scram_formatter.go

package sarama

import (
	"crypto/hmac"
	"crypto/sha256"
	"crypto/sha512"
	"hash"
)

// ScramFormatter implementation
// @see: https://github.com/apache/kafka/blob/99b9b3e84f4e98c3f07714e1de6a139a004cbc5b/clients/src/main/java/org/apache/kafka/common/security/scram/internals/ScramFormatter.java#L93
type scramFormatter struct {
	mechanism ScramMechanismType
}

func (s scramFormatter) mac(key []byte) (hash.Hash, error) {
	var m hash.Hash

	switch s.mechanism {
	case SCRAM_MECHANISM_SHA_256:
		m = hmac.New(sha256.New, key)

	case SCRAM_MECHANISM_SHA_512:
		m = hmac.New(sha512.New, key)
	default:
		return nil, ErrUnknownScramMechanism
	}

	return m, nil
}

func (s scramFormatter) hmac(key []byte, extra []byte) ([]byte, error) {
	mac, err := s.mac(key)
	if err != nil {
		return nil, err
	}

	if _, err := mac.Write(extra); err != nil {
		return nil, err
	}
	return mac.Sum(nil), nil
}

func (s scramFormatter) xor(result []byte, second []byte) {
	for i := 0; i < len(result); i++ {
		result[i] = result[i] ^ second[i]
	}
}

func (s scramFormatter) saltedPassword(password []byte, salt []byte, iterations int) ([]byte, error) {
	mac, err := s.mac(password)
	if err != nil {
		return nil, err
	}

	if _, err := mac.Write(salt); err != nil {
		return nil, err
	}
	if _, err := mac.Write([]byte{0, 0, 0, 1}); err != nil {
		return nil, err
	}

	u1 := mac.Sum(nil)
	prev := u1
	result := u1

	for i := 2; i <= iterations; i++ {
		ui, err := s.hmac(password, prev)
		if err != nil {
			return nil, err
		}

		s.xor(result, ui)
		prev = ui
	}

	return result, nil
}