python - XMPP rspauth token 应包含 DIGEST-MD5 身份验证中的内容？

Question

背景:我正在摆弄一个无法工作的 XMPP 服务器。

因此，有关此特定响应 token 的文档称为 rspauth实际上在任何地方都没有很好的记录。有些人似乎只是跳过它并使用如下所示的静态字符串:

cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZA==

b64 解码为:

rspauth=ea40f60335c427b5527b84dbabcdfffd

但是在 MD5-DIGEST 的最后阶段身份验证，据说我应该发送以下内容:

<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
   cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZA==
</challenge>

同样，我不确定为什么每个错误报告中的每个人都使用这个静态字符串。但任何 XMPP 客户端都会响应:

jabber: Error is -10 : SASL(-10): server failed mutual authentication step: DIGEST-MD5: This server wants us to believe that he knows shared secret

我尝试尽可能遵循 RFC，并且 this is what the RFC says关于rspauth= :

The server receives and validates the "digest-response". The server
checks that the nonce-count is "00000001". If it supports subsequent
authentication (see section 2.2), it saves the value of the nonce and the nonce-count. It sends a message formatted as follows:

response-auth = "rspauth" "=" response-value

where response-value is calculated as above, using the values sent in step two, except that if qop is "auth", then A2 is

   A2 = { ":", digest-uri-value }

基于此，这就是我构建我的 rspauth 的方式:

rspauth=b64enc(ByteConv('rspauth=:'+md5_this("xmpp/example.com")))

归结为:

# md5_this == 6dae15e9021a0103e8e09ce86956a659 (obv not with example.com)
respauth = 'cnNwYXV0aD02ZGFlMTVlOTAyMWEwMTAzZThlMDljZTg2OTU2YTY1OQ=='
cli.respond('<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cnNwYXV0aD02ZGFlMTVlOTAyMWEwMTAzZThlMDljZTg2OTU2YTY1OQ==</challenge>')

根据this thread关于此事，我发送的最后一条内容是错误的，我应该发送:

<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cnNwYXV0aD02ZGFlMTVlOTAyMWEwMTAzZThlMDljZTg2OTU2YTY1OQ==</success>

这也失败了，然后客户端发送 </stream:stream>连接中断。
随着<challenge>...


现在这就是我迷失的地方，我假设我正在构建 rspauth=... token 错误，但我不知道它应该是什么。

这是 Pidgin 之间的完整通信跟踪和 XMPP 服务器:

client connected
<< <?xml version='1.0' ?>
<< <stream:stream to='example.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>

>> Sending: <?xml version='1.0'?>
                <stream:stream xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='example.com' id='d86961dc-bfb5-4578-aa45-116d5f14ef54' xml:lang='en' xmlns='jabber:client'>
                    <stream:features>
                        <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>
                        <register xmlns='http://jabber.org/features/iq-register'/></stream:features>

<< <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
>> Sending: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
 - Secure connection established [TLS]

<< <stream:stream to='example.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
>> sending: <?xml version='1.0'?>
                <stream:stream xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='example.com' id='516f7395-4112-4892-87f1-2e9f7f3a96e1' xml:lang='en' xmlns='jabber:client'>
                    <stream:features>
                        <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
                            <mechanism>DIGEST-MD5</mechanism>
                        </mechanisms>
                    <auth xmlns='http://jabber.org/features/iq-auth'/>
                </stream:features>

<< <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'/>
>> Sending: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cmVhbG09ImV4YW1wbGUuY29tIixub25jZT0iMTE2Iixxb3A9ImF1dGgiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz</challenge>

<< <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dXNlcm5hbWU9InRvcnhlZCIscmVhbG09ImV4YW1wbGUuY29tIixub25jZT0iMTE2Iixjbm9uY2U9IjZGUDF5RUtBRk1TN2lHSnRBNlNiME5oQ1JBcmhGU0t3OHRMa2xJVEJPZGs9IixuYz0wMDAwMDAwMSxxb3A9YXV0aCxkaWdlc3QtdXJpPSJ4bXBwL2V4YW1wbGUuY29tIixyZXNwb25zZT1jODhmNTRiMjJlMmFiZGI4ZThlMTljOWVjZDliYjAxOCxjaGFyc2V0PXV0Zi04</response> 
>> Sending: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZA==</challenge>
   DEBUG: rspauth=ea40f60335c427b5527b84dbabcdfffd

<< </stream:stream>

我遵循了这些 RFC 指南:

• http://www.xmpp.org/internet-drafts/draft-saintandre-rfc3920bis-01.html
• https://www.ietf.org/rfc/rfc2831.txt
• http://wiki.xmpp.org/web/SASLandDIGEST-MD5

并查看了这些源代码:

• https://github.com/jaxl/JAXL/blob/master/xmpp/xmpp.auth.php#L86 (也检查了这一点)
• https://github.com/thobbs/pure-sasl/blob/1f7428b8ed37e5ab6d5500b53a637c4698a298ad/puresasl/mechanisms.py

基本上剩下的就是对成功的连接进行逆向工程，并进一步分解响应，但 md5 哈希值很难及时逆向，所以我这次寻求帮助。

发现了一些东西

检查了一些旧的源代码并发现了以下内容:

respauth = step_4 + ':' + nonce + ':' + cresp['nc'] + ':' + cnonce + ':' + cresp['qop'] + ':' + step_5
rspauth = 'rspauth=' + md5_this(rspauth)

现在它仍然会生成相同的错误，但它不是静态字符串，所以我现在可以使用它。

Answer 1

我知道这已经是 4 个月前的事了，但我也遇到了完全相同的问题，而且我似乎已经解决了。

sasl 摘要的 rfc ( https://www.rfc-editor.org/rfc/rfc2831#section-2.1.3 )

我用 C# 编写了代码，但它应该很容易熟练，我使用了 RFC 中使用的函数名称。

我知道代码功能不完整或没有错误，但这对我来说适用于 pidgin、gajim 和 psi(psi 不会检查从服务器返回的哈希值，我确信这与此有关)。我希望这段代码对您或其他需要查找此内容的人有所帮助。

!注意! MD5-Digest 被视为不安全，新标准是 SCRAM SASL ( https://www.rfc-editor.org/rfc/rfc5802 )

检查客户端Hash的方法

public string GenerateClientHash(string user, string realm, string password, string nonce, string cnonce, string authzid, string digesturi, string qop, string nc)
            {
                byte[] A2 = (qop.Equals("auth") ? Encoder.GetBytes($"AUTHENTICATE:{digesturi}"): Encoder.GetBytes($"AUTHENTICATE:{digesturi}:00000000000000000000000000000000"));
    
                byte[] h1 = H(Encoder.GetBytes($"{user}:{realm}:{password}"));
                byte[] h2 = Encoder.GetBytes($":{nonce}:{cnonce}");
    
                byte[] A1 = Merge(h1,h2);
                byte[] response_value = HEX(KD(HEX(H(A1)),
                    Merge(Encoder.GetBytes($"{nonce}:{nc}:{cnonce}:{qop}:"), HEX(H(A2)))
                    ));
    
                byte[] h3 = Merge(h1, h2);
                return Encoder.GetString(response_value);
            }

生成服务器哈希(您遇到问题的那个)

public string GenerateServerHash(string user, string realm, string password, string nonce, string cnonce, string authzid, string digesturi, string qop, string nc)
        {
            byte[] A2 = (qop.Equals("auth") ? Encoder.GetBytes($":{digesturi}") : Encoder.GetBytes($":{digesturi}:00000000000000000000000000000000"));

            byte[] h1 = H(Encoder.GetBytes($"{user}:{realm}:{password}"));
            byte[] h2 = Encoder.GetBytes($":{nonce}:{cnonce}");

            byte[] A1 = Merge(h1, h2);
            byte[] response_value = HEX(KD(HEX(H(A1)),
                Merge(Encoder.GetBytes($"{nonce}:{nc}:{cnonce}:{qop}:"), HEX(H(A2)))
                ));

            byte[] h3 = Merge(h1, h2);
            return Encoder.GetString(response_value);
        }

RFC 提到的功能。

/// <summary>
        /// Let H(s) be the 16 octet MD5 hash [RFC 1321] of the octet string s.
        /// </summary>
        /// <param name="s">Byte Array Af streng for at sikre encodning</param>
        /// <returns>s -> Base16(s) = s16 -> MD5Hash(s16)</returns>
        public byte[] H(byte[] s)
        {
            MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
            return md5.ComputeHash(s);
        }
        /// <summary>
        /// Let KD(k, s) be H({k, ":", s}), i.e., the 16 octet hash of the string k, a colon and the string s.
        /// </summary>
        /// <param name="k">Byte Array Af streng for at sikre encodning</param>
        /// <param name="s">Byte Array Af streng for at sikre encodning</param>
        /// <returns>k + ":" + s = ks -> H(ks)</returns>
        public byte[] KD(byte[] k, byte[] s)
        {
            byte[] colon = Encoder.GetBytes(":");
            byte[] ks = Merge(k, colon, s);
            return H(ks);
        }
        /// <summary>
        /// Let HEX(n) be the representation of the 16 octet MD5 hash n as a string of 32 hex digits(with alphabetic characters always in lower case, since MD5 is case sensitive).
        /// </summary>
        /// <param name="n">Byte Array Af streng for at sikre encodning</param>
        /// <returns>lowercase of n</returns>
        public byte[] HEX(byte[] n)
        {
            byte[] b = Encoder.GetBytes(toBase16(n).ToLower());
            return b;
        }