[jdev] Seeking jabber implementers for SCRAM-SHA-1 testing

Tobias Markmann tmarkmann at googlemail.com
Wed Nov 4 18:03:42 CST 2009 

Hi,

On Wed, Nov 4, 2009 at 9:52 PM, Simon Josefsson <simon at josefsson.org> wrote:

> And still not able to talk to GNU SASL?  Interesting -- can you show
> some example attempts?
>

Well, I can perfectly talk to gsasl however the proof i calculate doesn't
match the proof gsasl sends.

Here the output of my current SCRAM implementation which always runs against
GSASL.


Invoked gsasl as in:
/Users/tfar/Downloads/gsasl-1.3.90/src/gsasl -d -c -a
username at jabber.org -p password -m SCRAM-SHA-1 --quiet
GSASL (out): SCRAM-SHA-1
GSASL (out): biwsbj11c2VybmFtZUBqYWJiZXIub3JnLHI9OGpMeEI1NTE1ZGhGeEJpbDVBMHhTWE1I

C: n,,n=username at jabber.org,r=8jLxB5515dhFxBil5A0xSXMH

state.name = username at jabber.org
state.clientnonce = 8jLxB5515dhFxBil5A0xSXMH

S: r=8jLxB5515dhFxBil5A0xSXMHabc,s=c2FsdA==,i=1
GSASL (in): cj04akx4QjU1MTVkaEZ4QmlsNUEweFNYTUhhYmMscz1jMkZzZEE9PSxpPTE=
GSASL (out): Yz1iaXdzLHI9OGpMeEI1NTE1ZGhGeEJpbDVBMHhTWE1IYWJjLHA9U0dFd3BXRUxycm5rRWFqOXBjMDBIWW84S0JjPQ==

C: c=biws,r=8jLxB5515dhFxBil5A0xSXMHabc,p=SGEwpWELrrnkEaj9pc00HYo8KBc=
state.proof = SGEwpWELrrnkEaj9pc00HYo8KBc=
state.proof (deB64) = Ha0�a ��� ���4 �<(
state.nonce = 8jLxB5515dhFxBil5A0xSXMHabc
state.channel-binding = biws

=======
SaltedPassword =  `� �  q�$�`  /�7� [0c60c80f961f0e71f3a9b524af6012062fe037a6]
ClientKey = �X��Tƕ,����� _D�  [dc58e38af4b554c6952cfec6ffe3ea175f44b60e]
StoredKey = �Y��XPfd H���,S �� [bd59e9d0585066641148cbf0f68ab52c530287c1]

AuthMessage = n,,n=username at jabber.org,r=8jLxB5515dhFxBil5A0xSXMH,r=8jLxB5515dhFxBil5A0xSXMHabc,s=c2FsdA==,i=1,c=biws,r=8jLxB5515dhFxBil5A0xSXMHabc
ClientSignature = 2Y�cs  .��:�&Za��X�
[32599563730e032e96fb3ab0265a61b1df58a613]

ClientProof = � v釻W� ��vٹ���    [ee0176e987bb57e803d7c476d9b98ba6801c101d]


  7gF26Ye7V+gD18R22bmLpoAcEB0=
= SGEwpWELrrnkEaj9pc00HYo8KBc=


The last line practically shows the BASE64 of my calculated ClientProof and
the one GSASL send. I wonder if the AuthMessage I use is valid according to
the ABNF in the RFC.

Cheers,
Tobias Markmann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20091105/751fa3fa/attachment.htm>

More information about the JDev mailing list