[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Digest-MD5 to Historic

To: ietf-sasl@xxxxxxx
Subject: Re: Digest-MD5 to Historic
From: "Frank Ellermann" <nobody@xxxxxxxxxxxxxxxxx>
Date: Wed, 5 Mar 2008 01:43:55 +0100
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Organization: <http://purl.net/xyzzy>
References: <ldvfxxzoouv.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <476AD3F5.9020400@xxxxxxxxx> <fop89f$6m2$1@xxxxxxxxxxxxx> <fpm5f5$53e$1@xxxxxxxxxxxxx>
Reply-to: "Frank Ellermann" <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

> it should be "algorithm" instead of "alg"

Plus s/authz/authzid/g, and a bunch of parameters I have
forgotten, <charset>, <stale>, <cipher>, <maxbuf>, maybe
more.  I also forgot to add a 2617-version of the example
in RFC 5034.

It is probably more straightforward to focus on one issue,
RFC 2617 and 2831 md5-sess are incompatible, see below for
a fresh and far shorter attempt.

Apparently DIGEST-MD5 is also used for BEEP.  How sure are
you that deprecating RFC 2831 is okay ?  Should RFC 2617
with its different md5-sess idea added to the registry of
SASL mechanisms under another name ?  

 Frank

-----------------------------------------------------------------
Omitting plausibility checks and parameter parsing, as well as
all details of  XURI = <method> ":" <uri> [":" <hash>]  the code
(here using REXX) for DIGEST-MD5 could be something like this:

   parse arg USER, PASS, REALM, NONCE, CNONCE, NC, QOP, XURI, ALG
   ALG = translate( ALG )        /* algorithm is case insensitive */

   HA1 = MD5(  USER || ':' || REALM || ':' || PASS )
   if ALG = 'MD5-SESS'  then  do
      HA1 = x2c( HA1 ) || ':' || NONCE || ':' || CNONCE
      if arg( 10, 'e' ) then  HA1 = HA1 || ':' || arg( 10 )
      HA1 = MD5( HA1 )           /* optional 10th arg.: AUTHZID   */
   end

   HA2 = MD5( XURI )             /* XURI incl. hash for auth-int  */
   TMP = NONCE                   /* 2069 compatibility (= no qop) */
   if ALG = 'MD5-SESS' | QOP <> ''  then  do
      TMP = translate( d2x( NC, 8 ), 'abcdef', 'ABCDEF' )
      TMP = NONCE || ':' || TMP || ':' || CNONCE || ':' || QOP
   end

   return MD5( HA1 || ':' || TMP || ':' || HA2 )

Here MD5( x ) is a subroutine returning 32 lower case hex. digits
of the MD5 [RFC 1321].  Ideally this code should also work for an
HTTP Auth Digest [RFC 2617].  Unfortunately this is not the case
for 'MD5-SESS':  [RFC 2831] adopted the [RFC 2617] algorithms "as
is" before the 'MD5-SESS' erratum was reported.  One line in the
example code shown above has to be modified:

      HA1 = HA1 || ':' || NONCE || ':' || CNONCE

The difference is x2c( HA1 ) vs. HA1.  In other words [RFC 2831]
uses a binary MD5 where [RFC 2617] plus erratum uses a hex. MD5
string.  See the expired [I-D.smith-sipping-auth-01] for correct
2069-fallback and 'MD5-SESS' examples.

New "fixed" [RFC 2617] 'MD5-SESS' results for examples published
in [RFC 2831], [RFC 4643], and [RFC 5034] are shown below:

1: user   = "chris" (see RFC 2831)
   pass   = "secret"
   realm  = "elwood.innosoft.com"
   method = "AUTHENTICATE"
   uri    = "imap/elwood.innosoft.com"
   nonce  = "OA6MG9tEQGm2hh"
   qop    = "auth"
   cnonce = "OA6MHXh6VqTrRk"
   nc     = 1
   alg    = "md5-sess"

   RFC 2831 digest  = "d388dad90d4bbd760a152321f2143af7"
   RFC 2831 rspauth = "ea40f60335c427b5527b84dbabcdfffd"

   RFC 2617 digest  = "26ef1190b643a36e879673066098379c"
   RFC 2617 rspauth = "c316c87a595a2cbfb4405784db016e34"

2: user   = "chris" (see RFC 2831)
   pass   = "secret"
   realm  = "elwood.innosoft.com"
   method = "AUTHENTICATE"
   uri    = "acap/elwood.innosoft.com"
   nonce  = "OA9BSXrbuRhWay"
   qop    = "auth"
   cnonce = "OA9BSuZWMSpW8m"
   nc     = 1
   alg    = "md5-sess"

   RFC 2831 digest  = "6084c6db3fede7352c551284490fd0fc"
   RFC 2831 rspauth = "2f0b3d7c3c2e486600ef710726aa2eae"

   RFC 2617 digest  = "90771dc5643a801bb9a9bcbb1ed3cd34"
   RFC 2617 rspauth = "ec0700b2da00dd133bcb0c841f42d341"

3: user   = "test"  (see RFC 4643)
   pass   = "test"
   realm  = "eagle.oceana.com"
   method = "AUTHENTICATE"
   uri    = "nntp/localhost"
   nonce  = "sayAOhCEKGIdPMHC0wtleLqOIcOI2wQYIe4zzeAtuiQ="
   qop    = "auth-conf"
   cnonce = "0Y3JQV2Tg9ScDip+O1SVC0rhVg//+dnOIiGz/7CeNJ8="
   nc     = 1
   alg    = "md5-sess"
   hash   = "00000000000000000000000000000000"

   RFC 2831 digest  = "d43cf66cffa903f9eb0356c08a3db0f2"
   RFC 2831 rspauth = "de2e127e5a81cda53d97acda35cde83a"

   RFC 2617 digest  = "41e814138958b1a0f08ef8b2dbe94ee9"
   RFC 2617 rspauth = "3f4d2b034c67c0c77df650f34ece6127"

4: user   = "chris" (see RFC 5034)
   pass   = "secret"
   realm  = "elwood.innosoft.com"
   method = "AUTHENTICATE"
   uri    = "pop/elwood.innosoft.com"
   nonce  = "OA6MG9tEQGm2hh"
   qop    = "auth"
   cnonce = "OA6MHXh6VqTrRk"
   nc     = 1
   alg    = "md5-sess"

   RFC 2831 digest  = "b0d56d2f054c24b62072322106468db9"
   RFC 2831 rspauth = "0b971462cef5e8f930db9a33b02fc9a0"

   RFC 2617 digest  = "089a19fffd2d75667e9d01583ee0fd58"
   RFC 2617 rspauth = "bb52468bdaadaac994e05c3958c71a09"

References:
- new milestones for charter update
  - From: Tom Yu
- Re: new milestones for charter update
  - From: Alexey Melnikov
- Digest-MD5 to Historic
  - From: Frank Ellermann
- Re: Digest-MD5 to Historic
  - From: Frank Ellermann

Prev by Date: Re: call for SASL agenda items for IETF71
Previous by thread: Re: Digest-MD5 to Historic
Next by thread: Channel Binding and GSS-API mechanisms
Index(es):
- Date
- Thread