Both are using global gc'd memory and can't be used in threads.
The problem is in here:

let
  SERVER_FIRST_MESSAGE = peg"'r='{[^,]*}',s='{[^,]*}',i='{\d+}$"
  SERVER_FINAL_MESSAGE = peg"'v='{[^,]*}$"

The above type definition keeps the UserData fields private. In case the server wants to store the user data instead of the password in clear text, it cannot get the UserData values from the above type.

I suggest those fields be marked public or a function be added to access or serialize them.

The function to create a UserData object from these values already exists.

Thanks alot.

after fixing #5 I get:

scram/scram/private/utils.nim(17, 13) Error: undeclared identifier: 'MD5Digest'

this causes SSPkrolik/nimongo#56

rnim scram/private/utils.nim
nim c --nimcache:/tmp/nim//nimcache/ -o:/tmp/nim//app -r scram/private/utils.nim
Hint: used config file '/Users/timothee/git_clone/nim/Nim/config/nim.cfg' [Conf]
Hint: used config file '/Users/timothee/.config/nim/nim.cfg' [Conf]
Hint: used config file '/Users/timothee/.config/nim/config.nims' [Conf]
/Users/timothee/.config/nim/config.nims [config.nims used]
/Users/timothee/git_clone/nim/scram/scram/private/utils.nim(16, 1) template/generic instantiation from here
/Users/timothee/git_clone/nim/scram/scram/private/utils.nim(17, 13) Error: undeclared identifier: 'MD5Digest'
    when T is MD5Digest:
              ^

The current release is incompatible with Nim 0.19.0 due to SystemError - thanks

Mind adding a 0.1.10 release? The latest 0.1.9 release does not work with the newly released Nim version 1.2. However, the most recent commits fix the compatibility issues.

So, a new release will let nimble users see the compatible code.

And, for me, this would allow my mongopool library to require scram 0.1.10 which brings mongopool up to 1.2 compatibility also.

I'm having considerable problems with the 'nimongo' library, which uses scram.nim for generating the authentication messages back and forth during SCRAM-SHA-1 authentication. I've created 3 accounts on different public MongoDB providers and am seeing the same problem with all three.

So, I dove down and started doing diagnostics; added "echo" statements all over the place to deduce the point of failure.

The information received back from prepareFinalMessage is being rejected by the servers.

I went ahead and found an equivalent algo on a python library and compared the results. Given the same password digest and first message (the unencoded payload), the python library returns a different result.

Looking even deeper, the python equivalent of line 55's:

saltedPassword = hi[T](password, salt, iterations)

is also returning a different result given the exact same inputs.

So, I was wondering if you are seeing any different behavior of the library when compiled with Nim's most recent standard libraries. (Among other things, the 'std/sha1' algorithm was changed completely back on October 9, 2018.)

I'll still keep looking for answers; but I figured I'd ask. Unfortunately the library does not have any unit tests to check against. I might do a PR with some once I get my bearings. Right now I've been diagnosing this for over 12 hours and my eyes are losing focus.

(Off-topic, sort of: on line 15 of utils.nim, the salt is appended with a 00 00 00 01. I assume this is because MongoDB tends to send a salt of 16 bytes instead of 20? Also, why the 01 at the end? I was under the impression that the algo called for all-zeroes for salt padding.)

In more SHA-1/SHA-256/SHA-512, can you add SHA-224/SHA-384 and SHA3-512?

And do not forget -PLUS variants for all?

Can you list:

• RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: https://tools.ietf.org/html/rfc5802
• RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms: https://tools.ietf.org/html/rfc7677

"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".

• SCRAM-SHA-1(-PLUS):
  -- https://tools.ietf.org/html/rfc5802
  -- https://tools.ietf.org/html/rfc6120

• SCRAM-SHA-256(-PLUS):
  -- https://tools.ietf.org/html/rfc7677 since 2015-11-02
  -- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA

• SCRAM-SHA-512(-PLUS):
  -- https://tools.ietf.org/html/draft-melnikov-scram-sha-512

• SCRAM-SHA3-512(-PLUS):
  -- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512

https://xmpp.org/extensions/inbox/hash-recommendations.html

-PLUS variants:

• RFC5056: On the Use of Channel Bindings to Secure Channels: https://tools.ietf.org/html/rfc5056
• RFC5929: Channel Bindings for TLS: https://tools.ietf.org/html/rfc5929
• Channel-Binding Types: https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml
• RFC 9266: Channel Bindings for TLS 1.3: https://tools.ietf.org/html/rfc9266

LDAP:

• RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets: https://tools.ietf.org/html/rfc5803

HTTP:

• RFC7804: Salted Challenge Response HTTP Authentication Mechanism: https://tools.ietf.org/html/rfc7804

2FA:

• Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: https://tools.ietf.org/html/draft-melnikov-scram-2fa

IANA:

• Simple Authentication and Security Layer (SASL) Mechanisms: https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml

Linked to:

• scram-sasl/info#1