XMPP SASL Challenge-Response Using DIGEST-MD5 In C#

by Charles Chen · Published July 9, 2009 · Updated January 30, 2020

I’ve been struggling mightily with implementing the SASL challenge-response portion of an XMPP client I’ve been working on. By far, this has been the hardest part to implement as it’s been difficult to validate whether I’ve implemented the algorithm correctly as there doesn’t seem to be any (easy to find) open source implementations of of SASL with the DIGEST-MD5 implementation (let alone in C#).

The trickiest part of the whole process is building the response token which gets sent back as a part of the message to the server.

RFC2831 documents the SASL DIGEST-MD5 authentication mechanism as such:

   Let { a, b, ... } be the concatenation of the octet strings a, b, ...
 

   Let H(s) be the 16 octet MD5 hash [RFC 1321] of the octet string s.

   Let KD(k, s) be H({k, ":", s}), i.e., the 16 octet hash of the string
   k, a colon and the string s.

   Let HEX(n) be the representation of the 16 octet MD5 hash n as a
   string of 32 hex digits (with alphabetic characters always in lower
   case, since MD5 is case sensitive).

      response-value  =
         HEX( KD ( HEX(H(A1)),
                 { nonce-value, ":" nc-value, ":",
                   cnonce-value, ":", qop-value, ":", HEX(H(A2)) }))

   If authzid is specified, then A1 is

      A1 = { H( { username-value, ":", realm-value, ":", passwd } ),
           ":", nonce-value, ":", cnonce-value, ":", authzid-value }

   If authzid is not specified, then A1 is

      A1 = { H( { username-value, ":", realm-value, ":", passwd } ),
           ":", nonce-value, ":", cnonce-value }

   where

         passwd   = *OCTET

   If the "qop" directive's value is "auth", then A2 is:

      A2       = { "AUTHENTICATE:", digest-uri-value }

   If the "qop" value is "auth-int" or "auth-conf" then A2 is:

      A2       = { "AUTHENTICATE:", digest-uri-value,
               ":00000000000000000000000000000000" }

Let { a, b, ... } be the concatenation of the octet strings a, b, ...

Let H(s) be the 16 octet MD5 hash [RFC 1321] of the octet string s.

Let KD(k, s) be H({k, ":", s}), i.e., the 16 octet hash of the string

k, a colon and the string s.

Let HEX(n) be the representation of the 16 octet MD5 hash n as a

string of 32 hex digits (with alphabetic characters always in lower

case, since MD5 is case sensitive).

response-value =

HEX( KD ( HEX(H(A1)),

{ nonce-value, ":" nc-value, ":",

cnonce-value, ":", qop-value, ":", HEX(H(A2)) }))

If authzid is specified, then A1 is

A1 = { H( { username-value, ":", realm-value, ":", passwd } ),

":", nonce-value, ":", cnonce-value, ":", authzid-value }

If authzid is not specified, then A1 is

A1 = { H( { username-value, ":", realm-value, ":", passwd } ),

":", nonce-value, ":", cnonce-value }

where

passwd = *OCTET

If the "qop" directive's value is "auth", then A2 is:

A2 = { "AUTHENTICATE:", digest-uri-value }

If the "qop" value is "auth-int" or "auth-conf" then A2 is:

A2 = { "AUTHENTICATE:", digest-uri-value,

":00000000000000000000000000000000" }

Seems simple enough, right? Not! It took a bit of time to parse through it mentally and come up with an impelementation, but I was still failing (miserably).

The breakthrough came when I stumbled upon a posting by Robbie Hanson:

Here’s the trick – normally when you hash stuff you get a result in hex values. But we don’t want this result as a string of hex values! We need to keep the result as raw data! If you were to do a hex dump of this data you’d find it to be “3a4f5725a748ca945e506e30acd906f0”. But remeber, we need to operate on it’s raw data, so don’t convert it to a string.

The most important part of his posting is the last line (and that it included the intermediate hexadecimal string results. Win! Now I finally had some sample data to compare against to figure out where I was going wrong). At one critical junction in my implementation of the algorithm, I was converting the MD5 hash value to a hexadecimal string — thank goodness for Robbie’s clarification of that point!

