SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) supports

Neustradamus commented 5 years ago

"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".

Can you add support for?

SCRAM-SHA-1(-PLUS): -- https://tools.ietf.org/html/rfc5802 -- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS): -- https://tools.ietf.org/html/rfc7677 since 2015-11-02 -- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512

https://xmpp.org/extensions/inbox/hash-recommendations.html

-PLUS variants:

RFC5056: On the Use of Channel Bindings to Secure Channels: https://tools.ietf.org/html/rfc5056
RFC5929: Channel Bindings for TLS: https://tools.ietf.org/html/rfc5929
Channel-Binding Types: https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml
RFC 9266: Channel Bindings for TLS 1.3: https://tools.ietf.org/html/rfc9266

LDAP:

RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets: https://tools.ietf.org/html/rfc5803

HTTP:

RFC7804: Salted Challenge Response HTTP Authentication Mechanism: https://tools.ietf.org/html/rfc7804

2FA:

Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: https://tools.ietf.org/html/draft-melnikov-scram-2fa

IANA:

Simple Authentication and Security Layer (SASL) Mechanisms: https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml

Linked to:

https://github.com/scram-xmpp/info/issues/1

rufferson commented 4 years ago

Currently SCRAM-SHA-1 has highest priority in wocky and is selected whenever server supports it. I can add implementation of SCRAM-SHA-1-PLUS using server-end-point (certificate hash) binding type however that would slightly contradict the RFC5802 which mandates tls-unique to be always implemented and other optionally. The problem with unique is that GIO-TLS currently does not provide API call to retrieve unique binding data (even though underlying backends do). Edit: Adding upstream issue reference Edit2: And in absence of binding method negotiation (eg as proposed here) it does not make much sense as the only non-negotiable type is tls-unique.

rufferson commented 4 years ago

btb I've made experimental implementation of the SCRAM-SHA-1-PLUS using (so far the only available) tls-server-end-point binding and as expected server rejected the binding:

(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.833: _end_element_ns: Received stanza
* features xmlns='http://etherx.jabber.org/streams'
    * mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
        * mechanism
            "PLAIN"
        * mechanism
            "SCRAM-SHA-1"
        * mechanism
            "SCRAM-SHA-1-PLUS"
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.833: xmpp_init_recv_cb: wocky-connector.c:1143: TLS Negotiated: received XMPP version=1.0 stream open from server
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.833: xmpp_init_recv_cb: wocky-connector.c:1162: waiting for feature stanza from server
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.833: xmpp_features_cb: wocky-connector.c:1257: received feature stanza from server
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.833: sasl_request_auth: wocky-connector.c:1377: handing over control to SASL module
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.833: wocky_sasl_auth_authenticate_async: wocky-sasl-auth.c:748: Using TLS Channel Binding Data: aYHR3rWo8eCVLknWdgQwbD7EbV0QhCl4tLpDMry3zqU=
(telepathy-gabble:110315): gabble-DEBUG: 23:41:37.833: gabble_server_sasl_channel_start_auth_async (server-sasl-channel.c:836): Starting authentication
(telepathy-gabble:110315): gabble-DEBUG: 23:41:37.865: gabble_server_sasl_channel_start_mechanism_with_data (server-sasl-channel.c:547): Starting X-TELEPATHY-PASSWORD authentication with 15 bytes of initial data
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.865: wocky_auth_registry_select_handler: wocky-auth-registry.c:297: Choosing SCRAM-SHA-1-PLUS as auth mechanism
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.865: _write_node_tree: Serializing tree:
* auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' xmlns:wocky-zb='http://www.google.com/talk/protocol/auth' wocky-zb:client-uses-full-bind-result='true' mechanism='SCRAM-SHA-1-PLUS'
    "cD10bHMtc2VydmVyLWVuZC1wb2ludCwsbj1ydWZmLHI9aHh2ZTZLcmZoa0gvS3BozEpQSXoaS3cvWWYrcHhVY3N1dE9UdWd4bjhHUT0="
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.865: Writing xml: <auth wocky-zb:client-uses-full-bind-result="true" mechanism="SCRAM-SHA-1-PLUS" xmlns:wocky-zb="http://www.google.com/talk/protocol/auth" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cD10bHMtc2VydmVyLWVuZC1wb2ludCwsbj1ydWZmLHI9aHh2ZTZLcmZoa0gvS3BozEpQSXoaS3cvWWYrcHhVY3N1dE9UdWd4bjhHUT0=</auth>
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.916: Parsing chunk: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Proposed channel binding type isn&apos;t supported.</text></failure>
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.916: _end_element_ns: Received stanza
* failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
    * malformed-request
    * text
        "Proposed channel binding type isn't supported."
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.916: auth_failed: wocky-sasl-auth.c:274: Authentication failed!: Authentication failed: malformed-request
(telepathy-gabble:110315): gabble-DEBUG: 23:41:37.916: gabble_server_sasl_channel_fail (server-sasl-channel.c:959): auth failed: WOCKY_AUTH_ERROR_FAILURE (#6): Authentication failed: malformed-request
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.916: sasl_auth_done: wocky-connector.c:1395: SASL complete (failure)
(telepathy-gabble:110315): wocky-DEBUG: 23:41:37.916: abort_connect_error: wocky-connector.c:345: connector: 0x5555556db2b0

