Hy,
over the last days I have implemented SCRAM-SHA-1 in Dovecot's 2.1 branch. It does not do SCRAM-SHA-1-PLUS, but should be extendable enough to introduce it later.
There are some checks for the message format which (assuming the client acts correclty) are not strictly necessary during parsing. This is partially in the hope that it might aid client implementers, partially because it (IMHO) improves readability when checking against the RFC.
Also errors found in this way could be sent to the client, this is however strictly OPTIONAL in the RFC, for now they are just logged.
Some of the variable names are rather long. This is in order to have them match the terms introduced in the RFC, again I expect it to help readability (maybe my recent Objective-C programming showing though).
I do feel somewhat insecure about my usage of some lib functions. Hopefully no API has been abused too much.
I also note that there are a lot of fields in the scram_auth_request struct. I think they are all there for a reason, however feel free to prove me wrong.
Attached is a hg export. It also includes a hmac-sha1 implementation, an adaption off of the hmac-md5 implementation already in Dovecot. I guess those should eventually be merged into a hash-independent hmac implementation, but I figured this would have to do for now.
The implementation has been tested against GNU SASL and does appear to
work fine. (The command line was gsasl -m SCRAM-SHA-1 -a user -p pass --imap host for those curious)
Regards Florian "Florob" Zeitz