bug#17636: Implement SCRAM-SHA-1 SASL mechanism

[Magnus Henoch <magnus.henoch@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 1674 bytes --]

Severity: wishlist
Tags: patch

The attached changes implement the SCRAM-SHA-1 SASL mechanism (as
specified in RFC 5802) for Emacs' SASL library.  Automated tests are
included.

I chose to put the implementation in a file called sasl-scram-rfc.el.
The Emacs SASL library was imported from FLIM a long time ago, apart
from a single file called sasl-scram.el, for which copyright assignment
wasn't completed.  This file implemented the now obsolete SCRAM-MD5 SASL
mechanism, based on a draft of what eventually became RFC 5802.  I chose
to use a different file name, to prevent the new code from being shadowed
in case someone has FLIM installed, but I'm open to be persuaded to use
another file name.

I removed SCRAM-MD5 from the list of SASL mechanisms in sasl.el, and
added SCRAM-SHA-1 first, so that it gets picked preferentially by
sasl-find-mechanism.

SCRAM-SHA-1 requires an implementation of HMAC-SHA1, so I added a module
for that, too.

Ideally, this module should implement the mechanism SCRAM-SHA-1-PLUS,
too.  This mechanism includes channel binding, which guarantees that the
entity you're authenticating to is the same entity that you completed a
TLS handshake with.  Implementing this would require some cooperation
from gnutls.el, as well as some thought about new API functions/options
for sasl.el.

For lisp/ChangeLog:

	* net/sasl.el (sasl-mechanisms): Remove SCRAM-MD5.  Add
	SCRAM-SHA-1 first.
	(sasl-mechanism-alist): Remove SCRAM-MD5 entry.  Add SCRAM-SHA-1
	entry.

	* net/sasl-scram-rfc.el: New file.

	* net/hmac-sha1.el: New file.

For test/ChangeLog:

	* automated/sasl-scram-rfc-tests.el: New file.

	* automated/hmac-sha1-tests.el: New file.


[-- Attachment #2: lisp/net/hmac-sha1.el --]
[-- Type: application/emacs-lisp, Size: 1261 bytes --]

[-- Attachment #3: test/automated/hmac-sha-1-tests.el --]
[-- Type: application/emacs-lisp, Size: 2836 bytes --]

[-- Attachment #4: lisp/net/sasl-scram-rfc.el --]
[-- Type: application/emacs-lisp, Size: 5949 bytes --]

[-- Attachment #5: test/automated/sasl-scram-rfc-tests.el --]
[-- Type: application/emacs-lisp, Size: 1816 bytes --]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #6: changes to lisp/net/sasl.el --]
[-- Type: text/x-patch, Size: 647 bytes --]

diff --git a/lisp/net/sasl.el b/lisp/net/sasl.el
index 03a8f72..adb13b9 100644
--- a/lisp/net/sasl.el
+++ b/lisp/net/sasl.el
@@ -35,8 +35,8 @@
 ;;; Code:
 
 (defvar sasl-mechanisms
-  '("CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" "ANONYMOUS"
-    "NTLM" "SCRAM-MD5"))
+  '("SCRAM-SHA-1" "CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" "ANONYMOUS"
+    "NTLM"))
 
 (defvar sasl-mechanism-alist
   '(("CRAM-MD5" sasl-cram)
@@ -45,7 +45,7 @@
     ("LOGIN" sasl-login)
     ("ANONYMOUS" sasl-anonymous)
     ("NTLM" sasl-ntlm)
-    ("SCRAM-MD5" sasl-scram)))
+    ("SCRAM-SHA-1" sasl-scram-sha-1)))
 
 (defvar sasl-unique-id-function #'sasl-unique-id-function)