-
Notifications
You must be signed in to change notification settings - Fork 196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SCRAM-SHA-1 + SCRAM-SHA-256 + SCRAM-SHA-512 + SCRAM-SHA3-512 supports #177
Comments
Do you plan to implement it or is this an "I would like this" issue? As there is no text in your issue it's hard to tell. |
For be simple: People request it ^^ |
Good, then "people" can start coding. |
I have a work-in-progress PR in #183 |
Nice :) |
The XEPs you linked don't deal with authentication, nor do they mention SCRAM-SHA-512. Instead of feeding me your shopping list, could you try the PR I linked against a server which supports SCRAM-SHA-1 and SCRAM-SHA-256 and confirm it actually works? |
List here: scram-sasl/info#1 |
SCRAM-SHA-1 and SCRAM-SHA-256 are in master. I was able to use SCRAM-SHA-1 on jabber.at, I haven't found a usable server for SCRAM-SHA-256 so I'll leave that up to you to test. As for the -PLUS variants I don't think QSslSocket has APIs allowing us to perform the required cryptographic binding. |
I can test the PR at the weekend. |
Cool. Some notes:
|
@jlaine Please do not close it before -PLUS variant and 512 part too... |
@Neustradamus please try to be a more considerate community member. Your messages come across as orders, you haven't demonstrated you are willing to do any work yourself and didn't read what I wrote:
The only difference of the -PLUS variants is that they establish a binding to the "channel" (in our case a TCP connection using TLS). As far as I can tell, the bindings we could use (see RFC 5929):
https://tools.ietf.org/html/rfc5929 Concerning SHA-384 and SHA-512 the only server which seems to support it is Metronome, and I'm getting an authentication error. In the absence of any test vectors, I cannot be sure whether the error is on my side or on the Metronome side. |
@maranda, can you look for the problem? |
On that I lost every hope years ago already. |
SHA-512 is in the XEP-0300 split: https://xmpp.org/extensions/inbox/hash-recommendations.html from https://xmpp.org/extensions/xep-0300.html. |
@Neustradamus as stated before you are confused. These hash recommendations are totally unrelated to authentication. @maranda right, I assumed as much, which is why we have no official test vectors to check whether our implementation is at fault or metronome. I performed I created a
As stated, SHA-1 and SHA-256 work fine. |
@jlaine not home so I can't properly check and might be wrong, but the digest lengths in that authentication flow look fairly short at a first glance to myself for SHA-512 at least. |
Un-base64'ing the messages it looks like: auth
challenge
response (64 byte client proof)
|
@jlaine the computed key from the client response doesn't match the one stored by Metronome, did run a manual test on the Lua interpreter, I think the provided proof might be incorrect:
I did hastily replicate a test to check, the computed key hash by Metronome based on the response is f635d29dd32bba8af657d275184f9016403e79439982976e26fcf497ed694ecccfb86c0512271269a02ddfa51fbf5c5083d3a1f387dadfc032babcc3e7883ddb while it should really be 04d73c64fec6daf49840d4b51282cf1d1f70a675d4ee65a7a7737374d1ec1026b778ad518838465a8fa51c6a50472fcf0e4c89dc15fc708d0fc04882608e988c … I don't think Metronome is at fault here but should you figure otherwise feel free to open an issue and I'll fix it as soon as possible. |
Your test doesn't tell me anything new, we already know that qxmpp and metronome's code don't agree, running it manually won't change that! ;) Edit: @maranda from what you pasted:
storedKey(qxmpp) hex 32265993c8de82798ad6d2a24a138a2a25382f0dec9a8c331caffbbd8e322a58439a652b3cf8cb3b46fd0f90dd75fdcca602a87bd52149ec14f6c75d6ac28bf8 storedKey(metronome) hex 04d73c64fec6daf49840d4b51282cf1d1f70a675d4ee65a7a7737374d1ec1026b778ad518838465a8fa51c6a50472fcf0e4c89dc15fc708d0fc04882608e988c serverKey(qxmpp) hex 8c649aaed019dce6472bf507c97827159206ae6acc0e816d54741d4780e45fc3fd7d753071aff3626842540a8bb84ad1bf9ff99bba64b7ac55bb2d6252521e77 serverKey(metronome) hex 447008be5d513472b66dc46e9fb7afbe0d3fe516cfffcdeaac4d77974d163ffa4e25827b4dadfa19ce96930d7e28ed09e9d2760e1246cad03362951707e0007a => I think things are diverging very early on, possibly during the PBKDF2 derivation. Here is my (hex) dump of 76ed8c5958a12c829a06da4f4c0fe344002bbd3d534b9ad3bba8c48db7873c4d290da244f8fabcab48b69ec5fdbc1d637eeed9f70197155123ee2dd17831322e |
@Neustradamus : re-read my comments, it is fundamentally not possible short of changing Qt |
RFC8600 has been published for SCRAM-SHA256(-PLUS) and for replace old SCRAM-SHA1(-PLUS) State of Play: scram-sasl/info#1 |
@jlaine: Can you test QXmpp (SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512) with Jackal XMPP Server and confirm if the problem is in Metronome IM?
Thanks a lot in advance. cc: @ortuman |
Dear @qxmpp-project team, @lnjX, @jlaine, @tehnick, @0xd34df00d, It is possible to comment this important Qt ticket about Channel Binding? It is to needed to have support of SCRAM-SHA-*-PLUS variants. Recently, we have seen the jabber.ru MITM:
Thanks in advance. |
Dear qxmpp-project team,
For more security, can you add supports of:
You can add too:
A "big" list has been done in last link of this ticket.
SCRAM-SHA-1(-PLUS):
SCRAM-SHA-256(-PLUS):
SCRAM-SHA-512(-PLUS):
SCRAM-SHA3-512(-PLUS):
SCRAM BIS: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms:
-PLUS variants:
IMAP:
LDAP:
HTTP:
JMAP:
2FA:
IANA:
Linked to:
The text was updated successfully, but these errors were encountered: