;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
;; Boston, MA 02111-1307, USA.
+;;; Commentary:
+
+;; Example.
+;;
+;; (base64-encode-string
+;; (sasl-scram-md5-client-msg-2
+;; (base64-decode-string "dGVzdHNhbHQBAAAAaW1hcEBlbGVhbm9yLmlubm9zb2Z0LmNvbQBqaGNOWmxSdVBiemlGcCt2TFYrTkN3")
+;; (base64-decode-string "AGNocmlzADx0NG40UGFiOUhCMEFtL1FMWEI3MmVnQGVsZWFub3IuaW5ub3NvZnQuY29tPg==")
+;; (scram-md5-make-salted-pass
+;; "secret stuff" "testsalt")))
+;; => "AQAAAMg9jU8CeB4KOfk7sUhSQPs="
+;;
+;; (base64-encode-string
+;; (scram-md5-make-server-msg-2
+;; (base64-decode-string "dGVzdHNhbHQBAAAAaW1hcEBlbGVhbm9yLmlubm9zb2Z0LmNvbQBqaGNOWmxSdVBiemlGcCt2TFYrTkN3")
+;; (base64-decode-string "AGNocmlzADx0NG40UGFiOUhCMEFtL1FMWEI3MmVnQGVsZWFub3IuaW5ub3NvZnQuY29tPg==")
+;; (scram-make-security-info nil t 0)
+;; "testsalt"
+;; (scram-md5-make-salted-pass
+;; "secret stuff" "testsalt")))
+;; => "U0odqYw3B7XIIW0oSz65OQ=="
+
;;; Code:
(require 'hmac-md5)
+(eval-when-compile
+ (require 'scram-md5)
+ (require 'digest-md5))
+
+(eval-and-compile
+ (autoload 'open-ssl-stream "ssl")
+ (autoload 'base64-decode-string "base64")
+ (autoload 'base64-encode-string "base64")
+ (autoload 'starttls-open-stream "starttls")
+ (autoload 'starttls-negotiate "starttls")
+ (autoload 'digest-md5-parse-digest-challenge "digest-md5")
+ (autoload 'digest-md5-digest-response "digest-md5")
+ (autoload 'scram-make-security-info "scram-md5")
+ (autoload 'scram-md5-make-salted-pass "scram-md5")
+ (autoload 'scram-md5-parse-server-msg-1 "scram-md5")
+ (autoload 'scram-md5-make-client-msg-1 "scram-md5"))
+
+;;; CRAM-MD5
(defun sasl-cram-md5 (username passphrase challenge)
(let ((secure-word (copy-sequence passphrase)))
(setq secure-word (unwind-protect
secure-word (unwind-protect
(concat username " " secure-word)
(fillarray secure-word 0)))))
-
+
+;;; PLAIN
(defun sasl-plain (authorid authenid passphrase)
(concat authorid "\0" authenid "\0" passphrase))
+;;; SCRAM-MD5
+(defvar sasl-scram-md5-client-security-info
+ (scram-make-security-info nil t 0))
+
+(defun sasl-scram-md5-make-salted-pass (server-msg-1 passphrase)
+ (scram-md5-make-salted-pass
+ passphrase
+ (car
+ (scram-md5-parse-server-msg-1 server-msg-1))))
+
+(defun sasl-scram-md5-client-msg-1 (authenticate-id &optional authorize-id)
+ (scram-md5-make-client-msg-1 authenticate-id authorize-id))
+
+(defun sasl-scram-md5-client-msg-2 (server-msg-1 client-msg-1 salted-pass)
+ (let (client-proof client-key shared-key client-verifier)
+ (setq client-key
+ (scram-md5-make-client-key salted-pass))
+ (setq client-verifier
+ (scram-md5-make-client-verifier client-key))
+ (setq shared-key
+ (unwind-protect
+ (scram-md5-make-shared-key
+ server-msg-1
+ client-msg-1
+ sasl-scram-md5-client-security-info
+ client-verifier)
+ (fillarray client-verifier 0)))
+ (setq client-proof
+ (unwind-protect
+ (scram-md5-make-client-proof
+ client-key shared-key)
+ (fillarray client-key 0)
+ (fillarray shared-key 0)))
+ (unwind-protect
+ (scram-md5-make-client-msg-2
+ sasl-scram-md5-client-security-info
+ client-proof)
+ (fillarray client-proof 0))))
+
+(defun sasl-scram-md5-authenticate-server (server-msg-1
+ server-msg-2
+ client-msg-1
+ salted-pass)
+ (string= server-msg-2
+ (scram-md5-make-server-msg-2
+ server-msg-1
+ client-msg-1
+ sasl-scram-md5-client-security-info
+ (car
+ (scram-md5-parse-server-msg-1 server-msg-1))
+ salted-pass)))
+
(provide 'sasl)
-;;; sasl.el ends here
+;;; sasl.el ends here
\ No newline at end of file