Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WAMPCRA does not support salting #2120

Open
Mahad-10 opened this issue Jan 7, 2025 · 1 comment
Open

WAMPCRA does not support salting #2120

Mahad-10 opened this issue Jan 7, 2025 · 1 comment

Comments

@Mahad-10
Copy link

Mahad-10 commented Jan 7, 2025

As mentioned in the wamp proto specification: https://wamp-proto.org/wamp_ap_latest_ietf.html#section-5.2-31, wampcra should support salting but crossbar doesn't support it.

Steps to reproduce:

My config.json file looks like this:

{
  "version": 2,
  "controller": {},
  "workers": [
    {
      "type": "router",
      "realms": [
        {
          "name": "realm1",
          "roles": [
            {
              "name": "anonymous",
              "permissions": [
                {
                  "uri": "*",
                  "allow": {
                    "publish": true,
                    "subscribe": true,
                    "call": true,
                    "register": true
                  }
                }
              ]
            }
          ]
        }
      ],
      "transports": [
        {
          "type": "websocket",
          "endpoint": {
            "type": "tcp",
            "port": 8080
          },
          "auth": {
            "wampcra": {
              "type": "static",
              "users": {
                "bob": {
                  "secret": "bob-secret",
                  "role": "anonymous",
                  "salt": "salt123",
                  "iterations": 1000,
                  "keylen": 32
                }
              }
            }
          }
        }
      ]
    }
  ]
}

The client code to test it:

from twisted.internet.defer import inlineCallbacks

import txaio

txaio.use_twisted()

from autobahn.wamp.serializer import JsonSerializer
from autobahn.twisted.wamp import ApplicationSession
from autobahn.twisted.util import sleep
from autobahn.wamp import auth
from autobahn.twisted.wamp import ApplicationRunner

USER = "bob"
USER_SECRET = "bob-secret"


class ClientSession(ApplicationSession):

    def onConnect(self):
        self.join(self.config.realm, ["wampcra"], USER)

    def onChallenge(self, challenge):
        if challenge.method == "wampcra":
            signature = auth.compute_wcs(USER_SECRET, challenge.extra['challenge'])

            return signature

        else:
            raise Exception("Invalid authmethod {}".format(challenge.method))

    @inlineCallbacks
    def onJoin(self, details):
        print("Client session joined: {}".format(details))
        yield sleep(1)

        res = yield self.publish('com.example.add2', 2, 3)

        self.leave()

    def onLeave(self, details):
        self.disconnect()

if __name__ == '__main__':
    serializers = [JsonSerializer(batched=False)]

    runner = ApplicationRunner(url='ws://localhost:8080/ws', realm='realm1', serializers=serializers)
    runner.run(ClientSession)

This should result in error as i have not derived key from salt and passed it directly. But it works fine.
@om26er
Copy link
Contributor

om26er commented Jan 11, 2025

Yeah, I think would be a good first contribution to this project

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@om26er @Mahad-10