Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/iNPUTmice/Conversations.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gultsch <daniel@gultsch.de>2022-09-06 18:39:58 +0300
committerDaniel Gultsch <daniel@gultsch.de>2022-09-06 18:39:58 +0300
commite8bce17940f53669027fd31086cda24204be549e (patch)
treed9038979752724e95d42083d85209bd8ca9a6313
parent789d1dc2259fa930c3751647c60526841f68abb6 (diff)
add scram-sha256 and 512 in their plus variants
Diffstat
-rw-r--r--src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java4
-rw-r--r--src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java3
-rw-r--r--src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java36
-rw-r--r--src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java36
4 files changed, 79 insertions, 0 deletions
diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java b/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java
index 829a4e6ea..aaff4cc82 100644
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java
@@ -106,6 +106,10 @@ public abstract class SaslMechanism {
final ChannelBinding channelBinding = ChannelBinding.best(bindings);
if (mechanisms.contains(External.MECHANISM) && account.getPrivateKeyAlias() != null) {
return new External(account);
+ } else if (mechanisms.contains(ScramSha512Plus.MECHANISM) && channelBinding != null) {
+ return new ScramSha512Plus(account, channelBinding);
+ } else if (mechanisms.contains(ScramSha256Plus.MECHANISM) && channelBinding != null) {
+ return new ScramSha256Plus(account, channelBinding);
} else if (mechanisms.contains(ScramSha1Plus.MECHANISM) && channelBinding != null) {
return new ScramSha1Plus(account, channelBinding);
} else if (mechanisms.contains(ScramSha512.MECHANISM)) {
diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
index 62f221b74..aba434e3a 100644
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
@@ -37,6 +37,9 @@ abstract class ScramMechanism extends SaslMechanism {
super(account);
this.channelBinding = channelBinding;
if (channelBinding == ChannelBinding.NONE) {
+ // TODO this needs to be changed to "y,," for the scram internal down grade protection
+ // but we might risk compatibility issues if the server supports a binding that we don’t
+ // support
this.gs2Header = "n,,";
} else {
this.gs2Header =
diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java
new file mode 100644
index 000000000..f48a052ab
--- /dev/null
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java
@@ -0,0 +1,36 @@
+package eu.siacs.conversations.crypto.sasl;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.macs.HMac;
+
+import eu.siacs.conversations.entities.Account;
+
+public class ScramSha256Plus extends ScramPlusMechanism {
+
+ public static final String MECHANISM = "SCRAM-SHA-256-PLUS";
+
+ public ScramSha256Plus(final Account account, final ChannelBinding channelBinding) {
+ super(account, channelBinding);
+ }
+
+ @Override
+ protected HMac getHMAC() {
+ return new HMac(new SHA256Digest());
+ }
+
+ @Override
+ protected Digest getDigest() {
+ return new SHA256Digest();
+ }
+
+ @Override
+ public int getPriority() {
+ return 40;
+ }
+
+ @Override
+ public String getMechanism() {
+ return MECHANISM;
+ }
+}
diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java
new file mode 100644
index 000000000..8cec1f33f
--- /dev/null
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java
@@ -0,0 +1,36 @@
+package eu.siacs.conversations.crypto.sasl;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.macs.HMac;
+
+import eu.siacs.conversations.entities.Account;
+
+public class ScramSha512Plus extends ScramPlusMechanism {
+
+ public static final String MECHANISM = "SCRAM-SHA-512-PLUS";
+
+ public ScramSha512Plus(final Account account, final ChannelBinding channelBinding) {
+ super(account, channelBinding);
+ }
+
+ @Override
+ protected HMac getHMAC() {
+ return new HMac(new SHA512Digest());
+ }
+
+ @Override
+ protected Digest getDigest() {
+ return new SHA512Digest();
+ }
+
+ @Override
+ public int getPriority() {
+ return 45;
+ }
+
+ @Override
+ public String getMechanism() {
+ return MECHANISM;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 14:21:56 +0300