md5digestrfcdigest-authenticationsasl

Digest md5 response generation

How to generate response field in client response for DIGEST MD5 challenge, I'am currently using rfc 2831 for reference

Challenge from server as per rfc 2831 example is: 

realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",
algorithm=md5-sess,charset=utf-8

response from client as per rfc 2831 example : 

charset=utf-8,username="chris",realm="elwood.innosoft.com",
nonce="OA6MG9tEQGm2hh",nc=00000001,cnonce="OA6MHXh6VqTrRk",
digest-uri="imap/elwood.innosoft.com",
response=d388dad90d4bbd760a152321f2143af7,qop=auth

collected details are:

  1. username=chris
  2. password=secret
  3. nonce=OA6MG9tEQGm2hh
  4. nc-value=00000001
  5. cnonce=OA6MHXh6VqTrRk
  6. qop=auth
  7. realm=elwood.innosoft.com
  8. digesturi=imap/elwood.innosoft.com

Response I'm generating doesn't comply with that in rfc 2831 example at page 19

Formulations in rfc 2831

Let H(s) be the 16 octet MD5 hash [RFC 1321] of the octet string s.

Let KD(k, s) be H({k, ":", s}), i.e., the 16 octet hash of the string k, a colon and the string s.

Let HEX(n) be the representation of the 16 octet MD5 hash n as a string of 32 hex digits (with alphabetic characters always in lower case, since MD5 is case sensitive).

Currently i'am using following procedure:

A1 = { H(chris:elwood.innosoft.com:secret), ":", nonce-value, ":", cnonce-value }

online md5 generator

A1 = {eb5a750053e4d2c34aa84bbc9b0b6ee7:OA6MG9tEQGm2hh:OA6MHXh6VqTrRk}

A2 = { "AUTHENTICATE:", digest-uri-value } A2 = {AUTHENTICATE:imap/elwood.innosoft.com}

H(A1) = 54442ff1f394d9d0de1205cef4d9cebe

HEX(H(A1)) = 54442ff1f394d9d0de1205cef4d9cebe

HEX(H(A2)) = 15e3594677e51ade69715d1cb7d207ba

RESPONSE=HEX( KD ( HEX(H(A1)), { nonce-value, ":" nc-value, ":", cnonce-value, ":", qop-value, ":", HEX(H(A2)) }))

RESPONSE=HEX( KD ( 54442ff1f394d9d0de1205cef4d9cebe:OA6MG9tEQGm2hh:00000001:OA6MHXh6VqTrRk:auth:15e3594677e51ade69715d1cb7d207ba))

Response as per above procedure is:

26ef1190b643a36e879673066098379c

but response value as per rfc is :

d388dad90d4bbd760a152321f2143af7

Thus response generated above is different from one generated in rfc's example

what changes need to be carried out?

Solution

  • Sorry, RFC documentation is right, you just miscalculated the hash of A1.

    Because, you converted hash value of "H(chris:elwood.innosoft.com:secret)" to hex string. But RFC just says "Let H(s) be the 16 octet MD5 hash".

    Just, don't convert hash result to hex string and concatenate with this byte array hash result.

    I hope this code helps to explain.

    A1 = Md5Hash(Encoding.ASCII.GetBytes(username + ":" + realm + ":" + password))
     .Concat(
        Encoding.ASCII.GetBytes(
          ":" + nonce
        + ":" + cnonce
        + (authzid == null ? "" : (":" + authzid))))
     .ToArray();