Mercurial > dovecot > core

changeset 26715:da04226b4e91

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: password-scheme: scram: Add support for SCRAM-SHA-256.
author Stephan Bosch <stephan.bosch@dovecot.fi>
date Mon, 07 Jan 2019 20:09:07 +0100
parents b0609afd2785
children 33bcb17d0824
files src/auth/password-scheme-scram.c src/auth/password-scheme.c src/auth/password-scheme.h src/auth/test-libpassword.c
diffstat 4 files changed, 31 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/password-scheme-scram.c	Sun Jan 06 23:08:38 2019 +0100
+++ b/src/auth/password-scheme-scram.c	Mon Jan 07 20:09:07 2019 +0100
@@ -15,6 +15,7 @@
 #include "randgen.h"
 #include "hash-method.h"
 #include "sha1.h"
+#include "sha2.h"
 #include "str.h"
 #include "password-scheme.h"
 
@@ -205,3 +206,19 @@
 {
 	scram_generate(&hash_method_sha1, plaintext, raw_password_r, size_r);
 }
+
+int scram_sha256_verify(const char *plaintext,
+			const struct password_generate_params *params ATTR_UNUSED,
+			const unsigned char *raw_password, size_t size,
+			const char **error_r)
+{
+	return scram_verify(&hash_method_sha256, "SCRAM-SHA-256", plaintext,
+			    raw_password, size, error_r);
+}
+
+void scram_sha256_generate(const char *plaintext,
+			   const struct password_generate_params *params ATTR_UNUSED,
+			   const unsigned char **raw_password_r, size_t *size_r)
+{
+	scram_generate(&hash_method_sha256, plaintext, raw_password_r, size_r);
+}
--- a/src/auth/password-scheme.c	Sun Jan 06 23:08:38 2019 +0100
+++ b/src/auth/password-scheme.c	Mon Jan 07 20:09:07 2019 +0100
@@ -817,6 +817,8 @@
 	  NULL, cram_md5_generate },
 	{ "SCRAM-SHA-1", PW_ENCODING_NONE, 0, scram_sha1_verify,
 	  scram_sha1_generate},
+	{ "SCRAM-SHA-256", PW_ENCODING_NONE, 0, scram_sha256_verify,
+	  scram_sha256_generate},
 	{ "HMAC-MD5", PW_ENCODING_HEX, CRAM_MD5_CONTEXTLEN,
 	  NULL, cram_md5_generate },
 	{ "DIGEST-MD5", PW_ENCODING_HEX, MD5_RESULTLEN,
--- a/src/auth/password-scheme.h	Sun Jan 06 23:08:38 2019 +0100
+++ b/src/auth/password-scheme.h	Mon Jan 07 20:09:07 2019 +0100
@@ -121,6 +121,14 @@
 			 const struct password_generate_params *params ATTR_UNUSED,
 			 const unsigned char **raw_password_r, size_t *size_r);
 
+int scram_sha256_verify(const char *plaintext,
+			const struct password_generate_params *params ATTR_UNUSED,
+			const unsigned char *raw_password, size_t size,
+			const char **error_r);
+void scram_sha256_generate(const char *plaintext,
+			   const struct password_generate_params *params ATTR_UNUSED,
+			   const unsigned char **raw_password_r, size_t *size_r);
+
 void pbkdf2_generate(const char *plaintext,
 		     const struct password_generate_params *params ATTR_UNUSED,
 		     const unsigned char **raw_password_r, size_t *size_r);
--- a/src/auth/test-libpassword.c	Sun Jan 06 23:08:38 2019 +0100
+++ b/src/auth/test-libpassword.c	Mon Jan 07 20:09:07 2019 +0100
@@ -116,6 +116,10 @@
 	test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
 	test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
 	test_password_scheme("SCRAM-SHA-1", "{SCRAM-SHA-1}4096,GetyLXdBuHzf1FWf8SLz2Q==,NA/OqmF4hhrsrB9KR7po+dliTGM=,QBiURvQaE6H6qYTmeghDHLANBFQ=", "test");
+	test_password_scheme("SCRAM-SHA-256", "{SCRAM-SHA-256}4096,LfNGSFqiFykEZ1xDAYlnKQ==,"
+					       "HACNf9CII7cMz3XjRy/Oh3Ae2LHApoDyNw74d3YtFws=,"
+					       "AQH0j7Hf8J12g8eNBadvzlNB2am3PxgNwFCFd3RxEaw=",
+			     "test");
 	test_password_scheme("BLF-CRYPT", "{BLF-CRYPT}$2y$05$11ipvo5dR6CwkzwmhwM26OXgzXwhV2PyPuLV.Qi31ILcRcThQpEiW", "test");
 #ifdef HAVE_LIBSODIUM
 	test_password_scheme("ARGON2I", "{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$f2iuP4aUeNMrgu34fhOkkg$1XSZZMWlIs0zmE+snlUIcLADO3GXbA2O/hsQmmc317k", "test");