GNU bug report logs - #38903
[PATCH] Add SASL SCRAM-SHA-256 support.

Previous Next

Package: emacs;

Reported by: Simon Josefsson <simon <at> josefsson.org>

Date: Fri, 3 Jan 2020 18:17:02 UTC

Severity: wishlist

Tags: patch

Done: Simon Josefsson <simon <at> josefsson.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 38903 in the body.
You can then email your comments to 38903 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#38903; Package emacs. (Fri, 03 Jan 2020 18:17:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Simon Josefsson <simon <at> josefsson.org>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Fri, 03 Jan 2020 18:17:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Simon Josefsson <simon <at> josefsson.org>
To: bug-gnu-emacs <at> gnu.org
Subject: [PATCH] Add SASL SCRAM-SHA-256 support.
Date: Fri, 03 Jan 2020 19:15:44 +0100

[Message part 1 (text/plain, inline)]
Hello.

The attached patch adds support for the SCRAM-SHA-256 SASL mechanism.

I believe I still have commit access to the repository, so please review
it and I will attempt to commit the patch.  It was some time since I
last contributed anything so please be nitty so I will learn something.

Implementation comment: I wanted to put the code in the existing
sasl-scram-rfc.el file, but due to how `sasl-find-mechanism' works, it
isn't possible to have more than one SASL mechanism defined per
non-autoloaded file.  I didn't want to change the logic here, so I added
sasl-scram-sha256.el as a separate file instead.  If someone can figure
out a nicer way, that would be nice -- and might also fix the existing
hack at the end of sasl-scram-rfc.el that appear to be added due the
same reason.

Thanks,
/Simon

[0001-Add-SASL-SCRAM-SHA-256-support.patch (text/x-diff, inline)]
From d96af8467636c3477289208a7330609d25092171 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon <at> josefsson.org>
Date: Fri, 3 Jan 2020 18:41:03 +0100
Subject: [PATCH] Add SASL SCRAM-SHA-256 support.

* lisp/net/sasl.el (sasl-mechanisms): Add SCRAM-SHA-256.
(sasl-mechanism-alist): Ditto.
* lisp/net/sasl-scram-sha256.el: New file.
* tests/lisp/net/sasl-scram-rfc-tests.el (sasl-scram-sha-256-test):
New function.
---
 lisp/net/sasl-scram-sha256.el         | 59 +++++++++++++++++++++++++++
 lisp/net/sasl.el                      |  7 ++--
 test/lisp/net/sasl-scram-rfc-tests.el | 28 +++++++++++--
 3 files changed, 88 insertions(+), 6 deletions(-)
 create mode 100644 lisp/net/sasl-scram-sha256.el

diff --git a/lisp/net/sasl-scram-sha256.el b/lisp/net/sasl-scram-sha256.el
new file mode 100644
index 0000000000..e50a032c23
--- /dev/null
+++ b/lisp/net/sasl-scram-sha256.el
@@ -0,0 +1,59 @@
+;;; sasl-scram-sha256.el --- SCRAM-SHA-256 module for the SASL client framework  -*- lexical-binding: t; -*-
+
+;; Copyright (C) 2020 Free Software Foundation, Inc.
+
+;; Author: Simon Josefsson <simon <at> josefsson.org>
+;; Package: sasl
+
+;; This file is part of GNU Emacs.
+
+;; GNU Emacs is free software: you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation, either version 3 of the License, or
+;; (at your option) any later version.
+
+;; GNU Emacs is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.
+
+;;; Commentary:
+
+;; Implement the SCRAM-SHA-256 mechanism from RFC 7677.
+
+;;; Code:
+
+(require 'cl-lib)
+(require 'sasl)
+(require 'hex-util)
+(require 'rfc2104)
+(require 'sasl-scram-rfc)
+
+;;; SCRAM-SHA-256
+
+(defconst sasl-scram-sha-256-steps
+  '(sasl-scram-client-first-message
+    sasl-scram-sha-256-client-final-message
+    sasl-scram-sha-256-authenticate-server))
+
+(defun sasl-scram-sha256 (object &optional start end binary)
+  (secure-hash 'sha256 object start end binary))
+
+(defun sasl-scram-sha-256-client-final-message (client step)
+  (sasl-scram--client-final-message
+   ;; HMAC-SHA256 uses block length 64 and hash length 32; see RFC 4634.
+   'sasl-scram-sha256 64 32 client step))
+
+(defun sasl-scram-sha-256-authenticate-server (client step)
+  (sasl-scram--authenticate-server
+   'sasl-scram-sha256 64 32 client step))
+
+(put 'sasl-scram-sha256 'sasl-mechanism
+     (sasl-make-mechanism "SCRAM-SHA-256" sasl-scram-sha-256-steps))
+
+(provide 'sasl-scram-sha256)
+
+;;; sasl-scram-sha256.el ends here
diff --git a/lisp/net/sasl.el b/lisp/net/sasl.el
index e67a5a915f..3cae01c0a9 100644
--- a/lisp/net/sasl.el
+++ b/lisp/net/sasl.el
@@ -1,6 +1,6 @@
 ;;; sasl.el --- SASL client framework
 
-;; Copyright (C) 2000, 2007-2019 Free Software Foundation, Inc.
+;; Copyright (C) 2000, 2007-2020 Free Software Foundation, Inc.
 
