From f7ff3ddc16b98d63ef95768e70ba2b78a574d162 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Fri, 3 Jan 2020 18:41:03 +0100
Subject: Add SASL SCRAM-SHA-256 support.

* lisp/net/sasl.el (sasl-mechanisms): Add SCRAM-SHA-256.
(sasl-mechanism-alist): Ditto.
* lisp/net/sasl-scram-sha256.el: New file.
* tests/lisp/net/sasl-scram-rfc-tests.el (sasl-scram-sha-256-test):
New function.
---
 test/lisp/net/sasl-scram-rfc-tests.el | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

(limited to 'test')

diff --git a/test/lisp/net/sasl-scram-rfc-tests.el b/test/lisp/net/sasl-scram-rfc-tests.el
index ec283c86f55..09e05b62a25 100644
--- a/test/lisp/net/sasl-scram-rfc-tests.el
+++ b/test/lisp/net/sasl-scram-rfc-tests.el
@@ -1,4 +1,4 @@
-;;; sasl-scram-rfc-tests.el --- tests for SCRAM-SHA-1       -*- lexical-binding: t; -*-
+;;; sasl-scram-rfc-tests.el --- tests for SCRAM       -*- lexical-binding: t; -*-
 
 ;; Copyright (C) 2014-2020 Free Software Foundation, Inc.
 
@@ -19,7 +19,7 @@
 
 ;;; Commentary:
 
-;; Test cases from RFC 5802.
+;; Test cases from RFC 5802 and RFC 7677.
 
 ;;; Code:
 
@@ -47,4 +47,26 @@
     (sasl-scram-sha-1-authenticate-server client (vector nil "v=rmF9pqV8S7suAoZWja4dJRkFsKQ=
 "))))
 
+(require 'sasl-scram-sha256)
+
+(ert-deftest sasl-scram-sha-256-test ()
+  ;; The following strings are taken from section 3 of RFC 7677.
+  (let ((client
+         (sasl-make-client (sasl-find-mechanism '("SCRAM-SHA-256"))
+                           "user"
+                           "imap"
+                           "localhost"))
+        (data "r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096")
+        (c-nonce "rOprNGfwEbeRWgbNEkqO")
+        (sasl-read-passphrase
+         (lambda (_prompt) (copy-sequence "pencil"))))
+    (sasl-client-set-property client 'c-nonce c-nonce)
+    (should
+     (equal
+      (sasl-scram-sha-256-client-final-message client (vector nil data))
+      "c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ="))
+
+    ;; This should not throw an error:
+    (sasl-scram-sha-256-authenticate-server client (vector nil "v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4="))))
+
 ;;; sasl-scram-rfc-tests.el ends here
-- 
cgit v1.2.1