gsasl/doxygen/scram_2server_8c_source.html

 /* server.c --- SASL CRAM-MD5 server side functions.

  * Copyright (C) 2009-2024 Simon Josefsson

  *

  * This file is part of GNU SASL Library.

  *

  * GNU SASL Library is free software; you can redistribute it and/or

  * modify it under the terms of the GNU Lesser General Public License

  * as published by the Free Software Foundation; either version 2.1 of

  * the License, or (at your option) any later version.

  *

  * GNU SASL Library is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  * Lesser General Public License for more details.

  *

  * You should have received a copy of the GNU Lesser General Public

  * License along with GNU SASL Library; if not, write to the Free

  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,

  * Boston, MA 02110-1301, USA.

  *

  */


 #include <config.h>


 /* Get specification. */

 #include "scram.h"


 /* Get malloc, free, strtoul. */

 #include <stdlib.h>


 /* Get ULONG_MAX. */

 #include <limits.h>


 /* Get memcpy, strdup, strlen. */

 #include <string.h>


 /* Get MAX. */

 #include "minmax.h"


 #include "tokens.h"

 #include "parser.h"

 #include "printer.h"

 #include "gc.h"

 #include "memxor.h"

 #include "tools.h"

 #include "mechtools.h"


 #define DEFAULT_SALT_BYTES 12

 #define SNONCE_ENTROPY_BYTES 18


 struct scram_server_state

 {

   bool plus;

   Gsasl_hash hash;

   int step;

   char *cbind;

   char *gs2header;              /* copy of client first gs2-header */

   char *cfmb_str;               /* copy of client first message bare */

   char *sf_str;                 /* copy of server first message */

   char *snonce;

   char *clientproof;

   char storedkey[GSASL_HASH_MAX_SIZE];

   char serverkey[GSASL_HASH_MAX_SIZE];

   char *authmessage;

   char *cb;

   size_t cblen;

   struct scram_client_first cf;

   struct scram_server_first sf;

   struct scram_client_final cl;

   struct scram_server_final sl;

 };


 static int

 scram_start (Gsasl_session *sctx _GL_UNUSED, void **mech_data,

              bool plus, Gsasl_hash hash)

 {

   struct scram_server_state *state;

   char buf[MAX (SNONCE_ENTROPY_BYTES, DEFAULT_SALT_BYTES)];

   int rc;


   state = (struct scram_server_state *) calloc (sizeof (*state), 1);

   if (state == NULL)

     return GSASL_MALLOC_ERROR;


   state->plus = plus;

   state->hash = hash;


   rc = gsasl_nonce (buf, SNONCE_ENTROPY_BYTES);

   if (rc != GSASL_OK)

     goto end;


   rc = gsasl_base64_to (buf, SNONCE_ENTROPY_BYTES, &state->snonce, NULL);

   if (rc != GSASL_OK)

     goto end;


   rc = gsasl_nonce (buf, DEFAULT_SALT_BYTES);

   if (rc != GSASL_OK)

     goto end;


   rc = gsasl_base64_to (buf, DEFAULT_SALT_BYTES, &state->sf.salt, NULL);

   if (rc != GSASL_OK)

     goto end;


   *mech_data = state;


   return GSASL_OK;


 end:

   free (state->sf.salt);

   free (state->snonce);

   free (state);

   return rc;

 }


 #ifdef USE_SCRAM_SHA1

 int

 _gsasl_scram_sha1_server_start (Gsasl_session *sctx, void **mech_data)

 {

   return scram_start (sctx, mech_data, false, GSASL_HASH_SHA1);

 }


 int

 _gsasl_scram_sha1_plus_server_start (Gsasl_session *sctx, void **mech_data)

 {

   return scram_start (sctx, mech_data, true, GSASL_HASH_SHA1);

 }

 #endif


 #ifdef USE_SCRAM_SHA256

 int

 _gsasl_scram_sha256_server_start (Gsasl_session *sctx, void **mech_data)

 {

   return scram_start (sctx, mech_data, false, GSASL_HASH_SHA256);

