diff options
| author | Simon Josefsson | 2020-01-03 18:41:03 +0100 |
|---|---|---|
| committer | Simon Josefsson | 2020-01-16 08:54:04 +0100 |
| commit | f7ff3ddc16b98d63ef95768e70ba2b78a574d162 (patch) | |
| tree | cee969b50ee8e61013640778987a0a4dbf39dad7 | |
| parent | 125bc5b1a4cf92e251680eb92ae45a1b25aee5cf (diff) | |
| download | emacs-f7ff3ddc16b98d63ef95768e70ba2b78a574d162.tar.gz emacs-f7ff3ddc16b98d63ef95768e70ba2b78a574d162.zip | |
Add SASL SCRAM-SHA-256 support.
* lisp/net/sasl.el (sasl-mechanisms): Add SCRAM-SHA-256.
(sasl-mechanism-alist): Ditto.
* lisp/net/sasl-scram-sha256.el: New file.
* tests/lisp/net/sasl-scram-rfc-tests.el (sasl-scram-sha-256-test):
New function.
| -rw-r--r-- | lisp/net/sasl-scram-sha256.el | 59 | ||||
| -rw-r--r-- | lisp/net/sasl.el | 5 | ||||
| -rw-r--r-- | test/lisp/net/sasl-scram-rfc-tests.el | 26 |
3 files changed, 86 insertions, 4 deletions
diff --git a/lisp/net/sasl-scram-sha256.el b/lisp/net/sasl-scram-sha256.el new file mode 100644 index 00000000000..e50a032c233 --- /dev/null +++ b/lisp/net/sasl-scram-sha256.el | |||
| @@ -0,0 +1,59 @@ | |||
| 1 | ;;; sasl-scram-sha256.el --- SCRAM-SHA-256 module for the SASL client framework -*- lexical-binding: t; -*- | ||
| 2 | |||
| 3 | ;; Copyright (C) 2020 Free Software Foundation, Inc. | ||
| 4 | |||
| 5 | ;; Author: Simon Josefsson <simon@josefsson.org> | ||
| 6 | ;; Package: sasl | ||
| 7 | |||
| 8 | ;; This file is part of GNU Emacs. | ||
| 9 | |||
| 10 | ;; GNU Emacs is free software: you can redistribute it and/or modify | ||
| 11 | ;; it under the terms of the GNU General Public License as published by | ||
| 12 | ;; the Free Software Foundation, either version 3 of the License, or | ||
| 13 | ;; (at your option) any later version. | ||
| 14 | |||
| 15 | ;; GNU Emacs is distributed in the hope that it will be useful, | ||
| 16 | ;; but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 17 | ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 18 | ;; GNU General Public License for more details. | ||
| 19 | |||
| 20 | ;; You should have received a copy of the GNU General Public License | ||
| 21 | ;; along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. | ||
| 22 | |||
| 23 | ;;; Commentary: | ||
| 24 | |||
| 25 | ;; Implement the SCRAM-SHA-256 mechanism from RFC 7677. | ||
| 26 | |||
| 27 | ;;; Code: | ||
| 28 | |||
| 29 | (require 'cl-lib) | ||
| 30 | (require 'sasl) | ||
| 31 | (require 'hex-util) | ||
| 32 | (require 'rfc2104) | ||
| 33 | (require 'sasl-scram-rfc) | ||
| 34 | |||
| 35 | ;;; SCRAM-SHA-256 | ||
| 36 | |||
| 37 | (defconst sasl-scram-sha-256-steps | ||
| 38 | '(sasl-scram-client-first-message | ||
| 39 | sasl-scram-sha-256-client-final-message | ||
| 40 | sasl-scram-sha-256-authenticate-server)) | ||
| 41 | |||
| 42 | (defun sasl-scram-sha256 (object &optional start end binary) | ||
| 43 | (secure-hash 'sha256 object start end binary)) | ||
| 44 | |||
| 45 | (defun sasl-scram-sha-256-client-final-message (client step) | ||
| 46 | (sasl-scram--client-final-message | ||
| 47 | ;; HMAC-SHA256 uses block length 64 and hash length 32; see RFC 4634. | ||
| 48 | 'sasl-scram-sha256 64 32 client step)) | ||
| 49 | |||
| 50 | (defun sasl-scram-sha-256-authenticate-server (client step) | ||
| 51 | (sasl-scram--authenticate-server | ||
| 52 | 'sasl-scram-sha256 64 32 client step)) | ||
| 53 | |||
| 54 | (put 'sasl-scram-sha256 'sasl-mechanism | ||
| 55 | (sasl-make-mechanism "SCRAM-SHA-256" sasl-scram-sha-256-steps)) | ||
