add scram-sha256 and 512 in their plus variants

Daniel Gultsch created

Change summary

src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java   |  4 
src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java  |  3 
src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java | 36 
src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java | 36 
4 files changed, 79 insertions(+)

Detailed changes

src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java πŸ”— 

@@ -106,6 +106,10 @@ public abstract class SaslMechanism {
             final ChannelBinding channelBinding = ChannelBinding.best(bindings);
             if (mechanisms.contains(External.MECHANISM) && account.getPrivateKeyAlias() != null) {
                 return new External(account);
+            } else if (mechanisms.contains(ScramSha512Plus.MECHANISM) && channelBinding != null) {
+                return new ScramSha512Plus(account, channelBinding);
+            } else if (mechanisms.contains(ScramSha256Plus.MECHANISM) && channelBinding != null) {
+                return new ScramSha256Plus(account, channelBinding);
             } else if (mechanisms.contains(ScramSha1Plus.MECHANISM) && channelBinding != null) {
                 return new ScramSha1Plus(account, channelBinding);
             } else if (mechanisms.contains(ScramSha512.MECHANISM)) {

src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java πŸ”— 

@@ -37,6 +37,9 @@ abstract class ScramMechanism extends SaslMechanism {
         super(account);
         this.channelBinding = channelBinding;
         if (channelBinding == ChannelBinding.NONE) {
+            // TODO this needs to be changed to "y,," for the scram internal down grade protection
+            // but we might risk compatibility issues if the server supports a binding that we don’t
+            // support
             this.gs2Header = "n,,";
         } else {
             this.gs2Header =

src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha256Plus.java πŸ”— 

@@ -0,0 +1,36 @@
+package eu.siacs.conversations.crypto.sasl;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.macs.HMac;
+
+import eu.siacs.conversations.entities.Account;
+
+public class ScramSha256Plus extends ScramPlusMechanism {
+
+    public static final String MECHANISM = "SCRAM-SHA-256-PLUS";
+
+    public ScramSha256Plus(final Account account, final ChannelBinding channelBinding) {
+        super(account, channelBinding);
+    }
+
+    @Override
+    protected HMac getHMAC() {
+        return new HMac(new SHA256Digest());
+    }
+
+    @Override
+    protected Digest getDigest() {
+        return new SHA256Digest();
+    }
+
+    @Override
+    public int getPriority() {
+        return 40;
+    }
+
+    @Override
+    public String getMechanism() {
+        return MECHANISM;
+    }
+}

src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha512Plus.java πŸ”— 

@@ -0,0 +1,36 @@
+package eu.siacs.conversations.crypto.sasl;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.macs.HMac;
+
+import eu.siacs.conversations.entities.Account;
+
+public class ScramSha512Plus extends ScramPlusMechanism {
+
+    public static final String MECHANISM = "SCRAM-SHA-512-PLUS";
+
+    public ScramSha512Plus(final Account account, final ChannelBinding channelBinding) {
+        super(account, channelBinding);
+    }
+
+    @Override
+    protected HMac getHMAC() {
+        return new HMac(new SHA512Digest());
+    }
+
+    @Override
+    protected Digest getDigest() {
+        return new SHA512Digest();
+    }
+
+    @Override
+    public int getPriority() {
+        return 45;
+    }
+
+    @Override
+    public String getMechanism() {
+        return MECHANISM;
+    }
+}