 }


 int

 _gsasl_scram_sha256_plus_server_start (Gsasl_session *sctx, void **mech_data)

 {

   return scram_start (sctx, mech_data, true, GSASL_HASH_SHA256);

 }

 #endif


 static int

 extract_serverkey (struct scram_server_state *state,

                    const char *b64, char *buf)

 {

   char *bin;

   size_t binlen;

   int rc;


   rc = gsasl_base64_from (b64, strlen (b64), &bin, &binlen);

   if (rc != GSASL_OK)

     return rc;


   if (binlen != gsasl_hash_length (state->hash))

     {

       free (bin);

       return GSASL_AUTHENTICATION_ERROR;

     }


   memcpy (buf, bin, binlen);


   free (bin);


   return GSASL_OK;

 }


 int

 _gsasl_scram_server_step (Gsasl_session *sctx,

                           void *mech_data,

                           const char *input,

                           size_t input_len, char **output, size_t *output_len)

 {

   struct scram_server_state *state = mech_data;

   int res = GSASL_MECHANISM_CALLED_TOO_MANY_TIMES;

   int rc;


   *output = NULL;

   *output_len = 0;


   switch (state->step)

     {

     case 0:

       {

         if (input_len == 0)

           return GSASL_NEEDS_MORE;


         if (scram_parse_client_first (input, input_len, &state->cf) < 0)

           return GSASL_MECHANISM_PARSE_ERROR;


         if (state->plus)

           {

             const char *p;


             /* In PLUS server mode, we require use of channel bindings. */

             if (state->cf.cbflag != 'p' || state->cf.cbname == NULL)

               return GSASL_AUTHENTICATION_ERROR;


             if (strcmp (state->cf.cbname, "tls-exporter") == 0)

               {

                 p = gsasl_property_get (sctx, GSASL_CB_TLS_EXPORTER);

                 if (!p)

                   return GSASL_NO_CB_TLS_EXPORTER;

               }

             else if (strcmp (state->cf.cbname, "tls-unique") == 0)

               {

                 p = gsasl_property_get (sctx, GSASL_CB_TLS_UNIQUE);

                 if (!p)

                   return GSASL_NO_CB_TLS_UNIQUE;

               }

             else

               return GSASL_AUTHENTICATION_ERROR;


             rc = gsasl_base64_from (p, strlen (p), &state->cb, &state->cblen);

             if (rc != GSASL_OK)

               return rc;

           }

         else if (state->cf.cbflag == 'y')

           {

             const char *p = gsasl_property_get (sctx, GSASL_CB_TLS_EXPORTER);

             /* In non-PLUS mode we reject a client 'y' cbflag since we

                support channel bindings UNLESS we actually don't have

                any channel bindings (application told to libgsasl that

                it doesn't want PLUS). */

             if (!p)

               p = gsasl_property_get (sctx, GSASL_CB_TLS_UNIQUE);

             if (p != NULL)

               return GSASL_AUTHENTICATION_ERROR;

           }


         /* Check that username doesn't fail SASLprep. */

         {

           char *tmp;

           rc = gsasl_saslprep (state->cf.username, GSASL_ALLOW_UNASSIGNED,

                                &tmp, NULL);

           if (rc != GSASL_OK || *tmp == '\0')

             return GSASL_AUTHENTICATION_ERROR;

           gsasl_free (tmp);

         }


         {

           const char *p;


           /* Save "gs2-header" and "message-bare" for next step. */

           p = memchr (input, ',', input_len);

           if (!p)

             return GSASL_AUTHENTICATION_ERROR;

           p++;

           p = memchr (p, ',', input_len - (p - input));

           if (!p)

             return GSASL_AUTHENTICATION_ERROR;

           p++;


           state->gs2header = malloc (p - input + 1);

           if (!state->gs2header)

             return GSASL_MALLOC_ERROR;

           memcpy (state->gs2header, input, p - input);

           state->gs2header[p - input] = '\0';


           state->cfmb_str = malloc (input_len - (p - input) + 1);

           if (!state->cfmb_str)

             return GSASL_MALLOC_ERROR;

           memcpy (state->cfmb_str, p, input_len - (p - input));

           state->cfmb_str[input_len - (p - input)] = '\0';

