From 14f0c76a7d43f58ac6cda5888530ab3e13815fa6 Mon Sep 17 00:00:00 2001
From: schengawegga <schengawegga@gmail.com>
Date: Sat, 1 Apr 2023 22:47:12 +0200
Subject: [PATCH] SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) +
 SCRAM-SHA-512(-PLUS) supports #57

---
 Net/SMTP.php | 38 ++++++++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/Net/SMTP.php b/Net/SMTP.php
index 38fbcab..4a49816 100644
--- a/Net/SMTP.php
+++ b/Net/SMTP.php
@@ -1165,9 +1165,6 @@ public function authXOAuth2($uid, $token, $authz, $conn)
         return true;
     }
 
-
-
-
     /**
      * Authenticates the user using the SCRAM-SHA-1 method.
      *
@@ -1279,23 +1276,48 @@ protected function authScramSHA($uid, $pwd, $authz = '')
         }
 
         $auth_sasl = new Auth_SASL;
-        $challenge = base64_decode($this->arguments[0]);
         $cram      = $auth_sasl->factory($this->scram_sha_hash_algorithm);
-        $auth_str  = base64_encode($cram->getResponse($uid, $pwd, $challenge));
+        $auth_str  = base64_encode($cram->getResponse($uid, $pwd));
 
+        /* Step 1: Send first authentication request */
         if (PEAR::isError($error = $this->put($auth_str))) {
             return $error;
         }
 
-        /* 235: Authentication successful */
-        if (PEAR::isError($error = $this->parseResponse(235))) {
+        /* 334: Continue authentication request with password salt */
+        if (PEAR::isError($error = $this->parseResponse(334))) {
             return $error;
         }
-    }
 
+        $challenge = base64_decode($this->arguments[0]);
+        $auth_str  = base64_encode($cram->getResponse($uid, $pwd, $challenge));
 
+        /* Step 2: Send salted authentication request */
+        if (PEAR::isError($error = $this->put($auth_str))) {
+            return $error;
+        }
 
+        /* 334: Continue authentication request with password salt */
+        if (PEAR::isError($error = $this->parseResponse(334))) {
+            return $error;
+        }
 
+        /* Verify server signature */
+        $verification = $cram->processOutcome(base64_decode($this->arguments[0]));
+        if ($verification == false) {
+            return PEAR::raiseError("SCRAM Server verification on step 3 not successful");
+        }
+
+        /* Step 3: Send a request to acknowledge verification */
+        if (PEAR::isError($error = $this->put("NOOP"))) {
+            return $error;
+        }
+
+        /* 235: Authentication successful */
+        if (PEAR::isError($error = $this->parseResponse(235))) {
+            return $error;
+        }
+    }
 
     /**
      * Send the HELO command.