bug#17636: Implement SCRAM-SHA-1 SASL mechanism

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#17636: Implement SCRAM-SHA-1 SASL mechanism

From:	Magnus Henoch
Subject:	bug#17636: Implement SCRAM-SHA-1 SASL mechanism
Date:	Thu, 29 May 2014 22:32:35 +0100
User-agent:	Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.4.50 (darwin)

Severity: wishlist
Tags: patch

The attached changes implement the SCRAM-SHA-1 SASL mechanism (as
specified in RFC 5802) for Emacs' SASL library.  Automated tests are
included.

I chose to put the implementation in a file called sasl-scram-rfc.el.
The Emacs SASL library was imported from FLIM a long time ago, apart
from a single file called sasl-scram.el, for which copyright assignment
wasn't completed.  This file implemented the now obsolete SCRAM-MD5 SASL
mechanism, based on a draft of what eventually became RFC 5802.  I chose
to use a different file name, to prevent the new code from being shadowed
in case someone has FLIM installed, but I'm open to be persuaded to use
another file name.

I removed SCRAM-MD5 from the list of SASL mechanisms in sasl.el, and
added SCRAM-SHA-1 first, so that it gets picked preferentially by
sasl-find-mechanism.

SCRAM-SHA-1 requires an implementation of HMAC-SHA1, so I added a module
for that, too.

Ideally, this module should implement the mechanism SCRAM-SHA-1-PLUS,
too.  This mechanism includes channel binding, which guarantees that the
entity you're authenticating to is the same entity that you completed a
TLS handshake with.  Implementing this would require some cooperation
from gnutls.el, as well as some thought about new API functions/options
for sasl.el.

For lisp/ChangeLog:

        * net/sasl.el (sasl-mechanisms): Remove SCRAM-MD5.  Add
        SCRAM-SHA-1 first.
        (sasl-mechanism-alist): Remove SCRAM-MD5 entry.  Add SCRAM-SHA-1
        entry.

        * net/sasl-scram-rfc.el: New file.

        * net/hmac-sha1.el: New file.

For test/ChangeLog:

        * automated/sasl-scram-rfc-tests.el: New file.

        * automated/hmac-sha1-tests.el: New file.

hmac-sha1.el
Description: lisp/net/hmac-sha1.el

hmac-sha1-tests.el
Description: test/automated/hmac-sha-1-tests.el

sasl-scram-rfc.el
Description: lisp/net/sasl-scram-rfc.el

sasl-scram-rfc-tests.el
Description: test/automated/sasl-scram-rfc-tests.el

sasl.patch
Description: changes to lisp/net/sasl.el

[Prev in Thread]

Current Thread

[Next in Thread]

bug#17636: Implement SCRAM-SHA-1 SASL mechanism, Magnus Henoch <=
- bug#17636: Implement SCRAM-SHA-1 SASL mechanism, Stefan Monnier, 2014/05/30
  - bug#17636: Implement SCRAM-SHA-1 SASL mechanism, Magnus Henoch, 2014/05/31

Prev by Date: bug#17633: 24.3.91; mouse-drag-line: Symbol's function definition is void: mouse--remap-link-click-p
Next by Date: bug#17622: 24.4.50; bootstrap failure
Previous by thread: bug#17633: 24.3.91; mouse-drag-line: Symbol's function definition is void: mouse--remap-link-click-p
Next by thread: bug#17636: Implement SCRAM-SHA-1 SASL mechanism
Index(es):
- Date
- Thread