Armed with this test data, I was finally able to get it all working. Here is the test code:

<span style="font-family: lucida console;"><span style="color: #0000ff;">using </span><span style="color: #000000;">MbUnit.Framework;</span>
<span style="color: #0000ff;">using </span><span style="color: #000000;">Xmpp.Client;</span></span>
 

<span style="font-family: lucida console;"><span style="color: #0000ff;">namespace </span><span style="color: #000000;">Xmpp.Tests</span>
<span style="color: #000000;">{</span>
    <span style="color: #000000;">[TestFixture]</span>
    <span style="color: #0000ff;">public class </span><span style="color: #000000;">SaslChallengeResponseTests</span>
    <span style="color: #000000;">{</span>
        <span style="color: #000000;">[Test]</span>
        <span style="color: #0000ff;">public void </span><span style="color: #000000;">TestCreateResponse()</span>
        <span style="color: #000000;">{</span>
            <span style="color: #008000;">// See example here: http://deusty.blogspot.com/2007/09/example-please.html</span></span>

<span style="font-family: lucida console;">            <span style="color: #008000;">// h1=3a4f5725a748ca945e506e30acd906f0</span>
            <span style="color: #008000;">// a1Hash=b9709c3cdb60c5fab0a33ebebdd267c4</span>
            <span style="color: #008000;">// a2Hash=2b09ce6dd013d861f2cb21cc8797a64d</span>
            <span style="color: #008000;">// respHash=37991b870e0f6cc757ec74c47877472b</span></span>

<span style="font-family: lucida console;">            <span style="color: #000000;">SaslChallenge challenge = </span><span style="color: #0000ff;">new </span><span style="color: #000000;">SaslChallenge(</span>
                <span style="color: #ff00ff;">"md5-sess"</span><span style="color: #000000;">, </span><span style="color: #ff00ff;">"utf-8"</span><span style="color: #000000;">, </span><span style="color: #ff00ff;">"392616736"</span><span style="color: #000000;">, </span><span style="color: #ff00ff;">"auth"</span><span style="color: #000000;">, </span><span style="color: #ff00ff;">"osXstream.local"</span><span style="color: #000000;">);</span></span>

<span style="font-family: lucida console;">            <span style="color: #000000;">SaslChallengeResponse response = </span><span style="color: #0000ff;">new </span><span style="color: #000000;">SaslChallengeResponse(</span>
                <span style="color: #000000;">challenge, </span><span style="color: #ff00ff;">"test"</span><span style="color: #000000;">, </span><span style="color: #ff00ff;">"secret"</span><span style="color: #000000;">, </span><span style="color: #ff00ff;">"05E0A6E7-0B7B-4430-9549-0FE1C244ABAB"</span><span style="color: #000000;">);</span></span>

<span style="font-family: lucida console;">            <span style="color: #000000;">Assert.AreEqual(</span><span style="color: #ff00ff;">"3a4f5725a748ca945e506e30acd906f0"</span><span style="color: #000000;">, </span>
                <span style="color: #000000;">response.UserTokenMd5HashHex);</span>
            <span style="color: #000000;">Assert.AreEqual(</span><span style="color: #ff00ff;">"b9709c3cdb60c5fab0a33ebebdd267c4"</span><span style="color: #000000;">, </span>
                <span style="color: #000000;">response.A1Md5HashHex);</span>
            <span style="color: #000000;">Assert.AreEqual(</span><span style="color: #ff00ff;">"2b09ce6dd013d861f2cb21cc8797a64d"</span><span style="color: #000000;">, </span>
                <span style="color: #000000;">response.A2Md5HashHex);</span>
            <span style="color: #000000;">Assert.AreEqual(</span><span style="color: #ff00ff;">"37991b870e0f6cc757ec74c47877472b"</span><span style="color: #000000;">, </span>
                <span style="color: #000000;">response.ResponseTokenMd5HashHex);</span>
        <span style="color: #000000;">}</span>
    <span style="color: #000000;">}</span>
<span style="color: #000000;">}</span></span>

using MbUnit.Framework;

using Xmpp.Client;

namespace Xmpp.Tests

{

[TestFixture]

public class SaslChallengeResponseTests

{

[Test]

public void TestCreateResponse()

