def test_set_client_final(mech, x):
server_signature = core._set_client_final(
x["hf"],
x["cfinal"],
x["s_nonce"],
b64dec(x["stored_key"]),
b64dec(x["server_key"]),
x["auth_message"],
x["channel_binding"],
)
assert server_signature == x["server_signature"]
def _check_client_key(hf, stored_key, auth_msg, proof):
client_signature = hmac(hf, stored_key, auth_msg)
client_key = xor(client_signature, b64dec(proof))
key = h(hf, client_key)
if key != stored_key:
raise ScramException("The client keys don't match.")
def auth_fn(username):
lookup = {
USERNAME: m.make_auth_info(
PASSWORD, salt=b64dec(x["salt"]), iteration_count=x["iterations"]
)
}
return lookup[username]
def _get_client_final(hf, password, salt_str, iterations, nonce, auth_msg_str):
salt = b64dec(salt_str)
salted_password = _make_salted_password(hf, password, salt, iterations)
client_key, stored_key, server_key = _c_key_stored_key_s_key(
hf, salted_password)
auth_msg = uenc(auth_msg_str)
client_signature = hmac(hf, stored_key, auth_msg)
client_proof = xor(client_key, client_signature)
server_signature = hmac(hf, server_key, auth_msg)
msg = ['c=' + b64enc(b'n,,'), 'r=' + nonce, 'p=' + b64enc(client_proof)]
return b64enc(server_signature), ','.join(msg)
def _get_client_final(hf, password, salt_str, iterations, nonce, auth_msg_str,
cbind_data):
salt = b64dec(salt_str)
salted_password = _make_salted_password(hf, password, salt, iterations)
client_key, stored_key, server_key = _c_key_stored_key_s_key(
hf, salted_password)
auth_msg = uenc(auth_msg_str)
client_signature = hmac(hf, stored_key, auth_msg)
client_proof = xor(client_key, client_signature)
server_signature = hmac(hf, server_key, auth_msg)
cbind_input = _make_cbind_input(cbind_data)
msg = [
"c=" + b64enc(cbind_input), "r=" + nonce, "p=" + b64enc(client_proof)
]
return b64enc(server_signature), ",".join(msg)
def _set_client_final(
hf, client_final, s_nonce, stored_key, server_key, auth_msg_str,
cbind_data):
auth_msg = uenc(auth_msg_str)
msg = _parse_message(client_final)
nonce = msg['r']
proof = msg['p']
channel_binding = msg['c']
if not b64dec(channel_binding) == _make_cbind_input(cbind_data):
raise ScramException("The channel bindings don't match.")
if not nonce.endswith(s_nonce):
raise ScramException("Server nonce doesn't match.")
_check_client_key(hf, stored_key, auth_msg, proof)
sig = hmac(hf, server_key, auth_msg)
return b64enc(sig)
def _set_client_final(hf, client_final, s_nonce, stored_key, server_key,
auth_msg_str, cbind_data):
auth_msg = uenc(auth_msg_str)
msg = _parse_message(client_final)
nonce = msg["r"]
proof = msg["p"]
channel_binding = msg["c"]
if not b64dec(channel_binding) == _make_cbind_input(cbind_data):
raise ScramException(
"The channel bindings don't match.",
SERVER_ERROR_CHANNEL_BINDINGS_DONT_MATCH,
)
if not nonce.endswith(s_nonce):
raise ScramException("Server nonce doesn't match.",
SERVER_ERROR_OTHER_ERROR)
_check_client_key(hf, stored_key, auth_msg, proof)
sig = hmac(hf, server_key, auth_msg)
return b64enc(sig)