From 3fa2246938b57a2b110714aaf6b931cbef309ff0 Mon Sep 17 00:00:00 2001 From: Marius Halden Date: Mon, 20 Jun 2016 18:41:00 +0200 Subject: Add support for SCRAM-SHA-256 With this aproach it will be simple to add any hash to the scram implementation with some simple boilerplate. --- protocols/jabber/jabber.h | 5 +++++ protocols/jabber/sasl.c | 19 +++++++++++++++---- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 5412a08f..3445e4d7 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -82,6 +82,11 @@ typedef enum { JCHALLENGE_SCRAM } jabber_challenge_t; +typedef enum { + JSCRAM_SHA1 = 0x0001, + JSCRAM_SHA256 = 0x0002 +} jabber_scram_t; + struct jabber_data { struct im_connection *ic; diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index b60bdc7e..c8aad776 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -97,7 +97,9 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data) } else if (g_strcasecmp(c->text, "X-OAUTH2") == 0) { sup_gtalk = 1; } else if (g_strcasecmp(c->text, "SCRAM-SHA-1") == 0) { - sup_scram = 1; + sup_scram = JSCRAM_SHA1; + } else if (g_strcasecmp(c->text, "SCRAM-SHA-256") == 0) { + sup_scram = JSCRAM_SHA256; } g_string_append_printf(mechs, " %s", c->text); @@ -168,9 +170,18 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data) unsigned char cnonce_bin[30]; char *cnonce; - jd->challenge.type = JCHALLENGE_SCRAM; - jd->challenge.scram_algo = GCRY_MD_SHA1; - xt_add_attr(reply, "mechanism", "SCRAM-SHA-1"); + if (sup_scram & JSCRAM_SHA256) { + jd->challenge.type = JCHALLENGE_SCRAM; + jd->challenge.scram_algo = GCRY_MD_SHA256; + xt_add_attr(reply, "mechanism", "SCRAM-SHA-256"); + } else if (sup_scram & JSCRAM_SHA1) { + jd->challenge.type = JCHALLENGE_SCRAM; + jd->challenge.scram_algo = GCRY_MD_SHA1; + xt_add_attr(reply, "mechanism", "SCRAM-SHA-1"); + } else { + imcb_error(ic, "Unknown scram method"); /* Just in case, but we should not get here */ + return XT_ABORT; + } gs = g_string_sized_new(128); -- cgit v1.2.3