{

// See example here: http://deusty.blogspot.com/2007/09/example-please.html

// h1=3a4f5725a748ca945e506e30acd906f0

// a1Hash=b9709c3cdb60c5fab0a33ebebdd267c4

// a2Hash=2b09ce6dd013d861f2cb21cc8797a64d

// respHash=37991b870e0f6cc757ec74c47877472b

SaslChallenge challenge = new SaslChallenge(

"md5-sess", "utf-8", "392616736", "auth", "osXstream.local");

SaslChallengeResponse response = new SaslChallengeResponse(

challenge, "test", "secret", "05E0A6E7-0B7B-4430-9549-0FE1C244ABAB");

Assert.AreEqual("3a4f5725a748ca945e506e30acd906f0",

response.UserTokenMd5HashHex);

Assert.AreEqual("b9709c3cdb60c5fab0a33ebebdd267c4",

response.A1Md5HashHex);

Assert.AreEqual("2b09ce6dd013d861f2cb21cc8797a64d",

response.A2Md5HashHex);

Assert.AreEqual("37991b870e0f6cc757ec74c47877472b",

response.ResponseTokenMd5HashHex);

}

}

I modeled the SASL challenge like so:

<span style="font-family: lucida console;"><span style="color: #0000ff;">using </span><span style="color: #008080;">System</span><span style="color: #000000;">;</span>
<span style="color: #0000ff;">using </span><span style="color: #008080;">System</span><span style="color: #000000;">.</span><span style="color: #008080;">Collections</span><span style="color: #000000;">.</span><span style="color: #008080;">Generic</span><span style="color: #000000;">;</span>
<span style="color: #0000ff;">using </span><span style="color: #008080;">System</span><span style="color: #000000;">.</span><span style="color: #008080;">Diagnostics</span><span style="color: #000000;">;</span>
<span style="color: #0000ff;">using </span><span style="color: #008080;">System</span><span style="color: #000000;">.</span><span style="color: #008080;">Reflection</span><span style="color: #000000;">;</span>
<span style="color: #0000ff;">using </span><span style="color: #008080;">System</span><span style="color: #000000;">.</span><span style="color: #008080;">Text</span><span style="color: #000000;">;</span></span>
 

<span style="font-family: lucida console;"><span style="color: #0000ff;">namespace </span><span style="color: #000000;">Xmpp.Client</span>
<span style="color: #000000;">{</span>
    <span style="color: #008000;">/// &lt;summary&gt;</span>
    <span style="color: #008000;">/// Represents a SASL challenge in object code.</span>
    <span style="color: #008000;">/// &lt;/summary&gt;</span>
    <span style="color: #0000ff;">public class </span><span style="color: #000000;">SaslChallenge</span>
    <span style="color: #000000;">{</span>
        <span style="color: #0000ff;">private static readonly </span><span style="color: #808000;">Dictionary</span><span style="color: #000000;">&lt;</span><span style="color: #0000ff;">string</span><span style="color: #000000;">, </span><span style="color: #808000;">FieldInfo</span><span style="color: #000000;">&gt; _fields;</span></span>

<span style="font-family: lucida console;">        <span style="color: #0000ff;">private readonly string </span><span style="color: #000000;">_rawDecodedText;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">_algorithm;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">_charset;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">_nonce;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">_qop;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">_realm;</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Initializes the &lt;see cref="SaslChallenge"/&gt; class.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;remarks&gt;</span>
        <span style="color: #008000;">/// Caches the properties which are set using reflection on &lt;see cref="Parse"/&gt;.</span>
        <span style="color: #008000;">/// &lt;/remarks&gt;</span>
        <span style="color: #0000ff;">static </span><span style="color: #000000;">SaslChallenge()</span>
        <span style="color: #000000;">{</span>
            <span style="color: #008000;">// Initialize the hash of fields.</span>
            <span style="color: #000000;">_fields = </span><span style="color: #0000ff;">new </span><span style="color: #808000;">Dictionary</span><span style="color: #000000;">&lt;</span><span style="color: #0000ff;">string</span><span style="color: #000000;">, </span><span style="color: #808000;">FieldInfo</span><span style="color: #000000;">&gt;();</span></span>

