SASLError using SCRAM-SHA-1: malformed-request

Grigory_Fedorov · February 7, 2017, 3:17pm

Problem connecting to some servers (usually Prosody):

2017-02-07_19-59-35 D/org.jivesoftware.smack.tcp.XMPPTCPConnection﹕ Established TCP connection to /178.33.214.172 at port 5222

2017-02-07_19-59-35 D/Smack﹕ SENT (5): <stream:stream xmlns=‘jabber:client’ to=‘basket.coach’ xmlns:stream=‘http://etherx.jabber.org/streams’ version=‘1.0’ from=‘grigory.fedorov@basket.coach’ xml:lang=‘en’>

2017-02-07_19-59-35 D/Smack﹕ RECV (5):

<?xml version='1.0'?>

<stream:stream

xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='basket.coach' id='2690a6ae-7793-4866-8f40-d48040958b3e' version='1.0'

xmlns=‘jabber:client’>

stream:features

     <c hash='sha-1' ver='bXs8XrxSU/TgUFllka/SnDFVjgQ=' node='http://prosody.im' xmlns='http://jabber.org/protocol/caps'/>

    <register xmlns='http://jabber.org/features/iq-register'/>

</stream:features>

2017-02-07_19-59-35 D/Smack﹕ SENT (5):

2017-02-07_19-59-35 D/Smack﹕ RECV (5):

2017-02-07_19-59-35 D/Smack﹕ SENT (5): <stream:stream xmlns=‘jabber:client’ to=‘basket.coach’ xmlns:stream=‘http://etherx.jabber.org/streams’ version=‘1.0’ from=‘grigory.fedorov@basket.coach’ xml:lang=‘en’>

2017-02-07_19-59-35 D/Smack﹕ RECV (5):

<?xml version='1.0'?>

<stream:stream

xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='basket.coach' id='46b0b0db-dba0-4517-9db4-1fea9c4c38c9' version='1.0'

xmlns=‘jabber:client’>

stream:features

<mechanisms

xmlns=‘urn:ietf:params:xml:ns:xmpp-sasl’>

PLAIN

SCRAM-SHA-1

SCRAM-SHA-1-PLUS

    <c hash='sha-1' ver='bXs8XrxSU/TgUFllka/SnDFVjgQ=' node='http://prosody.im' xmlns='http://jabber.org/protocol/caps'/>

    <auth mlns='http://jabber.org/features/iq-auth'/>

</stream:features>

2017-02-07_19-59-35 D/Smack﹕ SENT (5): eSwsbj1ncmlnb3J5LmZlZG9yb3Yscj1aOUNlSSJ9NicxO0tJJnVMe2h IdC5Saj1naG9Bczx7KA==

2017-02-07_19-59-36 D/Smack﹕ RECV (5):

2017-02-07_19-59-36 org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: malformed-request

2017-02-07_19-59-36 org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthenticati on.java:290)

2017-02-07_19-59-36 org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1081)

2017-02-07_19-59-36 org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPCon nection.java:980)

2017-02-07_19-59-36 org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:995)

Flow · February 7, 2017, 8:26pm

Which Smack version is it? Sounds like [SMACK-735] Smack sometimes sends invalid SCRAM-SHA1 nonce - IgniteRealtime JIRA

Grigory_Fedorov · February 8, 2017, 6:23am

It is Smack 4.2.0-rc3-SNAPSHOT.

Flow · February 8, 2017, 4:56pm

And do I see that correctly: Is there a space in the base64 string?

Grigory_Fedorov · February 8, 2017, 5:19pm

In this quote it seems so, but I removed original log. I tried to reproduce but could not - no spaces anymore.

Grigory_Fedorov · March 17, 2017, 7:56am

Created issue on Prosody bug tracker #854 SCRAM-SHA-1 malformed request (open) - Prosody IM Issue Tracker

Flow · March 17, 2017, 6:18pm

Do you blacklist or explicitly enable only some mechanisms?

Grigory_Fedorov · March 17, 2017, 6:43pm

I have an option to enable only plain auth, but it is not on. If it’s on everything is ok (authorize using plain on Prosody).

If it is off I explicitly unblacklist all mechanisms.

xabber-android/ConnectionBuilder.java at develop · redsolution/xabber-android · GitHub

I think I will get read of this blacklisting, but I seems not disturbing here.

Flow · March 18, 2017, 11:49am

I think I found the bug: Both, SCRAM-SHA-1 and SCRAM-SHA-1-PLUS have the same priority, therefore Smack’s SASL mechanism selection code eventually does not use -PLUS.

Flow · March 18, 2017, 12:16pm

Created https://issues.igniterealtime.org/browse/SMACK-749

Grigory_Fedorov · March 29, 2017, 7:46am

Seems, that issue fixed in latest 4.2.1-snapshot
Thanks a lot!