Salted Challenge Response Authentication Mechanism (SCRAM)
- SCRAM-SHA-1
- SCRAM-SHA-1-PLUS
- SCRAM-SHA-256
- SCRAM-SHA-256-PLUS
- SCRAM-SHA-384
- SCRAM-SHA-384-PLUS
- SCRAM-SHA-512
- SCRAM-SHA-512-PLUS
- SCRAM-SHA3-512
- SCRAM-SHA3-512-PLUS
- TLS_UNIQUE
- TLS_SERVER_END_POINT
- RFC 5802 Describes SCRAM.
- RFC 7677 Registers SCRAM-SHA-256 and SCRAM-SHA-256-PLUS.
- draft-melnikov-scram-sha-512-02 Registers SCRAM-SHA-512 and SCRAM-SHA-512-PLUS.
- draft-melnikov-scram-sha3-512 Registers SCRAM-SHA3-512 and SCRAM-SHA3-512-PLUS.
- RFC 5929 Channel Bindings for TLS.
- RFC 9266 Defines the
tls-exporterchannel binding, which is not supported yet
var client = newScramClient[Sha256Digest]()
assert client.prepareFirstMessage(user) == cfirst, "incorrect first message"
let fmsg = client.prepareFinalMessage(password, sfirst)
assert fmsg == cfinal, "incorrect final message"
assert client.verifyServerFinalMessage(sfinal), "incorrect server final message"Helper proc getChannelBindingData added to helps you getting channel binding data from existing Socket/AsyncSocket
var
ctx = newContext()
socket = newSocket()
ctx.wrapSocket(socket)
socket.connect(...)
# ....
let cbData = getChannelBindingData(TLS_UNIQUE, socket)
var client = newScramClient[Sha256Digest]()
client.setChannelBindingType(TLS_UNIQUE)
client.setChannelBindingData(cbData)
echo client.prepareFirstMessage(user)