| 56 | |||
| 57 | (provide 'sasl-scram-sha256) | ||
| 58 | |||
| 59 | ;;; sasl-scram-sha256.el ends here | ||
diff --git a/lisp/net/sasl.el b/lisp/net/sasl.el index 4405c904cd3..ab118e1f982 100644 --- a/lisp/net/sasl.el +++ b/lisp/net/sasl.el | |||
| @@ -35,8 +35,8 @@ | |||
| 35 | ;;; Code: | 35 | ;;; Code: |
| 36 | 36 | ||
| 37 | (defvar sasl-mechanisms | 37 | (defvar sasl-mechanisms |
| 38 | '("SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" "ANONYMOUS" | 38 | '("SCRAM-SHA-256" "SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" |
| 39 | "NTLM")) | 39 | "ANONYMOUS" "NTLM")) |
| 40 | 40 | ||
| 41 | (defvar sasl-mechanism-alist | 41 | (defvar sasl-mechanism-alist |
| 42 | '(("CRAM-MD5" sasl-cram) | 42 | '(("CRAM-MD5" sasl-cram) |
| @@ -45,6 +45,7 @@ | |||
| 45 | ("LOGIN" sasl-login) | 45 | ("LOGIN" sasl-login) |
| 46 | ("ANONYMOUS" sasl-anonymous) | 46 | ("ANONYMOUS" sasl-anonymous) |
| 47 | ("NTLM" sasl-ntlm) | 47 | ("NTLM" sasl-ntlm) |
| 48 | ("SCRAM-SHA-256" sasl-scram-sha256) | ||
| 48 | ("SCRAM-SHA-1" sasl-scram-rfc))) | 49 | ("SCRAM-SHA-1" sasl-scram-rfc))) |
| 49 | 50 | ||
| 50 | (defvar sasl-unique-id-function #'sasl-unique-id-function) | 51 | (defvar sasl-unique-id-function #'sasl-unique-id-function) |
diff --git a/test/lisp/net/sasl-scram-rfc-tests.el b/test/lisp/net/sasl-scram-rfc-tests.el index ec283c86f55..09e05b62a25 100644 --- a/test/lisp/net/sasl-scram-rfc-tests.el +++ b/test/lisp/net/sasl-scram-rfc-tests.el | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | ;;; sasl-scram-rfc-tests.el --- tests for SCRAM-SHA-1 -*- lexical-binding: t; -*- | 1 | ;;; sasl-scram-rfc-tests.el --- tests for SCRAM -*- lexical-binding: t; -*- |
| 2 | 2 | ||
| 3 | ;; Copyright (C) 2014-2020 Free Software Foundation, Inc. | 3 | ;; Copyright (C) 2014-2020 Free Software Foundation, Inc. |
| 4 | 4 | ||
| @@ -19,7 +19,7 @@ | |||
| 19 | 19 | ||
| 20 | ;;; Commentary: | 20 | ;;; Commentary: |
| 21 | 21 | ||
| 22 | ;; Test cases from RFC 5802. | 22 | ;; Test cases from RFC 5802 and RFC 7677. |
| 23 | 23 | ||
| 24 | ;;; Code: | 24 | ;;; Code: |
| 25 | 25 | ||
| @@ -47,4 +47,26 @@ | |||
| 47 | (sasl-scram-sha-1-authenticate-server client (vector nil "v=rmF9pqV8S7suAoZWja4dJRkFsKQ= | 47 | (sasl-scram-sha-1-authenticate-server client (vector nil "v=rmF9pqV8S7suAoZWja4dJRkFsKQ= |
| 48 | ")))) | 48 | ")))) |
| 49 | 49 | ||
| 50 | (require 'sasl-scram-sha256) | ||
| 51 | |||
| 52 | (ert-deftest sasl-scram-sha-256-test () | ||
| 53 | ;; The following strings are taken from section 3 of RFC 7677. | ||
| 54 | (let ((client | ||
| 55 | (sasl-make-client (sasl-find-mechanism '("SCRAM-SHA-256")) | ||
| 56 | "user" | ||
| 57 | "imap" | ||
| 58 | "localhost")) | ||
| 59 | (data "r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096") | ||
| 60 | (c-nonce "rOprNGfwEbeRWgbNEkqO") | ||
| 61 | (sasl-read-passphrase | ||
| 62 | (lambda (_prompt) (copy-sequence "pencil")))) | ||
| 63 | (sasl-client-set-property client 'c-nonce c-nonce) | ||
| 64 | (should | ||
| 65 | (equal | ||
| 66 | (sasl-scram-sha-256-client-final-message client (vector nil data)) | ||
| 67 | "c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=")) | ||
| 68 | |||
| 69 | ;; This should not throw an error: | ||
| 70 | (sasl-scram-sha-256-authenticate-server client (vector nil "v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=")))) | ||
| 71 | |||
| 50 | ;;; sasl-scram-rfc-tests.el ends here | 72 | ;;; sasl-scram-rfc-tests.el ends here |