Don Newton | 379ae25 | 2019-04-01 12:17:06 -0400 | [diff] [blame^] | 1 | // Copyright 2018 by David A. Golden. All rights reserved. |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 4 | // not use this file except in compliance with the License. You may obtain |
| 5 | // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 |
| 6 | |
| 7 | package scram |
| 8 | |
| 9 | import ( |
| 10 | "crypto/hmac" |
| 11 | "crypto/rand" |
| 12 | "encoding/base64" |
| 13 | "strings" |
| 14 | ) |
| 15 | |
| 16 | // NonceGeneratorFcn defines a function that returns a string of high-quality |
| 17 | // random printable ASCII characters EXCLUDING the comma (',') character. The |
| 18 | // default nonce generator provides Base64 encoding of 24 bytes from |
| 19 | // crypto/rand. |
| 20 | type NonceGeneratorFcn func() string |
| 21 | |
| 22 | // derivedKeys collects the three cryptographically derived values |
| 23 | // into one struct for caching. |
| 24 | type derivedKeys struct { |
| 25 | ClientKey []byte |
| 26 | StoredKey []byte |
| 27 | ServerKey []byte |
| 28 | } |
| 29 | |
| 30 | // KeyFactors represent the two server-provided factors needed to compute |
| 31 | // client credentials for authentication. Salt is decoded bytes (i.e. not |
| 32 | // base64), but in string form so that KeyFactors can be used as a map key for |
| 33 | // cached credentials. |
| 34 | type KeyFactors struct { |
| 35 | Salt string |
| 36 | Iters int |
| 37 | } |
| 38 | |
| 39 | // StoredCredentials are the values that a server must store for a given |
| 40 | // username to allow authentication. They include the salt and iteration |
| 41 | // count, plus the derived values to authenticate a client and for the server |
| 42 | // to authenticate itself back to the client. |
| 43 | // |
| 44 | // NOTE: these are specific to a given hash function. To allow a user to |
| 45 | // authenticate with either SCRAM-SHA-1 or SCRAM-SHA-256, two sets of |
| 46 | // StoredCredentials must be created and stored, one for each hash function. |
| 47 | type StoredCredentials struct { |
| 48 | KeyFactors |
| 49 | StoredKey []byte |
| 50 | ServerKey []byte |
| 51 | } |
| 52 | |
| 53 | // CredentialLookup is a callback to provide StoredCredentials for a given |
| 54 | // username. This is used to configure Server objects. |
| 55 | // |
| 56 | // NOTE: these are specific to a given hash function. The callback provided |
| 57 | // to a Server with a given hash function must provide the corresponding |
| 58 | // StoredCredentials. |
| 59 | type CredentialLookup func(string) (StoredCredentials, error) |
| 60 | |
| 61 | func defaultNonceGenerator() string { |
| 62 | raw := make([]byte, 24) |
| 63 | nonce := make([]byte, base64.StdEncoding.EncodedLen(len(raw))) |
| 64 | rand.Read(raw) |
| 65 | base64.StdEncoding.Encode(nonce, raw) |
| 66 | return string(nonce) |
| 67 | } |
| 68 | |
| 69 | func encodeName(s string) string { |
| 70 | return strings.Replace(strings.Replace(s, "=", "=3D", -1), ",", "=2C", -1) |
| 71 | } |
| 72 | |
| 73 | func decodeName(s string) (string, error) { |
| 74 | // TODO Check for = not followed by 2C or 3D |
| 75 | return strings.Replace(strings.Replace(s, "=2C", ",", -1), "=3D", "=", -1), nil |
| 76 | } |
| 77 | |
| 78 | func computeHash(hg HashGeneratorFcn, b []byte) []byte { |
| 79 | h := hg() |
| 80 | h.Write(b) |
| 81 | return h.Sum(nil) |
| 82 | } |
| 83 | |
| 84 | func computeHMAC(hg HashGeneratorFcn, key, data []byte) []byte { |
| 85 | mac := hmac.New(hg, key) |
| 86 | mac.Write(data) |
| 87 | return mac.Sum(nil) |
| 88 | } |
| 89 | |
| 90 | func xorBytes(a, b []byte) []byte { |
| 91 | // TODO check a & b are same length, or just xor to smallest |
| 92 | xor := make([]byte, len(a)) |
| 93 | for i := range a { |
| 94 | xor[i] = a[i] ^ b[i] |
| 95 | } |
| 96 | return xor |
| 97 | } |