def _check_client_key(hf, stored_key, auth_msg, proof):
client_signature = hmac(hf, stored_key, auth_msg)
client_key = xor(client_signature, b64dec(proof))
key = h(hf, client_key)
if key != stored_key:
raise ScramException("The client keys don't match.")
def _get_client_final(hf, password, salt_str, iterations, nonce, auth_msg_str):
salt = b64dec(salt_str)
salted_password = _make_salted_password(hf, password, salt, iterations)
client_key, stored_key, server_key = _c_key_stored_key_s_key(
hf, salted_password)
auth_msg = uenc(auth_msg_str)
client_signature = hmac(hf, stored_key, auth_msg)
client_proof = xor(client_key, client_signature)
server_signature = hmac(hf, server_key, auth_msg)
msg = ['c=' + b64enc(b'n,,'), 'r=' + nonce, 'p=' + b64enc(client_proof)]
return b64enc(server_signature), ','.join(msg)
def _get_client_final(hf, password, salt_str, iterations, nonce, auth_msg_str,
cbind_data):
salt = b64dec(salt_str)
salted_password = _make_salted_password(hf, password, salt, iterations)
client_key, stored_key, server_key = _c_key_stored_key_s_key(
hf, salted_password)
auth_msg = uenc(auth_msg_str)
client_signature = hmac(hf, stored_key, auth_msg)
client_proof = xor(client_key, client_signature)
server_signature = hmac(hf, server_key, auth_msg)
cbind_input = _make_cbind_input(cbind_data)
msg = [
"c=" + b64enc(cbind_input), "r=" + nonce, "p=" + b64enc(client_proof)
]
return b64enc(server_signature), ",".join(msg)