diff options
Diffstat (limited to 'src/scram.erl')
-rw-r--r-- | src/scram.erl | 73 |
1 files changed, 39 insertions, 34 deletions
diff --git a/src/scram.erl b/src/scram.erl index cfb86e5b0..94b3324fd 100644 --- a/src/scram.erl +++ b/src/scram.erl @@ -25,58 +25,63 @@ %%%---------------------------------------------------------------------- -module(scram). + -author('stephen.roettger@googlemail.com'). %% External exports --export([salted_password/3, - stored_key/1, - server_key/1, - server_signature/2, - client_signature/2, - client_key/1, - client_key/2 - ]). - %% ejabberd doesn't implement SASLPREP, so we use the similar RESOURCEPREP instead +-export([salted_password/3, stored_key/1, server_key/1, + server_signature/2, client_signature/2, client_key/1, + client_key/2]). + +-spec salted_password(binary(), binary(), non_neg_integer()) -> binary(). + salted_password(Password, Salt, IterationCount) -> - hi(jlib:resourceprep(Password), Salt, IterationCount). + hi(jlib:resourceprep(Password), Salt, IterationCount). + +-spec client_key(binary()) -> binary(). client_key(SaltedPassword) -> - crypto:sha_mac(SaltedPassword, "Client Key"). + crypto:sha_mac(SaltedPassword, <<"Client Key">>). -stored_key(ClientKey) -> - crypto:sha(ClientKey). +-spec stored_key(binary()) -> binary(). + +stored_key(ClientKey) -> crypto:sha(ClientKey). + +-spec server_key(binary()) -> binary(). server_key(SaltedPassword) -> - crypto:sha_mac(SaltedPassword, "Server Key"). + crypto:sha_mac(SaltedPassword, <<"Server Key">>). + +-spec client_signature(binary(), binary()) -> binary(). client_signature(StoredKey, AuthMessage) -> - crypto:sha_mac(StoredKey, AuthMessage). + crypto:sha_mac(StoredKey, AuthMessage). + +-spec client_key(binary(), binary()) -> binary(). client_key(ClientProof, ClientSignature) -> - list_to_binary(lists:zipwith(fun(X, Y) -> - X bxor Y - end, - binary_to_list(ClientProof), - binary_to_list(ClientSignature))). + list_to_binary(lists:zipwith(fun (X, Y) -> X bxor Y end, + binary_to_list(ClientProof), + binary_to_list(ClientSignature))). + +-spec server_signature(binary(), binary()) -> binary(). server_signature(ServerKey, AuthMessage) -> - crypto:sha_mac(ServerKey, AuthMessage). + crypto:sha_mac(ServerKey, AuthMessage). hi(Password, Salt, IterationCount) -> - U1 = crypto:sha_mac(Password, string:concat(binary_to_list(Salt), [0,0,0,1])), - list_to_binary(lists:zipwith(fun(X, Y) -> - X bxor Y - end, - binary_to_list(U1), - binary_to_list(hi_round(Password, U1, IterationCount-1)))). + U1 = crypto:sha_mac(Password, <<Salt/binary, 0, 0, 0, 1>>), + list_to_binary(lists:zipwith(fun (X, Y) -> X bxor Y end, + binary_to_list(U1), + binary_to_list(hi_round(Password, U1, + IterationCount - 1)))). hi_round(Password, UPrev, 1) -> - crypto:sha_mac(Password, UPrev); + crypto:sha_mac(Password, UPrev); hi_round(Password, UPrev, IterationCount) -> - U = crypto:sha_mac(Password, UPrev), - list_to_binary(lists:zipwith(fun(X, Y) -> - X bxor Y - end, - binary_to_list(U), - binary_to_list(hi_round(Password, U, IterationCount-1)))). + U = crypto:sha_mac(Password, UPrev), + list_to_binary(lists:zipwith(fun (X, Y) -> X bxor Y end, + binary_to_list(U), + binary_to_list(hi_round(Password, U, + IterationCount - 1)))). |