osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Watch 15
Star 7
Wiki 捐赠
本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 4f0cac5ea6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4f0cac5ea6'
${ noResults }
com/vendor/github.com/couchbase/goutils/scramsha/scramsha.go

208 lines
5.9KB
Raw Blame History 

  1. // @author Couchbase <info@couchbase.com>

  2. // @copyright 2018 Couchbase, Inc.

  3. //

  4. // Licensed under the Apache License, Version 2.0 (the "License");

  5. // you may not use this file except in compliance with the License.

  6. // You may obtain a copy of the License at

  7. //

  8. //      http://www.apache.org/licenses/LICENSE-2.0

  9. //

  10. // Unless required by applicable law or agreed to in writing, software

  11. // distributed under the License is distributed on an "AS IS" BASIS,

  12. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. // See the License for the specific language governing permissions and

  14. // limitations under the License.

  15. 

  16. // Package scramsha provides implementation of client side SCRAM-SHA

  17. // according to https://tools.ietf.org/html/rfc5802

  18. package scramsha

  19. 

  20. import (

  21. 	"crypto/hmac"

  22. 	"crypto/rand"

  23. 	"crypto/sha1"

  24. 	"crypto/sha256"

  25. 	"crypto/sha512"

  26. 	"encoding/base64"

  27. 	"fmt"

  28. 	"github.com/pkg/errors"

  29. 	"golang.org/x/crypto/pbkdf2"

  30. 	"hash"

  31. 	"strconv"

  32. 	"strings"

  33. )

  34. 

  35. func hmacHash(message []byte, secret []byte, hashFunc func() hash.Hash) []byte {

  36. 	h := hmac.New(hashFunc, secret)

  37. 	h.Write(message)

  38. 	return h.Sum(nil)

  39. }

  40. 

  41. func shaHash(message []byte, hashFunc func() hash.Hash) []byte {

  42. 	h := hashFunc()

  43. 	h.Write(message)

  44. 	return h.Sum(nil)

  45. }

  46. 

  47. func generateClientNonce(size int) (string, error) {

  48. 	randomBytes := make([]byte, size)

  49. 	_, err := rand.Read(randomBytes)

  50. 	if err != nil {

  51. 		return "", errors.Wrap(err, "Unable to generate nonce")

  52. 	}

  53. 	return base64.StdEncoding.EncodeToString(randomBytes), nil

  54. }

  55. 

  56. // ScramSha provides context for SCRAM-SHA handling

  57. type ScramSha struct {

  58. 	hashSize       int

  59. 	hashFunc       func() hash.Hash

  60. 	clientNonce    string

  61. 	serverNonce    string

  62. 	salt           []byte

  63. 	i              int

  64. 	saltedPassword []byte

  65. 	authMessage    string

  66. }

  67. 

  68. var knownMethods = []string{"SCRAM-SHA512", "SCRAM-SHA256", "SCRAM-SHA1"}

  69. 

  70. // BestMethod returns SCRAM-SHA method we consider the best out of suggested

  71. // by server

  72. func BestMethod(methods string) (string, error) {

  73. 	for _, m := range knownMethods {

  74. 		if strings.Index(methods, m) != -1 {

  75. 			return m, nil

  76. 		}

  77. 	}

  78. 	return "", errors.Errorf(

  79. 		"None of the server suggested methods [%s] are supported",

  80. 		methods)

  81. }

  82. 

  83. // NewScramSha creates context for SCRAM-SHA handling

  84. func NewScramSha(method string) (*ScramSha, error) {

  85. 	s := &ScramSha{}

  86. 

  87. 	if method == knownMethods[0] {

  88. 		s.hashFunc = sha512.New

  89. 		s.hashSize = 64

  90. 	} else if method == knownMethods[1] {

  91. 		s.hashFunc = sha256.New

  92. 		s.hashSize = 32

  93. 	} else if method == knownMethods[2] {

  94. 		s.hashFunc = sha1.New

  95. 		s.hashSize = 20

  96. 	} else {

  97. 		return nil, errors.Errorf("Unsupported method %s", method)

  98. 	}

  99. 	return s, nil

  100. }

  101. 

  102. // GetStartRequest builds start SCRAM-SHA request to be sent to server

  103. func (s *ScramSha) GetStartRequest(user string) (string, error) {

  104. 	var err error

  105. 	s.clientNonce, err = generateClientNonce(24)

  106. 	if err != nil {

  107. 		return "", errors.Wrapf(err, "Unable to generate SCRAM-SHA "+

  108. 			"start request for user %s", user)

  109. 	}

  110. 

  111. 	message := fmt.Sprintf("n,,n=%s,r=%s", user, s.clientNonce)

  112. 	s.authMessage = message[3:]

  113. 	return message, nil

  114. }

  115. 

