def _get_client_final(hf, password, salt_str, iterations, nonce, auth_msg_str):
salt = b64dec(salt_str)
salted_password = _make_salted_password(hf, password, salt, iterations)
client_key, stored_key, server_key = _c_key_stored_key_s_key(
hf, salted_password)
auth_msg = uenc(auth_msg_str)
client_signature = hmac(hf, stored_key, auth_msg)
client_proof = xor(client_key, client_signature)
server_signature = hmac(hf, server_key, auth_msg)
msg = ['c=' + b64enc(b'n,,'), 'r=' + nonce, 'p=' + b64enc(client_proof)]
return b64enc(server_signature), ','.join(msg)
def set_client_first(self, client_first):
self._set_stage(ServerStage.set_client_first)
self.nonce, self.user, self.client_first_bare = _set_client_first(
client_first, self.s_nonce, self.channel_binding)
salt, self.stored_key, self.server_key, self.i = self.auth_fn(
self.user)
self.salt = b64enc(salt)
def _get_client_final(hf, password, salt_str, iterations, nonce, auth_msg_str,
cbind_data):
salt = b64dec(salt_str)
salted_password = _make_salted_password(hf, password, salt, iterations)
client_key, stored_key, server_key = _c_key_stored_key_s_key(
hf, salted_password)
auth_msg = uenc(auth_msg_str)
client_signature = hmac(hf, stored_key, auth_msg)
client_proof = xor(client_key, client_signature)
server_signature = hmac(hf, server_key, auth_msg)
cbind_input = _make_cbind_input(cbind_data)
msg = [
"c=" + b64enc(cbind_input), "r=" + nonce, "p=" + b64enc(client_proof)
]
return b64enc(server_signature), ",".join(msg)
def _set_client_final(
hf, client_final, s_nonce, stored_key, server_key, auth_msg_str):
auth_msg = uenc(auth_msg_str)
msg = _parse_message(client_final)
nonce = msg['r']
proof = msg['p']
if not nonce.endswith(s_nonce):
raise ScramException("Server nonce doesn't match.")
_check_client_key(hf, stored_key, auth_msg, proof)
sig = hmac(hf, server_key, auth_msg)
return b64enc(sig)
def _set_client_final(
hf, client_final, s_nonce, stored_key, server_key, auth_msg_str,
cbind_data):
auth_msg = uenc(auth_msg_str)
msg = _parse_message(client_final)
nonce = msg['r']
proof = msg['p']
channel_binding = msg['c']
if not b64dec(channel_binding) == _make_cbind_input(cbind_data):
raise ScramException("The channel bindings don't match.")
if not nonce.endswith(s_nonce):
raise ScramException("Server nonce doesn't match.")
_check_client_key(hf, stored_key, auth_msg, proof)
sig = hmac(hf, server_key, auth_msg)
return b64enc(sig)
def _set_client_final(hf, client_final, s_nonce, stored_key, server_key,
auth_msg_str, cbind_data):
auth_msg = uenc(auth_msg_str)
msg = _parse_message(client_final)
nonce = msg["r"]
proof = msg["p"]
channel_binding = msg["c"]
if not b64dec(channel_binding) == _make_cbind_input(cbind_data):
raise ScramException(
"The channel bindings don't match.",
SERVER_ERROR_CHANNEL_BINDINGS_DONT_MATCH,
)
if not nonce.endswith(s_nonce):
raise ScramException("Server nonce doesn't match.",
SERVER_ERROR_OTHER_ERROR)
_check_client_key(hf, stored_key, auth_msg, proof)
sig = hmac(hf, server_key, auth_msg)
return b64enc(sig)
def _make_auth_message(nonce, client_first_bare, server_first, cbind_data):
cbind_input = b64enc(_make_cbind_input(cbind_data))
msg = client_first_bare, server_first, 'c=' + cbind_input, 'r=' + nonce
return ','.join(msg)
def _make_auth_message(nonce, client_first_bare, server_first, cbind_data):
cbind_input = b64enc(_make_cbind_input(cbind_data))
msg = client_first_bare, server_first, "c=" + cbind_input, "r=" + nonce
return ",".join(msg)
def _make_auth_message(nonce, client_first_bare, server_first):
msg = client_first_bare, server_first, 'c=' + b64enc(b'n,,'), 'r=' + nonce
return ','.join(msg)