;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
;; Boston, MA 02111-1307, USA.
+;;; Commentary:
+
+;; Example.
+;;
+;; (base64-encode-string
+;; (sasl-scram-md5-client-msg-2
+;; (base64-decode-string "dGVzdHNhbHQBAAAAaW1hcEBlbGVhbm9yLmlubm9zb2Z0LmNvbQBqaGNOWmxSdVBiemlGcCt2TFYrTkN3")
+;; (base64-decode-string "AGNocmlzADx0NG40UGFiOUhCMEFtL1FMWEI3MmVnQGVsZWFub3IuaW5ub3NvZnQuY29tPg==")
+;; (scram-md5-make-salted-pass
+;; "secret stuff" "testsalt")))
+;; => "AQAAAMg9jU8CeB4KOfk7sUhSQPs="
+;;
+;; (base64-encode-string
+;; (scram-md5-make-server-msg-2
+;; (base64-decode-string "dGVzdHNhbHQBAAAAaW1hcEBlbGVhbm9yLmlubm9zb2Z0LmNvbQBqaGNOWmxSdVBiemlGcCt2TFYrTkN3")
+;; (base64-decode-string "AGNocmlzADx0NG40UGFiOUhCMEFtL1FMWEI3MmVnQGVsZWFub3IuaW5ub3NvZnQuY29tPg==")
+;; (scram-make-security-info nil t 0)
+;; "testsalt"
+;; (scram-md5-make-salted-pass
+;; "secret stuff" "testsalt")))
+;; => "U0odqYw3B7XIIW0oSz65OQ=="
+
;;; Code:
(require 'hmac-md5)
+(eval-when-compile
+ (require 'scram-md5)
+ (require 'digest-md5))
+
+(eval-and-compile
+ (autoload 'open-ssl-stream "ssl")
+ (autoload 'base64-decode-string "base64")
+ (autoload 'base64-encode-string "base64")
+ (autoload 'starttls-open-stream "starttls")
+ (autoload 'starttls-negotiate "starttls")
+ (autoload 'digest-md5-digest-response "digest-md5")
+ (autoload 'scram-md5-make-salted-pass "scram-md5")
+ (autoload 'scram-md5-parse-server-msg-1 "scram-md5")
+ (autoload 'scram-md5-make-client-msg-1 "scram-md5"))
+
;;; CRAM-MD5
(defun sasl-cram-md5 (username passphrase challenge)
(let ((secure-word (copy-sequence passphrase)))
(concat authorid "\0" authenid "\0" passphrase))
;;; SCRAM-MD5
-(defvar sasl-scram-md5-client-security-info
- (scram-make-security-info nil t 0))
+(eval-when-compile
+ (defvar sasl-scram-md5-client-security-info
+ (scram-make-security-info nil t 0)))
+
+(defun sasl-scram-md5-make-salted-pass (server-msg-1 passphrase)
+ (scram-md5-make-salted-pass
+ passphrase
+ (car
+ (scram-md5-parse-server-msg-1 server-msg-1))))
(defun sasl-scram-md5-client-msg-1 (authenticate-id &optional authorize-id)
(scram-md5-make-client-msg-1 authenticate-id authorize-id))
-(defun sasl-scram-md5-client-msg-2 (server-msg-1 client-msg-1 passphrase)
- (let (client-key)
- (scram-md5-make-client-msg-2
- sasl-scram-md5-client-security-info
- (scram-md5-make-client-proof
- (setq client-key
- (scram-md5-make-client-key
- (scram-md5-make-salted-pass
- passphrase
- (car ; salt
- (scram-md5-parse-server-msg-1 server-msg-1)))))
- (scram-md5-make-shared-key
- server-msg-1
- client-msg-1
- sasl-scram-md5-client-security-info
- (scram-md5-make-client-verifier client-key))))))
-
-(defun sasl-scram-md5-authenticate-server (server-msg-1
+(defun sasl-scram-md5-client-msg-2 (server-msg-1 client-msg-1 salted-pass)
+ (let (client-proof client-key shared-key client-verifier)
+ (setq client-key
+ (scram-md5-make-client-key salted-pass))
+ (setq client-verifier
+ (scram-md5-make-client-verifier client-key))
+ (setq shared-key
+ (unwind-protect
+ (scram-md5-make-shared-key
+ server-msg-1
+ client-msg-1
+ sasl-scram-md5-client-security-info
+ client-verifier)
+ (fillarray client-verifier 0)))
+ (setq client-proof
+ (unwind-protect
