From unknown Sat Sep 20 16:17:17 2025 X-Loop: help-debbugs@gnu.org Subject: bug#38903: [PATCH] Add SASL SCRAM-SHA-256 support. Resent-From: Simon Josefsson Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 03 Jan 2020 18:17:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 38903 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch To: 38903@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.157807537710469 (code B ref -1); Fri, 03 Jan 2020 18:17:02 +0000 Received: (at submit) by debbugs.gnu.org; 3 Jan 2020 18:16:17 +0000 Received: from localhost ([127.0.0.1]:41429 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1inRUe-0002in-Pq for submit@debbugs.gnu.org; Fri, 03 Jan 2020 13:16:17 -0500 Received: from lists.gnu.org ([209.51.188.17]:41337) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1inRUc-0002ie-8Y for submit@debbugs.gnu.org; Fri, 03 Jan 2020 13:16:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:33878) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1inRUa-0006fZ-An for bug-gnu-emacs@gnu.org; Fri, 03 Jan 2020 13:16:14 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1inRUX-000677-UH for bug-gnu-emacs@gnu.org; Fri, 03 Jan 2020 13:16:11 -0500 Received: from duva.sjd.se ([2001:9b1:84b6::187]:39566) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1inRUX-0005tj-AC for bug-gnu-emacs@gnu.org; Fri, 03 Jan 2020 13:16:09 -0500 Received: from latte ([IPv6:2001:9b0:104:42:0:0:0:dfb]) (authenticated bits=0) by duva.sjd.se (8.15.2/8.15.2/Debian-8) with ESMTPSA id 003IFpD0029951 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 3 Jan 2020 18:15:52 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=josefsson.org; s=default; t=1578075352; bh=mcHkhjQ4yIStMC6PGdpbN30wrYd6ZDMVOT3d3RXb4Ac=; h=From:To:Subject:Date:From; b=V+Z1QW32oYieHiLd7/RErok7jiodV4LL1fY/MQN7CKcgDKPKaPlHVBBTamqP9iWj0 BowDoNVNWYSc+SFTYoaJT/nLxHka9VrMzpHZyJheQOht2c3qNHbZtgK0q93/vCCOu4 SbYV1StOXJPkh7pg/xU1sdOkR5hGTM27Ik0ODjVQ3ZqboKO8ZA1JG2wg2ypWIm4E49 PlhaBGMcX0LdCsHsNPn6eYcOmKfnmN92oLsA7kSwmyCjPReP2D/RDf3P8D9LeOzAOm M6+347vpw3yRIVPsd3H88rqydyKfIV+uWx6toSbjnQHHMfphpNxLvEN18Td5zD0vX9 m+BIt+f4bnyXw== X-Hashcash: 1:22:200103:bug-gnu-emacs@gnu.org::JkmfePGMNm1F/kSe:DyH2 From: Simon Josefsson OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt Date: Fri, 03 Jan 2020 19:15:44 +0100 Message-ID: <87k1684d9r.fsf@latte.josefsson.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.101.4 at duva.sjd.se X-Virus-Status: Clean X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:9b1:84b6::187 X-Spam-Score: -1.4 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello. The attached patch adds support for the SCRAM-SHA-256 SASL mechanism. I believe I still have commit access to the repository, so please review it and I will attempt to commit the patch. It was some time since I last contributed anything so please be nitty so I will learn something. Implementation comment: I wanted to put the code in the existing sasl-scram-rfc.el file, but due to how `sasl-find-mechanism' works, it isn't possible to have more than one SASL mechanism defined per non-autoloaded file. I didn't want to change the logic here, so I added sasl-scram-sha256.el as a separate file instead. If someone can figure out a nicer way, that would be