SCRAM-SHA-256 progress

help-gsasl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SCRAM-SHA-256 progress

From:	Simon Josefsson
Subject:	SCRAM-SHA-256 progress
Date:	Fri, 03 Jan 2020 21:49:26 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

There is now working SCRAM-SHA-256 on the 'scram-fixes' branch (commit
371934c8).  I have done interop testing against the RFC 7677 test vector
and the SCRAM-SHA-256 client that I wrote for Emacs:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=38903

If anyone wants to play with it, below is a walk-through of a complete
exchange between the GNU SASL 'gsasl' tool in standalone server mode and
the Emacs SASL library.  I doubt anyone else finds that useful, but it
might help myself if I want to debug things in the future...

/Simon

==== gsasl

jas@latte:~/src/gsasl$ src/gsasl -m SCRAM-SHA-256 --server 
Enter base64 encoded tls-unique channel binding: 
Using mechanism:
SCRAM-SHA-256
Output from server:

Enter base64 authentication data from client (press RET if none):

=== emacs

jas@latte:~/src/gsasl$ emacs -q
(load "~/src/emacs/lisp/net/sasl.el")
(load "~/src/emacs/lisp/net/sasl-scram-sha256.el")
(setq m (sasl-find-mechanism (list "SCRAM-SHA-256")))
(setq client (sasl-make-client m "user" "imap" "foo.gnu.org"))
(setq step1 (sasl-next-step client nil))
(base64-encode-string (sasl-step-data step1))
=> "biwsbj11c2VyLHI9YTc3NGwxZWI4c21vbDFlYg=="

=== gsasl (paste "biws..")

biwsbj11c2VyLHI9YTc3NGwxZWI4c21vbDFlYg==
Output from server:
cj1hNzc0bDFlYjhzbW9sMWViOE50alk3VnpVWWlxQ3dFelgwaEJyZTBHLHM9T2RhaXhicW95N1RNZnArOSxpPTQwOTY=
Enter base64 authentication data from client (press RET if none):

=== emacs

(sasl-step-set-data step1 (base64-decode-string 
"cj1hNzc0bDFlYjhzbW9sMWViOE50alk3VnpVWWlxQ3dFelgwaEJyZTBHLHM9T2RhaXhicW95N1RNZnArOSxpPTQwOTY="))
(setq step2 (sasl-next-step client step1)) ; prompt for password 'pencil'
(print (base64-encode-string (sasl-step-data step2)))
=> 
"Yz1iaXdzLHI9YTc3NGwxZWI4c21vbDFlYjhOdGpZN1Z6VVlpcUN3RXpYMGhCcmUwRyxwPXJJbTcyMjU3YjhUNmo5YXN4QWZzRExMS1NmV3pqMG8rWDFaREExbytkRFk9"

=== gsasl (paste "Yz1ia..." and type password)

Yz1iaXdzLHI9YTc3NGwxZWI4c21vbDFlYjhOdGpZN1Z6VVlpcUN3RXpYMGhCcmUwRyxwPXJJbTcyMjU3YjhUNmo5YXN4QWZzRExMS1NmV3pqMG8rWDFaREExbytkRFk9
Enter password: 
Output from server:
dj1Md3FmK1pURWhIZzlNTlNjZlhIYlEzNjhESVoya2xyUkpURjJUZ3NJQkdJPQ==
Enter base64 authentication data from client (press RET if none):

=== emacs

(sasl-step-set-data step2 (base64-decode-string 
"dj1Md3FmK1pURWhIZzlNTlNjZlhIYlEzNjhESVoya2xyUkpURjJUZ3NJQkdJPQ=="))
(setq step3 (sasl-next-step client step2)) ; throws an error on password failure

=== gsasl (type RET)

Server authentication finished (client trusted)...
Enter application data (EOF to finish):

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

SCRAM-SHA-256 progress, Simon Josefsson <=

Prev by Date: Re: SCRAM methods
Next by Date: GNU SASL 1.9.0 (development version)
Previous by thread: Re: SCRAM methods
Next by thread: GNU SASL 1.9.0 (development version)
Index(es):
- Date
- Thread