add scram-sha256 and 512 in their plus variants

This commit is contained in:
Daniel Gultsch 2022-09-06 17:39:58 +02:00
parent 789d1dc225
commit e8bce17940
4 changed files with 79 additions and 0 deletions

View file

@ -106,6 +106,10 @@ public abstract class SaslMechanism {
final ChannelBinding channelBinding = ChannelBinding.best(bindings); final ChannelBinding channelBinding = ChannelBinding.best(bindings);
if (mechanisms.contains(External.MECHANISM) && account.getPrivateKeyAlias() != null) { if (mechanisms.contains(External.MECHANISM) && account.getPrivateKeyAlias() != null) {
return new External(account); return new External(account);
} else if (mechanisms.contains(ScramSha512Plus.MECHANISM) && channelBinding != null) {
return new ScramSha512Plus(account, channelBinding);
} else if (mechanisms.contains(ScramSha256Plus.MECHANISM) && channelBinding != null) {
return new ScramSha256Plus(account, channelBinding);
} else if (mechanisms.contains(ScramSha1Plus.MECHANISM) && channelBinding != null) { } else if (mechanisms.contains(ScramSha1Plus.MECHANISM) && channelBinding != null) {
return new ScramSha1Plus(account, channelBinding); return new ScramSha1Plus(account, channelBinding);
} else if (mechanisms.contains(ScramSha512.MECHANISM)) { } else if (mechanisms.contains(ScramSha512.MECHANISM)) {

View file

@ -37,6 +37,9 @@ abstract class ScramMechanism extends SaslMechanism {
super(account); super(account);
this.channelBinding = channelBinding; this.channelBinding = channelBinding;
if (channelBinding == ChannelBinding.NONE) { if (channelBinding == ChannelBinding.NONE) {
// TODO this needs to be changed to "y,," for the scram internal down grade protection
// but we might risk compatibility issues if the server supports a binding that we dont
// support
this.gs2Header = "n,,"; this.gs2Header = "n,,";
} else { } else {
this.gs2Header = this.gs2Header =

View file

@ -0,0 +1,36 @@
package eu.siacs.conversations.crypto.sasl;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.macs.HMac;
import eu.siacs.conversations.entities.Account;
public class ScramSha256Plus extends ScramPlusMechanism {
public static final String MECHANISM = "SCRAM-SHA-256-PLUS";
public ScramSha256Plus(final Account account, final ChannelBinding channelBinding) {
super(account, channelBinding);
}
@Override
protected HMac getHMAC() {
return new HMac(new SHA256Digest());
}
@Override
protected Digest getDigest() {
return new SHA256Digest();
}
@Override
public int getPriority() {
return 40;
}
@Override
public String getMechanism() {
return MECHANISM;
}
}

View file

@ -0,0 +1,36 @@
package eu.siacs.conversations.crypto.sasl;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.macs.HMac;
import eu.siacs.conversations.entities.Account;
public class ScramSha512Plus extends ScramPlusMechanism {
public static final String MECHANISM = "SCRAM-SHA-512-PLUS";
public ScramSha512Plus(final Account account, final ChannelBinding channelBinding) {
super(account, channelBinding);
}
@Override
protected HMac getHMAC() {
return new HMac(new SHA512Digest());
}
@Override
protected Digest getDigest() {
return new SHA512Digest();
}
@Override
public int getPriority() {
return 45;
}
@Override
public String getMechanism() {
return MECHANISM;
}
}