<span style="font-family: lucida console;">            <span style="color: #808000;">FieldInfo</span><span style="color: #000000;">[] fields = </span><span style="color: #0000ff;">typeof </span><span style="color: #000000;">(SaslChallenge).GetFields(</span>
                <span style="color: #000000;">BindingFlags.NonPublic | BindingFlags.Instance);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">foreach </span><span style="color: #000000;">(</span><span style="color: #808000;">FieldInfo </span><span style="color: #000000;">field </span><span style="color: #0000ff;">in </span><span style="color: #000000;">fields)</span>
            <span style="color: #000000;">{</span>
                <span style="color: #008000;">// Trim the _ from the start of the field names.</span>
                <span style="color: #0000ff;">string </span><span style="color: #000000;">name = field.Name.Trim(</span><span style="color: #ff00ff;">'_'</span><span style="color: #000000;">);</span></span>

<span style="font-family: lucida console;">                <span style="color: #000000;">_fields[name] = field;</span>
            <span style="color: #000000;">}</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Creates a specific SASL challenge message.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #0000ff;">public </span><span style="color: #000000;">SaslChallenge(</span><span style="color: #0000ff;">string </span><span style="color: #000000;">algorithm, </span><span style="color: #0000ff;">string </span><span style="color: #000000;">charset, </span>
            <span style="color: #0000ff;">string </span><span style="color: #000000;">nonce, </span><span style="color: #0000ff;">string </span><span style="color: #000000;">qop, </span><span style="color: #0000ff;">string </span><span style="color: #000000;">realm)</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">_algorithm = algorithm;</span>
            <span style="color: #000000;">_charset = charset;</span>
            <span style="color: #000000;">_nonce = nonce;</span>
            <span style="color: #000000;">_qop = qop;</span>
            <span style="color: #000000;">_realm = realm;</span></span>

<span style="font-family: lucida console;">            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"algorithm=" </span><span style="color: #000000;">+ _algorithm);</span>
            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"charset=" </span><span style="color: #000000;">+ _charset);</span>
            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"nonce=" </span><span style="color: #000000;">+ _nonce);</span>
            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"qop=" </span><span style="color: #000000;">+ _qop);</span>
            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"realm=" </span><span style="color: #000000;">+ _realm);</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Initializes a new instance of the &lt;see cref="SaslChallenge"/&gt; </span>
        <span style="color: #008000;">/// class based on the raw decoded text.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;remarks&gt;</span>
        <span style="color: #008000;">/// Use the &lt;see cref="Parse"/&gt; method to create an instance from </span>
        <span style="color: #008000;">/// a raw encoded message.</span>
        <span style="color: #008000;">/// &lt;/remarks&gt;</span>
        <span style="color: #008000;">/// &lt;param name="rawDecodedText"&gt;The raw decoded text.&lt;/param&gt;</span>
        <span style="color: #0000ff;">private </span><span style="color: #000000;">SaslChallenge(</span><span style="color: #0000ff;">string </span><span style="color: #000000;">rawDecodedText)</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">_rawDecodedText = rawDecodedText;</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">string</span><span style="color: #000000;">[] parts = rawDecodedText.Split(</span><span style="color: #ff00ff;">','</span><span style="color: #000000;">);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">foreach </span><span style="color: #000000;">(</span><span style="color: #0000ff;">string </span><span style="color: #000000;">part </span><span style="color: #0000ff;">in </span><span style="color: #000000;">parts)</span>
            <span style="color: #000000;">{</span>
                <span style="color: #0000ff;">string</span><span style="color: #000000;">[] components = part.Split(</span><span style="color: #ff00ff;">'='</span><span style="color: #000000;">);</span></span>

