Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for XEP-0227 r1.1 #3676

Closed
mwild1 opened this issue Sep 12, 2021 · 8 comments
Closed

Add support for XEP-0227 r1.1 #3676

mwild1 opened this issue Sep 12, 2021 · 8 comments
Assignees

Comments

@mwild1
Copy link

mwild1 commented Sep 12, 2021

XEP-0227 (import/export format) was previously lacking standards for a number of features - SCRAM, PEP and MAM. The latest update to XEP-0227 (rev 1.1) addresses that, and this version is now implemented in Prosody.

Both ejabberd and Prosody previously supported exporting SCRAM credentials for example, but were using different non-interoperable formats. Hopefully we can make such issues a thing of the past :)

@badlop
Copy link
Member

badlop commented Sep 22, 2021

That old-school scram export was implemented in eb52c11 and I have no idea where it came from.

Anyway, I've updated ejabberd_piefxis to export using XEP format, and accept as import both XEP and old-school.

Something like this can be imported now (the password for user-oldscram is "oldscram", for user-scram is "scram", and for user-scram256 is "scram256"). When exporting, ejabberd no longer uses the oldscram format.

<?xml version='1.0' encoding='utf-8'?>
<server-data xmlns='urn:xmpp:pie:0'
             xmlns:xi='http://www.w3.org/2001/XInclude'>
  <host xmlns='urn:xmpp:pie:0'
        xmlns:xi='http://www.w3.org/2001/XInclude'
        jid='localhost'>
    <user name='user-nopass' />
    <user name='user-plain'
          password='plain' />
    <user name='user-oldscram' password='scram:ZzAyeGQ5NEpoSUlONFVONklRbWtNNWgwY2hNPQ==,dHJmM2VHbGRiTC9ldDNWUm11NzFnTVh2dGk4PQ==,YjJLZDJVbWFQNVpCcVdZemJsNDNlQT09,4096' />
    <user name='user-scram'>
      <scram-credentials xmlns='urn:xmpp:pie:0#scram'
                         mechanism='SCRAM-SHA-1'>
        <iter-count>4096</iter-count>
        <salt>ekErUlBmR00yc2xIbi9Nd3BRNkFadz09</salt>
        <server-key>dU4rWXVnbENvc0RjWFZZVk94dUg3emtqVnpzPQ==</server-key>
        <stored-key>akxQUE5HK0pSamt6STZFSTRjMk9RT05JNU40PQ==</stored-key>
      </scram-credentials>
    </user>
    <user name='user-scram256'>
      <scram-credentials xmlns='urn:xmpp:pie:0#scram'
                         mechanism='SCRAM-SHA-256'>
        <iter-count>4096</iter-count>
        <salt>T2laZTZGOUl1QTlEUjhlWFBraHFpZz09</salt>
        <server-key>V1RxRGx4VXJWN002UGhnVGtsSXhGN3ZuSHFPa1BpN0hGd0VYdVpjdzdtdz0=</server-key>
        <stored-key>dHByaXhXTjlYRkRNMklIdTFHaXhVaHh1SktJVm9wUUE1OVl2U1hvZ0tLbz0=</stored-key>
      </scram-credentials>
    </user>
  </host>
</server-data>

@badlop badlop added this to the ejabberd 21.xx milestone Sep 22, 2021
@badlop
Copy link
Member

badlop commented Sep 22, 2021

@mwild1 What is the plaintext password of the SCRAM provided in https://xmpp.org/extensions/xep-0227.html#example-4 ? Describing that would allow developers to test their implementations

@mwild1
Copy link
Author

mwild1 commented Sep 22, 2021

There isn't one, those are dummy values. In general I think it would be good to have a test file for interoperability testing. For starters, I'll generate an export from Prosody's implementation and send it to you (I would do so right now but I already found a bug in the output ;) ).

@Neustradamus
Copy link
Contributor

@badlop: Thanks a lot for your improvements! :)

@Neustradamus
Copy link
Contributor

@badlop: It can be updated or archived?

@badlop
Copy link
Member

badlop commented Sep 23, 2021

The User Import/Export Plugin plugin is more updated, and its documentation says:

XEP-0227 Compliance - Both Import and Export have an option to enable to use the format as defined in XEP-0227. This format is intended as a Portable Import/Export Format for XMPP-IM Servers.

So probably https://github.com/processone/openfire-export can point that plugin, and get archived.

@badlop
Copy link
Member

badlop commented Oct 4, 2021

PR here: processone/openfire-export#1

@badlop badlop modified the milestones: ejabberd 21.12, ejabberd 22.xx Dec 9, 2021
@badlop badlop closed this as completed Dec 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants