From: Stephan Bosch Date: Mon, 7 Jan 2019 19:09:07 +0000 (+0100) Subject: auth: password-scheme: scram: Add support for SCRAM-SHA-256. X-Git-Tag: 2.3.10~234 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea584420d3ee0654b34e0050281b0182cb27ae1a;p=thirdparty%2Fdovecot%2Fcore.git auth: password-scheme: scram: Add support for SCRAM-SHA-256. --- diff --git a/src/auth/password-scheme-scram.c b/src/auth/password-scheme-scram.c index 0c7fdb4b00..a395074a68 100644 --- a/src/auth/password-scheme-scram.c +++ b/src/auth/password-scheme-scram.c @@ -15,6 +15,7 @@ #include "randgen.h" #include "hash-method.h" #include "sha1.h" +#include "sha2.h" #include "str.h" #include "password-scheme.h" @@ -205,3 +206,19 @@ void scram_sha1_generate(const char *plaintext, { scram_generate(&hash_method_sha1, plaintext, raw_password_r, size_r); } + +int scram_sha256_verify(const char *plaintext, + const struct password_generate_params *params ATTR_UNUSED, + const unsigned char *raw_password, size_t size, + const char **error_r) +{ + return scram_verify(&hash_method_sha256, "SCRAM-SHA-256", plaintext, + raw_password, size, error_r); +} + +void scram_sha256_generate(const char *plaintext, + const struct password_generate_params *params ATTR_UNUSED, + const unsigned char **raw_password_r, size_t *size_r) +{ + scram_generate(&hash_method_sha256, plaintext, raw_password_r, size_r); +} diff --git a/src/auth/password-scheme.c b/src/auth/password-scheme.c index 6287116cf9..24b38cfb77 100644 --- a/src/auth/password-scheme.c +++ b/src/auth/password-scheme.c @@ -817,6 +817,8 @@ static const struct password_scheme builtin_schemes[] = { NULL, cram_md5_generate }, { "SCRAM-SHA-1", PW_ENCODING_NONE, 0, scram_sha1_verify, scram_sha1_generate}, + { "SCRAM-SHA-256", PW_ENCODING_NONE, 0, scram_sha256_verify, + scram_sha256_generate}, { "HMAC-MD5", PW_ENCODING_HEX, CRAM_MD5_CONTEXTLEN, NULL, cram_md5_generate }, { "DIGEST-MD5", PW_ENCODING_HEX, MD5_RESULTLEN, diff --git a/src/auth/password-scheme.h b/src/auth/password-scheme.h index fbf562ef86..eea3987fdd 100644 --- a/src/auth/password-scheme.h +++ b/src/auth/password-scheme.h @@ -121,6 +121,14 @@ void scram_sha1_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r); +int scram_sha256_verify(const char *plaintext, + const struct password_generate_params *params ATTR_UNUSED, + const unsigned char *raw_password, size_t size, + const char **error_r); +void scram_sha256_generate(const char *plaintext, + const struct password_generate_params *params ATTR_UNUSED, + const unsigned char **raw_password_r, size_t *size_r); + void pbkdf2_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r); diff --git a/src/auth/test-libpassword.c b/src/auth/test-libpassword.c index 78bfe81e61..f67e2e49ff 100644 --- a/src/auth/test-libpassword.c +++ b/src/auth/test-libpassword.c @@ -116,6 +116,10 @@ static void test_password_schemes(void) test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test"); test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test"); test_password_scheme("SCRAM-SHA-1", "{SCRAM-SHA-1}4096,GetyLXdBuHzf1FWf8SLz2Q==,NA/OqmF4hhrsrB9KR7po+dliTGM=,QBiURvQaE6H6qYTmeghDHLANBFQ=", "test"); + test_password_scheme("SCRAM-SHA-256", "{SCRAM-SHA-256}4096,LfNGSFqiFykEZ1xDAYlnKQ==," + "HACNf9CII7cMz3XjRy/Oh3Ae2LHApoDyNw74d3YtFws=," + "AQH0j7Hf8J12g8eNBadvzlNB2am3PxgNwFCFd3RxEaw=", + "test"); test_password_scheme("BLF-CRYPT", "{BLF-CRYPT}$2y$05$11ipvo5dR6CwkzwmhwM26OXgzXwhV2PyPuLV.Qi31ILcRcThQpEiW", "test"); #ifdef HAVE_LIBSODIUM test_password_scheme("ARGON2I", "{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$f2iuP4aUeNMrgu34fhOkkg$1XSZZMWlIs0zmE+snlUIcLADO3GXbA2O/hsQmmc317k", "test");