<span style="font-family: lucida console;">                <span style="color: #0000ff;">string </span><span style="color: #000000;">property = components[</span><span style="color: #800080;">0</span><span style="color: #000000;">];</span></span>

<span style="font-family: lucida console;">                <span style="color: #000000;">_fields[property].SetValue(</span><span style="color: #0000ff;">this</span><span style="color: #000000;">, </span>
                    <span style="color: #000000;">components[</span><span style="color: #800080;">1</span><span style="color: #000000;">].Trim(</span><span style="color: #ff00ff;">'"'</span><span style="color: #000000;">));</span>
            <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"algorithm=" </span><span style="color: #000000;">+ _algorithm);</span>
            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"charset=" </span><span style="color: #000000;">+ _charset);</span>
            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"nonce=" </span><span style="color: #000000;">+ _nonce);</span>
            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"qop=" </span><span style="color: #000000;">+ _qop);</span>
            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"realm=" </span><span style="color: #000000;">+ _realm);</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #0000ff;">public string </span><span style="color: #000000;">Realm</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_realm; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #0000ff;">public string </span><span style="color: #000000;">Nonce</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_nonce; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #0000ff;">public string </span><span style="color: #000000;">Qop</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_qop; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #0000ff;">public string </span><span style="color: #000000;">Charset</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_charset; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #0000ff;">public string </span><span style="color: #000000;">Algorithm</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_algorithm; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #0000ff;">public string </span><span style="color: #000000;">RawDecodedText</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_rawDecodedText; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Parses the specified challenge message.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;param name="response"&gt;The base64 encoded challenge.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;returns&gt;An instance of &lt;c&gt;SaslChallenge&lt;/c&gt; based on </span>
        <span style="color: #008000;">/// the message.&lt;/returns&gt;</span>
        <span style="color: #0000ff;">public static </span><span style="color: #000000;">SaslChallenge Parse(</span><span style="color: #0000ff;">string </span><span style="color: #000000;">encodedChallenge)</span>
        <span style="color: #000000;">{</span>
            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] bytes = </span><span style="color: #808000;">Convert</span><span style="color: #000000;">.FromBase64String(encodedChallenge);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">string </span><span style="color: #000000;">rawDecodedText = </span><span style="color: #808000;">Encoding</span><span style="color: #000000;">.ASCII.GetString(bytes);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">return new </span><span style="color: #000000;">SaslChallenge(rawDecodedText);</span>
        <span style="color: #000000;">}</span>
    <span style="color: #000000;">}</span>
<span style="color: #000000;">}</span></span>

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

using System;

using System.Collections.Generic;

using System.Diagnostics;

using System.Reflection;

using System.Text;

namespace Xmpp.Client

{

/// <summary>

/// Represents a SASL challenge in object code.

/// </summary>

public class SaslChallenge

{

private static readonly Dictionary<string, FieldInfo> _fields;

private readonly string _rawDecodedText;

private string _algorithm;

private string _charset;

private string _nonce;

private string _qop;

private string _realm;

/// <summary>

/// Initializes the <see cref="SaslChallenge"/> class.

/// </summary>

/// <remarks>

/// Caches the properties which are set using reflection on <see cref="Parse"/>.

/// </remarks>

static SaslChallenge()

{

// Initialize the hash of fields.

_fields = new Dictionary<string, FieldInfo>();

FieldInfo[] fields = typeof (SaslChallenge).GetFields(

BindingFlags.NonPublic | BindingFlags.Instance);

foreach (FieldInfo field in fields)

{

// Trim the _ from the start of the field names.

string name = field.Name.Trim('_');

_fields[name] = field;

}

}

/// <summary>

/// Creates a specific SASL challenge message.