+ (scram-md5-make-client-proof
+ client-key shared-key)
+ (fillarray client-key 0)
+ (fillarray shared-key 0)))
+ (unwind-protect
+ (scram-md5-make-client-msg-2
+ sasl-scram-md5-client-security-info
+ client-proof)
+ (fillarray client-proof 0))))
+
+(defun sasl-scram-md5-authenticate-server (server-msg-1
server-msg-2
client-msg-1
- passphrase)
- (scram-md5-authenticate-server
- server-msg-1
- server-msg-2
- client-msg-1
- sasl-scram-md5-client-security-info
- (car ; salt
- (scram-md5-parse-server-msg-1 server-msg-1))
- (scram-md5-make-salted-pass
- passphrase
- (car ; salt
- (scram-md5-parse-server-msg-1 server-msg-1)))))
-
-;;; unique-ID
-(defun sasl-number-base36 (num len)
- (if (if (< len 0)
- (<= num 0)
- (= len 0))
- ""
- (concat (sasl-number-base36 (/ num 36) (1- len))
- (char-to-string (aref "zyxwvutsrqponmlkjihgfedcba9876543210"
- (% num 36))))))
-
-(defvar sasl-unique-id-char nil)
-
-(defun sasl-unique-id ()
- ;; Don't use microseconds from (current-time), they may be unsupported.
- ;; Instead we use this randomly inited counter.
- (setq sasl-unique-id-char
- (% (1+ (or sasl-unique-id-char (logand (random t) (1- (lsh 1 20)))))
- ;; (current-time) returns 16-bit ints,
- ;; and 2^16*25 just fits into 4 digits i base 36.
- (* 25 25)))
- (let ((tm (static-if (fboundp 'current-time)
- (current-time)
- (let* ((cts (split-string (current-time-string) "[ :]"))
- (m (cdr (assoc (nth 1 cts)
- '(("Jan" . "01") ("Feb" . "02")
- ("Mar" . "03") ("Apr" . "04")
- ("May" . "05") ("Jun" . "06")
- ("Jul" . "07") ("Aug" . "08")
- ("Sep" . "09") ("Oct" . "10")
- ("Nov" . "11") ("Dec" . "12"))))))
- (list (string-to-int (concat (nth 6 cts) m
- (substring (nth 2 cts) 0 1)))
- (string-to-int (concat (substring (nth 2 cts) 1)
- (nth 4 cts) (nth 5 cts)
- (nth 6 cts))))))))
- (concat
- (if (memq system-type '(ms-dos emx vax-vms))
- (let ((user (downcase (user-login-name))))
- (while (string-match "[^a-z0-9_]" user)
- (aset user (match-beginning 0) ?_))
- user)
- (sasl-number-base36 (user-uid) -1))
- (sasl-number-base36 (+ (car tm)
- (lsh (% sasl-unique-id-char 25) 16)) 4)
- (sasl-number-base36 (+ (nth 1 tm)
- (lsh (/ sasl-unique-id-char 25) 16)) 4)
- ;; Append the name of the message interface, because while the
- ;; generated ID is unique to this newsreader, other newsreaders
- ;; might otherwise generate the same ID via another algorithm.
- ".sasl")))
+ salted-pass)
+ (string= server-msg-2
+ (scram-md5-make-server-msg-2
+ server-msg-1
+ client-msg-1
+ sasl-scram-md5-client-security-info
+ (car
+ (scram-md5-parse-server-msg-1 server-msg-1))
+ salted-pass)))
+
+;;; DIGEST-MD5
+
+(defvar sasl-digest-md5-nonce-count 1)
+
+(defun sasl-digest-md5-digest-response (digest-challenge username passwd
+ serv-type host &optional realm)
+ (digest-md5-parse-digest-challenge digest-challenge)
+ (digest-md5-digest-response
+ username
+ (or realm (digest-md5-challenge 'realm)) ;; need to check.
+ passwd
+ (digest-md5-challenge 'nonce)
+ (digest-md5-cnonce)
+ sasl-digest-md5-nonce-count
+ (digest-md5-digest-uri serv-type host) ;; MX host
+ ))
(provide 'sasl)
-;;; sasl.el ends here
+;;; sasl.el ends here
\ No newline at end of file
projects / elisp / flim.git / blobdiff