From unknown Sat Sep 20 16:17:19 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#38903 <38903@debbugs.gnu.org> To: bug#38903 <38903@debbugs.gnu.org> Subject: Status: [PATCH] Add SASL SCRAM-SHA-256 support. Reply-To: bug#38903 <38903@debbugs.gnu.org> Date: Sat, 20 Sep 2025 23:17:19 +0000 retitle 38903 [PATCH] Add SASL SCRAM-SHA-256 support. reassign 38903 emacs submitter 38903 Simon Josefsson severity 38903 wishlist tag 38903 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 03 13:16:17 2020 Received: (at submit) by debbugs.gnu.org; 3 Jan 2020 18:16:17 +0000 Received: from localhost ([127.0.0.1]:41429 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1inRUe-0002in-Pq for submit@debbugs.gnu.org; Fri, 03 Jan 2020 13:16:17 -0500 Received: from lists.gnu.org ([209.51.188.17]:41337) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1inRUc-0002ie-8Y for submit@debbugs.gnu.org; Fri, 03 Jan 2020 13:16:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:33878) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1inRUa-0006fZ-An for bug-gnu-emacs@gnu.org; Fri, 03 Jan 2020 13:16:14 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1inRUX-000677-UH for bug-gnu-emacs@gnu.org; Fri, 03 Jan 2020 13:16:11 -0500 Received: from duva.sjd.se ([2001:9b1:84b6::187]:39566) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1inRUX-0005tj-AC for bug-gnu-emacs@gnu.org; Fri, 03 Jan 2020 13:16:09 -0500 Received: from latte ([IPv6:2001:9b0:104:42:0:0:0:dfb]) (authenticated bits=0) by duva.sjd.se (8.15.2/8.15.2/Debian-8) with ESMTPSA id 003IFpD0029951 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 3 Jan 2020 18:15:52 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=josefsson.org; s=default; t=1578075352; bh=mcHkhjQ4yIStMC6PGdpbN30wrYd6ZDMVOT3d3RXb4Ac=; h=From:To:Subject:Date:From; b=V+Z1QW32oYieHiLd7/RErok7jiodV4LL1fY/MQN7CKcgDKPKaPlHVBBTamqP9iWj0 BowDoNVNWYSc+SFTYoaJT/nLxHka9VrMzpHZyJheQOht2c3qNHbZtgK0q93/vCCOu4 SbYV1StOXJPkh7pg/xU1sdOkR5hGTM27Ik0ODjVQ3ZqboKO8ZA1JG2wg2ypWIm4E49 PlhaBGMcX0LdCsHsNPn6eYcOmKfnmN92oLsA7kSwmyCjPReP2D/RDf3P8D9LeOzAOm M6+347vpw3yRIVPsd3H88rqydyKfIV+uWx6toSbjnQHHMfphpNxLvEN18Td5zD0vX9 m+BIt+f4bnyXw== X-Hashcash: 1:22:200103:bug-gnu-emacs@gnu.org::JkmfePGMNm1F/kSe:DyH2 From: Simon Josefsson To: bug-gnu-emacs@gnu.org Subject: [PATCH] Add SASL SCRAM-SHA-256 support. OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt Date: Fri, 03 Jan 2020 19:15:44 +0100 Message-ID: <87k1684d9r.fsf@latte.josefsson.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.101.4 at duva.sjd.se X-Virus-Status: Clean X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:9b1:84b6::187 X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello. The attached patch adds support for the SCRAM-SHA-256 SASL mechanism. I believe I still have commit access to the repository, so please review it and I will attempt to commit the patch. It was some time since I last contributed anything so please be nitty so I will learn something. Implementation comment: I wanted to put the code in the existing sasl-scram-rfc.el file, but due to how `sasl-find-mechanism' works, it isn't possible to have more than one SASL mechanism defined per non-autoloaded file. I didn't want to change the logic here, so I added sasl-scram-sha256.el as a separate file instead. If