add scram-sha256 and 512 in their plus variants

2022-09-06 17:39:58 +02:00 · 2022-09-06 17:39:58 +02:00 · e8bce17940
parent 789d1dc225
commit e8bce17940
4 changed files with 79 additions and 0 deletions
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java
@ -106,6 +106,10 @@ public abstract class SaslMechanism {
            final ChannelBinding channelBinding = ChannelBinding.best(bindings);
            if (mechanisms.contains(External.MECHANISM) && account.getPrivateKeyAlias() != null) {
                return new External(account);
+            } else if (mechanisms.contains(ScramSha512Plus.MECHANISM) && channelBinding != null) {
+                return new ScramSha512Plus(account, channelBinding);
+            } else if (mechanisms.contains(ScramSha256Plus.MECHANISM) && channelBinding != null) {
+                return new ScramSha256Plus(account, channelBinding);
            } else if (mechanisms.contains(ScramSha1Plus.MECHANISM) && channelBinding != null) {
                return new ScramSha1Plus(account, channelBinding);
            } else if (mechanisms.contains(ScramSha512.MECHANISM)) {
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
@ -37,6 +37,9 @@ abstract class ScramMechanism extends SaslMechanism {
        super(account);
        this.channelBinding = channelBinding;
        if (channelBinding == ChannelBinding.NONE) {
+            // TODO this needs to be changed to "y,," for the scram internal down grade protection
+            // but we might risk compatibility issues if the server supports a binding that we don’t
+            // support
            this.gs2Header = "n,,";
        } else {
            this.gs2Header =
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java
@ -0,0 +1,36 @@
+package eu.siacs.conversations.crypto.sasl;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.macs.HMac;
+
+import eu.siacs.conversations.entities.Account;
+
+public class ScramSha256Plus extends ScramPlusMechanism {
+
+    public static final String MECHANISM = "SCRAM-SHA-256-PLUS";
+
+    public ScramSha256Plus(final Account account, final ChannelBinding channelBinding) {
+        super(account, channelBinding);
+    }
+
+    @Override
+    protected HMac getHMAC() {
+        return new HMac(new SHA256Digest());
+    }
+
+    @Override
+    protected Digest getDigest() {
+        return new SHA256Digest();
+    }
+
+    @Override
+    public int getPriority() {
+        return 40;
+    }
+
+    @Override
+    public String getMechanism() {
+        return MECHANISM;
+    }
+}
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java
@ -0,0 +1,36 @@
+package eu.siacs.conversations.crypto.sasl;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.macs.HMac;
+
+import eu.siacs.conversations.entities.Account;
+
+public class ScramSha512Plus extends ScramPlusMechanism {
+
+    public static final String MECHANISM = "SCRAM-SHA-512-PLUS";
+
+    public ScramSha512Plus(final Account account, final ChannelBinding channelBinding) {
+        super(account, channelBinding);
+    }
+
+    @Override
+    protected HMac getHMAC() {
+        return new HMac(new SHA512Digest());
+    }
+
+    @Override
+    protected Digest getDigest() {
+        return new SHA512Digest();
+    }
+
+    @Override
+    public int getPriority() {
+        return 45;
+    }
+
+    @Override
+    public String getMechanism() {
+        return MECHANISM;
+    }
+}