projects / elisp / flim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix
[elisp/flim.git] / sasl.el
diff --git a/sasl.el b/sasl.el
index 66ac188..69709a6 100644 (file)
--- a/sasl.el
+++ b/sasl.el
@@ -22,19 +22,134 @@
 ;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 ;; Boston, MA 02111-1307, USA.
 
+;;; Commentary:
+
+;; Example.
+;;
+;; (base64-encode-string
+;;  (sasl-scram-md5-client-msg-2
+;;   (base64-decode-string "dGVzdHNhbHQBAAAAaW1hcEBlbGVhbm9yLmlubm9zb2Z0LmNvbQBqaGNOWmxSdVBiemlGcCt2TFYrTkN3")
+;;   (base64-decode-string "AGNocmlzADx0NG40UGFiOUhCMEFtL1FMWEI3MmVnQGVsZWFub3IuaW5ub3NvZnQuY29tPg==")
+;;   (scram-md5-make-salted-pass
+;;    "secret stuff" "testsalt")))
+;; => "AQAAAMg9jU8CeB4KOfk7sUhSQPs="
+;;
+;; (base64-encode-string
+;;  (scram-md5-make-server-msg-2
+;;   (base64-decode-string "dGVzdHNhbHQBAAAAaW1hcEBlbGVhbm9yLmlubm9zb2Z0LmNvbQBqaGNOWmxSdVBiemlGcCt2TFYrTkN3")
+;;   (base64-decode-string "AGNocmlzADx0NG40UGFiOUhCMEFtL1FMWEI3MmVnQGVsZWFub3IuaW5ub3NvZnQuY29tPg==")
+;;   (scram-make-security-info nil t 0)
+;;   "testsalt"
+;;   (scram-md5-make-salted-pass
+;;    "secret stuff" "testsalt")))
+;; => "U0odqYw3B7XIIW0oSz65OQ=="
+
 ;;; Code:
 
 (require 'hmac-md5)
-(require 'hmac-util)
 
-(defun sasl-cram-md5 (user passphrase response)
-  (concat user " "
-         (hmac-hex-string
-          (hmac-md5 response passphrase))))
+(eval-when-compile
+  (require 'scram-md5)
+  (require 'digest-md5))
+
+(eval-and-compile
+  (autoload 'open-ssl-stream "ssl")
+  (autoload 'base64-decode-string "base64")
+  (autoload 'base64-encode-string "base64")
+  (autoload 'starttls-open-stream "starttls")
+  (autoload 'starttls-negotiate "starttls")
+  (autoload 'digest-md5-digest-response "digest-md5")
+  (autoload 'scram-md5-make-salted-pass "scram-md5")
+  (autoload 'scram-md5-parse-server-msg-1 "scram-md5")
+  (autoload 'scram-md5-make-client-msg-1 "scram-md5"))
 
+;;; CRAM-MD5
+(defun sasl-cram-md5 (username passphrase challenge)
+  (let ((secure-word (copy-sequence passphrase)))
+    (setq secure-word (unwind-protect
+                         (hmac-md5 challenge secure-word)
+                       (fillarray secure-word 0))
+         secure-word (unwind-protect
+                         (encode-hex-string secure-word)
+                       (fillarray secure-word 0))
+         secure-word (unwind-protect
+                         (concat username " " secure-word)
+                       (fillarray secure-word 0)))))
+
+;;; PLAIN
 (defun sasl-plain (authorid authenid passphrase)
   (concat authorid "\0" authenid "\0" passphrase))
 
+;;; SCRAM-MD5
+(eval-when-compile
+  (defvar sasl-scram-md5-client-security-info
+    (scram-make-security-info nil t 0)))
+
+(defun sasl-scram-md5-make-salted-pass (server-msg-1 passphrase)
+  (scram-md5-make-salted-pass
+   passphrase
+   (car
+    (scram-md5-parse-server-msg-1 server-msg-1))))
+
+(defun sasl-scram-md5-client-msg-1 (authenticate-id &optional authorize-id)
+  (scram-md5-make-client-msg-1 authenticate-id authorize-id))
+
+(defun sasl-scram-md5-client-msg-2 (server-msg-1 client-msg-1 salted-pass)
+  (let (client-proof client-key shared-key client-verifier)
+    (setq client-key
+         (scram-md5-make-client-key salted-pass))
+    (setq client-verifier
+         (scram-md5-make-client-verifier client-key))
+    (setq shared-key
+         (unwind-protect
+             (scram-md5-make-shared-key
+              server-msg-1
+              client-msg-1
+              sasl-scram-md5-client-security-info
+              client-verifier)
+           (fillarray client-verifier 0)))
+    (setq client-proof
+         (unwind-protect
+             (scram-md5-make-client-proof
+              client-key shared-key)
+           (fillarray client-key 0)
+           (fillarray shared-key 0)))
+    (unwind-protect
+       (scram-md5-make-client-msg-2
+        sasl-scram-md5-client-security-info
+        client-proof)
+      (fillarray client-proof 0))))
+            
+(defun sasl-scram-md5-authenticate-server (server-msg-1 
+                                          server-msg-2
+                                          client-msg-1
+                                          salted-pass)
+  (string= server-msg-2
+          (scram-md5-make-server-msg-2
+           server-msg-1
+           client-msg-1
+           sasl-scram-md5-client-security-info
+           (car
+            (scram-md5-parse-server-msg-1 server-msg-1))
+           salted-pass)))
+
+;;; DIGEST-MD5
+
+(defvar sasl-digest-md5-nonce-count 1)
+
+(defun sasl-digest-md5-digest-response (digest-challenge username passwd
+                                                serv-type host &optional realm)
+  (digest-md5-parse-digest-challenge digest-challenge)
+  (digest-md5-digest-response
+   username
+   (or realm (digest-md5-challenge 'realm)) ;; need to check.
+   passwd
+   (digest-md5-challenge 'nonce)
+   (digest-md5-cnonce)
+   sasl-digest-md5-nonce-count
+   (digest-md5-digest-uri serv-type host) ;; MX host
+   ))
+
 (provide 'sasl)
 
-;;; smtp.el ends here
+;;; sasl.el ends here
\ No newline at end of file