auth: auth-scram - Rename Hi() to auth_scram_hi() and make it public.

author Stephan Bosch <stephan.bosch@open-xchange.com>

Mon, 26 Sep 2022 20:21:39 +0000 (22:21 +0200)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Fri, 27 Jan 2023 09:34:54 +0000 (09:34 +0000)
author Stephan Bosch <stephan.bosch@open-xchange.com>
Mon, 26 Sep 2022 20:21:39 +0000 (22:21 +0200)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Fri, 27 Jan 2023 09:34:54 +0000 (09:34 +0000)
diff --git a/src/auth/Makefile.am b/src/auth/Makefile.am

index 3789546596119f833af14c26888abf5cd44295dc..3b95dfdeb0614a784b2d45b4f6a17e57ef13933e 100644 (file)
--- a/src/auth/Makefile.am
+++ b/src/auth/Makefile.am
@@ -63,6 +63,7 @@ auth_LDFLAGS = -export-dynamic
  libpassword_la_SOURCES = \
         crypt-blowfish.c \
         mycrypt.c \
+       auth-scram.c \
         password-scheme.c \
         password-scheme-crypt.c \
         password-scheme-md5crypt.c \
@@ -181,6 +182,7 @@ headers = \
         passdb-blocking.h \
         passdb-cache.h \
         passdb-template.h \
+       auth-scram.h \
         password-scheme.h \
         userdb.h \
         userdb-blocking.h \
diff --git a/src/auth/auth-scram.c b/src/auth/auth-scram.c

index abdcb3a8545df491b44ca5a6d5ab22f8957eeeb7..50be682e14f469a682e13c8b884118c267737965 100644 (file)
--- a/src/auth/auth-scram.c
+++ b/src/auth/auth-scram.c
@@ -1,12 +1,34 @@
-static void
-Hi(const struct hash_method *hmethod, const unsigned char *str, size_t str_size,
-   const unsigned char *salt, size_t salt_size, unsigned int i,
-   unsigned char *result)
+/* Copyright (c) 2022-2023 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "hmac.h"
+
+#include "auth-scram.h"
+
+void auth_scram_hi(const struct hash_method *hmethod,
+                  const unsigned char *str, size_t str_size,
+                  const unsigned char *salt, size_t salt_size, unsigned int i,
+                  unsigned char *result)
  {
         struct hmac_context ctx;
         unsigned char U[hmethod->digest_size];
         unsigned int j, k;
  
+       /* Hi(str, salt, i):
+
+          U1   := HMAC(str, salt + INT(1))
+          U2   := HMAC(str, U1)
+          ...
+          Ui-1 := HMAC(str, Ui-2)
+          Ui   := HMAC(str, Ui-1)
+
+          Hi := U1 XOR U2 XOR ... XOR Ui
+
+           where "i" is the iteration count, "+" is the string concatenation
+           operator, and INT(g) is a 4-octet encoding of the integer g, most
+           significant octet first.
+       */
+
         /* Calculate U1 */
         hmac_init(&ctx, str, str_size, hmethod);
         hmac_update(&ctx, salt, salt_size);
diff --git a/src/auth/auth-scram.h b/src/auth/auth-scram.h

new file mode 100644 (file)

index 0000000..d8ef102
--- /dev/null
+++ b/src/auth/auth-scram.h
@@ -0,0 +1,9 @@
+#ifndef AUTH_SCRAM_H
+#define AUTH_SCRAM_H
+
+void auth_scram_hi(const struct hash_method *hmethod,
+                  const unsigned char *str, size_t str_size,
+                  const unsigned char *salt, size_t salt_size, unsigned int i,
+                  unsigned char *result);
+
+#endif
diff --git a/src/auth/password-scheme-scram.c b/src/auth/password-scheme-scram.c

index bb584563862d0e3bfddfd67b59d9a9486a92e277..e6cdc62e87fff6e11caa171297969fe4bc076078 100644 (file)
--- a/src/auth/password-scheme-scram.c
+++ b/src/auth/password-scheme-scram.c
@@ -17,6 +17,7 @@
  #include "sha1.h"
  #include "sha2.h"
  #include "str.h"
+#include "auth-scram.h"
  #include "password-scheme.h"
  
  /* SCRAM allowed iteration count range. RFC says it SHOULD be at least 4096 */
@@ -25,8 +26,6 @@
  
  #define SCRAM_DEFAULT_ITERATE_COUNT 4096
  
-#include "auth-scram.c"
-
  int scram_scheme_parse(const struct hash_method *hmethod, const char *name,
                        const unsigned char *credentials, size_t size,
                        unsigned int *iter_count_r, const char **salt_r,
@@ -97,8 +96,9 @@ int scram_verify(const struct hash_method *hmethod, const char *scheme_name,
         salt = buffer_get_data(t_base64_decode_str(salt_base64), &salt_len);
  
         /* FIXME: credentials should be SASLprepped UTF8 data here */
-       Hi(hmethod, (const unsigned char *)plaintext, strlen(plaintext),
-          salt, salt_len, iter_count, salted_password);
+       auth_scram_hi(hmethod,
+                     (const unsigned char *)plaintext, strlen(plaintext),
+                     salt, salt_len, iter_count, salted_password);
  
         /* Calculate ClientKey */
         hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
@@ -143,8 +143,9 @@ void scram_generate(const struct hash_method *hmethod, const char *plaintext,
         base64_encode(salt, sizeof(salt), str);
  
         /* FIXME: credentials should be SASLprepped UTF8 data here */
-       Hi(hmethod, (const unsigned char *)plaintext, strlen(plaintext), salt,
-          sizeof(salt), rounds, salted_password);
+       auth_scram_hi(hmethod,
+                     (const unsigned char *)plaintext, strlen(plaintext),
+                     salt, sizeof(salt), rounds, salted_password);
  
         /* Calculate ClientKey */
         hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
author	Stephan Bosch <stephan.bosch@open-xchange.com>
	Mon, 26 Sep 2022 20:21:39 +0000 (22:21 +0200)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Fri, 27 Jan 2023 09:34:54 +0000 (09:34 +0000)
src/auth/Makefile.am		patch \| blob \| blame \| history
src/auth/auth-scram.c		patch \| blob \| blame \| history
src/auth/auth-scram.h	[new file with mode: 0644]	patch \| blob
src/auth/password-scheme-scram.c		patch \| blob \| blame \| history