SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) supports about squirrelmail HOT 21 CLOSED

I mean, I guess technically I could just allow "scram-*" as a preference instead of specifically looking for "scram-sha-1" and "scram-sha-256" and check the current PHP install to see if there's a matching digest algorithm in both hash_algos() and hash_hmac_algos() as the validation. The hyphen/no hyphen thing's a bit annoying, but not a problem.

You might also actually want to try reporting all this to the actual developers of SquirrelMail, as this is just an edited clone of one branch of the official SourceForge-hosted project.

from squirrelmail.

It is official, it is here: RFC 9266: Channel Bindings for TLS 1.3:

• https://tools.ietf.org/html/rfc9266

from squirrelmail.

I can add SCRAM-SHA-1 and SCRAM-SHA-256 for IMAP and SMTP fairly easily, but the Channel Binding PLUS variants require access to the TLS layer which PHP tends to hide behind its socket system. I have no idea how to even approach tls-unique, though stream_context_get_params() may potentially help with tls-server-endpoint. Without a test server that supports SCRAM-SHA-1-PLUS, though, I wouldn't even want to attempt an implementation.

I don't imagine any mail servers have SCRAM-SHA-512, but all it would take to include support are a couple of copy/paste actions, same as any other hmac-compatible hashing algorithm.

from squirrelmail.

There is Cyrus SASL since some months with SCRAM-SHA-1 / SCRAM-SHA-1-PLUS / SCRAM-SHA-224 / SCRAM-SHA-224-PLUS / SCRAM-SHA-256 / SCRAM-SHA-256-PLUS / SCRAM-SHA-384 / SCRAM-SHA-384-PLUS / SCRAM-SHA-512 / SCRAM-SHA-512-PLUS

• cyrusimap/cyrus-sasl#552

Code:

• https://github.com/cyrusimap/cyrus-sasl/commits/master
  ** Commits from Sep 2, 2019
  ** Commits from Sep 4, 2019

from squirrelmail.

Pretty sure I did everything right and followed all the standards. I only tested SHA-1, but since I'm using the method I described above instead of hardcoding the algorithms, I can only assume it'll function identically with any other selection.

I do not want to try adding any other algorithms unless I can find an existing server to test them with. Setting up my own server just for this was way too much for the few lines of code I added.

from squirrelmail.

@RealityRipple: Thanks a lot :)

Yes I would like to see this in main squirrelmail code ^^

But you have not specified for -PLUS variant in the code, please specify :)

In order: SCRAM-SHA-256-PLUS > SCRAM-SHA-256 > SCRAM-SHA-1-PLUS > SCRAM-SHA-1

from squirrelmail.

See my first reply to this bug.

And the idea of "order" does not apply to SquirrelMail. It's reliant on the administrator of the installation to type the exact algorithm they wish all instances of IMAP or SMTP to use into the config file, so there's never any fallback selections.

from squirrelmail.

@RealityRipple: Thanks a lot :)

Yes I would like to see this in main squirrelmail code ^^

You really want to contact Paul Lesniewski, and he'll probably add this as soon as you offer to donate a little via http://squirrelmail.org/donate_paul_lesniewski.php. He fixed a couple of bugs, updated a plugin to work with php 7.3, by my request when I made a small donation.

from squirrelmail.

@jult: I have sent an email to Paul about this ticket and code :)

@RealityRipple: Can you look for PHP 7.4 compatibility?

from squirrelmail.

@RealityRipple: Can you look for PHP 7.4 compatibility?

See commit 28d4844

from squirrelmail.

You have only forgotten to update informations ^^

Can you add in the topic and subject github repository and the README too?

I think SCRAM-SHA-... is missing for POP/POP3, can you add it too?

from squirrelmail.

It already makes mention of supporting PHP 7 and above twice. I see no reason to go into further detail than that, or I'd be making changes to those files every time a new PHP version comes out.

Regarding POP3... POP is not a good protocol to use for webmail. I'd generally discourage trying to go down that route. Also, I could find very little information about implementing SCRAM over POP. I may add it eventually, just in case a server doesn't provide IMAP but does provide SCRAM support... which seems extremely unlikely.

from squirrelmail.

@RealityRipple: For your information, after SCRAM-SHA-1(-PLUS):

• GNU SASL (gsasl) supports SCRAM-SHA-256(-PLUS) since 1.9.1: http://git.savannah.gnu.org/gitweb/?p=gsasl.git;a=blob;f=NEWS;hb=HEAD
• Dovecot supports SCRAM-SHA-256(-PLUS) since 2.3.10: https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/
• Cyrus SASL/IMAP supports SCRAM-SHA-256(-PLUS) and more since 2.1.27: https://www.cyrusimap.org/sasl/sasl/authentication_mechanisms.html

There will be new RFCs soon, can you add it?

• SCRAM-SHA-512(-PLUS): https://tools.ietf.org/html/draft-melnikov-scram-sha-512
• SCRAM-SHA3-512(-PLUS): https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
• Channel Bindings for SCRAM over TLS 1.3: https://tools.ietf.org/html/draft-ietf-kitten-tls-channel-bindings-for-tls13

Of course, you are listed here: scram-sasl/info#1

from squirrelmail.

