Closed Neustradamus closed 8 months ago
FYI I've added SCRAM-SHA-256 and SCRAM-SHA-512 support in https://github.com/sjaeckel/libstrophe/tree/refactor-scram
Waiting for #138 to open a PR
I pushed @sjaeckel implementation of SCRAM-SHA-256/512 to a branch: https://github.com/strophe/libstrophe/tree/refactor-scram . Can anyone check it, because I don't have access to a server with these mechanisms?
@pasis: Thanks a lot for SCRAM-SHA-256 and SCRAM-SHA-512 from @sjaeckel.
Now it is a good point for other SCRAM too.
For test, there is:
cc @maranda
@pasis thanks a lot for the heavy lifting!
Do you want to continue on the PLUS variants or should I?
@sjaeckel , I don't have time in the near future, so you can proceed with it if you want. The thing is that you will need support from TLS modules. You can implement it for openssl and leave a stub for other modules. PLUS variants should fail if TLS module doesn't support required functionality.
I fixed few bugs in current implementation. SCRAM-SHA-256 seems working, however, SCRAM-SHA-512 still fails.
@maranda: What do you think about SCRAM-SHA-512? Maybe linked to QXmpp, @jlaine have spoken here: https://github.com/qxmpp-project/qxmpp/issues/177
@pasis: Can you test with jackal.im? It is based on Jackal XMPP server: https://github.com/ortuman/jackal/ cc: @ortuman
@Neustradamus , when I checked last time, jackal.im didn't have support of SCRAM-SHA-512. Maximum SCRAM-SHA-256.
As an option, I can disable SCRAM-SHA-512 for now.
@ortuman: Can you look the problem? It is very important!
š Sorry for the late reply!
After implementing SCRAM-SHA-512 i forgot to enable it on jackal.im
š¤¦āā
Now it's ready š
<stream:features version="1.0">
<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<mechanism>PLAIN</mechanism>
<mechanism>DIGEST-MD5</mechanism>
<mechanism>SCRAM-SHA-1</mechanism>
<mechanism>SCRAM-SHA-1-PLUS</mechanism>
<mechanism>SCRAM-SHA-256</mechanism>
<mechanism>SCRAM-SHA-256-PLUS</mechanism>
<mechanism>SCRAM-SHA-512</mechanism>
<mechanism>SCRAM-SHA-512-PLUS</mechanism>
</mechanisms>
<register xmlns="http://jabber.org/features/iq-register"/>
</stream:features>
I found why SHA512 failed - there were 2 errors:
After fixing the issues I managed to log into jackal.im with SCRAM-SHA-512.
However, lightwitch.org authentication still fails. When I try to set blocksize to 64 (which is incorrect), I can log into lightwitch.org. So, there must be a bug in HMAC implementation there. I created a PR to fix it: maranda/metronome#497
@pasis: Have you progressed? Metronome has been solved :) Thanks a lot.
SCRAM-SHA-256 and SCRAM-SHA-512 are in master. Thanks to @sjaeckel for the implementation.
Thanks a lot for finishing up!
@pasis, @sjaeckel: It is possible to add -PLUS variants and SCRAM-SHA-224(-PLUS) and SCRAM-SHA-384(-PLUS) too?
I had a look today for the 224&384 variants and I'm strongly opposing adoption of those, and I kindly ask you to stop pushing others for their adoption, since they are not standardized!
I agree with @sjaeckel, we don't need 224&384 at this point. I tried to read about -PLUS variants, but not ready to implement them yet - need more time to find info. Unfortunately, I can't effort much time now.
Thanks a lot to @sjaeckel and @pasis for SCRAM-SHA-256 and SCRAM-SHA-512 in libstrophe 0.10.0.
Hope the last part "-PLUS" variants one day...
@sjaeckel and @pasis: For your informations:
SCRAM-SHA-512(-PLUS):
SCRAM-SHA3-512(-PLUS):
@sjaeckel, @pasis: What do you think? I have found it:
Links:
Good news!
It is official, it is here: RFC 9266: Channel Bindings for TLS 1.3:
@Neustradamus I'm currently implementing the -PLUS
variants.
Do you remember maybe already having a discussion in the past about the ranking on which should be preferred over another mechanism, besides what's stated in RFC8600:
[...] When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]).
FMU this means SHA256-PLUS > SHA256 > SHA1-PLUS > SHA1
but shouldn't the ranking better be SHA256-PLUS > SHA1-PLUS > SHA256 > SHA1
?
Side-note: after reading the comments on the SHA[3]-512
drafts I changed my opinion on those drafts from neutral to strongly opposing their adoption as an RFC and I'm considering the removal of support for SHA512
.
@sjaeckel: Nice! :)
Little details, to know easily:
To have a full compatibility...
The problem is that there is an expired I-D draft:
SCRAM-SHA-512(-PLUS) is already used by several projects and SCRAM-SHA3-512(-PLUS) too.
It will be published soon... and it is in SCRAM-BIS and SCRAM-2FA too.
The problem is that there is an expired I-D draft:
Thanks, that's the pointer that I needed and @samwhited also put the order as I expected.
SCRAM-SHA-512(-PLUS) is already used by several projects and SCRAM-SHA3-512(-PLUS) too.
It will be published soon... and it is in SCRAM-BIS and SCRAM-2FA too.
I'll wait until they're in an RFC.
@sjaeckel: I do not know when it will be released... but if you want compatibility with others...
Pretty much everyone that supports SCRAM supports SCRAM-SHA-1 and SCRAM-SHA-256, that is all you need for near-universal compatibility. Furthermore, there is no known benefit to SCRAM-SHA-512 over the SHA-256 variant at this time. Stop spamming every issue tracker trying to get people to support SCRAM-SHA-512 without thinking things through properly first. A bigger number is not "better", and it's a perfectly reasonable choice for the author to wait for the RFC to be reviewed before implementing it.
@sjaeckel: Good job! :)
Only one remark, can you add "tls-server-end-point" support too?
It is needed for security and for example here (In more RFCs):
There is a talk about it on Standards ML:
Thanks in advance.
After:
EDIT done by @sjaeckel and @pasis:
Commits:
Can you add supports of:
You can add too:
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS): -- https://tools.ietf.org/html/rfc5802 -- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS): -- https://tools.ietf.org/html/rfc7677 since 2015-11-02 -- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
SCRAM BIS: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: -- https://tools.ietf.org/html/draft-melnikov-scram-bis
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
IMAP:
LDAP:
HTTP:
2FA:
IANA:
Linked to: