search

esl / escalus

An XMPP client library in Erlang for conveniently testing XMPP servers
Apache License 2.0
129 stars 76 forks source link

Scram update #223

Closed NelsonVides closed 4 years ago

NelsonVides commented 4 years ago

Here, a refactor on escalus scram and a bunch of SCRAM-SHA-XXX new methods :)

PD: Don't say anything about the hour, I needed so much to write some code to cope with the stress. I was missing this 😂

NelsonVides commented 4 years ago

Thanks for the changes! The code looks good to me but dialyzer has some objections. Did you have a chance to try the new auth methods with Tigase 8? From what I know this server supports SCRAM-SHA-256 method.

Will try Tigase, didn't think about it. Also, I have no idea what's wrong with dialyzer, it doesn't complain locally to me 🤷‍♂

NelsonVides commented 4 years ago

Dialyzer fixed, test with tigase done successfully. This was the configuration used to connect to tigase:

Specs =
     [{username, <<"tigase">>},
      {server, <<"localhost">>},
      {host, <<"127.0.0.1">>},
      {resource, <<"res1">>},
      {password, <<"123456">>},
      {carbons, false},
      {stream_management, false},
      {starttls, required},
      {auth, {escalus_auth, auth_sasl_scram_sha256}}].
escalus_connection:start(Specs).

🙂

Neustradamus commented 4 years ago

You can test with:

michalwski commented 4 years ago

Thanks for the tip @Neustradamus!

michalwski commented 4 years ago

I tested escalus implementation against lightwitch.org. Below there are steps I used:

  1. I registered an account on lightwitch.org
  2. I run this command to learn what is the address of XMPP service for lightwitch.org 
    
dig SRV _xmpp-client._tcp.lightwitch.org
; <<>> DiG 9.10.6 <<>> SRV _xmpp-client._tcp.lightwitch.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26720
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;_xmpp-client._tcp.lightwitch.org. IN SRV

;; ANSWER SECTION: _xmpp-client._tcp.lightwitch.org. 3599 IN SRV 10 0 5222 meaveen.lightwitch.org.

;; Query time: 165 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Mar 26 11:43:46 CET 2020 ;; MSG SIZE rcvd: 103

3. I learned that the XMPP server is running on address meaveen.lightwitch.org
4. In erlang shell (`rebar3 shell) I prepared the following helper fun returning connection spec (mind that my password was sanitized)
```erlang
Spec = fun(Auth) ->
    [{username, <<"michalwski">>},
     {server, <<"lightwitch.org">>},
     {host, <<"meaveen.lightwitch.org">>},
     {resource, <<"res1">>},
     {password, <<"THIS_IS_NOT_MY_REAL_PASSWORD">>},
     {carbons, false},
     {stream_management, false},
     {starttls, required},
     {auth, {escalus_auth, Auth}}]
end.
  1. I run the following escalus command for with these AuthMethod values: auth_scram_sha256, auth_scram_sha384, auth_scram_sha512 
    {ok, Client, _} = escalus_connection:start(Spec(AuthMethod)).

All methods worked as expected!

Neustradamus commented 4 years ago

Nice :) I do not know why there is not SCRAM-SHA-224 in Metronome IM, @maranda has removed maybe...