|Subject:||bug#17636: Implement SCRAM-SHA-1 SASL mechanism|
|Date:||Thu, 29 May 2014 22:32:35 +0100|
|User-agent:||Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.4.50 (darwin)|
Severity: wishlist Tags: patch The attached changes implement the SCRAM-SHA-1 SASL mechanism (as specified in RFC 5802) for Emacs' SASL library. Automated tests are included. I chose to put the implementation in a file called sasl-scram-rfc.el. The Emacs SASL library was imported from FLIM a long time ago, apart from a single file called sasl-scram.el, for which copyright assignment wasn't completed. This file implemented the now obsolete SCRAM-MD5 SASL mechanism, based on a draft of what eventually became RFC 5802. I chose to use a different file name, to prevent the new code from being shadowed in case someone has FLIM installed, but I'm open to be persuaded to use another file name. I removed SCRAM-MD5 from the list of SASL mechanisms in sasl.el, and added SCRAM-SHA-1 first, so that it gets picked preferentially by sasl-find-mechanism. SCRAM-SHA-1 requires an implementation of HMAC-SHA1, so I added a module for that, too. Ideally, this module should implement the mechanism SCRAM-SHA-1-PLUS, too. This mechanism includes channel binding, which guarantees that the entity you're authenticating to is the same entity that you completed a TLS handshake with. Implementing this would require some cooperation from gnutls.el, as well as some thought about new API functions/options for sasl.el. For lisp/ChangeLog: * net/sasl.el (sasl-mechanisms): Remove SCRAM-MD5. Add SCRAM-SHA-1 first. (sasl-mechanism-alist): Remove SCRAM-MD5 entry. Add SCRAM-SHA-1 entry. * net/sasl-scram-rfc.el: New file. * net/hmac-sha1.el: New file. For test/ChangeLog: * automated/sasl-scram-rfc-tests.el: New file. * automated/hmac-sha1-tests.el: New file.
Description: changes to lisp/net/sasl.el
|[Prev in Thread]||Current Thread||[Next in Thread]|