nice -- and might also fix the existing hack at the end of sasl-scram-rfc.el that appear to be added due the same reason. Thanks, /Simon --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0001-Add-SASL-SCRAM-SHA-256-support.patch Content-Transfer-Encoding: quoted-printable From=20d96af8467636c3477289208a7330609d25092171 Mon Sep 17 00:00:00 2001 From: Simon Josefsson Date: Fri, 3 Jan 2020 18:41:03 +0100 Subject: [PATCH] Add SASL SCRAM-SHA-256 support. * lisp/net/sasl.el (sasl-mechanisms): Add SCRAM-SHA-256. (sasl-mechanism-alist): Ditto. * lisp/net/sasl-scram-sha256.el: New file. * tests/lisp/net/sasl-scram-rfc-tests.el (sasl-scram-sha-256-test): New function. =2D-- lisp/net/sasl-scram-sha256.el | 59 +++++++++++++++++++++++++++ lisp/net/sasl.el | 7 ++-- test/lisp/net/sasl-scram-rfc-tests.el | 28 +++++++++++-- 3 files changed, 88 insertions(+), 6 deletions(-) create mode 100644 lisp/net/sasl-scram-sha256.el diff --git a/lisp/net/sasl-scram-sha256.el b/lisp/net/sasl-scram-sha256.el new file mode 100644 index 0000000000..e50a032c23 =2D-- /dev/null +++ b/lisp/net/sasl-scram-sha256.el @@ -0,0 +1,59 @@ +;;; sasl-scram-sha256.el --- SCRAM-SHA-256 module for the SASL client fram= ework -*- lexical-binding: t; -*- + +;; Copyright (C) 2020 Free Software Foundation, Inc. + +;; Author: Simon Josefsson +;; Package: sasl + +;; This file is part of GNU Emacs. + +;; GNU Emacs is free software: you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation, either version 3 of the License, or +;; (at your option) any later version. + +;; GNU Emacs is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. + +;; You should have received a copy of the GNU General Public License +;; along with GNU Emacs. If not, see . + +;;; Commentary: + +;; Implement the SCRAM-SHA-256 mechanism from RFC 7677. + +;;; Code: + +(require 'cl-lib) +(require 'sasl) +(require 'hex-util) +(require 'rfc2104) +(require 'sasl-scram-rfc) + +;;; SCRAM-SHA-256 + +(defconst sasl-scram-sha-256-steps + '(sasl-scram-client-first-message + sasl-scram-sha-256-client-final-message + sasl-scram-sha-256-authenticate-server)) + +(defun sasl-scram-sha256 (object &optional start end binary) + (secure-hash 'sha256 object start end binary)) + +(defun sasl-scram-sha-256-client-final-message (client step) + (sasl-scram--client-final-message + ;; HMAC-SHA256 uses block length 64 and hash length 32; see RFC 4634. + 'sasl-scram-sha256 64 32 client step)) + +(defun sasl-scram-sha-256-authenticate-server (client step) + (sasl-scram--authenticate-server + 'sasl-scram-sha256 64 32 client step)) + +(put 'sasl-scram-sha256 'sasl-mechanism + (sasl-make-mechanism "SCRAM-SHA-256" sasl-scram-sha-256-steps)) + +(provide 'sasl-scram-sha256) + +;;; sasl-scram-sha256.el ends here diff --git a/lisp/net/sasl.el b/lisp/net/sasl.el index e67a5a915f..3cae01c0a9 100644 =2D-- a/lisp/net/sasl.el +++ b/lisp/net/sasl.el @@ -1,6 +1,6 @@ ;;; sasl.el --- SASL client framework =20 =2D;; Copyright (C) 2000, 2007-2019 Free Software Foundation, Inc. +;; Copyright (C) 2000, 2007-2020 Free Software Foundation, Inc. =20 ;; Author: Daiki Ueno ;; Keywords: SASL @@ -35,8 +35,8 @@ ;;; Code: =20 (defvar sasl-mechanisms =2D '("SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" "ANONYMOUS" =2D "NTLM")) + '("SCRAM-SHA-256" "SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" + "ANONYMOUS" "NTLM")) =20 (defvar sasl-mechanism-alist '(("CRAM-MD5" sasl-cram) @@ -45,6 +45,7 @@ sasl-mechanism-alist ("LOGIN" sasl-login) ("ANONYMOUS" sasl-anonymous) ("NTLM" sasl-ntlm) + ("SCRAM-SHA-256" sasl-scram-sha256) ("SCRAM-SHA-1" sasl-scram-rfc))) =20 (defvar sasl-unique-id-function #'sasl-unique-id-function) diff --git a/test/lisp/net/sasl-scram-rfc-tests.el b/test/lisp/net/sasl-scr= am-rfc-tests.el index af043e9f36..5d53de08ea 100644 =2D-- a/test/lisp/net/sasl-scram-rfc-tests.el +++ b/test/lisp/net/sasl-scram-rfc-tests.el @@ -1,6 +1,6 @@ =2D;;; sasl-scram-rfc-tests.el --- tests for SCRAM-SHA-1 -*- lexical-= binding: t; -*- +;;; sasl-scram-rfc-tests.el --- tests for SCRAM-SHA-* -*- lexical-bi= nding: t; -*- =20 =2D;; Copyright (C) 2014-2019 Free Software Foundation, Inc. +;; Copyright (C) 2014-2020 Free Software Foundation, Inc. =20 ;; Author: Magnus Henoch =20 @@ -19,7 +19,7 @@ =20 ;;; Commentary: =20 =2D;; Test cases from RFC 5802. +;; Test cases from RFC 5802 and RFC 7677. =20 ;;; Code: =20 @@ -47,4 +47,26 @@ (sasl-scram-sha-1-authenticate-server client (vector nil "v=3DrmF9pqV8= S7suAoZWja4dJRkFsKQ=3D ")))) =20 +(require 'sasl-scram-sha256) + +(ert-deftest sasl-scram-sha-256-test () + ;; The following strings are taken from section 3 of RFC 7677. + (let ((client + (sasl-make-client (sasl-find-mechanism '("SCRAM-SHA-256")) + "user" + "imap" + "localhost")) + (data "r=3DrOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=3D= W22ZaJ0SNY7soEsUEjb6gQ=3D=3D,i=3D4096") + (c-nonce "rOprNGfwEbeRWgbNEkqO") + (sasl-read-passphrase + (lambda (_prompt) (copy-sequence "pencil")))) + (sasl-client-set-property client 'c-nonce c-nonce) + (should + (equal + (sasl-scram-sha-256-client-final-message client (vector nil data)) + "c=3Dbiws,r=3DrOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p= =3DdHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=3D")) + + ;; This should not throw an error: + (sasl-scram-sha-256-authenticate-server client (vector nil "v=3D6rriTR= Bi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=3D")))) + ;;; sasl-scram-rfc-tests.el ends here =2D-=20 2.20.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSjzJyHC50xCrrUzy9RcisI/kdFogUCXg+E0AAKCRBRcisI/kdF on7tAP0exF3oFvhjCQWaXsq3WIwIWwHf2flPvaN+lW9Pab/hnAEA93freQnw1UAs sIoe1t0SZB9fpunfGQAbP/IhCpPB+Qk= =9C4v -----END PGP SIGNATURE----- --==-=-=-- From unknown Sat Sep 20 16:17:17 2025 X-Loop: help-debbugs@gnu.org Subject: bug#38903: Add SASL SCRAM-SHA-256 support References: <87k1684d9r.fsf@latte.josefsson.org> In-Reply-To: <87k1684d9r.fsf@latte.josefsson.org> Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 16 Jan 2020 02:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 38903 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch To: Simon Josefsson Cc: 38903@debbugs.gnu.org Received: via spool by 38903-submit@debbugs.gnu.org id=B38903.157914029111155 (code B ref 38903); Thu, 16 Jan 2020 02:05:01 +0000 Received: (at 38903) by debbugs.gnu.org; 16 Jan 2020 02:04:51 +0000 Received: from localhost ([127.0.0.1]:36556 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iruWh-0002tq-Eq for submit@debbugs.gnu.org; Wed, 15 Jan 2020 21:04:51 -0500 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:35848) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iruWf-0002tY-RJ for 38903@debbugs.gnu.org; Wed, 15 Jan 2020 21:04:50 -0500 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 555C2160072; Wed, 15 Jan 2020 18:04:43 -0800 (PST) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id CE-ZyBUTV5D6; Wed, 15 Jan 2020 18:04:42 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id B5EAF160081; Wed, 15 Jan 2020 18:04:42 -0800 (PST) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id WQuTEkakX8b6; Wed, 15 Jan 2020 18:04:42 -0800 (PST) Received: from Penguin.CS.UCLA.EDU (Penguin.CS.UCLA.EDU [131.179.64.200]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 98D3F160072; Wed, 15 Jan 2020 18:04:42 -0800 (PST) From: Paul Eggert Organization: UCLA Computer Science Department Message-ID: Date: Wed, 15 Jan 2020 18:04:42 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Thanks, this patch looks good to me; please install in the master branch. From unknown Sat Sep 20 16:17:17 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Simon Josefsson Subject: bug#38903: closed (Re: Add SASL SCRAM-SHA-256 support) Message-ID: References: <87tv4vn8b1.fsf@latte.josefsson.org> <87k1684d9r.fsf@latte.josefsson.org> X-Gnu-PR-Message: they-closed 38903 X-Gnu-PR-Package: emacs X-Gnu-PR-Keywords: patch Reply-To: 38903@debbugs.gnu.org Date: Thu, 16 Jan 2020 07:58:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1579161482-13597-1" This is a multi-part message in MIME format... ------------=_1579161482-13597-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #38903: [PATCH] Add SASL SCRAM-SHA-256 support. which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 38903@debbugs.gnu.org. --=20 38903: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D38903 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1579161482-13597-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 38903-done) by debbugs.gnu.org; 16 Jan 2020 07:57:19 +0000 Received: from localhost ([127.0.0.1]:36686 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1is01j-0003WK-I1 for submit@debbugs.gnu.org; Thu, 16 Jan 2020 02:57:19 -0500 Received: from duva.sjd.se ([158.174.191.187]:43226) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1is01d-0003W6-GE for 38903-done@debbugs.gnu.org; Thu, 16 Jan 2020 02:57:13 -0500 Received: from latte ([IPv6:2001:9b0:104:42:0:0:0:dfb]) (authenticated bits=0) by duva.sjd.se (8.15.2/8.15.2/Debian-8) with ESMTPSA id 00G7udGu021837 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 16 Jan 2020 07:56:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=josefsson.org; s=default; t=1579161402; bh=jUl5fGWZfccFcD/FXiSk2wU7oajLvBlJwB5FC2DY0d4=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=Kl4Va85KAWOqr5urt5zF9j2q5Sl9zMJsFRBbRdpaeivj2WB6VKHwXCNIU2m0wKzNM 5X/w929cqEXxnE0zIrKV0ZXDdoJQ6WH2pHQ1LuSD0alq/X6SJitdnOaDfIVmkQ2vCz rA38m8OPtr7NydORDYVQllrpD9J+ngIgT7mwhp19f6ivntExVTwJ2+pDD7DLO2bLFm yZG5qHiwH2Shr7141mwxA5JvURKxpi6iQhiJqX6xMM6esLqYuuj7/BKhBe5Loiw2+K On6AZWOqnElBD7xer80gm0DNxW+/eUGAUSvrhsv4+tZuEPC6eLZfvS/vspg4PKzyPV z+sHa+M2hQi3Q== X-Hashcash: 1:22:200116:38903-done@debbugs.gnu.org::naGKQ64zNZjO9DOi:N/2i From: Simon Josefsson To: Paul Eggert Subject: Re: Add SASL SCRAM-SHA-256 support References: OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt X-Hashcash: 1:22:200116:eggert@cs.ucla.edu::BYbKcgTMBHGLfSCp:JEx X-Hashcash: 1:22:200116:38903@debbugs.gnu.org::PQXu4PQENg/Kkm7W:4InF Date: Thu, 16 Jan 2020 08:56:34 +0100 In-Reply-To: (Paul Eggert's message of "Wed, 15 Jan 2020 18:04:42 -0800") Message-ID: <87tv4vn8b1.fsf@latte.josefsson.