There are no changes required that I'm aware of. As mentioned before, the code I wrote does not limit the hash algorithm selection - any valid algorithm for your PHP install will be accepted. This includes SHA-512 and SHA3-512, and anything else the hash_hmac_algos() function returns. I also previously mentioned that Channel Bindings are somewhat beyond PHP's scope and will not be implemented at this time.

from squirrelmail.

@RealityRipple: Hello, I have looked:

• https://github.com/RealityRipple/squirrelmail/search?q=scram-sha-1: OK
• https://github.com/RealityRipple/squirrelmail/search?q=scram-sha-256: OK
• https://github.com/RealityRipple/squirrelmail/search?q=scram-sha-512: NOK

from squirrelmail.

from squirrelmail.

Thanks for your reply!

Note: SCRAM-SHA-512/224, SCRAM-SHA-512/256 are not SCRAM-SHA-512...

The really importants are SCRAM-SHA-1, SCRAM-SHA-224, SCRAM-SHA-256, SCRAM-SHA-384, SCRAM-SHA-512.

Note possible to add in 3 files like others:

• https://github.com/RealityRipple/squirrelmail/search?q=scram-sha-1
• https://github.com/RealityRipple/squirrelmail/search?q=scram-sha-256

Attention for SCRAM-SHA-384 and SCRAM-SHA-512, there is a diff with 1/224/256.

• maranda/metronome@a02bb4d
• strophe/libstrophe@faa46d2

from squirrelmail.

I'm aware of the differences, I literally just listed every algorithm on the hash-hmac-algos() PHP doc page other than sha-1, sha-256, and sha-512 to illustrate my point.
If anything, I'd get rid of the results for scram-sha-1 and scram-sha-256 and replace them with scram-[ANY-HMAC-ALGORITHM-PHP-SUPPORTS].

from squirrelmail.

@RealityRipple: Can you look for Channel Binding support?

There is a recent history with jabber.ru MITM and SCRAM-SHA-*-PLUS is the security solution!

Some sources about jabber.ru:

• https://notes.valdikss.org.ru/jabber.ru-mitm/
• https://snikket.org/blog/on-the-jabber-ru-mitm/
• https://www.devever.net/~hl/xmpp-incident
• https://blog.jmp.chat/b/certwatch

Thanks in advance.

from squirrelmail.

It may be possible to use the capture_peer_cert stream context option to get the certificate from the server, but as far as I know there's still no way to get the TLS messages from a PHP socket. This means I'd only be able to implement tls-server-end-point and not tls-unique.

In the same vein, exporting keying material for TLS 1.3's tls-exporter also doesn't seem to have a path forward without any kind of SSL_export_keying_material method in PHP.

There's simply nothing I can do until PHP specifically adds a couple methods for the purpose of channel binding into their stream system. This probably won't happen unless someone pushes for it directly with the PHP devs themselves. I even found a PHP 5 keying material export patch from 2009 that's been completely ignored for a decade and a half.

For future notes, the cert method would entail something like this:

sqimap_login():
    if (!is_array($stream_options))
     $stream_options = array();
    if (!array_key_exists('ssl', $stream_options))
     $stream_options['ssl'] = array();
    $stream_options['ssl']['capture_peer_cert'] = true;

sqimap_create_stream():
    $ctxRet = stream_context_get_params($imap_stream);
    if (array_key_exists('options', $ctxRet) && array_key_exists('ssl', $ctxRet['options']) && array_key_exists('peer_certificate', $ctxRet['options']['ssl']))
    {
     openssl_x509_export($ctxRet['options']['ssl']['peer_certificate'], $pem_encoded);
     $pem_parsed = openssl_x509_parse($ctxRet['options']['ssl']['peer_certificate'], false);
     $alg = false;
     if (array_key_exists('signatureTypeLN', $pem_parsed))
      $alg = $pem_parsed['signatureTypeLN']; // http://oidref.com/1.2.840.113549.1.1
     if ($alg === 'md5WithRSAEncryption')
      $alg = 'sha256WithRSAEncryption';
     if ($alg === 'sha1-with-rsa-signature')
      $alg = 'sha256WithRSAEncryption';
     ...
     // strip the header and footer from $pem_parsed and base64_decode it
     // parse the possible $alg values and hash the decoded x509 cert
    }

However, I'm not sure the PEM-encoded result from openssl_x509_export is "octet for octet" as spec requires. They might parse the cert to some extent, and I can't find any way of retrieving the raw bytes from their OpenSSLCertificate object.

from squirrelmail.

@RealityRipple: SCRAM and -PLUS variants are in mpop and msmtp, maybe you can see for POP3 too?

• https://github.com/marlam/mpop/blob/master/NEWS
• https://github.com/marlam/msmtp/blob/master/NEWS

About PEAR:

Recently SCRAM hashes have been added in:

• https://github.com/pear/Auth_SASL
• https://github.com/pear/Auth_SASL2
• https://github.com/pear/Net_SMTP

A good job done by @schengawegga.

Maybe you can help for -PLUS variants?

And for repositories:

• https://github.com/pear/Net_Sieve
• https://github.com/pear/Net_IMAP
• https://github.com/pear/Mail_IMAPv2
• https://github.com/pear/Net_POP3
• https://github.com/pear/Mail
• https://github.com/pear/Mail2
• https://github.com/pear/Auth
• https://github.com/pear/Auth_HTTP

from squirrelmail.