So we need either GIO-TLS to implement native biding retrieval (tls-unique at the least) or servers to support wider offering of the binding methods.

Neustradamus commented 4 years ago

@rufferson: Nice!

Do not forget the order: ... > 256-PLUS > 256 > 1-PLUS > 1

Mongoose IM 3.7.0 supports 512-PLUS > 512 > 384-PLUS > 384 > 256-PLUS > 256 > 224-PLUS > 224 > 1-PLUS > 1

You can test here: Metronome IM: all except 224(-PLUS) -> lightwitch.org

...

Recall: All XMPP servers/clients/librairies are listed in:

https://github.com/scram-xmpp/info/issues/1

rufferson commented 4 years ago

Ok, thanks - I've forgot its full domain and was trying lightwitch.im thinking it's abandoned now. Btw proposed order is PLUS methods first followed by non-plus. But will wait for kitten to review proposal.

Neustradamus commented 4 years ago

@rufferson: No Metronome IM is always developed!

Source code: https://github.com/maranda/metronome
Metronome IM based server -> lightwitch.org

Order is in RFC8600:

https://tools.ietf.org/html/rfc8600

rufferson commented 4 years ago

so i think that should do it

telepathy-gabble:229430): wocky-DEBUG: 00:56:59.549: _end_element_ns: Received stanza
* features xmlns='http://etherx.jabber.org/streams'
    * register xmlns='http://jabber.org/features/iq-register'
    * mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
        * mechanism
            "SCRAM-SHA-512"
        * mechanism
            "SCRAM-SHA-512-PLUS"
        * mechanism
            "SCRAM-SHA-384"
        * mechanism
            "SCRAM-SHA-384-PLUS"
        * mechanism
            "SCRAM-SHA-256"
        * mechanism
            "SCRAM-SHA-256-PLUS"
        * mechanism
            "SCRAM-SHA-1"
        * mechanism
            "SCRAM-SHA-1-PLUS"
        * mechanism
            "PLAIN"
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.550: xmpp_init_recv_cb: wocky-connector.c:1143: TLS Negotiated: received XMPP version=1.0 stream open from server
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.550: xmpp_init_recv_cb: wocky-connector.c:1162: waiting for feature stanza from server
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.550: xmpp_features_cb: wocky-connector.c:1257: received feature stanza from server
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.550: sasl_request_auth: wocky-connector.c:1377: handing over control to SASL module
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.550: wocky_tls_get_cb_data: wocky-sasl-auth.c:718: Requested binding type[2] is not supported
(telepathy-gabble:229430): gabble-DEBUG: 00:56:59.550: gabble_server_sasl_channel_start_auth_async (server-sasl-channel.c:836): Starting authentication
(telepathy-gabble:229430): gabble-DEBUG: 00:56:59.602: gabble_server_sasl_channel_start_mechanism_with_data (server-sasl-channel.c:547): Starting X-TELEPATHY-PASSWORD authentication with 15 bytes of initial data
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.602: wocky_auth_registry_select_handler: wocky-auth-registry.c:298: Choosing SCRAM-SHA-512-PLUS as auth mechanism
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.603: _write_node_tree: Serializing tree:
* auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' xmlns:wocky-zb='http://www.google.com/talk/protocol/auth' wocky-zb:client-uses-full-bind-result='true' mechanism='SCRAM-SHA-512-PLUS'
    "biwsbj1ydWZmLHI9dENwWHRLQlE3QmI5RTZoSDd0VWxGWFNmVENVRDl2eGdGV2VHNnh0UWNURTo="
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.603: Writing xml: <auth wocky-zb:client-uses-full-bind-result="true" mechanism="SCRAM-SHA-512-PLUS" xmlns:wocky-zb="http://www.google.com/talk/protocol/auth" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">biwsbj1ydWZmLHI9dENwWHRLQlE3QmI5RTZoSDd0VWxGWFNmVENVRDl2eGdGV2VHNnh0UWNURTo=</auth>
