diff options
| author | Andreas Nilsson <andreas.nilsson@10gen.com> | 2014-09-22 17:10:24 -0700 |
|---|---|---|
| committer | Andreas Nilsson <andreas.nilsson@10gen.com> | 2014-10-03 10:53:17 -0400 |
| commit | d7a1df26287a4f0e0cfbf842a7c6257bc44e4567 (patch) | |
| tree | 6f7fffd7f62b71fe8a837fa58b59dcc2660a8df3 /src/mongo/db/auth | |
| parent | 69b34ef4b9fb1d7c3da37d62badc8b19b5757253 (diff) | |
| download | mongo-d7a1df26287a4f0e0cfbf842a7c6257bc44e4567.tar.gz | |
SERVER-15178 Native SHA-1 and HMAC algorithm support
Diffstat (limited to 'src/mongo/db/auth')
| -rw-r--r-- | src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp | 24 |
1 files changed, 5 insertions, 19 deletions
diff --git a/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp b/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp index 208e5abe59f..7631372bd17 100644 --- a/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp +++ b/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp @@ -32,12 +32,8 @@ #include <boost/algorithm/string/join.hpp> #include <boost/algorithm/string/replace.hpp> -#ifdef MONGO_SSL -#include <openssl/sha.h> -#include <openssl/evp.h> -#include <openssl/hmac.h> -#endif +#include "mongo/crypto/crypto.h" #include "mongo/crypto/mechanism_scram.h" #include "mongo/platform/random.h" #include "mongo/util/base64.h" @@ -97,10 +93,6 @@ namespace mongo { */ StatusWith<bool> SaslSCRAMSHA1ServerConversation::_firstStep(std::vector<string>& input, std::string* outputData) { -#ifndef MONGO_SSL - return StatusWith<bool>(ErrorCodes::InternalError, - "The server is not compiled with SSL support"); -#else std::string authzId = ""; if (input.size() == 4) { @@ -196,7 +188,6 @@ namespace mongo { _authMessage += *outputData + ","; return StatusWith<bool>(false); -#endif // MONGO_SSL } /** @@ -213,10 +204,6 @@ namespace mongo { **/ StatusWith<bool> SaslSCRAMSHA1ServerConversation::_secondStep(const std::vector<string>& input, std::string* outputData) { -#ifndef MONGO_SSL - return StatusWith<bool>(ErrorCodes::InternalError, - "The server is not compiled with SSL support"); -#else if (input.size() != 3) { return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "Incorrect number of arguments for second SCRAM-SHA-1 client message, got " << @@ -247,7 +234,7 @@ namespace mongo { } std::string clientProof = input[2].substr(2); - + // Do server side computations, compare storedKeys and generate client-final-message // AuthMessage := client-first-message-bare + "," + // server-first-message + "," + @@ -261,7 +248,7 @@ namespace mongo { std::string decodedStoredKey = base64::decode(_creds.scram.storedKey); // ClientSignature := HMAC(StoredKey, AuthMessage) - fassert(18662, HMAC(EVP_sha1(), + fassert(18662, crypto::hmacSha1( reinterpret_cast<const unsigned char*>(decodedStoredKey.c_str()), scram::hashSize, reinterpret_cast<const unsigned char*>(_authMessage.c_str()), @@ -288,7 +275,7 @@ namespace mongo { // StoredKey := H(ClientKey) unsigned char computedStoredKey[scram::hashSize]; - fassert(18659, SHA1(clientKey, scram::hashSize, computedStoredKey)); + fassert(18659, crypto::sha1(clientKey, scram::hashSize, computedStoredKey)); if (memcmp(decodedStoredKey.c_str(), computedStoredKey, scram::hashSize) != 0) { return StatusWith<bool>(ErrorCodes::AuthenticationFailed, @@ -299,7 +286,7 @@ namespace mongo { // ServerSignature := HMAC(ServerKey, AuthMessage) unsigned char serverSignature[scram::hashSize]; std::string decodedServerKey = base64::decode(_creds.scram.serverKey); - fassert(18660, HMAC(EVP_sha1(), + fassert(18660, crypto::hmacSha1( reinterpret_cast<const unsigned char*>(decodedServerKey.c_str()), scram::hashSize, reinterpret_cast<const unsigned char*>(_authMessage.c_str()), @@ -314,6 +301,5 @@ namespace mongo { *outputData = sb.str(); return StatusWith<bool>(false); -#endif // MONGO_SSL } } // namespace mongo |