auth: password-scheme: scram: Add support for SCRAM-SHA-256.

author Stephan Bosch <stephan.bosch@dovecot.fi>

Mon, 7 Jan 2019 19:09:07 +0000 (20:09 +0100)

committer timo.sirainen <timo.sirainen@open-xchange.com>

Wed, 4 Dec 2019 14:33:31 +0000 (14:33 +0000)
author Stephan Bosch <stephan.bosch@dovecot.fi>
Mon, 7 Jan 2019 19:09:07 +0000 (20:09 +0100)
committer timo.sirainen <timo.sirainen@open-xchange.com>
Wed, 4 Dec 2019 14:33:31 +0000 (14:33 +0000)
diff --git a/src/auth/password-scheme-scram.c b/src/auth/password-scheme-scram.c

index 0c7fdb4b0089350b992935d87ed2ccb2ebb4874d..a395074a680477b3f935dc75f342b7e8f4ffbad3 100644 (file)
--- a/src/auth/password-scheme-scram.c
+++ b/src/auth/password-scheme-scram.c
@@ -15,6 +15,7 @@
  #include "randgen.h"
  #include "hash-method.h"
  #include "sha1.h"
+#include "sha2.h"
  #include "str.h"
  #include "password-scheme.h"
  
@@ -205,3 +206,19 @@ void scram_sha1_generate(const char *plaintext,
  {
         scram_generate(&hash_method_sha1, plaintext, raw_password_r, size_r);
  }
+
+int scram_sha256_verify(const char *plaintext,
+                       const struct password_generate_params *params ATTR_UNUSED,
+                       const unsigned char *raw_password, size_t size,
+                       const char **error_r)
+{
+       return scram_verify(&hash_method_sha256, "SCRAM-SHA-256", plaintext,
+                           raw_password, size, error_r);
+}
+
+void scram_sha256_generate(const char *plaintext,
+                          const struct password_generate_params *params ATTR_UNUSED,
+                          const unsigned char **raw_password_r, size_t *size_r)
+{
+       scram_generate(&hash_method_sha256, plaintext, raw_password_r, size_r);
+}
diff --git a/src/auth/password-scheme.c b/src/auth/password-scheme.c

index 6287116cf905a5f779658171c10df62ae3ef7d1d..24b38cfb772cdf654aba9e2b61c0bcd7df99508d 100644 (file)
--- a/src/auth/password-scheme.c
+++ b/src/auth/password-scheme.c
@@ -817,6 +817,8 @@ static const struct password_scheme builtin_schemes[] = {
           NULL, cram_md5_generate },
         { "SCRAM-SHA-1", PW_ENCODING_NONE, 0, scram_sha1_verify,
           scram_sha1_generate},
+       { "SCRAM-SHA-256", PW_ENCODING_NONE, 0, scram_sha256_verify,
+         scram_sha256_generate},
         { "HMAC-MD5", PW_ENCODING_HEX, CRAM_MD5_CONTEXTLEN,
           NULL, cram_md5_generate },
         { "DIGEST-MD5", PW_ENCODING_HEX, MD5_RESULTLEN,
diff --git a/src/auth/password-scheme.h b/src/auth/password-scheme.h

index fbf562ef86ee26cd57f512a7c68cfdb22d55a341..eea3987fdd79544c546e09742309504484bf5514 100644 (file)
--- a/src/auth/password-scheme.h
+++ b/src/auth/password-scheme.h
@@ -121,6 +121,14 @@ void scram_sha1_generate(const char *plaintext,
                          const struct password_generate_params *params ATTR_UNUSED,
                          const unsigned char **raw_password_r, size_t *size_r);
  
+int scram_sha256_verify(const char *plaintext,
+                       const struct password_generate_params *params ATTR_UNUSED,
+                       const unsigned char *raw_password, size_t size,
+                       const char **error_r);
+void scram_sha256_generate(const char *plaintext,
+                          const struct password_generate_params *params ATTR_UNUSED,
+                          const unsigned char **raw_password_r, size_t *size_r);
+
  void pbkdf2_generate(const char *plaintext,
                      const struct password_generate_params *params ATTR_UNUSED,
                      const unsigned char **raw_password_r, size_t *size_r);
diff --git a/src/auth/test-libpassword.c b/src/auth/test-libpassword.c

index 78bfe81e61c50b1e12da5c05942aa6f5818900a8..f67e2e49ff816c35fe00d067119d2a8f929d1146 100644 (file)
--- a/src/auth/test-libpassword.c
+++ b/src/auth/test-libpassword.c
@@ -116,6 +116,10 @@ static void test_password_schemes(void)
         test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
         test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
         test_password_scheme("SCRAM-SHA-1", "{SCRAM-SHA-1}4096,GetyLXdBuHzf1FWf8SLz2Q==,NA/OqmF4hhrsrB9KR7po+dliTGM=,QBiURvQaE6H6qYTmeghDHLANBFQ=", "test");
+       test_password_scheme("SCRAM-SHA-256", "{SCRAM-SHA-256}4096,LfNGSFqiFykEZ1xDAYlnKQ==,"
+                                              "HACNf9CII7cMz3XjRy/Oh3Ae2LHApoDyNw74d3YtFws=,"
+                                              "AQH0j7Hf8J12g8eNBadvzlNB2am3PxgNwFCFd3RxEaw=",
+                            "test");
         test_password_scheme("BLF-CRYPT", "{BLF-CRYPT}$2y$05$11ipvo5dR6CwkzwmhwM26OXgzXwhV2PyPuLV.Qi31ILcRcThQpEiW", "test");
  #ifdef HAVE_LIBSODIUM
         test_password_scheme("ARGON2I", "{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$f2iuP4aUeNMrgu34fhOkkg$1XSZZMWlIs0zmE+snlUIcLADO3GXbA2O/hsQmmc317k", "test");
author	Stephan Bosch <stephan.bosch@dovecot.fi>
	Mon, 7 Jan 2019 19:09:07 +0000 (20:09 +0100)
committer	timo.sirainen <timo.sirainen@open-xchange.com>
	Wed, 4 Dec 2019 14:33:31 +0000 (14:33 +0000)
src/auth/password-scheme-scram.c		patch \| blob \| blame \| history
src/auth/password-scheme.c		patch \| blob \| blame \| history
src/auth/password-scheme.h		patch \| blob \| blame \| history
src/auth/test-libpassword.c		patch \| blob \| blame \| history