Mercurial > dovecot > core
changeset 26715:da04226b4e91
auth: password-scheme: scram: Add support for SCRAM-SHA-256.
author | Stephan Bosch <stephan.bosch@dovecot.fi> |
---|---|
date | Mon, 07 Jan 2019 20:09:07 +0100 |
parents | b0609afd2785 |
children | 33bcb17d0824 |
files | src/auth/password-scheme-scram.c src/auth/password-scheme.c src/auth/password-scheme.h src/auth/test-libpassword.c |
diffstat | 4 files changed, 31 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/password-scheme-scram.c Sun Jan 06 23:08:38 2019 +0100 +++ b/src/auth/password-scheme-scram.c Mon Jan 07 20:09:07 2019 +0100 @@ -15,6 +15,7 @@ #include "randgen.h" #include "hash-method.h" #include "sha1.h" +#include "sha2.h" #include "str.h" #include "password-scheme.h" @@ -205,3 +206,19 @@ { scram_generate(&hash_method_sha1, plaintext, raw_password_r, size_r); } + +int scram_sha256_verify(const char *plaintext, + const struct password_generate_params *params ATTR_UNUSED, + const unsigned char *raw_password, size_t size, + const char **error_r) +{ + return scram_verify(&hash_method_sha256, "SCRAM-SHA-256", plaintext, + raw_password, size, error_r); +} + +void scram_sha256_generate(const char *plaintext, + const struct password_generate_params *params ATTR_UNUSED, + const unsigned char **raw_password_r, size_t *size_r) +{ + scram_generate(&hash_method_sha256, plaintext, raw_password_r, size_r); +}
--- a/src/auth/password-scheme.c Sun Jan 06 23:08:38 2019 +0100 +++ b/src/auth/password-scheme.c Mon Jan 07 20:09:07 2019 +0100 @@ -817,6 +817,8 @@ NULL, cram_md5_generate }, { "SCRAM-SHA-1", PW_ENCODING_NONE, 0, scram_sha1_verify, scram_sha1_generate}, + { "SCRAM-SHA-256", PW_ENCODING_NONE, 0, scram_sha256_verify, + scram_sha256_generate}, { "HMAC-MD5", PW_ENCODING_HEX, CRAM_MD5_CONTEXTLEN, NULL, cram_md5_generate }, { "DIGEST-MD5", PW_ENCODING_HEX, MD5_RESULTLEN,
--- a/src/auth/password-scheme.h Sun Jan 06 23:08:38 2019 +0100 +++ b/src/auth/password-scheme.h Mon Jan 07 20:09:07 2019 +0100 @@ -121,6 +121,14 @@ const struct password_generate_params *params ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r); +int scram_sha256_verify(const char *plaintext, + const struct password_generate_params *params ATTR_UNUSED, + const unsigned char *raw_password, size_t size, + const char **error_r); +void scram_sha256_generate(const char *plaintext, + const struct password_generate_params *params ATTR_UNUSED, + const unsigned char **raw_password_r, size_t *size_r); + void pbkdf2_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r);
--- a/src/auth/test-libpassword.c Sun Jan 06 23:08:38 2019 +0100 +++ b/src/auth/test-libpassword.c Mon Jan 07 20:09:07 2019 +0100 @@ -116,6 +116,10 @@ test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test"); test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test"); test_password_scheme("SCRAM-SHA-1", "{SCRAM-SHA-1}4096,GetyLXdBuHzf1FWf8SLz2Q==,NA/OqmF4hhrsrB9KR7po+dliTGM=,QBiURvQaE6H6qYTmeghDHLANBFQ=", "test"); + test_password_scheme("SCRAM-SHA-256", "{SCRAM-SHA-256}4096,LfNGSFqiFykEZ1xDAYlnKQ==," + "HACNf9CII7cMz3XjRy/Oh3Ae2LHApoDyNw74d3YtFws=," + "AQH0j7Hf8J12g8eNBadvzlNB2am3PxgNwFCFd3RxEaw=", + "test"); test_password_scheme("BLF-CRYPT", "{BLF-CRYPT}$2y$05$11ipvo5dR6CwkzwmhwM26OXgzXwhV2PyPuLV.Qi31ILcRcThQpEiW", "test"); #ifdef HAVE_LIBSODIUM test_password_scheme("ARGON2I", "{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$f2iuP4aUeNMrgu34fhOkkg$1XSZZMWlIs0zmE+snlUIcLADO3GXbA2O/hsQmmc317k", "test");