[jdev] sasl digest-response

Asia Gąsiewska gasiewska at wp.pl
Sun Apr 23 13:51:34 CDT 2006

Thank you so much for the explaination. I have changed all the values to binary and the charset sent is utf-8 so the problem with my code was not as I thought with the encoding. However still I receive a response of a failure which is not very helpful and I don't know what to do. I am not sure if I correctly understand how to compute the response value which is probably the cause of this.
According to the formulea in rfc2831

Let { a, b, ... } be the concatenation of the octet strings a, b, ...
   Let H(s) be the 16 octet MD5 hash [RFC 1321] of the octet string s.
Let KD(k, s) be H({k, ":", s}), i.e., the 16 octet hash of the string
   k, a colon and the string s.

response-value  =
HEX( KD ( HEX(H(A1)),
                 { nonce-value, ":" nc-value, ":",
                   cnonce-value, ":", qop-value, ":", HEX(H(A2)) }))
 A1 = { H( { username-value, ":", realm-value, ":", passwd } ),
           ":", nonce-value, ":", cnonce-value }

If the "qop" directive's value is "auth", then A2 is:

      A2       = { "AUTHENTICATE:", digest-uri-value }

   If the "qop" value is "auth-int" or "auth-conf" then A2 is:

      A2       = { "AUTHENTICATE:", digest-uri-value,
               ":00000000000000000000000000000000" }

what I did was
1.concatenated strings username-value, ":", realm-value, ":", passwd  and changed to bytes and made a hash md5 from this returning bytes 
2. changed the concatenated strings  ":", nonce-value, ":", cnonce-value to bytes 
3 glued bytes from 1 and 2 => A1
4.hased A1 bytes and converted to hexadecimal =>HEX(H(A1))
5.computed a2 string concatenating "AUTHENTICATE:", digest-uri-value    and converted to bytes, hashed them and converted to hexadecimal =>HEX(H(A2))
6. connected string HEX(H(A1)) with : and concatenation of (nonce-value, ":" nc-value, ":", cnonce-value, ":", qop-value, ":" and  HEX(H(A2))) converted this big resulting string to bytes and hashed them and converted to hexadecimal form

Is this how it should work? Thank you for help in advance.
Joanna Gąsiewska

Dnia 23-04-2006 o godz. 12:43 Bruce Campbell napisał(a):
> On Sat, 22 Apr 2006, [ISO-8859-2] Asia G?siewska wrote:
> > during digest- response. After reading RFC2831 I just don' t 
> understand 
> > this part:
> >
> > passwd   = *OCTET
> >
> >   The "username-value", "realm-value" and "passwd" are encoded
> >   according to the value of the "charset" directive. If "charset=UTF-8"
> >   is present, and all the characters of either "username-value" or
> >   "passwd" are in the ISO 8859-1 character set, then it must be
> >   converted to ISO 8859-1 before being hashed.
> >
> > What does it mean *OCTET
> '*OCTET' - as many octets (bytes, 8 bits) as required for the password.
> > and should I change everything everytime to iso 
> > 8859-1 ?
> The whole reference to ISO 8859-1 is to maintain compatibility with 
> HTTP. 
> The way it works is that for the 'username-value' and 'password' fields, 
> you scan through the field looking for any characters that are _not_ in 
> ISO 8859-1 .  If there are no characters outside ISO 8859-1 in the 
> field, 
> you send that field in ISO 8859-1, assuming that the value of the 
> 'charset' directive is 'ISO 8859-1' for that specific field.
> So, if you have a username of 'ez$' with a password of 'Ą$˘Ł??' (Yen 
> Dollar Cents Pounds Francs Euro), the 'username-value' only contains 
> characters in ISO 8859-1, and should be sent in ISO 8859-1.  The 
> 'password' contains characters outside of ISO 8859-1, and should be sent 
> in 'UTF-8', _but_ only if the 'charset' directive is already set to 
> 'UTF-8'.
> Section 8 of 2831 contains a snippet of C which will do all of this for 
> you.
> -- 
>    Bruce Campbell

Koncert zespołu TOOL! 
24 czerwca w katowickim Spodku!

More information about the JDev mailing list