 ;; Author: Daiki Ueno <ueno <at> unixuser.org>
 ;; Keywords: SASL
@@ -35,8 +35,8 @@
 ;;; Code:
 
 (defvar sasl-mechanisms
-  '("SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" "ANONYMOUS"
-    "NTLM"))
+  '("SCRAM-SHA-256" "SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN"
+    "ANONYMOUS" "NTLM"))
 
 (defvar sasl-mechanism-alist
   '(("CRAM-MD5" sasl-cram)
@@ -45,6 +45,7 @@ sasl-mechanism-alist
     ("LOGIN" sasl-login)
     ("ANONYMOUS" sasl-anonymous)
     ("NTLM" sasl-ntlm)
+    ("SCRAM-SHA-256" sasl-scram-sha256)
     ("SCRAM-SHA-1" sasl-scram-rfc)))
 
 (defvar sasl-unique-id-function #'sasl-unique-id-function)
diff --git a/test/lisp/net/sasl-scram-rfc-tests.el b/test/lisp/net/sasl-scram-rfc-tests.el
index af043e9f36..5d53de08ea 100644
--- a/test/lisp/net/sasl-scram-rfc-tests.el
+++ b/test/lisp/net/sasl-scram-rfc-tests.el
@@ -1,6 +1,6 @@
-;;; sasl-scram-rfc-tests.el --- tests for SCRAM-SHA-1       -*- lexical-binding: t; -*-
+;;; sasl-scram-rfc-tests.el --- tests for SCRAM-SHA-*       -*- lexical-binding: t; -*-
 
-;; Copyright (C) 2014-2019 Free Software Foundation, Inc.
+;; Copyright (C) 2014-2020 Free Software Foundation, Inc.
 
 ;; Author: Magnus Henoch <magnus.henoch <at> gmail.com>
 
@@ -19,7 +19,7 @@
 
 ;;; Commentary:
 
-;; Test cases from RFC 5802.
+;; Test cases from RFC 5802 and RFC 7677.
 
 ;;; Code:
 
@@ -47,4 +47,26 @@
     (sasl-scram-sha-1-authenticate-server client (vector nil "v=rmF9pqV8S7suAoZWja4dJRkFsKQ=
 "))))
 
+(require 'sasl-scram-sha256)
+
+(ert-deftest sasl-scram-sha-256-test ()
+  ;; The following strings are taken from section 3 of RFC 7677.
+  (let ((client
+         (sasl-make-client (sasl-find-mechanism '("SCRAM-SHA-256"))
+                           "user"
+                           "imap"
+                           "localhost"))
+        (data "r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096")
+        (c-nonce "rOprNGfwEbeRWgbNEkqO")
+        (sasl-read-passphrase
+         (lambda (_prompt) (copy-sequence "pencil"))))
+    (sasl-client-set-property client 'c-nonce c-nonce)
+    (should
+     (equal
+      (sasl-scram-sha-256-client-final-message client (vector nil data))
+      "c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ="))
+
+    ;; This should not throw an error:
+    (sasl-scram-sha-256-authenticate-server client (vector nil "v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4="))))
+
 ;;; sasl-scram-rfc-tests.el ends here
-- 
2.20.1


[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#38903; Package emacs. (Thu, 16 Jan 2020 02:05:01 GMT) Full text and rfc822 format available.

Message #8 received at 38903 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Simon Josefsson <simon <at> josefsson.org>
Cc: 38903 <at> debbugs.gnu.org
Subject: Re: Add SASL SCRAM-SHA-256 support
Date: Wed, 15 Jan 2020 18:04:42 -0800

Thanks, this patch looks good to me; please install in the master branch.
Reply sent to Simon Josefsson <simon <at> josefsson.org>:
You have taken responsibility. (Thu, 16 Jan 2020 07:58:02 GMT) Full text and rfc822 format available.
Notification sent to Simon Josefsson <simon <at> josefsson.org>:
bug acknowledged by developer. (Thu, 16 Jan 2020 07:58:02 GMT) Full text and rfc822 format available.

Message #13 received at 38903-done <at> debbugs.gnu.org (full text, mbox):

From: Simon Josefsson <simon <at> josefsson.org>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 38903-done <at> debbugs.gnu.org
Subject: Re: Add SASL SCRAM-SHA-256 support
Date: Thu, 16 Jan 2020 08:56:34 +0100

[Message part 1 (text/plain, inline)]
Paul Eggert <eggert <at> cs.ucla.edu> writes:

> Thanks, this patch looks good to me; please install in the master branch.

Done.

Thank you for review,
Simon

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 13 Feb 2020 12:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 5 years and 221 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.