Plasma GitLab Archive
Projects Blog Knowledge

Module Netmech_scram

module Netmech_scram: sig .. end
SCRAM mechanism for authentication (RFC 5802)


This implements SCRAM for SASL and GSSAPI.

This module needs the SHA-1 hash function. In order to use it, initialize crypto support, e.g. by including the nettls-gnutls packages and calling Nettls_gnutls.init.

As for all SASL mechanisms in OCamlnet, SASLprep is not automatically called. Users of SCRAM should pass user names and passwords through Netsaslprep.saslprep.

type ptype = [ `GSSAPI | `SASL ] 
Profile types:
  • `GSSAPI: as defined in RFC 5802, the gs2-header is omitted
  • `SASL: as defined in RFC 5802

type profile = {
   ptype : ptype;
   hash_function : Netsys_digests.iana_hash_fn; (*Which hash function*)
   return_unknown_user : bool; (*Whether servers exhibit the fact that the user is unknown*)
   iteration_count_limit : int; (*Largest supported iteration number*)
}
Profile
type cb = Netsys_sasl_types.cb 
Using the same channel binding type as for SASL
type server_error = [ `Channel_binding_not_supported
| `Channel_bindings_dont_match
| `Extension of string
| `Extensions_not_supported
| `Invalid_encoding
| `Invalid_proof
| `Invalid_username_encoding
| `No_resources
| `Other_error
| `Server_does_support_channel_binding
| `Unknown_user
| `Unsupported_channel_binding_type ]
Error codes of this protocol
type client_session 
Session context for clients
type server_session 
Session context for servers

Client exceptions: The exceptions are returned by client_error_flag, but never raised.
exception Invalid_encoding of string * string
Returned by clients when something cannot be decoded. First string is an error message, the second string the raw message that cannot be decoded
exception Invalid_username_encoding of string * string
Returned by clients when the username does not match the requirements. Arguments as for Invalid_encoding.
exception Extensions_not_supported of string * string
Returned by clients when the server enables an unsupported extension. Arguments as for Invalid_encoding.
exception Protocol_error of string
Returned by clients when the server violates the protocol. The argument is a message.
exception Invalid_server_signature
Returned by clients when the signature sent by the server is invalid (i.e. the server does not know the client password)
exception Server_error of server_error
Returned by clients when the server sent an error code
val error_of_exn : exn -> string
Converts one of the above exceptions to a human-readable string
val profile : ?return_unknown_user:bool ->
?iteration_count_limit:int ->
ptype -> Netsys_digests.iana_hash_fn -> profile
Creates a profile
val string_of_server_error : server_error -> string
val server_error_of_string : string -> server_error
Conversion
val mechanism_name : profile -> string
The official name of the mechanism

Clients



The idea is to create a client session s first. The functions client_emit_flag and client_recv_flag indicate now whether the client needs to emit a new message, or whether it needs to receive a message, respectively. Emission is done by client_emit_message, reception by client_recv_message. If everything goes well, the protocol state advances, and finally client_finish_flag is true. This indicates that the client is authenticated and that the server knows the client's password. If an error occurs, an exception is raised (see above for possibilities), and client_error_flag signals true.
val create_client_session : ?nonce:string ->
profile -> string -> string -> client_session
create_client_session p username password: Creates a new client session for profile p so that the client authenticates as user username, and proves its identity with the given password.
val create_client_session2 : ?nonce:string ->
profile ->
string -> string -> string -> client_session
create_client_session p username authzname password: Like create_client_session, but also sets the authorization name (only processed for the SASL profile).
val client_configure_channel_binding : client_session ->
cb -> client_session
Sets whether to request channel binding.
val client_restart : client_session -> string -> client_session
Restart a client session (draft-ietf-httpauth-scram-auth-15). The string is the sr attribute.
val client_restart_stale : client_session -> string -> client_session
Restart a client session after the server indicated that the session is stale. The string arg is the new "sr" attribute (draft-ietf-httpauth-scram-auth-15).
val client_emit_flag : client_session -> bool
Whether client_emit_message can now be called
val client_recv_flag : client_session -> bool
Whether client_recv_message can now be called
val client_finish_flag : client_session -> bool
Whether the client is authenticated and the server verified
val client_semifinish_flag : client_session -> bool
Whether the client is authentication
val client_error_flag : client_session -> exn option
Whether an error occurred, and the protocol cannot advance anymore
val client_channel_binding : client_session -> cb
Returns the channel binding
val client_emit_message : client_session -> client_session * string
Emits the next message to be sent to the server
val client_emit_message_kv : client_session ->
client_session * string option * (string * string) list
Emits the next message to be sent to the server. The message is not encoded as a single string, but as (gs2_opt, kv) where gs2_opt is the optional GS2 header (the production gs2-header from the RFC), and kv contains the parameters as key/value pairs.
val client_recv_message : client_session -> string -> client_session
Receives the next message from the server
val client_protocol_key : client_session -> string option
The 128-bit protocol key for encrypting messages. This is available as soon as the second client message is emitted.
val client_user_name : client_session -> string
The user name
val client_authz_name : client_session -> string
The authorization name
val client_password : client_session -> string
The password
val client_export : client_session -> string
val client_import : string -> client_session
Exports a client session as string, and imports the string again.

