[jdev] How to build "response" in sasl digest MD5

[IRcapmail]

Hi, I want to implement md5 digest authentification in my Jabber client. 
I wrote it years ago, it's very basic (presence, messages, services 
discovery, vcard) and only supports plain authentification.

I have read some tutorials, but I have problems to bulid the "response".



This tutorial ( 
http://web.archive.org/web/20050224191820/http://cataclysm.cx/wip/digest-md5-crash.html 
) says:

-------------------------------------------
Computing the response value

This is where the magic happens. The value of the response directive is 
computed as follows:

    1. Create a string of the form "username:realm:password". Call this 
string X.
    2. Compute the 16 octet MD5 hash of X. Call the result Y.
    3. Create a string of the form "Y:nonce:cnonce:authzid". Call this 
string A1.
    4. Create a string of the form "AUTHENTICATE:digest-uri". Call this 
string A2.
    5. Compute the 32 hex digit MD5 hash of A1. Call the result HA1.
    6. Compute the 32 hex digit MD5 hash of A2. Call the result HA2.
    7. Create a string of the form "HA1:nonce:nc:cnonce:qop:HA2". Call 
this string KD.
    8. Compute the 32 hex digit MD5 hash of KD. Call the result Z.

The resultant string Z should be sent to the server as the value of the 
"response" directive.
-------------------------------------------




In my test, I have used Psi with a ficticious account:

Server send the challenge, decoded is:
nonce="x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=",realm="jabber.org",qop="auth",maxbuf=16384,charset=utf-8,algorithm=md5-sess


And Psi reply:
username="testuser456",realm="jabber.org",nonce="x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=",cnonce="EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=",nc=00000001,digest-uri="xmpp/jabber.org",qop=auth,response=05ec899f842eb50ffbe8a4e85316b630,charset=utf-8




Then, this is my code (app is writen in mIRC scripting language) with 
the same parameters and steep by steep:


1. Create a string of the form "username:realm:password". Call this 
string X.

%X = testuser456:jabber.org:pass456

Result= testuser456:jabber.org:pass456



2. Compute the 16 octet MD5 hash of X. Call the result Y.

%Y = $md5(%X)

Result= 85434cc70bb832bc456c27834bfa5d25



3. Create a string of the form "Y:nonce:cnonce:authzid". Call this 
string A1.

%A1 = %Y $+ 
:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:testuser456 at jabber.org/Psi

Result= 
85434cc70bb832bc456c27834bfa5d25:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:testuser456 at jabber.org/Psi



4. Create a string of the form "AUTHENTICATE:digest-uri". Call this 
string A2.

%A2 = AUTHENTICATE:xmpp/jabber.org

Result= AUTHENTICATE:xmpp/jabber.org



5. Compute the 32 hex digit MD5 hash of A1. Call the result HA1.

%HA1 = $md5(%A1)

Result= 9a964814c44a569f669e00cec987b21e



6. Compute the 32 hex digit MD5 hash of A2. Call the result HA2.

%HA2 = $md5(%A2)

Result= 944bd70f8fa70f4e8e9e17ead871fae3



7. Create a string of the form "HA1:nonce:nc:cnonce:qop:HA2". Call this 
string KD.

%KD = %HA1 $+ 
:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:00000001:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:auth: 
$+ %HA2

Result= 
9a964814c44a569f669e00cec987b21e:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:00000001:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:auth:944bd70f8fa70f4e8e9e17ead871fae3



8. Compute the 32 hex digit MD5 hash of KD. Call the result Z.

%Response = $md5(%KD)

Result= dfd661d4a4a26e7b84972e672b8ccc16




But this is incorrect, the valid response is 
05ec899f842eb50ffbe8a4e85316b630




(In mIRC scripting, variables have the % prefix. $+ is used to 
concatenate texts and variables with no spaces. $md5 return the hash 
value. There are also commands to encode/decode base64 and to use binary 
variables, so, over the paper, have all the neccesary to work).


But the response is incorrect and I don't know why. Any idea?


(Sorry for my poor english).

C. Esteve