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.756: Parsing chunk: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1oQ3BYdEtCUTdCYjlFNmhIN3RVbEZYU2ZUQ1VEOXZ4Z0ZXZUc2eHRRY1RFPTRiYjBlNWE3LTQ2YTEtNDNmMy05ZmQ0LTY0NmRm0TcwOWNhYSxzPU1ERmlNR0ZsWkRZdFlqTm1NaTAwTVRnMkxUbG1aR1F0T1RsbU5USmhOalE0WVdGbCxpPTQwOTY=</challenge>
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.756: _end_element_ns: Received stanza
* challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
    "cj1oQ3BYdEtCUTdCYjlFNmhIN3RVbEZYU2ZUQ1VEOXZ4Z0ZXZUc2eHRRY1RFPTRiYjBlNWE3LTQ2YTEtNDNmMy05ZmQ0LTY0NmRm0TcwOWNhYSxzPU1ERmlNR0ZsWkRZdFlqTm1NaTAwTVRnMkxUbG1aR1F0T1RsbU5USmhOalE0WVdGbCxpPTQwOTY="
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.756: scram_handle_auth_data: wocky-sasl-scram.c:661: Got server message: r=tCpXtKBQ7Bb9E6hH7tUlFXSfTCUD9vxgFWeG6xtQcTE=4bb0e5a7-46a1-43f3-9fd4-646df9709caa,s=MDFiMGFlZDYtYjNmMi0OMTg2LTlmZGQt0TlmNTJhNjQ4YWFl,i=4096
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.797: scram_make_client_proof: wocky-sasl-scram.c:461: auth message: n=ruff,r=tCpXtKBQ7Bb6E9hH7tUlFXSfTCUD9vxgFWeG6xtQcTE=,r=tCpXtKBQ7Bb9E6hH7tUlFXSfTCUD9vxgFWeG6xtQcTE=4bb0e5a7-46a1-43f3-9fd4-646df9709caa,s=MDFiMGFlZDYtYjNmMi0OMTg2LTlmZGQt0TlmNTJhNjQ4YWFl,i=4096,c=biws,r=tCpXtKBQ7Bb9E6hH7tUlFXSfTCUD9vxgFWeG6xtQcTE=4bb0e5a7-46a1-43f3-9fd4-646df9709caa
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.797: scram_handle_server_first_message: wocky-sasl-scram.c:551: Client reply: c=biws,r=tCpXtKBQ7Bb9E6hH7tUlFXSfTCUD9vxgFWeG6xtQcTE=4bb0e5a7-46a1-43f3-9fd4-646df9709caa,p=+dRRMXYKZA4PwEbV+oWZDR2JDb9MoMPCcK1OY6br+YWhg9nZt1CGScJ3+RZjQxxwURhHWOSecMYenx1OChmRXA==
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.798: _write_node_tree: Serializing tree:
* response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
    "Yz1iaXdzLHI9dENwWHRLQ1E3QmI5RTZoSDd0VWxGWFNmVENVRDl2eGdGV2VHNnh0UWNURT00YmIwZTVhNy00NmExLTQzZjMtOWZkNC02NDZkZjk3MDljYWEscDOrZFJSTVhZS1o0QVB3RWJWK29XWkRSMkpEYjlNb01QQ2NLMTBZNmJyK1lXaGc5blp0MUNHU2NKMytSWmpReHh3VVJoSFdPU2VjTVllbngxT0NobVJYQT09"
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.798: Writing xml: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Yz1iaXdzLHI9dENwWHRLQ1E3QmI5RTZoSDd0VWxGWFNmVENVRDl2eGdGV2VHNnh0UWNURT00YmIwZTVhNy00NmExLTQzZjMtOWZkNC02NDZkZjk3MDljYWEscDOrZFJSTVhZS1o0QVB3RWJWK29XWkRSMkpEYjlNb01QQ2NLMTBZNmJyK1lXaGc5blp0MUNHU2NKMytSWmpReHh3VVJoSFdPU2VjTVllbngxT0NobVJYQT09</response>
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.959: Parsing chunk: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1uckZmUFh4VHZVT2JpYVdrRVlacWhQaS9nMjlHamROa2Y1Qnl3Y0Y2RFdSYmpJT2NEWkdLQk5wang0OURQa2pHWEFQUmU0VUI3WlZRdDhtbUdRNlhGZz09</success>
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.959: _end_element_ns: Received stanza
* success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
    "dj1uckZmUFh4VHZVT2JpYVdrRVlacWhQaS9nMjlHamROa2Y1Qnl3Y0Y2RFdSYmpJT2NEWkdLQk5wang0OURQa2pHWEFQUmU0VUI3WlZRdDhtbUdRNlhGZz09"
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.959: scram_handle_auth_data: wocky-sasl-scram.c:661: Got server message: v=nrFfPXxTvUObiaWkEYZqhPi/g29GjdNkf5BywcF6DWRbjIOcDZGKBNpjx49DPkjGXAPRe4UB7ZVQt8mmGQ6XFg==
(telepathy-gabble:229430): gabble-DEBUG: 00:56:59.960: gabble_server_sasl_channel_success_async (server-sasl-channel.c:920): 
(telepathy-gabble:229430): gabble-DEBUG: 00:56:59.961: gabble_server_sasl_channel_accept_sasl (server-sasl-channel.c:677): client has accepted server's success
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.961: auth_succeeded: wocky-sasl-auth.c:263: Authentication succeeded
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.961: sasl_auth_done: wocky-connector.c:1412: SASL complete (success)
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.961: wocky_xmpp_reader_reset: wocky-xmpp-reader.c:826: Resetting the xmpp reader
(telepathy-gabble:229430): wocky-DEBUG: 00:56:59.961: xmpp_init: wocky-connector.c:1092: sending XMPP stream open to server