someone can figure out a nicer way, that would be nice -- and might also fix the existing hack at the end of sasl-scram-rfc.el that appear to be added due the same reason. Thanks, /Simon --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0001-Add-SASL-SCRAM-SHA-256-support.patch Content-Transfer-Encoding: quoted-printable From=20d96af8467636c3477289208a7330609d25092171 Mon Sep 17 00:00:00 2001 From: Simon Josefsson Date: Fri, 3 Jan 2020 18:41:03 +0100 Subject: [PATCH] Add SASL SCRAM-SHA-256 support. * lisp/net/sasl.el (sasl-mechanisms): Add SCRAM-SHA-256. (sasl-mechanism-alist): Ditto. * lisp/net/sasl-scram-sha256.el: New file. * tests/lisp/net/sasl-scram-rfc-tests.el (sasl-scram-sha-256-test): New function. =2D-- lisp/net/sasl-scram-sha256.el | 59 +++++++++++++++++++++++++++ lisp/net/sasl.el | 7 ++-- test/lisp/net/sasl-scram-rfc-tests.el | 28 +++++++++++-- 3 files changed, 88 insertions(+), 6 deletions(-) create mode 100644 lisp/net/sasl-scram-sha256.el diff --git a/lisp/net/sasl-scram-sha256.el b/lisp/net/sasl-scram-sha256.el new file mode 100644 index 0000000000..e50a032c23 =2D-- /dev/null +++ b/lisp/net/sasl-scram-sha256.el @@ -0,0 +1,59 @@ +;;; sasl-scram-sha256.el --- SCRAM-SHA-256 module for the SASL client fram= ework -*- lexical-binding: t; -*- + +;; Copyright (C) 2020 Free Software Foundation, Inc. + +;; Author: Simon Josefsson +;; Package: sasl + +;; This file is part of GNU Emacs. + +;; GNU Emacs is free software: you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation, either version 3 of the License, or +;; (at your option) any later version. + +;; GNU Emacs is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. + +;; You should have received a copy of the GNU General Public License +;; along with GNU Emacs. If not, see . + +;;; Commentary: + +;; Implement the SCRAM-SHA-256 mechanism from RFC 7677. + +;;; Code: + +(require 'cl-lib) +(require 'sasl) +(require 'hex-util) +(require 'rfc2104) +(require 'sasl-scram-rfc) + +;;; SCRAM-SHA-256 + +(defconst sasl-scram-sha-256-steps + '(sasl-scram-client-first-message + sasl-scram-sha-256-client-final-message + sasl-scram-sha-256-authenticate-server)) + +(defun sasl-scram-sha256 (object &optional start end binary) + (secure-hash 'sha256 object start end binary)) + +(defun sasl-scram-sha-256-client-final-message (client step) + (sasl-scram--client-final-message + ;; HMAC-SHA256 uses block length 64 and hash length 32; see RFC 4634. + 'sasl-scram-sha256 64 32 client step)) + +(defun sasl-scram-sha-256-authenticate-server (client step) + (sasl-scram--authenticate-server + 'sasl-scram-sha256 64 32 client step)) + +(put 'sasl-scram-sha256 'sasl-mechanism + (sasl-make-mechanism "SCRAM-SHA-256" sasl-scram-sha-256-steps)) + +(provide 'sasl-scram-sha256) + +;;; sasl-scram-sha256.el ends here diff --git a/lisp/net/sasl.el b/lisp/net/sasl.el index e67a5a915f..3cae01c0a9 100644 =2D-- a/lisp/net/sasl.el +++ b/lisp/net/sasl.el @@ -1,6 +1,6 @@ ;;; sasl.el --- SASL client framework =20 =2D;; Copyright (C) 2000, 2007-2019 Free Software Foundation, Inc. +;; Copyright (C) 2000, 2007-2020 Free Software Foundation, Inc. =20 ;; Author: Daiki Ueno ;; Keywords: SASL @@ -35,8 +35,8 @@ ;;; Code: =20 (defvar sasl-mechanisms =2D '("SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" "ANONYMOUS" =2D "NTLM")) + '("SCRAM-SHA-256" "SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" + "ANONYMOUS" "NTLM")) =20 (defvar sasl-mechanism-alist '(("CRAM-MD5" sasl-cram) @@ -45,6 +45,7 @@ sasl-mechanism-alist ("LOGIN" sasl-login) ("ANONYMOUS" sasl-anonymous) ("NTLM" sasl-ntlm) + ("SCRAM-SHA-256" sasl-scram-sha256) ("SCRAM-SHA-1" sasl-scram-rfc))) =20 (defvar sasl-unique-id-function #'sasl-unique-id-function) diff --git a/test/lisp/net/sasl-scram-rfc-tests.el b/test/lisp/net/sasl-scr= am-rfc-tests.el index af043e9f36..5d53de08ea 100644 =2D-- a/test/lisp/net/sasl-scram-rfc-tests.el +++ b/test/lisp/net/sasl-scram-rfc-tests.el @@ -1,6 +1,6 @@ =2D;;; sasl-scram-rfc-tests.el --- tests for SCRAM-SHA-1 -*- lexical-= binding: t; -*- +;;; sasl-scram-rfc-tests.el --- tests for SCRAM-SHA-* -*- lexical-bi= nding: t; -*- =20 =2D;; Copyright (C) 2014-2019 Free Software Foundation, Inc. +;; Copyright (C) 2014-2020 Free Software Foundation, Inc. =20 ;; Author: Magnus Henoch =20 @@ -19,7 +19,7 @@ =20 ;;; Commentary: =20 =2D;; Test cases from RFC 5802. +;; Test cases from RFC 5802 and RFC 7677. =20 ;;; Code: =20 @@ -47,4 +47,26 @@ (sasl-scram-sha-1-authenticate-server client (vector nil "v=3DrmF9pqV8= S7suAoZWja4dJRkFsKQ=3D ")))) =20 +(require 'sasl-scram-sha256) + +(ert-deftest sasl-scram-sha-256-test () + ;; The following strings are taken from section 3 of RFC 7677. + (let ((client + (sasl-make-client (sasl-find-mechanism '("SCRAM-SHA-256")) + "user" + "imap" + "localhost")) + (data "r=3DrOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=3D= W22ZaJ0SNY7soEsUEjb6gQ=3D=3D,i=3D4096") + (c-nonce "rOprNGfwEbeRWgbNEkqO") + (sasl-read-passphrase + (lambda (_prompt) (copy-sequence "pencil")))) + (sasl-client-set-property client 'c-nonce c-nonce) + (should + (equal + (sasl-scram-sha-256-client-final-message client (vector nil data)) + "c=3Dbiws,r=3DrOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p= =3DdHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=3D")) + + ;; This should not throw an error: + (sasl-scram-sha-256-authenticate-server client (vector nil "v=3D6rriTR= Bi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=3D")))) + ;;; sasl-scram-rfc-tests.el ends here =2D-=20 2.20.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSjzJyHC50xCrrUzy9RcisI/kdFogUCXg+E0AAKCRBRcisI/kdF on7tAP0exF3oFvhjCQWaXsq3WIwIWwHf2flPvaN+lW9Pab/hnAEA93freQnw1UAs sIoe1t0SZB9fpunfGQAbP/IhCpPB+Qk= =9C4v -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Jan 15 21:04:51 2020 Received: (at 38903) by debbugs.gnu.org; 16 Jan 2020 02:04:51 +0000 Received: from localhost ([127.0.0.1]:36556 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iruWh-0002tq-Eq for submit@debbugs.gnu.org; Wed, 15 Jan 2020 21:04:51 -0500 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:35848) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iruWf-0002tY-RJ for 38903@debbugs.gnu.org; Wed, 15 Jan 2020 21:04:50 -0500 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 555C2160072; Wed, 15 Jan 2020 18:04:43 -0800 (PST) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id CE-ZyBUTV5D6; Wed, 15 Jan 2020 18:04:42 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id B5EAF160081; Wed, 15 Jan 2020 18:04:42 -0800 (PST) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id