盐化挑战响应认证机制（SCRAM）

本实现根据RFC5802和RFC7677提供了SCRAM-SHA-256机制的客户端和服务器。它不支持通道绑定。

阅读文档。

限制

强制的SCRAM-SHA-1认证机制目前尚未实现。这同样适用于*-PLUS变体，因为此库不支持通道绑定。如果您愿意为其做出贡献或维护，我将非常感激。

用法

客户端

以下是一个典型用例。有关方法的详细说明，请参考它们的文档。在生产代码中，您应该用适当的错误处理来替换解包。

首先，您必须使用以下方法之一提供用户和密码：ClientFirst::new 或 ClientFirst::with_rng。这些方法返回一个SCRAM状态，您可以使用它来计算第一个客户端消息。

服务器和客户端使用SCRAM机制交换四个消息。每种消息都有一个rust类型。调用不同类型的 client_first、handle_server_first、client_final 和 handle_server_final 方法可以逐步推进SCRAM握手过程。计算客户端消息永远不会失败，但处理服务器消息可能会失败。

use scram::ScramClient;

// This function represents your I/O implementation.
fn send_and_receive(message: &str) -> String {
    unimplemented!()
}

// Create a SCRAM state from the credentials.
let scram = ScramClient::new("user", "password", None);

// Get the client message and reassign the SCRAM state.
let (scram, client_first) = scram.client_first();

// Send the client first message and receive the servers reply.
let server_first = send_and_receive(&client_first);

// Process the reply and again reassign the SCRAM state. You can add error handling to
// abort the authentication attempt.
let scram = scram.handle_server_first(&server_first).unwrap();

// Get the client final message and reassign the SCRAM state.
let (scram, client_final) = scram.client_final();

// Send the client final message and receive the servers reply.
let server_final = send_and_receive(&client_final);

// Process the last message. Any error returned means that the authentication attempt
// wasn't successful.
let () = scram.handle_server_final(&server_final).unwrap();

服务器

服务器用于响应客户端的挑战。以下是一个典型的使用模式，其中使用了默认提供者。在生产环境中，您将实现一个AuthenticationProvider，以便根据用户名查找用户凭据

服务器和客户端使用SCRAM机制交换四个消息。每个消息都有一个rust类型。调用方法 handle_client_first()、server_first()、handle_client_final() 和 server_final() 在不同类型上逐步推进SCRAM握手过程。计算服务器消息永远不会失败（除非nonce的随机数源失败），但处理客户端消息可能导致失败。

最后一步如果认证失败，将不会返回错误，但会返回一个 AuthenticationStatus，您可以使用它来确定认证是否成功。

use scram::{ScramServer, AuthenticationStatus, AuthenticationProvider, PasswordInfo};

// Create a dummy authentication provider
struct ExampleProvider;
impl AuthenticationProvider for ExampleProvider {
    // Here you would look up password information for the the given username
    fn get_password_for(&self, username: &str) -> Option<PasswordInfo> {
       unimplemented!()
    }

}
// These functions represent your I/O implementation.
# #[allow(unused_variables)]
fn receive() -> String {
    unimplemented!()
}
# #[allow(unused_variables)]
fn send(message: &str) {
    unimplemented!()
}

// Create a new ScramServer using the example authenication provider
let scram_server = ScramServer::new(ExampleProvider{});

// Receive a message from the client
let client_first = receive();

// Create a SCRAM state from the client's first message
let scram_server = scram_server.handle_client_first(&client_first).unwrap();
// Craft a response to the client's message and advance the SCRAM state
// We could use our own source of randomness here, with `server_first_with_rng()`
let (scram_server, server_first) = scram_server.server_first();
// Send our message to the client and read the response
send(&server_first);
let client_final = receive();

// Process the client's challenge and re-assign the SCRAM state.  This could fail if the
// message was poorly formatted
let scram_server = scram_server.handle_client_final(&client_final).unwrap();

// Prepare the final message and get the authentication status
let(status, server_final) = scram_server.server_final();
// Send our final message to the client
send(&server_final);

// Check if the client successfully authenticated
assert_eq!(status, AuthenticationStatus::Authenticated);