	import (
	"sync"

	"golang.org/x/crypto/pbkdf2"
	)

	// Client implements the client side of SCRAM authentication. It holds
	// configuration values needed to initialize new client-side conversations for
	// a specific username, password and authorization ID tuple. Client caches
	// the computationally-expensive parts of a SCRAM conversation as described in
	// RFC-5802. If repeated authentication conversations may be required for a
	// user (e.g. disconnect/reconnect), the user's Client should be preserved.
	//
	// For security reasons, Clients have a default minimum PBKDF2 iteration count
	// of 4096. If a server requests a smaller iteration count, an authentication
	// conversation will error.
	//
	// A Client can also be used by a server application to construct the hashed
	// authentication values to be stored for a new user. See StoredCredentials()
	// for more.
	type Client struct {
	sync.RWMutex
	username string
	password string
	authzID string
	minIters int
	nonceGen NonceGeneratorFcn
	hashGen HashGeneratorFcn
	cache map[KeyFactors]derivedKeys
	}

	func newClient(username, password, authzID string, fcn HashGeneratorFcn) *Client {
	return &Client{
	username: username,
	password: password,
	authzID: authzID,
	minIters: 4096,
	nonceGen: defaultNonceGenerator,
	hashGen: fcn,
	cache: make(map[KeyFactors]derivedKeys),
	}
	}

	// WithMinIterations changes minimum required PBKDF2 iteration count.
	func (c Client) WithMinIterations(n int) Client {
	c.Lock()
	defer c.Unlock()
	c.minIters = n
	return c
	}

	// WithNonceGenerator replaces the default nonce generator (base64 encoding of
	// 24 bytes from crypto/rand) with a custom generator. This is provided for
	// testing or for users with custom nonce requirements.
	func (c Client) WithNonceGenerator(ng NonceGeneratorFcn) Client {
	c.Lock()
	defer c.Unlock()
	c.nonceGen = ng
	return c
	}

	// NewConversation constructs a client-side authentication conversation.
	// Conversations cannot be reused, so this must be called for each new
	// authentication attempt.
	func (c Client) NewConversation() ClientConversation {
	c.RLock()
	defer c.RUnlock()
	return &ClientConversation{
	client: c,
	nonceGen: c.nonceGen,
	hashGen: c.hashGen,
	minIters: c.minIters,
	}
	}

	func (c *Client) getDerivedKeys(kf KeyFactors) derivedKeys {
	dk, ok := c.getCache(kf)
	if !ok {
	dk = c.computeKeys(kf)
	c.setCache(kf, dk)
	}
	return dk
	}

	// GetStoredCredentials takes a salt and iteration count structure and
	// provides the values that must be stored by a server to authentication a
	// user. These values are what the Server credential lookup function must
	// return for a given username.
	func (c *Client) GetStoredCredentials(kf KeyFactors) StoredCredentials {
	dk := c.getDerivedKeys(kf)
	return StoredCredentials{
	KeyFactors: kf,
	StoredKey: dk.StoredKey,
	ServerKey: dk.ServerKey,
	}
	}

	func (c *Client) computeKeys(kf KeyFactors) derivedKeys {
	h := c.hashGen()
	saltedPassword := pbkdf2.Key([]byte(c.password), []byte(kf.Salt), kf.Iters, h.Size(), c.hashGen)
	clientKey := computeHMAC(c.hashGen, saltedPassword, []byte("Client Key"))

	return derivedKeys{
	ClientKey: clientKey,
	StoredKey: computeHash(c.hashGen, clientKey),
	ServerKey: computeHMAC(c.hashGen, saltedPassword, []byte("Server Key")),
	}
	}

	func (c *Client) getCache(kf KeyFactors) (derivedKeys, bool) {
	c.RLock()
	defer c.RUnlock()
	dk, ok := c.cache[kf]
	return dk, ok
	}

	func (c *Client) setCache(kf KeyFactors, dk derivedKeys) {
	c.Lock()
	defer c.Unlock()
	c.cache[kf] = dk
	return
	}