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.101.4 at duva.sjd.se X-Virus-Status: Clean X-Spam-Status: No, score=1.1 required=5.0 tests=ALL_TRUSTED, DATE_IN_FUTURE_96_Q,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on duva.sjd.se X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 38903-done Cc: 38903-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Paul Eggert writes: > Thanks, this patch looks good to me; please install in the master branch. Done. Thank you for review, Simon --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSjzJyHC50xCrrUzy9RcisI/kdFogUCXiAXMgAKCRBRcisI/kdF omXaAP0Tpc/1mgTnvpoi26z55q5BuL5uMBX5xBEaaQaf1TwT9QEA1GzYJbKywSTQ 6r4u6EtCKQEUGAA/LFOf9CdfFFDw4gY= =1K81 -----END PGP SIGNATURE----- --=-=-=-- ------------=_1579161482-13597-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 3 Jan 2020 18:16:17 +0000 Received: from localhost ([127.0.0.1]:41429 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1inRUe-0002in-Pq for submit@debbugs.gnu.org; Fri, 03 Jan 2020 13:16:17 -0500 Received: from lists.gnu.org ([209.51.188.17]:41337) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1inRUc-0002ie-8Y for submit@debbugs.gnu.org; Fri, 03 Jan 2020 13:16:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:33878) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1inRUa-0006fZ-An for bug-gnu-emacs@gnu.org; Fri, 03 Jan 2020 13:16:14 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1inRUX-000677-UH for bug-gnu-emacs@gnu.org; Fri, 03 Jan 2020 13:16:11 -0500 Received: from duva.sjd.se ([2001:9b1:84b6::187]:39566) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1inRUX-0005tj-AC for bug-gnu-emacs@gnu.org; Fri, 03 Jan 2020 13:16:09 -0500 Received: from latte ([IPv6:2001:9b0:104:42:0:0:0:dfb]) (authenticated bits=0) by duva.sjd.se (8.15.2/8.15.2/Debian-8) with ESMTPSA id 003IFpD0029951 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 3 Jan 2020 18:15:52 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=josefsson.org; s=default; t=1578075352; bh=mcHkhjQ4yIStMC6PGdpbN30wrYd6ZDMVOT3d3RXb4Ac=; h=From:To:Subject:Date:From; b=V+Z1QW32oYieHiLd7/RErok7jiodV4LL1fY/MQN7CKcgDKPKaPlHVBBTamqP9iWj0 BowDoNVNWYSc+SFTYoaJT/nLxHka9VrMzpHZyJheQOht2c3qNHbZtgK0q93/vCCOu4 SbYV1StOXJPkh7pg/xU1sdOkR5hGTM27Ik0ODjVQ3ZqboKO8ZA1JG2wg2ypWIm4E49 PlhaBGMcX0LdCsHsNPn6eYcOmKfnmN92oLsA7kSwmyCjPReP2D/RDf3P8D9LeOzAOm M6+347vpw3yRIVPsd3H88rqydyKfIV+uWx6toSbjnQHHMfphpNxLvEN18Td5zD0vX9 m+BIt+f4bnyXw== X-Hashcash: 1:22:200103:bug-gnu-emacs@gnu.org::JkmfePGMNm1F/kSe:DyH2 From: Simon Josefsson To: bug-gnu-emacs@gnu.org Subject: [PATCH] Add SASL SCRAM-SHA-256 support. OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt Date: Fri, 03 Jan 2020 19:15:44 +0100 Message-ID: <87k1684d9r.fsf@latte.josefsson.