[GODRIVER-216] SCRAM-SHA-256 Support Created: 02/Feb/18  Updated: 04/Dec/23  Resolved: 10/Aug/18

Status: Closed
Project: Go Driver
Component/s: Authentication
Affects Version/s: None
Fix Version/s: 0.0.12

Type: New Feature Priority: Major - P3
Reporter: Rathi Gnanasekaran Assignee: David Golden
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by DRIVERS-439 SCRAM-SHA-256 Support Closed
Duplicate
is duplicated by GODRIVER-367 Update SCRAM-SHA-256 implementation a... Closed
Related
is related to GODRIVER-3062 Scram Authenticator will add password... Closed
Epic Link: GODRIVER MongoDB 4.0 Support

 Description   

The next version of MongoDB will include SCRAM-SHA-256 as an authentication type. This is defined in RFC 7677. The sample conversation from the RFC is:

 This is a simple example of a SCRAM-SHA-256 authentication exchange... The username
   'user' and password 'pencil' are being used
 
   C: n,,n=user,r=rOprNGfwEbeRWgbNEkqO
 
   S: r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,
      s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096
 
   C: c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,
      p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=
 
   S: v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=

In advance of updates to the Auth spec, which will include additional details of mechanism negotiation and user/password normalization (see DRIVERS-444), all drivers should take steps now to ensure their SCRAM libraries are capable of operating in SHA-256 mode, using the sample conversation for verification. (You'll need for force the client nonce to be "rOprNGfwEbeRWgbNEkqO" for the test conversation to work.)



 Comments   
Comment by Githook User [ 10/Aug/18 ]

Author:

{'name': 'David Golden', 'email': 'xdg@xdg.me', 'username': 'xdg'}

Message: GODRIVER-216 Add SCRAM-SHA-256 and negotiation testing

Change-Id: Ie0fbcad1c6c3b4253a29735dd764b635ad507ac6
Branch: master
https://github.com/mongodb/mongo-go-driver/commit/1f112eb435c13277350436a7737d4ced5870b657

Comment by David Golden [ 30/Apr/18 ]

It might have to wait until after the 4.0 GA, but I'd be happy to write a patch at some point.

Comment by David Golden [ 09/Feb/18 ]

The existing SCRAM library needs to be amended to make the choice of hash function pluggable.

We also need to add SASLprep support, but we'll do that in a separate ticket.

Generated at Thu Feb 08 08:33:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.