The export format is just a marshalled Ocaml value.

val client_prop : client_session -> string -> string
Returns a property of the client (or Not_found):
  • "snonce": server nonce
  • "cnonce": client nonce
  • "salt": password salt
  • "i": iteration count
  • "client_key": this key is derived from the salted password but cannot be derived from the stored key. Its presence proves that the password was entered. It is ideal for encrypting data with a per-user key. The client key is known both to the client and to the server (after running the protocol).
  • "protocol_key": another key defined in RFC-5801 known by both sides. The protocol key is additionally also dependent on the nonces.
  • "error"


Servers



The idea is to create a server session s first. The functions server_emit_flag and server_recv_flag indicate now whether the server needs to emit a new message, or whether it needs to receive a message, respectively. Emission is done by server_emit_message, reception by server_recv_message. If everything goes well, the protocol state advances, and finally server_finish_flag is true. This indicates that the client could be authenticated.

If an error occurs, no exception is raised, and the protocol advances nevertheless, and finally the server sends an error token to the client. After this, server_error_flag returns true.

type credentials = [ `Salted_password of string * string * int
| `Stored_creds of string * string * string * int ]
Two forms of providing credentials:
  • `Salted_password(spw,salt,iteration_count): get the salted password with spw = salt_password h password salt iteration_count
  • `Stored(stkey, srvkey, salt, iteration_count): get the pair (stkey, srvkey) with stored_key h password salt iteration_count

val create_server_session : ?nonce:string ->
profile ->
(string -> credentials) -> server_session
create_server_session p auth: Creates a new server session with profile p and authenticator function auth.

The function is auth is called when the credentials of the client have been received to check whether the client can be authenticated. It is called as

      let credentials = auth username
      

where username is the user name. The function can now raise Not_found if the user is unknown, or it can return the credentials. Note that the cleartext password needs not to be known. The credentials contain a salt and an iteration count: salt is a random string, and iteration_count a security parameter that should be at least 4096. Whereas salt should be different for each user, the iteration_count can be chosen as a constant (e.g. 4096). Now salted_password can be computed from the cleartext password and these two extra parameters. See salt_password below.

val create_server_session2 : ?nonce:string ->
profile ->
(string -> string -> credentials) ->
server_session
Same as create_server_session, but the authentication callback gets two arguments:

      let credentials = auth username authzname
      

where authzname is the passed authorization name (or "" if na).

val create_salt : unit -> string
Creates a random string suited as salt
val salt_password : Netsys_digests.iana_hash_fn -> string -> string -> int -> string
let salted_password = salt_password h password salt iteration_count

Use this now as credentials `Salted_password(salted_password,salt,iteration_count).

As we do not implement SASLprep only passwords consisting of US-ASCII characters are accepted (Invalid_encoding otherwise).

val stored_key : Netsys_digests.iana_hash_fn -> string -> string -> int -> string * string

let stkey,srvkey = stored_key h password salt iteration_count

Use this now as credentials `Stored_creds(stkey,srvkey,salt,iteration_count).

val server_emit_flag : server_session -> bool
Whether server_emit_message can now be called
val server_recv_flag : server_session -> bool
Whether server_recv_message can now be called
val server_finish_flag : server_session -> bool
Whether the client is authenticated
val server_error_flag : server_session -> bool
Whether an error occurred, and the protocol cannot advance anymore
val server_emit_message : server_session -> server_session * string
Emits the next message to be sent to the client
val server_emit_message_kv : server_session ->
server_session * (string * string) list
Emits the next message to be sent to the client. The message is returned as a list of key/value pairs.
val server_recv_message : server_session -> string -> server_session
Receives the next message from the client
val server_protocol_key : server_session -> string option
The 128-bit protocol key for encrypting messages. This is available as soon as the second client message has been received.
val server_channel_binding : server_session -> cb
Returns the channel binding requirement. It is up to the application to enforce the binding. This information is available as soon as the second client message has been received
val server_user_name : server_session -> string option
The user name as transmitted from the client. This is returned here even before the authentication is completed!
val server_authz_name : server_session -> string option
The authorization name as transmitted from the client. This is returned here even before the authentication is completed!
val server_export : server_session -> string
val server_import : string -> server_session
val server_import_any : string ->
(string -> credentials) -> server_session
val server_import_any2 : string ->
(string -> string -> credentials) ->
server_session
Exports a server session as string, and imports the string again. server_import can only import established sessions. server_import_any can also import unfinished sessions, but one needs to pass the authentication function as for server_create_session. server_import_any2 uses the modified auth function as in server_create_session2.
val server_prop : server_session -> string -> string
Returns a property of the server (or Not_found) - see also client_prop above:
  • "snonce"
  • "cnonce"
  • "salt"
  • "i" (iteration_count)
  • "client_key"
  • "protocol_key"


Confidentiality


type specific_keys = {
   kc : string;
   ke : string;
   ki : string;
}
The specific keys to use
module AES_CTS: sig .. end
This module implements AES in Ciphertext Stealing mode (see RFC 3962)
module Cryptosystem: sig .. end
This is the cryptosystem as defined in RFC 3961, so far needed here.
module Debug: sig .. end
This web site is published by Informatikbüro Gerd Stolpmann
Powered by Caml