mirror of
https://github.com/rgv151/scram
synced 2026-01-15 00:41:40 +00:00
No description
| .github | ||
| scram | ||
| tests | ||
| .gitignore | ||
| .travis.yml | ||
| LICENSE | ||
| README.md | ||
| scram.nimble | ||
scram.nim
Salted Challenge Response Authentication Mechanism (SCRAM)
Supported Mechanisms:
- SCRAM-SHA-1
- SCRAM-SHA-1-PLUS
- SCRAM-SHA-256
- SCRAM-SHA-256-PLUS
- SCRAM-SHA-384
- SCRAM-SHA-384-PLUS
- SCRAM-SHA-512
- SCRAM-SHA-512-PLUS
- SCRAM-SHA3-512
- SCRAM-SHA3-512-PLUS
Supported Channel Binding Types
- TLS_UNIQUE
- TLS_SERVER_END_POINT
Standards
- RFC 5802 Describes SCRAM.
- RFC 7677 Registers SCRAM-SHA-256 and SCRAM-SHA-256-PLUS.
- draft-melnikov-scram-sha-512-02 Registers SCRAM-SHA-512 and SCRAM-SHA-512-PLUS.
- draft-melnikov-scram-sha3-512 Registers SCRAM-SHA3-512 and SCRAM-SHA3-512-PLUS.
- RFC 5929 Channel Bindings for TLS.
- RFC 9266 Defines the
tls-exporterchannel binding, which is not supported yet
Examples
Client
var client = newScramClient[Sha256Digest]()
assert client.prepareFirstMessage(user) == cfirst, "incorrect first message"
let fmsg = client.prepareFinalMessage(password, sfirst)
assert fmsg == cfinal, "incorrect final message"
assert client.verifyServerFinalMessage(sfinal), "incorrect server final message"
Channel Binding
Helper proc getChannelBindingData added to helps you getting channel binding data from existing Socket/AsyncSocket
var
ctx = newContext()
socket = newSocket()
ctx.wrapSocket(socket)
socket.connect(...)
# ....
let cbData = getChannelBindingData(TLS_UNIQUE, socket)
var client = newScramClient[Sha256Digest]()
client.setChannelBindingType(TLS_UNIQUE)
client.setChannelBindingData(cbData)
echo client.prepareFirstMessage(user)