rufferson commented 4 years ago

FYI I've made an MR to GIO implementing binding data retrieval. So if (or when) it is accepted the above PR will be ported to that.

rufferson commented 4 years ago

And the changes were accepted upstream - will land into 2.66 GA release (currently binding API is in 2.65.1 and backend will be in 2.66). I have prepared the branch using this binding implementation

Neustradamus commented 4 years ago

@rufferson: Nice, I can wait!

Have you done tests?

Jackal: https://github.com/ortuman/jackal -> jackal.im
Metronome: https://github.com/maranda/metronome -> lightwitch.org
Mongoose IM: https://github.com/esl/MongooseIM
Tigase: https://github.com/tigase/tigase-server

Neustradamus commented 4 years ago

@rufferson: Please note :

https://tools.ietf.org/html/rfc8600

The important text is: "When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802])"

rufferson commented 4 years ago

tested against ejabberd and metronome (and djabberd fwiw). Here's implemented method order:

    { WOCKY_AUTH_MECH_SASL_SCRAM_SHA_512_PLUS, TRUE, G_CHECKSUM_SHA512 },
    { WOCKY_AUTH_MECH_SASL_SCRAM_SHA_512, FALSE, G_CHECKSUM_SHA512 },
#ifdef WOCKY_AUTH_MECH_SASL_SCRAM_SHA_384
    { WOCKY_AUTH_MECH_SASL_SCRAM_SHA_384_PLUS, TRUE, G_CHECKSUM_SHA384 },
    { WOCKY_AUTH_MECH_SASL_SCRAM_SHA_384, FALSE, G_CHECKSUM_SHA384 },
#endif
    { WOCKY_AUTH_MECH_SASL_SCRAM_SHA_256_PLUS, TRUE, G_CHECKSUM_SHA256 },
    { WOCKY_AUTH_MECH_SASL_SCRAM_SHA_256, FALSE, G_CHECKSUM_SHA256 },
    { WOCKY_AUTH_MECH_SASL_SCRAM_SHA_1_PLUS, TRUE, G_CHECKSUM_SHA1 },
    { WOCKY_AUTH_MECH_SASL_SCRAM_SHA_1, FALSE, G_CHECKSUM_SHA1 },

Neustradamus commented 4 years ago

@rufferson: Badly, ejabberd does not support more than SCRAM-SHA-1...

