diff options
| author | Daniel Gultsch <daniel@gultsch.de> | 2014-11-15 17:44:51 +0100 |
|---|---|---|
| committer | Daniel Gultsch <daniel@gultsch.de> | 2014-11-15 17:44:51 +0100 |
| commit | 69ab8a2adbcaaaea3cbb9916ab0273d59f40c778 (patch) | |
| tree | d1973cfe4440ea07474b9e3b98d2e434aff126fc /src/main/java/eu/siacs/conversations/crypto/sasl | |
| parent | 7ba9854c22c6bcf07356cb018a0cbc2f49377f9f (diff) | |
| parent | 17cec63c14e15d1a78d124f718a4b51e4f4debd1 (diff) | |
Merge pull request #668 from SamWhited/auth-pinning
Auth mechanism pinning
Diffstat (limited to 'src/main/java/eu/siacs/conversations/crypto/sasl')
4 files changed, 30 insertions, 3 deletions
diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java b/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java index b56d2a46..850cacc2 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java @@ -17,7 +17,13 @@ public class DigestMd5 extends SaslMechanism { super(tagWriter, account, rng); } - public static String getMechanism() { + @Override + public int getPriority() { + return 10; + } + + @Override + public String getMechanism() { return "DIGEST-MD5"; } diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/Plain.java b/src/main/java/eu/siacs/conversations/crypto/sasl/Plain.java index f7e7ee8a..c7dedc5e 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/Plain.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/Plain.java @@ -12,7 +12,13 @@ public class Plain extends SaslMechanism { super(tagWriter, account, null); } - public static String getMechanism() { + @Override + public int getPriority() { + return 0; + } + + @Override + public String getMechanism() { return "PLAIN"; } diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java b/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java index 7dd5e99c..14d8b944 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java @@ -44,6 +44,15 @@ public abstract class SaslMechanism { this.rng = rng; } + /** + * The priority is used to pin the authentication mechanism. If authentication fails, it MAY be retried with another + * mechanism of the same priority, but MUST NOT be tried with a mechanism of lower priority (to prevent downgrade + * attacks). + * @return An arbitrary int representing the priority + */ + public abstract int getPriority(); + + public abstract String getMechanism(); public String getClientFirstMessage() { return ""; } diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java index 2073de2d..f3589fa2 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java @@ -43,7 +43,13 @@ public class ScramSha1 extends SaslMechanism { clientFirstMessageBare = ""; } - public static String getMechanism() { + @Override + public int getPriority() { + return 20; + } + + @Override + public String getMechanism() { return "SCRAM-SHA-1"; } |