sigildocs

(sigil irc sasl-scram)

(sigil irc sasl-scram) - SCRAM-SHA-256 mechanism for SASL

Implements RFC 5802 + RFC 7677 (SCRAM with SHA-256). The wire dance is layered inside SASL's AUTHENTICATE/chunked-base64 envelope:

C: AUTHENTICATE SCRAM-SHA-256
S: AUTHENTICATE +
C: <client-first-message>
       n,,n=alice,r=<client-nonce>
S: <server-first-message>
       r=<combined-nonce>,s=<base64-salt>,i=<iterations>
C: <client-final-message>
       c=<base64-channel-binding>,r=<combined-nonce>,p=<base64-proof>
S: <server-final-message>
       v=<base64-server-signature>
S: 903 <client> :SASL authentication successful

Where: SaltedPassword = PBKDF2-SHA-256(password, salt, iterations, 32) ClientKey = HMAC-SHA-256(SaltedPassword, "Client Key") StoredKey = SHA-256(ClientKey) AuthMessage = client-first-bare + "," + server-first

  • "," + client-final-no-proof ClientSignature = HMAC-SHA-256(StoredKey, AuthMessage) ClientProof = ClientKey XOR ClientSignature ServerKey = HMAC-SHA-256(SaltedPassword, "Server Key") ServerSignature = HMAC-SHA-256(ServerKey, AuthMessage)

This module exports two driver functions that plug into the core (sigil irc sasl) state-machine via the scram-driver field. The consumer constructs a sasl state with the SCRAM driver attached; the core SASL machinery dispatches into the driver at the right phases.

Server-side scram-fetch callback: (scram-fetch authcid) -> (list <salt-b64> <iterations> <stored-key-bv> <server-key-bv>) or #f for unknown user

A consumer-supplied scram-credentials helper computes those four values from a plaintext password (typically called once at user registration; the salted password is stored, never the plaintext).

Exports

The server-side stored SCRAM verifier for one user. The plaintext password is NOT stored; only these four values, which are sufficient to verify a client's proof without the password.

Test if a value is a scram-credentials struct.

Get the salt-b64 field of a scram-credentials struct.

Get the iterations field of a scram-credentials struct.

Get the stored-key field of a scram-credentials struct.

Get the server-key field of a scram-credentials struct.

Derive SCRAM credentials from a plaintext password + per-user salt + iteration count. Call this at user registration; persist the resulting record. The plaintext password is never needed again on the server side.

(define creds (derive-scram-credentials "alice-password"
                                         (random-bytes 16)
                                         4096))
;; persist (scram-credentials-salt-b64 creds), -iterations,
;; -stored-key, -server-key

Parse an attribute string k1=v1,k2=v2,... into an alist.

Build a sasl-client-state pre-wired for SCRAM-SHA-256.

Construct a scram-client-locals struct.

Test if a value is a scram-client-locals struct.

Get the nonce field of a scram-client-locals struct.

Get the client-first-bare field of a scram-client-locals struct.

Get the server-first field of a scram-client-locals struct.

Get the server-signature-b64 field of a scram-client-locals struct.

Set the nonce field of a scram-client-locals struct.

Set the client-first-bare field of a scram-client-locals struct.

Set the server-first field of a scram-client-locals struct.

Set the server-signature-b64 field of a scram-client-locals struct.

Construct a scram-server-locals struct.

Test if a value is a scram-server-locals struct.

Get the server-nonce field of a scram-server-locals struct.

Get the client-first-bare field of a scram-server-locals struct.

Get the server-first field of a scram-server-locals struct.

Get the stored-key field of a scram-server-locals struct.

Get the server-key field of a scram-server-locals struct.

Set the server-nonce field of a scram-server-locals struct.

Set the client-first-bare field of a scram-server-locals struct.

Set the server-first field of a scram-server-locals struct.

Set the stored-key field of a scram-server-locals struct.

Set the server-key field of a scram-server-locals struct.

Construct a sasl-server-state pre-wired for SCRAM-SHA-256. fetch is (lambda (authcid) -> scram-credentials? or #f).

(No description)

(No description)