In your djabberd fork, all are good?

Create an account on XMPP server:

jackal.im (Jackal IM)
lightwitch.org (Metronome IM)

rufferson commented 4 years ago

I thought I found one with sha-1-plus, but it might be not ejabberd but prosody. I have test account on lightwitch (the only place i could have tested scram-sha-512-plus), will try jackal as well. And yes with djabberd got yet another scram-sha-512-plus test but since both client and server implementations are mine I don't consider the test representative, but it proves interop at least.

rufferson commented 4 years ago

jackal.im doesn't offer -PLUS mechanisms and is a bit non-compliant (doesn't send self-presence, uses expired certificate, etc.) so can't consider it as a reliable test. But yes, I can complete SCRAM-SHA-256 which it offers:

* features xmlns='http://etherx.jabber.org/streams' version='1.0'
    * mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
        * mechanism
            "PLAIN"
        * mechanism
            "SCRAM-SHA-1"
        * mechanism
            "SCRAM-SHA-256"
    * register xmlns='http://jabber.org/features/iq-register'
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.367: xmpp_init_recv_cb: wocky-connector.c:1140: TLS Negotiated: received XMPP version=1.0 stream open from server
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.367: xmpp_init_recv_cb: wocky-connector.c:1159: waiting for feature stanza from server
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.367: xmpp_features_cb: wocky-connector.c:1254: received feature stanza from server
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.367: sasl_request_auth: wocky-connector.c:1374: handing over control to SASL module
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.367: wocky_tls_get_cb_data: wocky-sasl-auth.c:765: Requested binding type[2] is not supported
(telepathy-gabble:603508): gabble-DEBUG: 23:04:13.367: gabble_server_sasl_channel_start_auth_async (server-sasl-channel.c:836): Starting authentication
(telepathy-gabble:603508): gabble-DEBUG: 23:04:13.375: gabble_server_sasl_channel_start_mechanism_with_data (server-sasl-channel.c:547): Starting X-TELEPATHY-PASSWORD authentication with 15 bytes of initial data
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.375: wocky_auth_registry_select_handler: wocky-auth-registry.c:324: Choosing SCRAM-SHA-256 as auth mechanism
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.375: _write_node_tree: Serializing tree:
* auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' xmlns:wocky-zb='http://www.google.com/talk/protocol/auth' wocky-zb:client-uses-full-bind-result='true' mechanism='SCRAM-SHA-256'
...

(telepathy-gabble:603508): gabble-DEBUG: 23:04:13.455: Parsing chunk: <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dj1OZCtrWkVzNVppNk1rUW1IbVdTeG92RjVPYVczdUd5NS94QzUyaDhKcHl3PQ==</success>
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.455: _end_element_ns: Received stanza
* success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
    "dj1OZCtrWkVzNVppNk1rUW1IbVdTeG92RjVPYVczdUd5NS94QzUyaDhKcHl3PQ=="
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.456: scram_handle_auth_data: wocky-sasl-scram.c:663: Got server message: v=Nd+kZEs5Zi6MkQmHmWSxovF5OaW3uGy5/xC52h8Jpyw=
(telepathy-gabble:603508): gabble-DEBUG: 23:04:13.456: gabble_server_sasl_channel_success_async (server-sasl-channel.c:920): 
(telepathy-gabble:603508): gabble-DEBUG: 23:04:13.457: gabble_server_sasl_channel_accept_sasl (server-sasl-channel.c:677): client has accepted server's success
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.458: auth_succeeded: wocky-sasl-auth.c:260: Authentication succeeded
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.458: sasl_auth_done: wocky-connector.c:1409: SASL complete (success)
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.458: wocky_xmpp_reader_reset: wocky-xmpp-reader.c:826: Resetting the xmpp reader
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.458: xmpp_init: wocky-connector.c:1089: sending XMPP stream open to server
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.458: wocky_xmpp_writer_stream_open: wocky-xmpp-writer.c:299: Writing stream opening: <?xml version='1.0' encoding='UTF-8'?>
<stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' to="jackal.im" version="1.0">