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.101.4 at duva.sjd.se X-Virus-Status: Clean X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:9b1:84b6::187 X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello. The attached patch adds support for the SCRAM-SHA-256 SASL mechanism. I believe I still have commit access to the repository, so please review it and I will attempt to commit the patch. It was some time since I last contributed anything so please be nitty so I will learn something. Implementation comment: I wanted to put the code in the existing sasl-scram-rfc.el file, but due to how `sasl-find-mechanism' works, it isn't possible to have more than one SASL mechanism defined per non-autoloaded file. I didn't want to change the logic here, so I added sasl-scram-sha256.el as a separate file instead. If someone can figure out a nicer way, that would be nice -- and might also fix the existing hack at the end of sasl-scram-rfc.el that appear to be added due the same reason. Thanks, /Simon --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0001-Add-SASL-SCRAM-SHA-256-support.patch Content-Transfer-Encoding: quoted-printable From=20d96af8467636c3477289208a7330609d25092171 Mon Sep 17 00:00:00 2001 From: Simon Josefsson Date: Fri, 3 Jan 2020 18:41:03 +0100 Subject: [PATCH] Add SASL SCRAM-SHA-256 support. * lisp/net/sasl.el (sasl-mechanisms): Add SCRAM-SHA-256. (sasl-mechanism-alist): Ditto. * lisp/net/sasl-scram-sha256.el: New file. * tests/lisp/net/sasl-scram-rfc-tests.el (sasl-scram-sha-256-test): New function. =2D-- lisp/net/sasl-scram-sha256.el | 59 +++++++++++++++++++++++++++ lisp/net/sasl.el | 7 ++-- test/lisp/net/sasl-scram-rfc-tests.el | 28 +++++++++++-- 3 files changed, 88 insertions(+), 6 deletions(-) create mode 100644 lisp/net/sasl-scram-sha256.el diff --git a/lisp/net/sasl-scram-sha256.el b/lisp/net/sasl-scram-sha256.el new file mode 100644 index 0000000000..e50a032c23 =2D-- /dev/null +++ b/lisp/net/sasl-scram-sha256.el @@ -0,0 +1,59 @@ +;;; sasl-scram-sha256.el --- SCRAM-SHA-256 module for the SASL client fram= ework -*- lexical-binding: t; -*- + +;; Copyright (C) 2020 Free Software Foundation, Inc. + +;; Author: Simon Josefsson +;; Package: sasl + +;; This file is part of GNU Emacs. + +;; GNU Emacs is free software: you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation, either version 3 of the License, or +;; (at your option) any later version. + +;; GNU Emacs is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. + +;; You should have received a copy of the GNU General Public License +;; along with GNU Emacs. If not, see . + +;;; Commentary: + +;; Implement the SCRAM-SHA-256 mechanism from RFC 7677. + +;;; Code: + +(require 'cl-lib) +(require 'sasl) +(require 'hex-util) +(require 'rfc2104) +(require 'sasl-scram-rfc) + +;;; SCRAM-SHA-256 + +(defconst sasl-scram-sha-256-steps + '(sasl-scram-client-first-message + sasl-scram-sha-256-client-final-message + sasl-scram-sha-256-authenticate-server)) + +(defun sasl-scram-sha256 (object &optional start end binary) + (secure-hash 'sha256 object start end binary)) + +(defun sasl-scram-sha-256-client-final-message (client step) + (sasl-scram--client-final-message + ;; HMAC-SHA256 uses block length 64 and hash length 32; see RFC 4634. + 'sasl-scram-sha256 64 32 client step)) + +(defun sasl-scram-sha-256-authenticate-server (client step) + (sasl-scram--authenticate-server + 'sasl-scram-sha256 64 32 client step)) + +(put 'sasl-scram-sha256 'sasl-mechanism + (sasl-make-mechanism "SCRAM-SHA-256" sasl-scram-sha-256-steps)) + +(provide 'sasl-scram-sha256) + +;;; sasl-scram-sha256.el ends here diff --git a/lisp/net/sasl.el b/lisp/net/sasl.el index e67a5a915f..3cae01c0a9 100644 =2D-- a/lisp/net/sasl.el +++ b/lisp/net/sasl.el @@ -1,6 +1,6 @@ ;;; sasl.el --- SASL client framework =20 =2D;; Copyright (C) 2000, 2007-2019 Free Software Foundation, Inc. +;; Copyright (C) 2000, 2007-2020 Free Software Foundation, Inc. =20 ;; Author: Daiki Ueno ;; Keywords: SASL @@ -35,8 +35,8 @@ ;;; Code: =20 (defvar sasl-mechanisms =2D '("SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" "ANONYMOUS" =2D "NTLM")) + '("SCRAM-SHA-256" "SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" + "ANONYMOUS" "NTLM")) =20 (defvar sasl-mechanism-alist '(("CRAM-MD5" sasl-cram) @@ -45,6 +45,7 @@ sasl-mechanism-alist ("LOGIN" sasl-login) ("ANONYMOUS" sasl-anonymous) ("NTLM" sasl-ntlm) + ("SCRAM-SHA-256" sasl-scram-sha256) ("SCRAM-SHA-1" sasl-scram-rfc))) =20 (defvar sasl-unique-id-function #'sasl-unique-id-function) diff --git a/test/lisp/net/sasl-scram-rfc-tests.el b/test/lisp/net/sasl-scr= am-rfc-tests.el index af043e9f36..5d53de08ea 100644 =2D-- a/test/lisp/net/sasl-scram-rfc-tests.el +++ b/test/lisp/net/sasl-scram-rfc-tests.el @@ -1,6 +1,6 @@ =2D;;; sasl-scram-rfc-tests.el --- tests for SCRAM-SHA-1 -*- lexical-= binding: t; -*- +;;; sasl-scram-rfc-tests.el --- tests for SCRAM-SHA-* -*- lexical-bi= nding: t; -*- =20 =2D;; Copyright (C) 2014-2019 Free Software Foundation, Inc. +;; Copyright (C) 2014-2020 Free Software Foundation, Inc. =20 ;; Author: Magnus Henoch =20 @@ -19,7 +19,7 @@ =20 ;;; Commentary: =20 =2D;; Test cases from RFC 5802. +;; Test cases from RFC 5802 and RFC 7677. =20 ;;; Code: =20 @@ -47,4 +47,26 @@ (sasl-scram-sha-1-authenticate-server client (vector nil "v=3DrmF9pqV8= S7suAoZWja4dJRkFsKQ=3D ")))) =20 +(require 'sasl-scram-sha256) + +(ert-deftest sasl-scram-sha-256-test () + ;; The following strings are taken from section 3 of RFC 7677. + (let ((client + (sasl-make-client (sasl-find-mechanism '("SCRAM-SHA-256")) + "user" + "imap" + "localhost")) + (data "r=3DrOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=3D= W22ZaJ0SNY7soEsUEjb6gQ=3D=3D,i=3D4096") + (c-nonce "rOprNGfwEbeRWgbNEkqO") + (sasl-read-passphrase + (lambda (_prompt) (copy-sequence "pencil")))) + (sasl-client-set-property client 'c-nonce c-nonce) + (should + (equal + (sasl-scram-sha-256-client-final-message client (vector nil data)) + "c=3Dbiws,r=3DrOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p= =3DdHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=3D")) + + ;; This should not throw an error: + (sasl-scram-sha-256-authenticate-server client (vector nil "v=3D6rriTR= Bi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=3D")))) + ;;; sasl-scram-rfc-tests.el ends here =2D-=20 2.20.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSjzJyHC50xCrrUzy9RcisI/kdFogUCXg+E0AAKCRBRcisI/kdF on7tAP0exF3oFvhjCQWaXsq3WIwIWwHf2flPvaN+lW9Pab/hnAEA93freQnw1UAs sIoe1t0SZB9fpunfGQAbP/IhCpPB+Qk= =9C4v -----END PGP SIGNATURE----- --==-=-=-- ------------=_1579161482-13597-1--