  116. // HandleStartResponse handles server response on start SCRAM-SHA request

  117. func (s *ScramSha) HandleStartResponse(response string) error {

  118. 	parts := strings.Split(response, ",")

  119. 	if len(parts) != 3 {

  120. 		return errors.Errorf("expected 3 fields in first SCRAM-SHA-1 "+

  121. 			"server message %s", response)

  122. 	}

  123. 	if !strings.HasPrefix(parts[0], "r=") || len(parts[0]) < 3 {

  124. 		return errors.Errorf("Server sent an invalid nonce %s",

  125. 			parts[0])

  126. 	}

  127. 	if !strings.HasPrefix(parts[1], "s=") || len(parts[1]) < 3 {

  128. 		return errors.Errorf("Server sent an invalid salt %s", parts[1])

  129. 	}

  130. 	if !strings.HasPrefix(parts[2], "i=") || len(parts[2]) < 3 {

  131. 		return errors.Errorf("Server sent an invalid iteration count %s",

  132. 			parts[2])

  133. 	}

  134. 

  135. 	s.serverNonce = parts[0][2:]

  136. 	encodedSalt := parts[1][2:]

  137. 	var err error

  138. 	s.i, err = strconv.Atoi(parts[2][2:])

  139. 	if err != nil {

  140. 		return errors.Errorf("Iteration count %s must be integer.",

  141. 			parts[2][2:])

  142. 	}

  143. 

  144. 	if s.i < 1 {

  145. 		return errors.New("Iteration count should be positive")

  146. 	}

  147. 

  148. 	if !strings.HasPrefix(s.serverNonce, s.clientNonce) {

  149. 		return errors.Errorf("Server nonce %s doesn't contain client"+

  150. 			" nonce %s", s.serverNonce, s.clientNonce)

  151. 	}

  152. 

  153. 	s.salt, err = base64.StdEncoding.DecodeString(encodedSalt)

  154. 	if err != nil {

  155. 		return errors.Wrapf(err, "Unable to decode salt %s",

  156. 			encodedSalt)

  157. 	}

  158. 

  159. 	s.authMessage = s.authMessage + "," + response

  160. 	return nil

  161. }

  162. 

  163. // GetFinalRequest builds final SCRAM-SHA request to be sent to server

  164. func (s *ScramSha) GetFinalRequest(pass string) string {

  165. 	clientFinalMessageBare := "c=biws,r=" + s.serverNonce

  166. 	s.authMessage = s.authMessage + "," + clientFinalMessageBare

  167. 

  168. 	s.saltedPassword = pbkdf2.Key([]byte(pass), s.salt, s.i,

  169. 		s.hashSize, s.hashFunc)

  170. 

  171. 	clientKey := hmacHash([]byte("Client Key"), s.saltedPassword, s.hashFunc)

  172. 	storedKey := shaHash(clientKey, s.hashFunc)

  173. 	clientSignature := hmacHash([]byte(s.authMessage), storedKey, s.hashFunc)

  174. 

  175. 	clientProof := make([]byte, len(clientSignature))

  176. 	for i := 0; i < len(clientSignature); i++ {

  177. 		clientProof[i] = clientKey[i] ^ clientSignature[i]

  178. 	}

  179. 

  180. 	return clientFinalMessageBare + ",p=" +

  181. 		base64.StdEncoding.EncodeToString(clientProof)

  182. }

  183. 

  184. // HandleFinalResponse handles server's response on final SCRAM-SHA request

  185. func (s *ScramSha) HandleFinalResponse(response string) error {

  186. 	if strings.Contains(response, ",") ||

  187. 		!strings.HasPrefix(response, "v=") {

  188. 		return errors.Errorf("Server sent an invalid final message %s",

  189. 			response)

  190. 	}

  191. 

  192. 	decodedMessage, err := base64.StdEncoding.DecodeString(response[2:])

  193. 	if err != nil {

  194. 		return errors.Wrapf(err, "Unable to decode server message %s",

  195. 			response[2:])

  196. 	}

  197. 	serverKey := hmacHash([]byte("Server Key"), s.saltedPassword,

  198. 		s.hashFunc)

  199. 	serverSignature := hmacHash([]byte(s.authMessage), serverKey,

  200. 		s.hashFunc)

  201. 	if string(decodedMessage) != string(serverSignature) {

  202. 		return errors.Errorf("Server proof %s doesn't match "+

  203. 			"the expected: %s",

  204. 			string(decodedMessage), string(serverSignature))

  205. 	}

  206. 	return nil

  207. }
上海开阖软件有限公司 沪ICP备12045867号-1