[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#17636: Implement SCRAM-SHA-1 SASL mechanism

From: Magnus Henoch
Subject: bug#17636: Implement SCRAM-SHA-1 SASL mechanism
Date: Thu, 29 May 2014 22:32:35 +0100
User-agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.4.50 (darwin)

Severity: wishlist
Tags: patch

The attached changes implement the SCRAM-SHA-1 SASL mechanism (as
specified in RFC 5802) for Emacs' SASL library.  Automated tests are

I chose to put the implementation in a file called sasl-scram-rfc.el.
The Emacs SASL library was imported from FLIM a long time ago, apart
from a single file called sasl-scram.el, for which copyright assignment
wasn't completed.  This file implemented the now obsolete SCRAM-MD5 SASL
mechanism, based on a draft of what eventually became RFC 5802.  I chose
to use a different file name, to prevent the new code from being shadowed
in case someone has FLIM installed, but I'm open to be persuaded to use
another file name.

I removed SCRAM-MD5 from the list of SASL mechanisms in sasl.el, and
added SCRAM-SHA-1 first, so that it gets picked preferentially by

SCRAM-SHA-1 requires an implementation of HMAC-SHA1, so I added a module
for that, too.

Ideally, this module should implement the mechanism SCRAM-SHA-1-PLUS,
too.  This mechanism includes channel binding, which guarantees that the
entity you're authenticating to is the same entity that you completed a
TLS handshake with.  Implementing this would require some cooperation
from gnutls.el, as well as some thought about new API functions/options
for sasl.el.

For lisp/ChangeLog:

        * net/sasl.el (sasl-mechanisms): Remove SCRAM-MD5.  Add
        SCRAM-SHA-1 first.
        (sasl-mechanism-alist): Remove SCRAM-MD5 entry.  Add SCRAM-SHA-1

        * net/sasl-scram-rfc.el: New file.

        * net/hmac-sha1.el: New file.

For test/ChangeLog:

        * automated/sasl-scram-rfc-tests.el: New file.

        * automated/hmac-sha1-tests.el: New file.

Attachment: hmac-sha1.el
Description: lisp/net/hmac-sha1.el

Attachment: hmac-sha1-tests.el
Description: test/automated/hmac-sha-1-tests.el

Attachment: sasl-scram-rfc.el
Description: lisp/net/sasl-scram-rfc.el

Attachment: sasl-scram-rfc-tests.el
Description: test/automated/sasl-scram-rfc-tests.el

Attachment: sasl.patch
Description: changes to lisp/net/sasl.el

reply via email to

[Prev in Thread] Current Thread [Next in Thread]