         }


         /* Create new nonce. */

         {

           size_t cnlen = strlen (state->cf.client_nonce);

           size_t snlen = strlen (state->snonce);


           state->sf.nonce = malloc (cnlen + snlen + 1);

           if (!state->sf.nonce)

             return GSASL_MALLOC_ERROR;


           memcpy (state->sf.nonce, state->cf.client_nonce, cnlen);

           memcpy (state->sf.nonce + cnlen, state->snonce, snlen);

           state->sf.nonce[cnlen + snlen] = '\0';

         }


         rc = gsasl_property_set (sctx, GSASL_AUTHID, state->cf.username);

         if (rc != GSASL_OK)

           return rc;

         rc = gsasl_property_set (sctx, GSASL_AUTHZID, state->cf.authzid);

         if (rc != GSASL_OK)

           return rc;


         {

           const char *p = gsasl_property_get (sctx, GSASL_SCRAM_ITER);


           if (p)

             state->sf.iter = strtoul (p, NULL, 10);

           if (!p || state->sf.iter == 0 || state->sf.iter == ULONG_MAX)

             state->sf.iter = 4096;


           /* Save salt/iter as properties, so that client callback can

              access them. */

           {

             char *str = NULL;

             int n;

             n = asprintf (&str, "%zu", state->sf.iter);

             if (n < 0 || str == NULL)

               return GSASL_MALLOC_ERROR;

             rc = gsasl_property_set (sctx, GSASL_SCRAM_ITER, str);

             free (str);

             if (rc != GSASL_OK)

               return rc;

           }

         }


         {

           const char *p = gsasl_property_get (sctx, GSASL_SCRAM_SALT);

           if (p)

             {

               free (state->sf.salt);

               state->sf.salt = strdup (p);

             }

           else

             {

               rc =

                 gsasl_property_set (sctx, GSASL_SCRAM_SALT, state->sf.salt);

               if (rc != GSASL_OK)

                 return rc;

             }

         }


         rc = scram_print_server_first (&state->sf, &state->sf_str);

         if (rc != 0)

           return GSASL_MALLOC_ERROR;


         *output = strdup (state->sf_str);

         if (!*output)

           return GSASL_MALLOC_ERROR;

         *output_len = strlen (*output);


         state->step++;

         return GSASL_NEEDS_MORE;

         break;

       }


     case 1:

       {

         if (scram_parse_client_final (input, input_len, &state->cl) < 0)

           return GSASL_MECHANISM_PARSE_ERROR;


         if (strcmp (state->cl.nonce, state->sf.nonce) != 0)

           return GSASL_AUTHENTICATION_ERROR;


         /* Base64 decode the c= field and check that it matches

            client-first.  Also check channel binding data. */

         {

           size_t len;


           free (state->cbind);

           rc = gsasl_base64_from (state->cl.cbind, strlen (state->cl.cbind),

                                   &state->cbind, &len);

           if (rc != 0)

             return rc;


           if (state->cf.cbflag == 'p')

             {

               if (len < strlen (state->gs2header))

                 return GSASL_AUTHENTICATION_ERROR;


               if (memcmp (state->cbind, state->gs2header,

                           strlen (state->gs2header)) != 0)

                 return GSASL_AUTHENTICATION_ERROR;


               if (len - strlen (state->gs2header) != state->cblen)

                 return GSASL_AUTHENTICATION_ERROR;


               if (memcmp (state->cbind + strlen (state->gs2header),

                           state->cb, state->cblen) != 0)

                 return GSASL_AUTHENTICATION_ERROR;

             }

           else

             {

               if (len != strlen (state->gs2header))

                 return GSASL_AUTHENTICATION_ERROR;


               if (memcmp (state->cbind, state->gs2header, len) != 0)

                 return GSASL_AUTHENTICATION_ERROR;

             }

         }


         /* Base64 decode client proof and check that length matches

            hash size. */

         {

           size_t len;


           free (state->clientproof);

           rc = gsasl_base64_from (state->cl.proof, strlen (state->cl.proof),

                                   &state->clientproof, &len);

           if (rc != 0)

             return rc;

           if (gsasl_hash_length (state->hash) != len)

             return GSASL_MECHANISM_PARSE_ERROR;

         }

         {

           const char *p, *q;


           /* Get StoredKey and ServerKey */

           if ((p = gsasl_property_get (sctx, GSASL_SCRAM_SERVERKEY))

               && (q = gsasl_property_get (sctx, GSASL_SCRAM_STOREDKEY)))

             {

               rc = extract_serverkey (state, p, state->serverkey);

               if (rc != GSASL_OK)

                 return rc;

               rc = extract_serverkey (state, q, state->storedkey);

               if (rc != GSASL_OK)

                 return rc;

             }

           else if ((q = gsasl_property_get (sctx,

                                             GSASL_SCRAM_SALTED_PASSWORD))

                    || (p = gsasl_property_get (sctx, GSASL_PASSWORD)))

             {

               char clientkey[GSASL_HASH_MAX_SIZE];

               char *b64str;


               if (q)

                 {

                   char *binsaltedpassword;

                   size_t outlen;


                   rc = gsasl_hex_from (q, &binsaltedpassword, &outlen);

                   if (rc != GSASL_OK)

                     return rc;


                   if (outlen != gsasl_hash_length (state->hash))

                     {

                       gsasl_free (binsaltedpassword);

                       return GSASL_AUTHENTICATION_ERROR;

                     }


                   rc = gsasl_scram_secrets_from_salted_password

                     (state->hash, binsaltedpassword,

                      clientkey, state->serverkey, state->storedkey);

                   gsasl_free (binsaltedpassword);

                   if (rc != GSASL_OK)

                     return rc;

                 }

               else

                 {

                   char *salt;

                   size_t saltlen;

                   char saltedpassword[GSASL_HASH_MAX_SIZE];


                   rc = gsasl_base64_from (state->sf.salt,

                                           strlen (state->sf.salt),

                                           &salt, &saltlen);

                   if (rc != GSASL_OK)

                     return rc;


                   rc = gsasl_scram_secrets_from_password (state->hash,

                                                           p,

                                                           state->sf.iter,

                                                           salt, saltlen,

                                                           saltedpassword,

                                                           clientkey,

                                                           state->serverkey,

                                                           state->storedkey);

                   gsasl_free (salt);

                   if (rc != GSASL_OK)

                     return rc;


                   rc = set_saltedpassword (sctx, state->hash, saltedpassword);

                   if (rc != GSASL_OK)

                     return rc;

                 }


               rc = gsasl_base64_to (state->serverkey,

                                     gsasl_hash_length (state->hash),

                                     &b64str, NULL);

               if (rc != GSASL_OK)

                 return rc;

               rc = gsasl_property_set (sctx, GSASL_SCRAM_SERVERKEY, b64str);

               free (b64str);

               if (rc != GSASL_OK)

                 return rc;


               rc = gsasl_base64_to (state->storedkey,

                                     gsasl_hash_length (state->hash),

                                     &b64str, NULL);

               if (rc != 0)

                 return rc;

               rc = gsasl_property_set (sctx, GSASL_SCRAM_STOREDKEY, b64str);

               free (b64str);

               if (rc != GSASL_OK)

                 return rc;

             }

           else

             return GSASL_NO_PASSWORD;


           /* Compute AuthMessage */

           {

             size_t len;

             int n;


             /* Get client-final-message-without-proof. */

             p = memmem (input, input_len, ",p=", 3);

             if (!p)

               return GSASL_MECHANISM_PARSE_ERROR;

             len = p - input;


             n = asprintf (&state->authmessage, "%s,%.*s,%.*s",

                           state->cfmb_str,

                           (int) strlen (state->sf_str), state->sf_str,

                           (int) len, input);

             if (n <= 0 || !state->authmessage)

               return GSASL_MALLOC_ERROR;