/// </summary>

public SaslChallenge(string algorithm, string charset,

string nonce, string qop, string realm)

{

_algorithm = algorithm;

_charset = charset;

_nonce = nonce;

_qop = qop;

_realm = realm;

Debug.WriteLine("algorithm=" + _algorithm);

Debug.WriteLine("charset=" + _charset);

Debug.WriteLine("nonce=" + _nonce);

Debug.WriteLine("qop=" + _qop);

Debug.WriteLine("realm=" + _realm);

}

/// <summary>

/// Initializes a new instance of the <see cref="SaslChallenge"/>

/// class based on the raw decoded text.

/// </summary>

/// <remarks>

/// Use the <see cref="Parse"/> method to create an instance from

/// a raw encoded message.

/// </remarks>

/// <param name="rawDecodedText">The raw decoded text.</param>

private SaslChallenge(string rawDecodedText)

{

_rawDecodedText = rawDecodedText;

string[] parts = rawDecodedText.Split(',');

foreach (string part in parts)

{

string[] components = part.Split('=');

string property = components[0];

_fields[property].SetValue(this,

components[1].Trim('"'));

}

Debug.WriteLine("charset=" + _charset);

Debug.WriteLine("nonce=" + _nonce);

Debug.WriteLine("qop=" + _qop);

Debug.WriteLine("realm=" + _realm);

}

public string Realm

{

get { return _realm; }

}

public string Nonce

{

get { return _nonce; }

}

public string Qop

{

get { return _qop; }

}

public string Charset

{

get { return _charset; }

}

public string Algorithm

{

get { return _algorithm; }

}

public string RawDecodedText

{

get { return _rawDecodedText; }

}

/// <summary>

/// Parses the specified challenge message.

/// </summary>

/// <param name="response">The base64 encoded challenge.</param>

/// <returns>An instance of <c>SaslChallenge</c> based on

/// the message.</returns>

public static SaslChallenge Parse(string encodedChallenge)

{

byte[] bytes = Convert.FromBase64String(encodedChallenge);

string rawDecodedText = Encoding.ASCII.GetString(bytes);

return new SaslChallenge(rawDecodedText);

}

}

And finally, here is the challenge response class which contains the meat of the response building logic:

<span style="font-family: lucida console;"><span style="color: #0000ff;">using </span><span style="color: #008080;">System</span><span style="color: #000000;">;</span>
<span style="color: #0000ff;">using </span><span style="color: #008080;">System</span><span style="color: #000000;">.</span><span style="color: #008080;">Diagnostics</span><span style="color: #000000;">;</span>
<span style="color: #0000ff;">using </span><span style="color: #008080;">System</span><span style="color: #000000;">.</span><span style="color: #008080;">Security</span><span style="color: #000000;">.Cryptography;</span>
<span style="color: #0000ff;">using </span><span style="color: #008080;">System</span><span style="color: #000000;">.</span><span style="color: #008080;">Text</span><span style="color: #000000;">;</span></span>
 

<span style="font-family: lucida console;"><span style="color: #0000ff;">namespace </span><span style="color: #000000;">Xmpp.Client</span>
<span style="color: #000000;">{</span></span>

<span style="font-family: lucida console;">    <span style="color: #008000;">/// &lt;summary&gt;</span>
    <span style="color: #008000;">/// Partial implementation of the SASL authentication protocol </span>
    <span style="color: #008000;">/// using the DIGEST-MD5 mechanism.</span>
    <span style="color: #008000;">/// &lt;/summary&gt;</span>
    <span style="color: #008000;">/// &lt;remarks&gt;</span>
    <span style="color: #008000;">/// See &lt;see href="http://www.ietf.org/rfc/rfc4422.txt"/&gt; and </span>
    <span style="color: #008000;">/// &lt;see href="http://www.ietf.org/rfc/rfc2831.txt"/&gt; for details.</span>
    <span style="color: #008000;">/// &lt;/remarks&gt;</span>
    <span style="color: #0000ff;">public class </span><span style="color: #000000;">SaslChallengeResponse</span>
    <span style="color: #000000;">{</span>
        <span style="color: #ff0000;">#region </span><span style="color: #000000;">fields</span></span>

