forked from OpenKore/openkore
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCRAM.pm
More file actions
109 lines (89 loc) · 3.3 KB
/
CRAM.pm
File metadata and controls
109 lines (89 loc) · 3.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# OpenKore - CRAM: Challenge Response Authentication Mechanism
#
# Copyright (c) 2006 OpenKore Development Team
#
# This software is open source, licensed under the GNU General Public
# License, version 2.
# Basically, this means that you're allowed to modify and distribute
# this software. However, if you distribute modified versions, you MUST
# also distribute the source code.
# See http://www.gnu.org/licenses/gpl.html for the full license.
#########################################################################
##
# MODULE DESCRIPTION: Challenge Response Authentication Mechanism
#
package Utils::CRAM;
use strict;
use Utils;
# ppm install Digest-SHA-PurePerl
# $digest = hmac_sha256_hex($data, $key);
use Digest::SHA::PurePerl qw(hmac_sha256_hex);
sub new {
my ($class) = @_;
my %self;
return bless \%self, $class;
}
#########################################################################
#
# Server functions
#
##
# String CRAM::challengeString(String accountName, int length)
# accountName: the account name, as it exists in the server's database
# length: the length of the challenge string to be made
# Requires: defined($response)
#
# Returns a randomly generated challenge string
sub challengeString {
my ($self, $accountName, $length) = @_;
$length = 32 unless ($length);
# NOTE: preferably other random-string generators would be used here
my $challengeString = vocalString($length);
# store the challenge string into a hash element for later retrieval
# NOTE: a database entry may also be used here
$self->{$accountName} = $challengeString;
return $challengeString;
}
##
# boolean CRAM::authenticate(String response)
# response: the response as sent by the party being challenged
# Requires: defined($response)
#
# Returns true if the digest computed matches the digest sent by the party being challenged
sub authenticate {
my ($self, $response) = @_;
my ($accountName, $digest) = split(/ /, $response);
my $challengeString = $self->{$accountName};
# get password from database
my $password = "poseidon"; # temporarily hardcoded - ideally grabbed from a database
# calculate our own notion of the digest using the provided account name, the password
# as retrieved from the database, and the challengeString that was sent before
my $ownDigest = hmac_sha256_hex($challengeString, $password);
return ($ownDigest eq $digest);
}
#########################################################################
#
# Client functions
#
##
# String CRAM::encrypt(String accountName, String password, String challengeString)
# accountName: the account name, as it exists in the server's database
# password: the password matching the account name
# challengeString: the challenge string, as sent by the server
# Requires:
# defined($accountName)
# defined($password)
# defined($challengeString)
# Ensures: defined($response)
#
# Encrypt the challenge string sent by the server using the accout name and password.
# Returns a string in this format: <accountName><space><challenge string hashed using the password>
sub encrypt {
my ($self, $accountName, $password, $challengeString) = @_;
# calculate a digest using the password as the key
my $digest = hmac_sha256_hex($challengeString, $password);
# prepend the account name and a space to the digest
my $response = $accountName . ' ' . $digest;
return ($response);
}
1;