           }


           /* Check client proof. */

           {

             char clientsignature[GSASL_HASH_MAX_SIZE];

             char maybe_storedkey[GSASL_HASH_MAX_SIZE];


             /* ClientSignature := HMAC(StoredKey, AuthMessage) */

             rc = _gsasl_hmac (state->hash,

                               state->storedkey,

                               gsasl_hash_length (state->hash),

                               state->authmessage, strlen (state->authmessage),

                               clientsignature);

             if (rc != 0)

               return rc;


             /* ClientKey := ClientProof XOR ClientSignature */

             memxor (clientsignature, state->clientproof,

                     gsasl_hash_length (state->hash));


             rc = _gsasl_hash (state->hash, clientsignature,

                               gsasl_hash_length (state->hash),

                               maybe_storedkey);

             if (rc != 0)

               return rc;


             rc = memcmp (state->storedkey, maybe_storedkey,

                          gsasl_hash_length (state->hash));

             if (rc != 0)

               return GSASL_AUTHENTICATION_ERROR;

           }


           /* Generate server verifier. */

           {

             char serversignature[GSASL_HASH_MAX_SIZE];


             /* ServerSignature := HMAC(ServerKey, AuthMessage) */

             rc = _gsasl_hmac (state->hash, state->serverkey,

                               gsasl_hash_length (state->hash),

                               state->authmessage,

                               strlen (state->authmessage), serversignature);

             if (rc != 0)

               return rc;


             rc = gsasl_base64_to (serversignature,

                                   gsasl_hash_length (state->hash),

                                   &state->sl.verifier, NULL);

             if (rc != 0)

               return rc;

           }

         }


         rc = scram_print_server_final (&state->sl, output);

         if (rc != 0)

           return GSASL_MALLOC_ERROR;

         *output_len = strlen (*output);


         state->step++;

         return GSASL_OK;

         break;

       }


     default:

       break;

     }


   return res;

 }


 void

 _gsasl_scram_server_finish (Gsasl_session *sctx _GL_UNUSED, void *mech_data)

 {

   struct scram_server_state *state = mech_data;


   if (!state)

     return;


   free (state->cbind);

   free (state->gs2header);

   free (state->cfmb_str);

   free (state->sf_str);

   free (state->snonce);

   free (state->clientproof);

   free (state->authmessage);

   free (state->cb);

   scram_free_client_first (&state->cf);

   scram_free_server_first (&state->sf);

   scram_free_client_final (&state->cl);

   scram_free_server_final (&state->sl);


   free (state);

 }

gsasl_base64_from
int gsasl_base64_from(const char *in, size_t inlen, char **out, size_t *outlen)
Definition: base64.c:75

gsasl_base64_to
int gsasl_base64_to(const char *in, size_t inlen, char **out, size_t *outlen)
Definition: base64.c:45

gsasl_hex_from
int gsasl_hex_from(const char *in, char **out, size_t *outlen)
Definition: base64.c:144

gsasl_hash_length
size_t gsasl_hash_length(Gsasl_hash hash)
Definition: crypto.c:73

gsasl_scram_secrets_from_salted_password
int gsasl_scram_secrets_from_salted_password(Gsasl_hash hash, const char *salted_password, char *client_key, char *server_key, char *stored_key)
Definition: crypto.c:104

gsasl_nonce
int gsasl_nonce(char *data, size_t datalen)
Definition: crypto.c:39

gsasl_scram_secrets_from_password
int gsasl_scram_secrets_from_password(Gsasl_hash hash, const char *password, unsigned int iteration_count, const char *salt, size_t saltlen, char *salted_password, char *client_key, char *server_key, char *stored_key)
Definition: crypto.c:156