<span style="font-family: lucida console;">        <span style="color: #0000ff;">private static readonly </span><span style="color: #808000;">Encoding </span><span style="color: #000000;">_encoding;</span>
        <span style="color: #0000ff;">private static readonly </span><span style="color: #000000;">MD5 _md5;</span>
        <span style="color: #0000ff;">private readonly </span><span style="color: #000000;">SaslChallenge _challenge;</span>
        <span style="color: #0000ff;">private readonly string </span><span style="color: #000000;">_cnonce;</span>
        <span style="color: #0000ff;">private readonly string </span><span style="color: #000000;">_decodedContent;</span>
        <span style="color: #0000ff;">private readonly string </span><span style="color: #000000;">_digestUri;</span>
        <span style="color: #0000ff;">private readonly string </span><span style="color: #000000;">_encodedContent;</span>
        <span style="color: #0000ff;">private readonly string </span><span style="color: #000000;">_password;</span>
        <span style="color: #0000ff;">private readonly string </span><span style="color: #000000;">_realm;</span>
        <span style="color: #0000ff;">private readonly string </span><span style="color: #000000;">_username;</span></span>

<span style="font-family: lucida console;">        <span style="color: #0000ff;">private string </span><span style="color: #000000;">_a1Md5HashHex;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">_a2Md5HashHex;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">_responseTokenMd5HashHex;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">_userTokenMd5HashHex;</span></span>

<span style="font-family: lucida console;">        <span style="color: #ff0000;">#endregion</span></span>