WQuTEkakX8b6; Wed, 15 Jan 2020 18:04:42 -0800 (PST) Received: from Penguin.CS.UCLA.EDU (Penguin.CS.UCLA.EDU [131.179.64.200]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 98D3F160072; Wed, 15 Jan 2020 18:04:42 -0800 (PST) To: Simon Josefsson From: Paul Eggert Subject: Re: Add SASL SCRAM-SHA-256 support Organization: UCLA Computer Science Department Message-ID: Date: Wed, 15 Jan 2020 18:04:42 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 38903 Cc: 38903@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Thanks, this patch looks good to me; please install in the master branch. From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 16 02:57:19 2020 Received: (at 38903-done) by debbugs.gnu.org; 16 Jan 2020 07:57:19 +0000 Received: from localhost ([127.0.0.1]:36686 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1is01j-0003WK-I1 for submit@debbugs.gnu.org; Thu, 16 Jan 2020 02:57:19 -0500 Received: from duva.sjd.se ([158.174.191.187]:43226) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1is01d-0003W6-GE for 38903-done@debbugs.gnu.org; Thu, 16 Jan 2020 02:57:13 -0500 Received: from latte ([IPv6:2001:9b0:104:42:0:0:0:dfb]) (authenticated bits=0) by duva.sjd.se (8.15.2/8.15.2/Debian-8) with ESMTPSA id 00G7udGu021837 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 16 Jan 2020 07:56:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=josefsson.org; s=default; t=1579161402; bh=jUl5fGWZfccFcD/FXiSk2wU7oajLvBlJwB5FC2DY0d4=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=Kl4Va85KAWOqr5urt5zF9j2q5Sl9zMJsFRBbRdpaeivj2WB6VKHwXCNIU2m0wKzNM 5X/w929cqEXxnE0zIrKV0ZXDdoJQ6WH2pHQ1LuSD0alq/X6SJitdnOaDfIVmkQ2vCz rA38m8OPtr7NydORDYVQllrpD9J+ngIgT7mwhp19f6ivntExVTwJ2+pDD7DLO2bLFm yZG5qHiwH2Shr7141mwxA5JvURKxpi6iQhiJqX6xMM6esLqYuuj7/BKhBe5Loiw2+K On6AZWOqnElBD7xer80gm0DNxW+/eUGAUSvrhsv4+tZuEPC6eLZfvS/vspg4PKzyPV z+sHa+M2hQi3Q== X-Hashcash: 1:22:200116:38903-done@debbugs.gnu.org::naGKQ64zNZjO9DOi:N/2i From: Simon Josefsson To: Paul Eggert Subject: Re: Add SASL SCRAM-SHA-256 support References: OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt X-Hashcash: 1:22:200116:eggert@cs.ucla.edu::BYbKcgTMBHGLfSCp:JEx X-Hashcash: 1:22:200116:38903@debbugs.gnu.org::PQXu4PQENg/Kkm7W:4InF Date: Thu, 16 Jan 2020 08:56:34 +0100 In-Reply-To: (Paul Eggert's message of "Wed, 15 Jan 2020 18:04:42 -0800") Message-ID: <87tv4vn8b1.fsf@latte.josefsson.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.101.4 at duva.sjd.se X-Virus-Status: Clean X-Spam-Status: No, score=1.1 required=5.0 tests=ALL_TRUSTED, DATE_IN_FUTURE_96_Q,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on duva.sjd.se X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 38903-done Cc: 38903-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Paul Eggert writes: > Thanks, this patch looks good to me; please install in the master branch. Done. Thank you for review, Simon --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSjzJyHC50xCrrUzy9RcisI/kdFogUCXiAXMgAKCRBRcisI/kdF omXaAP0Tpc/1mgTnvpoi26z55q5BuL5uMBX5xBEaaQaf1TwT9QEA1GzYJbKywSTQ 6r4u6EtCKQEUGAA/LFOf9CdfFFDw4gY= =1K81 -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Sep 20 16:17:19 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 13 Feb 2020 12:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator