add scram auth

[mdosch]

• Fix syntax errors.
• gofmt
• Add SCRAM-SHA-1, SCRAM-SHA-256 and SCRAM-SHA-512 auth

[mattn]

Thanks. I'm okay to merge but, @Neustradamus Could you please review this?

[mdosch]

Thank you for considering to merge this. I tested all implemented SCRAM mechanisms (SCRAM-SHA-1 against prosody, ejabberd and openfire, SCRAM-SHA-256 and SCRAM-SHA-512 against ejabberd -- thx @weiss) and it's working.

On 02.03.2023 07:23, mattn wrote:

Thanks. I'm okay to merge but, @Neustradamus Could you please review this?

-- Reply to this email directly or view it on GitHub: https://github.com/mattn/go-xmpp/pull/147#issuecomment-1452049721 You are receiving this because you authored the thread.

Message ID: @.***>

[Neustradamus]

@mdosch: Excellent, thanks a lot! :)

Note that Prosody IM 0.12 has SCRAM-SHA-256 too:

• https://prosody.im/doc/release/0.12.0

In more ejabberd (-PLUS variants too), Openfire, and Prosody IM, there are 5 other XMPP servers:

DJabberd (Perl XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512 and -PLUS variants:

• https://github.com/search?q=repo%3Adjabberd%2FDJabberd+scram-sha-&type=code

Jackal (Go XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512/SCRAM-SHA3-512 and -PLUS variants:

• https://github.com/search?q=repo%3Aortuman%2Fjackal+scram&type=code

Metronome IM (Lua XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-384/SCRAM-SHA-512:

• https://github.com/search?q=repo%3Amaranda%2Fmetronome+scram&type=code

MongooseIM (Erlang XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-224/SCRAM-SHA-256/SCRAM-SHA-384/SCRAM-SHA-512 and -PLUS variants:

• https://github.com/search?q=repo%3Aesl%2FMongooseIM+scram&type=code

Tigase XMPP Server (Java XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512 and -PLUS variants:

• https://github.com/search?q=repo%3Atigase%2Ftigase-server+scram&type=code

@mattn: All my trust in @mdosch and @weiss.

Linked to:

• https://github.com/scram-sasl/info/issues/1

[mdosch]

Please note that @weiss was only offering me an account on a server with sha512 and sha256 SCRAM enabled for testing purposes. He was not involved in this PR and did not review any code.

Thanks for listing all those server implementations but I don't have accounts on all possible servers for testing and I would not enable SCRAM-SHA-256 on my own prosody as long as there is no upgrade path from SCRAM-SHA-1.

On 02.03.2023 10:28, Neustradamus wrote:

@mdosch: Excellent, thanks a lot! :)

Note that Prosody IM 0.12 has SCRAM-SHA-256 too:

• https://prosody.im/doc/release/0.12.0

In more ejabberd (-PLUS variants too), Openfire, and Prosody IM, there are 5 other XMPP servers:

DJabberd (Perl XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512 and -PLUS variants:

• https://github.com/search?q=repo%3Adjabberd%2FDJabberd+scram-sha-&type=code

Jackal (Go XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512/SCRAM-SHA3-512 and -PLUS variants:

• https://github.com/search?q=repo%3Aortuman%2Fjackal+scram&type=code

Metronome IM (Lua XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-384/SCRAM-SHA-512:

• https://github.com/search?q=repo%3Amaranda%2Fmetronome+scram&type=code

MongooseIM (Erlang XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-224/SCRAM-SHA-256/SCRAM-SHA-384/SCRAM-SHA-512 and -PLUS variants:

• https://github.com/search?q=repo%3Aesl%2FMongooseIM+scram&type=code

Tigase XMPP Server (Java XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512 and -PLUS variants:

• https://github.com/search?q=repo%3Atigase%2Ftigase-server+scram&type=code

@mattn: All my trust in @mdosch and @weiss.

Linked to:

• https://github.com/scram-sasl/info/issues/1

-- Reply to this email directly or view it on GitHub: https://github.com/mattn/go-xmpp/pull/147#issuecomment-1452343432 You are receiving this because you were mentioned.

Message ID: @.***>

[mdosch]

I also successfully tested SCRAM-SHA-512 with a metronome server now.

On 02.03.2023 10:28, Neustradamus wrote:

@mdosch: Excellent, thanks a lot! :)

Note that Prosody IM 0.12 has SCRAM-SHA-256 too:

• https://prosody.im/doc/release/0.12.0

In more ejabberd (-PLUS variants too), Openfire, and Prosody IM, there are 5 other XMPP servers:

DJabberd (Perl XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512 and -PLUS variants:

• https://github.com/search?q=repo%3Adjabberd%2FDJabberd+scram-sha-&type=code

Jackal (Go XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512/SCRAM-SHA3-512 and -PLUS variants:

• https://github.com/search?q=repo%3Aortuman%2Fjackal+scram&type=code

Metronome IM (Lua XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-384/SCRAM-SHA-512:

• https://github.com/search?q=repo%3Amaranda%2Fmetronome+scram&type=code

MongooseIM (Erlang XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-224/SCRAM-SHA-256/SCRAM-SHA-384/SCRAM-SHA-512 and -PLUS variants:

• https://github.com/search?q=repo%3Aesl%2FMongooseIM+scram&type=code

Tigase XMPP Server (Java XMPP Server) has SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512 and -PLUS variants:

• https://github.com/search?q=repo%3Atigase%2Ftigase-server+scram&type=code

@mattn: All my trust in @mdosch and @weiss.

Linked to:

• https://github.com/scram-sasl/info/issues/1

-- Reply to this email directly or view it on GitHub: https://github.com/mattn/go-xmpp/pull/147#issuecomment-1452343432 You are receiving this because you were mentioned.

Message ID: @.***>

[Neustradamus]

@mattn: When you will be ready, please take a new release build with this PR :)

[Neustradamus]

@mattn: Any news?

[mattn]

thanks. i'll tag tonight.

[Neustradamus]

@mattn: Thanks for the merging of this big @mdosch improvement!