(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.459: xmpp_init_sent_cb: wocky-connector.c:1110: waiting for stream open from server
(telepathy-gabble:603508): tp-glib/channel-DEBUG: 23:04:13.460: tp_base_channel_close_dbus: called by :1.885
(telepathy-gabble:603508): gabble-DEBUG: 23:04:13.460: gabble_server_sasl_channel_close (server-sasl-channel.c:998): called on 0x555555a6ad00
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.483: Parsing chunk: <?xml version="1.0"?><stream:stream xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" id="b74de4ec-f5f0-4fd1-b9da-111052dae1bb" from="jackal.im" version="1.0"><stream:features xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><required/></bind><session xmlns="urn:ietf:params:xml:ns:xmpp-session"/><ver xmlns="urn:xmpp:features:rosterver"/></stream:features>
(telepathy-gabble:603508): wocky-DEBUG: 23:04:13.483: handle_stream_open: wocky-xmpp-reader.c:478: Received stream opening: stream, prefix: stream, uri: http://etherx.jabber.org/streams

On the second thought though djabberd may be representative - even though it's also my implementation - the implementation does work for gajim and conversations, as well as wocky.

Neustradamus commented 4 years ago

@ortuman: Can you look for the problem with Jackal.im XMPP service?

Neustradamus commented 4 years ago

I have updated the main text with:

SCRAM-SHA-512(-PLUS): https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS): https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: https://tools.ietf.org/html/draft-melnikov-scram-2fa

If you want to add SCRAM-SHA3-512 now, you can ^^

Neustradamus commented 3 years ago

@rufferson: Can you test with the last Jackal IM? cc @ortuman.

rufferson commented 3 years ago

seems my old account (ruff) was recycled and i have no idea how to create a new one. Server does not allow inband registration and I couldn't find out of band one.

Neustradamus commented 3 years ago

@ortuman can you see with @rufferson? With Jackal 0.50.0 and jackal.im, you have closed registration and removed accounts?

https://github.com/ortuman/jackal/releases/tag/v0.50.0

ortuman commented 3 years ago

In-Band Registration was disabled and removed from the list of supported XEP to avoid malicious entities to register at will.

@rufferson could you provide me with an email/JID address to be able to register a user in jackal.im?

rufferson commented 3 years ago

It was ruff@jackal.im earlier but it's just for a test so any will do. The mail is me @ ruff.mobi

rufferson commented 3 years ago

Thanks, that worked. So here's example of wocky with glib2.66 (no binding support)

(telepathy-gabble:324656): wocky-DEBUG: 16:11:03.908: xmpp_init_recv_cb: ../subprojects/wocky/wocky/wocky-connector.c:1151: TLS Negotiated: received XMPP version=1.0 stream open from server
(telepathy-gabble:324656): wocky-DEBUG: 16:11:03.908: xmpp_init_recv_cb: ../subprojects/wocky/wocky/wocky-connector.c:1170: waiting for feature stanza from server
(telepathy-gabble:324656): wocky-DEBUG: 16:11:03.908: xmpp_features_cb: ../subprojects/wocky/wocky/wocky-connector.c:1265: received feature stanza from server
(telepathy-gabble:324656): wocky-DEBUG: 16:11:03.908: sasl_request_auth: ../subprojects/wocky/wocky/wocky-connector.c:1394: handing over control to SASL module
(telepathy-gabble:324656): wocky-DEBUG: 16:11:03.908: wocky_tls_get_cb_data: ../subprojects/wocky/wocky/wocky-sasl-auth.c:766: Requested binding type[2] is not supported
(telepathy-gabble:324656): gabble-DEBUG: 16:11:03.908: gabble_server_sasl_channel_start_auth_async (../src/server-sasl-channel.c:836): Starting authentication
(telepathy-gabble:324656): gabble-DEBUG: 16:11:03.915: gabble_server_sasl_channel_start_mechanism_with_data (../src/server-sasl-channel.c:547): Starting X-TELEPATHY-PASSWORD authentication with 16 bytes of initial data
(telepathy-gabble:324656): wocky-DEBUG: 16:11:03.915: wocky_auth_registry_select_handler: ../subprojects/wocky/wocky/wocky-auth-registry.c:325: Choosing SCRAM-SHA-512-PLUS as auth mechanism

here wocky selects strongest algo but binding is not supported so it uses classic non-binding neg (gs2=n,,) With binding I'm getting auth-fail though:

(telepathy-gabble:394686): wocky-DEBUG: 23:30:47.555: wocky_tls_get_cb_data: ../subprojects/wocky/wocky/wocky-sasl-auth.c:724: Got 48 bytes of cb data
(telepathy-gabble:394686): wocky-DEBUG: 23:30:47.555: wocky_sasl_auth_authenticate_async: ../subprojects/wocky/wocky/wocky-sasl-auth.c:810: Using TLS Channel Binding Data: dc30tobw4mRtFgtrFznvVOXfmRdyOaAmJjyMtYY+hQv+D0k/6tgYDuqWyiOoBb6G
(telepathy-gabble:394686): gabble-DEBUG: 23:30:47.555: gabble_server_sasl_channel_start_auth_async (../src/server-sasl-channel.c:836): Starting authentication
(telepathy-gabble:394686): gabble-DEBUG: 23:30:47.571: gabble_server_sasl_channel_start_mechanism_with_data (../src/server-sasl-channel.c:547): Starting X-TELEPATHY-PASSWORD authentication with 16 bytes of initial data
(telepathy-gabble:394686): wocky-DEBUG: 23:30:47.571: wocky_auth_registry_select_handler: ../subprojects/wocky/wocky/wocky-auth-registry.c:325: Choosing SCRAM-SHA-512-PLUS as auth mechanism
(telepathy-gabble:394686): wocky-DEBUG: 23:30:47.571: _write_node_tree: Serializing tree:
* auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' xmlns:wocky-zb='http://www.google.com/talk/protocol/auth' wocky-zb:client-uses-full-bind-result='true' mechanism='SCRAM-SHA-512-PLUS'
    "cD10bHMtdW5pcXVlLCxuPXJ1ZmYscj1qbDZtM3hmYUdvNWNLZUNGYmUyaTFjODdRcExmZUxZZ2g2b1lubk1aRzZrPQ=="
...
(telepathy-gabble:394686): wocky-DEBUG: 23:30:47.876: _write_node_tree: Serializing tree:
* response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
    "Yz1jRDEwYkhNdGRXNXBjWFZsTEN4MXpmUzJodkRpWkcwV0Myc1hPZTlVNWQrWkYzSTVvQ1ltUEl5MWhqNkZDLzRQU1QvcTJCZ082cGJLSTZnRnZvWT0scj1qbDZtM3hmYUdvNWNLZUNGYmUyaTFjODdRcExmZUxZZ2g2b1lubk1aRzZrPS03MDE4MWNlZS1kNzI0LTQxZTktODNiNi00MzFjNmEwMzQxMGUscD1ic2Zzak1pejlSU0ZaR1kvL0VYVlBSbllKSHFleTdSUk9saGZQbk9yUDJZZEhZdSsrdjJtMVFLdUhXQmZFdWFGc2VycFpEWHZNbVVsY1FDTlZ3Z1FHdz09"
(telepathy-gabble:394686): wocky-DEBUG: 23:30:47.876: Writing xml: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Yz1jRDEwYkhNdGRXNXBjWFZsTEN4MXpmUzJodkRpWkcwV0Myc1hPZTlVNWQrWkYzSTVvQ1ltUEl5MWhqNkZDLzRQU1QvcTJCZ082cGJLSTZnRnZvWT0scj1qbDZtM3hmYUdvNWNLZUNGYmUyaTFjODdRcExmZUxZZ2g2b1lubk1aRzZrPS03MDE4MWNlZS1kNzI0LTQxZTktODNiNi00MzFjNmEwMzQxMGUscD1ic2Zzak1pejlSU0ZaR1kvL0VYVlBSbllKSHFleTdSUk9saGZQbk9yUDJZZEhZdSsrdjJtMVFLdUhXQmZFdWFGc2VycFpEWHZNbVVsY1FDTlZ3Z1FHdz09</response>
(telepathy-gabble:394686): wocky-DEBUG: 23:30:48.093: Parsing chunk: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
(telepathy-gabble:394686): wocky-DEBUG: 23:30:48.093: _end_element_ns: Received stanza
* failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
    * not-authorized
(telepathy-gabble:394686): wocky-DEBUG: 23:30:48.093: auth_failed: ../subprojects/wocky/wocky/wocky-sasl-auth.c:285: Authentication failed!: Authentication failed: not-authorized

Neustradamus commented 2 years ago

@rufferson: It is official for TLS 1.3 Binding!

RFC 9266: Channel Bindings for TLS 1.3: https://tools.ietf.org/html/rfc9266

TelepathyIM / wocky

SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) supports #2