Severity: wishlist
Tags: patch

The attached changes implement the SCRAM-SHA-1 SASL mechanism (as
specified in RFC 5802) for Emacs' SASL library.  Automated tests are
included.

I chose to put the implementation in a file called sasl-scram-rfc.el.
The Emacs SASL library was imported from FLIM a long time ago, apart
from a single file called sasl-scram.el, for which copyright assignment
wasn't completed.  This file implemented the now obsolete SCRAM-MD5 SASL
mechanism, based on a draft of what eventually became RFC 5802.  I chose
to use a different file name, to prevent the new code from being shadowed
in case someone has FLIM installed, but I'm open to be persuaded to use
another file name.

I removed SCRAM-MD5 from the list of SASL mechanisms in sasl.el, and
added SCRAM-SHA-1 first, so that it gets picked preferentially by
sasl-find-mechanism.

SCRAM-SHA-1 requires an implementation of HMAC-SHA1, so I added a module
for that, too.

Ideally, this module should implement the mechanism SCRAM-SHA-1-PLUS,
too.  This mechanism includes channel binding, which guarantees that the
entity you're authenticating to is the same entity that you completed a
TLS handshake with.  Implementing this would require some cooperation
from gnutls.el, as well as some thought about new API functions/options
for sasl.el.

For lisp/ChangeLog:

	* net/sasl.el (sasl-mechanisms): Remove SCRAM-MD5.  Add
	SCRAM-SHA-1 first.
	(sasl-mechanism-alist): Remove SCRAM-MD5 entry.  Add SCRAM-SHA-1
	entry.

	* net/sasl-scram-rfc.el: New file.

	* net/hmac-sha1.el: New file.

For test/ChangeLog:

	* automated/sasl-scram-rfc-tests.el: New file.

	* automated/hmac-sha1-tests.el: New file.