-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathsasl.ts
80 lines (65 loc) · 2.52 KB
/
sasl.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import { createHash, createHmac, BinaryLike } from 'node:crypto';
import { Buffer } from 'node:buffer';
export function xorBuffers(a: Buffer, b: Buffer): Buffer {
if (a.length !== b.length) {
throw new Error('Buffer length mismatch');
}
if (a.length === 0 || b.length === 0) {
throw new Error('Buffers cannot be empty');
}
return Buffer.from(a.map((_, i) => a[i] ^ b[i]));
}
export function hmacSha256(key: BinaryLike, msg: Buffer | string) {
return createHmac('sha256', key).update(msg).digest();
}
export function sha256(key: Buffer): Buffer {
return createHash('sha256').update(key).digest();
}
export function hi(password: string, saltBytes: Buffer, iterations: number) {
let ui1 = hmacSha256(
password,
Buffer.concat([saltBytes, Buffer.from([0, 0, 0, 1])]),
);
let ui = ui1;
for (let i = 0; i < iterations - 1; i++) {
ui1 = hmacSha256(password, ui1);
ui = xorBuffers(ui, ui1);
}
return ui;
}
export function sign(
data: string,
password: string,
clientNonce: string,
): [string, string] {
const m = Object.fromEntries(
data.split(',').map((attr) => [attr[0], attr.substring(2)]),
);
if (!(m.i && m.r && m.s)) throw new Error('SASL message parse error');
const nonce = m.r;
if (!nonce.startsWith(clientNonce)) throw new Error('SASL nonce mismatch');
if (nonce.length === clientNonce.length)
throw new Error('SASL nonce too short');
const iterations = parseInt(m.i, 10);
const salt = Buffer.from(m.s, 'base64');
const saltedPassword = hi(password, salt, iterations);
const clientKey = hmacSha256(saltedPassword, 'Client Key');
const storedKey = sha256(clientKey);
const clientFinalMessageWithoutProof = 'c=biws,r=' + nonce;
const clientFirstMessageBare = 'n=*,r=' + clientNonce;
const serverFirstMessage = data;
const authMessage =
clientFirstMessageBare +
',' +
serverFirstMessage +
',' +
clientFinalMessageWithoutProof;
const clientSignature = hmacSha256(storedKey, authMessage);
const clientProofBytes = xorBuffers(clientKey, clientSignature);
const clientProof = clientProofBytes.toString('base64');
const serverKey = hmacSha256(saltedPassword, 'Server Key');
const serverSignatureBytes = hmacSha256(serverKey, authMessage);
const response = clientFinalMessageWithoutProof + ',p=' + clientProof;
const serverSignature = serverSignatureBytes.toString('base64');
return [response, serverSignature];
}