J
Jp Calderone
I've been trying to implement support for this authentication scheme for a
little while now, and in the last couple days I've been completely stumped.
I know about the digest authentication code in urllib2, and while I'd like
to use it directly, it is too closely tied to HTTP for my needs.
I have taken hints from the code, but I am still stuck with something that
doesn't recognize correct challenge responses as correct.
I've reduced the problem to this code:
user = "exarkun"
passwd = "password"
realm = "intarweb.us"
nonce = "abcdefg"
qop = "auth"
method = "REGISTER"
uri = "sip:[email protected]"
nc = cnonce = ''
def H(s):
return md5.md5(s).digest()
def KD(k, s):
return H(k + ":" + s)
def HEX(s):
return s.encode('hex')
def A1(user, realm, passwd, nonce, cnonce):
r = H(user + ":" + realm + ":" + passwd)
return r + ":" + nonce + ":" + cnonce
def A2(uri, method):
return method + ":" + uri
def RESP(a1, nonce, nc, cnonce, qop, a2):
r = nonce + ":" + nc + ":" + cnonce + ":" + qop + ":"
return HEX(KD(H(a1), r + HEX(H(a2))))
def g():
return RESP(
A1(user, realm, passwd, nonce, cnonce),
nonce, nc, cnonce, qop, A2(uri, method)
)
correct = '8cf8b637395da8475d65aaf45e4cfad5'
v = g()
print v == correct
print correct
print v
It is, essentially, a straight translation from the RFC, but I have been
unable to get it to produce the given correct value for the given inputs.
One sticking point seems to be that the client authenticating against me
omits both the nc and cnonce values. If there is a standard correct way of
computing the digest without those values, it does not seem to be covered by
the RFC. I have tried the obvious approaches of simply removing them,
supplying "" as their value, etc, but nothing works.
I am on the verge of breaking down the md5() calls so I can discover the
point of failure more accurately, but before I did that I was hoping I might
find someone who has implemented this before and could give me some hints.
Any help is appreciated,
Jp
--
No, `Eureka' is Greek for `This bath is too hot.'
-- Dr. Who
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE/dTkpedcO2BJA+4YRAovWAJ0dp2oVgSTC/A58gGuwvAL6ucRMLACfY50P
zIgJO4J1qBRWK+8AWequ+kI=
=eOMN
-----END PGP SIGNATURE-----
little while now, and in the last couple days I've been completely stumped.
I know about the digest authentication code in urllib2, and while I'd like
to use it directly, it is too closely tied to HTTP for my needs.
I have taken hints from the code, but I am still stuck with something that
doesn't recognize correct challenge responses as correct.
I've reduced the problem to this code:
user = "exarkun"
passwd = "password"
realm = "intarweb.us"
nonce = "abcdefg"
qop = "auth"
method = "REGISTER"
uri = "sip:[email protected]"
nc = cnonce = ''
def H(s):
return md5.md5(s).digest()
def KD(k, s):
return H(k + ":" + s)
def HEX(s):
return s.encode('hex')
def A1(user, realm, passwd, nonce, cnonce):
r = H(user + ":" + realm + ":" + passwd)
return r + ":" + nonce + ":" + cnonce
def A2(uri, method):
return method + ":" + uri
def RESP(a1, nonce, nc, cnonce, qop, a2):
r = nonce + ":" + nc + ":" + cnonce + ":" + qop + ":"
return HEX(KD(H(a1), r + HEX(H(a2))))
def g():
return RESP(
A1(user, realm, passwd, nonce, cnonce),
nonce, nc, cnonce, qop, A2(uri, method)
)
correct = '8cf8b637395da8475d65aaf45e4cfad5'
v = g()
print v == correct
print correct
print v
It is, essentially, a straight translation from the RFC, but I have been
unable to get it to produce the given correct value for the given inputs.
One sticking point seems to be that the client authenticating against me
omits both the nc and cnonce values. If there is a standard correct way of
computing the digest without those values, it does not seem to be covered by
the RFC. I have tried the obvious approaches of simply removing them,
supplying "" as their value, etc, but nothing works.
I am on the verge of breaking down the md5() calls so I can discover the
point of failure more accurately, but before I did that I was hoping I might
find someone who has implemented this before and could give me some hints.
Any help is appreciated,
Jp
--
No, `Eureka' is Greek for `This bath is too hot.'
-- Dr. Who
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE/dTkpedcO2BJA+4YRAovWAJ0dp2oVgSTC/A58gGuwvAL6ucRMLACfY50P
zIgJO4J1qBRWK+8AWequ+kI=
=eOMN
-----END PGP SIGNATURE-----