Beispiel #1
0
def test_set_client_final(mech, x):
    server_signature = core._set_client_final(
        x["hf"],
        x["cfinal"],
        x["s_nonce"],
        b64dec(x["stored_key"]),
        b64dec(x["server_key"]),
        x["auth_message"],
        x["channel_binding"],
    )

    assert server_signature == x["server_signature"]
Beispiel #2
0
def _check_client_key(hf, stored_key, auth_msg, proof):
    client_signature = hmac(hf, stored_key, auth_msg)
    client_key = xor(client_signature, b64dec(proof))
    key = h(hf, client_key)

    if key != stored_key:
        raise ScramException("The client keys don't match.")
Beispiel #3
0
 def auth_fn(username):
     lookup = {
         USERNAME: m.make_auth_info(
             PASSWORD, salt=b64dec(x["salt"]), iteration_count=x["iterations"]
         )
     }
     return lookup[username]
Beispiel #4
0
def _get_client_final(hf, password, salt_str, iterations, nonce, auth_msg_str):
    salt = b64dec(salt_str)
    salted_password = _make_salted_password(hf, password, salt, iterations)
    client_key, stored_key, server_key = _c_key_stored_key_s_key(
        hf, salted_password)

    auth_msg = uenc(auth_msg_str)

    client_signature = hmac(hf, stored_key, auth_msg)
    client_proof = xor(client_key, client_signature)
    server_signature = hmac(hf, server_key, auth_msg)

    msg = ['c=' + b64enc(b'n,,'), 'r=' + nonce, 'p=' + b64enc(client_proof)]
    return b64enc(server_signature), ','.join(msg)
Beispiel #5
0
def _get_client_final(hf, password, salt_str, iterations, nonce, auth_msg_str,
                      cbind_data):
    salt = b64dec(salt_str)
    salted_password = _make_salted_password(hf, password, salt, iterations)
    client_key, stored_key, server_key = _c_key_stored_key_s_key(
        hf, salted_password)

    auth_msg = uenc(auth_msg_str)

    client_signature = hmac(hf, stored_key, auth_msg)
    client_proof = xor(client_key, client_signature)
    server_signature = hmac(hf, server_key, auth_msg)
    cbind_input = _make_cbind_input(cbind_data)
    msg = [
        "c=" + b64enc(cbind_input), "r=" + nonce, "p=" + b64enc(client_proof)
    ]
    return b64enc(server_signature), ",".join(msg)
Beispiel #6
0
def _set_client_final(
        hf, client_final, s_nonce, stored_key, server_key, auth_msg_str,
        cbind_data):
    auth_msg = uenc(auth_msg_str)

    msg = _parse_message(client_final)
    nonce = msg['r']
    proof = msg['p']
    channel_binding = msg['c']
    if not b64dec(channel_binding) == _make_cbind_input(cbind_data):
        raise ScramException("The channel bindings don't match.")

    if not nonce.endswith(s_nonce):
        raise ScramException("Server nonce doesn't match.")

    _check_client_key(hf, stored_key, auth_msg, proof)

    sig = hmac(hf, server_key, auth_msg)
    return b64enc(sig)
Beispiel #7
0
def _set_client_final(hf, client_final, s_nonce, stored_key, server_key,
                      auth_msg_str, cbind_data):
    auth_msg = uenc(auth_msg_str)

    msg = _parse_message(client_final)
    nonce = msg["r"]
    proof = msg["p"]
    channel_binding = msg["c"]
    if not b64dec(channel_binding) == _make_cbind_input(cbind_data):
        raise ScramException(
            "The channel bindings don't match.",
            SERVER_ERROR_CHANNEL_BINDINGS_DONT_MATCH,
        )

    if not nonce.endswith(s_nonce):
        raise ScramException("Server nonce doesn't match.",
                             SERVER_ERROR_OTHER_ERROR)

    _check_client_key(hf, stored_key, auth_msg, proof)

    sig = hmac(hf, server_key, auth_msg)
    return b64enc(sig)