Giter Site home page Giter Site logo

scram's Introduction

Salted Challenge Response Authentication Mechanism (SCRAM)

This implementation currently provides a client for the SCRAM-SHA-256 mechanism according to RFC5802 and RFC7677. It doesn't support channel-binding.

Read the documentation.

Limitations

There is no server-side implementation of the SCRAM mechanism and no SHA-1 support. If you like to contribute or maintain them I appreciate that.

Usage

A typical usage scenario is shown below. For a detailed explanation of the methods please consider their documentation. In productive code you should replace the unwrapping by proper error handling.

At first the user and the password must be supplied using either of the methods ClientFirst::new or ClientFirst::with_rng. These methods return a SCRAM state you can use to compute the first client message.

The server and the client exchange four messages using the SCRAM mechanism. There is a rust type for each one of them. Calling the methods client_first, handle_server_first, client_final and handle_server_final on the different types advances the SCRAM handshake step by step. Computing client messages never fails but processing server messages can result in failure.

use scram::ClientFirst;

// This function represents your I/O implementation.
fn send_and_receive(message: &str) -> String {
    unimplemented!()
}

// Create a SCRAM state from the credentials.
let scram = ClientFirst::new("user", "password", None).unwrap();

// Get the client message and reassign the SCRAM state.
let (scram, client_first) = scram.client_first();

// Send the client first message and receive the servers reply.
let server_first = send_and_receive(&client_first);

// Process the reply and again reassign the SCRAM state. You can add error handling to
// abort the authentication attempt.
let scram = scram.handle_server_first(&server_first).unwrap();

// Get the client final message and reassign the SCRAM state.
let (scram, client_final) = scram.client_final();

// Send the client final message and receive the servers reply.
let server_final = send_and_receive(&client_final);

// Process the last message. Any error returned means that the authentication attempt
// wasn't successful.
let () = scram.handle_server_final(&server_final).unwrap();

scram's People

Contributors

danielyule avatar rushmorem avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.