This code snippet is able to generate a scram salted password 'hash' in the format and with the necessary information mongooseim expects when using http auth and scram. See http://stackoverflow.com/questions/35652435/mongooseim-ejabberd-http-auth-using-scram and http://mongooseim.readthedocs.org/en/1.6.1/advanced-configuration/HTTP-authenticatio…

gen_mongooseim_scram.py

# https://tools.ietf.org/html/rfc5802


import base64
import hashlib
import hmac
import sys
from passlib.hash import scram


# password_to_scram(Password, IterationCount) ->
#     Salt = crypto:rand_bytes(?SALT_LENGTH),
#     SaltedPassword = salted_password(Password, Salt, IterationCount),
#     StoredKey = stored_key(scram:client_key(SaltedPassword)),
#     ServerKey = server_key(SaltedPassword),
#     #scram{storedkey = base64:encode(StoredKey),
#            serverkey = base64:encode(ServerKey),
#            salt = base64:encode(Salt),
#            iterationcount = IterationCount}.
def main():
    rounds = 4096
    hash = scram.encrypt(sys.argv[1], rounds=rounds, salt_size=16)
    hash = scram.encrypt('1234', rounds=rounds, salt='salt')
    salt, iterations, salted_password = scram.extract_digest_info(hash, "sha-1")

    # server_key(SaltedPassword) ->
    # crypto:hmac(sha, SaltedPassword, <<"Server Key">>).
    server_key = hmac.new(key=salted_password, msg='Server Key', digestmod=hashlib.sha1).digest()

    # client_key(SaltedPassword) ->
    # crypto:hmac(sha, SaltedPassword, <<"Client Key">>).
    client_key = hmac.new(key=salted_password, msg='Client Key', digestmod=hashlib.sha1).digest()

    # StoredKey = stored_key(scram:client_key(SaltedPassword)),
    stored_key = hashlib.sha1(client_key).digest()

    result = '==SCRAM==,%s,%s,%s,%d' % \
          (base64.b64encode(stored_key), base64.b64encode(server_key), base64.b64encode(salt), rounds)

    print result

if __name__ == '__main__':
    main()