rc
int rc
Definition: error.c:37

GSASL_ALLOW_UNASSIGNED
@ GSASL_ALLOW_UNASSIGNED
Definition: gsasl.h:332

Gsasl_hash
Gsasl_hash
Definition: gsasl.h:428

GSASL_HASH_SHA1
@ GSASL_HASH_SHA1
Definition: gsasl.h:430

GSASL_HASH_SHA256
@ GSASL_HASH_SHA256
Definition: gsasl.h:431

GSASL_OK
@ GSASL_OK
Definition: gsasl.h:129

GSASL_NO_CB_TLS_EXPORTER
@ GSASL_NO_CB_TLS_EXPORTER
Definition: gsasl.h:155

GSASL_AUTHENTICATION_ERROR
@ GSASL_AUTHENTICATION_ERROR
Definition: gsasl.h:138

GSASL_NEEDS_MORE
@ GSASL_NEEDS_MORE
Definition: gsasl.h:130

GSASL_MALLOC_ERROR
@ GSASL_MALLOC_ERROR
Definition: gsasl.h:133

GSASL_NO_PASSWORD
@ GSASL_NO_PASSWORD
Definition: gsasl.h:146

GSASL_MECHANISM_CALLED_TOO_MANY_TIMES
@ GSASL_MECHANISM_CALLED_TOO_MANY_TIMES
Definition: gsasl.h:132

GSASL_MECHANISM_PARSE_ERROR
@ GSASL_MECHANISM_PARSE_ERROR
Definition: gsasl.h:137

GSASL_NO_CB_TLS_UNIQUE
@ GSASL_NO_CB_TLS_UNIQUE
Definition: gsasl.h:151

gsasl_property_set
_GSASL_API int gsasl_property_set(Gsasl_session *sctx, Gsasl_property prop, const char *data)
Definition: property.c:189

gsasl_property_get
_GSASL_API const char * gsasl_property_get(Gsasl_session *sctx, Gsasl_property prop)
Definition: property.c:292

GSASL_HASH_MAX_SIZE
@ GSASL_HASH_MAX_SIZE
Definition: gsasl.h:452

GSASL_SCRAM_STOREDKEY
@ GSASL_SCRAM_STOREDKEY
Definition: gsasl.h:242

GSASL_AUTHZID
@ GSASL_AUTHZID
Definition: gsasl.h:225

GSASL_SCRAM_SALT
@ GSASL_SCRAM_SALT
Definition: gsasl.h:239

GSASL_CB_TLS_UNIQUE
@ GSASL_CB_TLS_UNIQUE
Definition: gsasl.h:243

GSASL_SCRAM_SALTED_PASSWORD
@ GSASL_SCRAM_SALTED_PASSWORD
Definition: gsasl.h:240

GSASL_PASSWORD
@ GSASL_PASSWORD
Definition: gsasl.h:226

GSASL_SCRAM_ITER
@ GSASL_SCRAM_ITER
Definition: gsasl.h:238

GSASL_AUTHID
@ GSASL_AUTHID
Definition: gsasl.h:224

GSASL_SCRAM_SERVERKEY
@ GSASL_SCRAM_SERVERKEY
Definition: gsasl.h:241

GSASL_CB_TLS_EXPORTER
@ GSASL_CB_TLS_EXPORTER
Definition: gsasl.h:248

gsasl_saslprep
_GSASL_API int gsasl_saslprep(const char *in, Gsasl_saslprep_flags flags, char **out, int *stringpreprc)

_gsasl_hmac
int _gsasl_hmac(Gsasl_hash hash, const char *key, size_t keylen, const char *in, size_t inlen, char *outhash)
Definition: mechtools.c:329

_gsasl_hash
int _gsasl_hash(Gsasl_hash hash, const char *in, size_t inlen, char *outhash)
Definition: mechtools.c:296

mechtools.h

scram_parse_client_final
int scram_parse_client_final(const char *str, size_t len, struct scram_client_final *cl)
Definition: scram/parser.c:329

scram_parse_client_first
int scram_parse_client_first(const char *str, size_t len, struct scram_client_first *cf)
Definition: scram/parser.c:76

parser.h

scram_print_server_final
int scram_print_server_final(struct scram_server_final *sl, char **out)
Definition: scram/printer.c:165

scram_print_server_first
int scram_print_server_first(struct scram_server_first *sf, char **out)
Definition: scram/printer.c:124

printer.h

_gsasl_scram_server_finish
void _gsasl_scram_server_finish(Gsasl_session *sctx _GL_UNUSED, void *mech_data)
Definition: scram/server.c:581

DEFAULT_SALT_BYTES
#define DEFAULT_SALT_BYTES
Definition: scram/server.c:48

SNONCE_ENTROPY_BYTES
#define SNONCE_ENTROPY_BYTES
Definition: scram/server.c:49

_gsasl_scram_server_step
int _gsasl_scram_server_step(Gsasl_session *sctx, void *mech_data, const char *input, size_t input_len, char **output, size_t *output_len)
Definition: scram/server.c:169

tokens.h

scram.h

gsasl_free
void gsasl_free(void *ptr)
Definition: src/free.c:41

Gsasl_session
Definition: internal.h:49

scram_client_final
Definition: scram/tokens.h:46

scram_client_final::proof
char * proof
Definition: scram/tokens.h:49

scram_client_final::nonce
char * nonce
Definition: scram/tokens.h:48

scram_client_final::cbind
char * cbind
Definition: scram/tokens.h:47

scram_client_first
Definition: scram/tokens.h:30

scram_client_first::cbname
char * cbname
Definition: scram/tokens.h:32

scram_client_first::cbflag
char cbflag
Definition: scram/tokens.h:31

scram_client_first::username
char * username
Definition: scram/tokens.h:34

scram_client_first::client_nonce
char * client_nonce
Definition: scram/tokens.h:35

scram_client_first::authzid
char * authzid
Definition: scram/tokens.h:33

scram_server_final
Definition: scram/tokens.h:53

scram_server_final::verifier
char * verifier
Definition: scram/tokens.h:54

scram_server_first
Definition: scram/tokens.h:39

scram_server_first::salt
char * salt
Definition: scram/tokens.h:41

scram_server_first::iter
size_t iter
Definition: scram/tokens.h:42

scram_server_first::nonce
char * nonce
Definition: scram/tokens.h:40

scram_server_state
Definition: scram/server.c:52

scram_server_state::gs2header
char * gs2header
Definition: scram/server.c:57

scram_server_state::cfmb_str
char * cfmb_str
Definition: scram/server.c:58

scram_server_state::step
int step
Definition: scram/server.c:55

scram_server_state::serverkey
char serverkey[GSASL_HASH_MAX_SIZE]
Definition: scram/server.c:63

scram_server_state::hash
Gsasl_hash hash
Definition: scram/server.c:54

scram_server_state::storedkey
char storedkey[GSASL_HASH_MAX_SIZE]
Definition: scram/server.c:62

scram_server_state::sl
struct scram_server_final sl
Definition: scram/server.c:70

scram_server_state::cblen
size_t cblen
Definition: scram/server.c:66

scram_server_state::cbind
char * cbind
Definition: scram/server.c:56

scram_server_state::snonce
char * snonce
Definition: scram/server.c:60

scram_server_state::sf
struct scram_server_first sf
Definition: scram/server.c:68

scram_server_state::cf
struct scram_client_first cf
Definition: scram/server.c:67

scram_server_state::authmessage
char * authmessage
Definition: scram/server.c:64

scram_server_state::plus
bool plus
Definition: scram/server.c:53

scram_server_state::cb
char * cb
Definition: scram/server.c:65

scram_server_state::sf_str
char * sf_str
Definition: scram/server.c:59

scram_server_state::clientproof
char * clientproof
Definition: scram/server.c:61

scram_server_state::cl
struct scram_client_final cl
Definition: scram/server.c:69

scram_free_server_first
void scram_free_server_first(struct scram_server_first *sf)
Definition: tokens.c:46

scram_free_client_first
void scram_free_client_first(struct scram_client_first *cf)
Definition: tokens.c:35

scram_free_server_final
void scram_free_server_final(struct scram_server_final *sl)
Definition: tokens.c:65

scram_free_client_final
void scram_free_client_final(struct scram_client_final *cl)
Definition: tokens.c:55

set_saltedpassword
int set_saltedpassword(Gsasl_session *sctx, Gsasl_hash hash, const char *hashbuf)
Definition: tools.c:31

tools.h