<span style="font-family: lucida console;">        <span style="color: #ff0000;">#region </span><span style="color: #000000;">properties</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Gets the final, base64 encoded content of the challenge response.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;value&gt;A base64 encoded string of the response content.&lt;/value&gt;</span>
        <span style="color: #0000ff;">public string </span><span style="color: #000000;">EncodedContent</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_encodedContent; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Gets the unencoded content of the challenge response.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;value&gt;The response content in plain text.&lt;/value&gt;</span>
        <span style="color: #0000ff;">public string </span><span style="color: #000000;">DecodedContent</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_decodedContent; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Gets the hexadecimal string representation of the user token MD5 </span>
        <span style="color: #008000;">/// hash value.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;value&gt;The hexadecimal representation of the user token MD5 hash </span>
        <span style="color: #008000;">/// value.&lt;/value&gt;</span>
        <span style="color: #0000ff;">public string </span><span style="color: #000000;">UserTokenMd5HashHex</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_userTokenMd5HashHex; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Gets the hexadecimal string representation of the response token </span>
        <span style="color: #008000;">/// MD5 hash value.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;value&gt;The hexadecimal string representation of the response token </span>
        <span style="color: #008000;">/// MD5 hash value.&lt;/value&gt;</span>
        <span style="color: #0000ff;">public string </span><span style="color: #000000;">ResponseTokenMd5HashHex</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_responseTokenMd5HashHex; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Gets the hexadecimal string representation of the A1 MD5 hash </span>
        <span style="color: #008000;">/// value (see RFC4422 and RFC2831)</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;value&gt;The hexadecimal string representation of the A1 MD5 hash </span>
        <span style="color: #008000;">/// value (see RFC4422 and RFC2831)&lt;/value&gt;</span>
        <span style="color: #0000ff;">public string </span><span style="color: #000000;">A1Md5HashHex</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_a1Md5HashHex; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Gets the hexadecimal string representation of the A2 MD5 hash </span>
        <span style="color: #008000;">/// value (see RFC4422 and RFC2831)</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;value&gt;The hexadecimal string representation of the A2 MD5 hash </span>
        <span style="color: #008000;">/// value (see RFC4422 and RFC2831)&lt;/value&gt;</span>
        <span style="color: #0000ff;">public string </span><span style="color: #000000;">A2Md5HashHex</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">get { </span><span style="color: #0000ff;">return </span><span style="color: #000000;">_a2Md5HashHex; }</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #ff0000;">#endregion</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Initializes the &lt;see cref="SaslChallengeResponse"/&gt; class.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #0000ff;">static </span><span style="color: #000000;">SaslChallengeResponse()</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">_md5 = MD5.Create();</span>
            <span style="color: #000000;">_encoding = </span><span style="color: #808000;">Encoding</span><span style="color: #000000;">.UTF8;</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Initializes a new instance of the &lt;see cref="SaslChallengeResponse"/&gt; </span>
        <span style="color: #008000;">/// class.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;param name="challenge"&gt;The challenge.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;param name="username"&gt;The username.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;param name="password"&gt;The password.&lt;/param&gt;</span>
        <span style="color: #0000ff;">public </span><span style="color: #000000;">SaslChallengeResponse(SaslChallenge challenge, </span>
            <span style="color: #0000ff;">string </span><span style="color: #000000;">username, </span><span style="color: #0000ff;">string </span><span style="color: #000000;">password)</span>
            <span style="color: #000000;">: </span><span style="color: #0000ff;">this</span><span style="color: #000000;">(challenge, username, password, </span><span style="color: #0000ff;">null</span><span style="color: #000000;">, </span><span style="color: #0000ff;">null</span><span style="color: #000000;">, </span><span style="color: #0000ff;">null</span><span style="color: #000000;">)</span>
        <span style="color: #000000;">{</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Initializes a new instance of the &lt;see cref="SaslChallengeResponse"/&gt; </span>
        <span style="color: #008000;">/// class.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;param name="challenge"&gt;The challenge.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;param name="username"&gt;The username.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;param name="password"&gt;The password.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;param name="cnonce"&gt;A specific cnonce to use.&lt;/param&gt;</span>
        <span style="color: #0000ff;">public </span><span style="color: #000000;">SaslChallengeResponse(SaslChallenge challenge, </span><span style="color: #0000ff;">string </span><span style="color: #000000;">username, </span>
            <span style="color: #0000ff;">string </span><span style="color: #000000;">password, </span><span style="color: #0000ff;">string </span><span style="color: #000000;">cnonce)</span>
            <span style="color: #000000;">: </span><span style="color: #0000ff;">this</span><span style="color: #000000;">(challenge, username, password, </span><span style="color: #0000ff;">null</span><span style="color: #000000;">, </span><span style="color: #0000ff;">null</span><span style="color: #000000;">, cnonce)</span>
        <span style="color: #000000;">{</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Initializes a new instance of the &lt;see cref="SaslChallengeResponse"/&gt; </span>
        <span style="color: #008000;">/// class.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;param name="challenge"&gt;The challenge.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;param name="username"&gt;The username.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;param name="password"&gt;The password.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;param name="realm"&gt;A specific realm, different from the one in the </span>
        <span style="color: #008000;">/// challenge.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;param name="digestUri"&gt;The digest URI.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;param name="cnonce"&gt;A specific client nonce to use.&lt;/param&gt;</span>
        <span style="color: #0000ff;">public </span><span style="color: #000000;">SaslChallengeResponse(SaslChallenge challenge, </span><span style="color: #0000ff;">string </span><span style="color: #000000;">username, </span>
            <span style="color: #0000ff;">string </span><span style="color: #000000;">password, </span><span style="color: #0000ff;">string </span><span style="color: #000000;">realm, </span><span style="color: #0000ff;">string </span><span style="color: #000000;">digestUri, </span><span style="color: #0000ff;">string </span><span style="color: #000000;">cnonce)</span>
        <span style="color: #000000;">{</span>
            <span style="color: #000000;">_challenge = challenge;</span>
            <span style="color: #000000;">_username = username;</span>
            <span style="color: #000000;">_password = password;</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">if </span><span style="color: #000000;">(</span><span style="color: #0000ff;">string</span><span style="color: #000000;">.IsNullOrEmpty(_challenge.Realm))</span>
            <span style="color: #000000;">{</span>
                <span style="color: #000000;">_realm = realm;</span>
            <span style="color: #000000;">}</span>
            <span style="color: #0000ff;">else</span>
            <span style="color: #000000;">{</span>
                <span style="color: #000000;">_realm = challenge.Realm;</span>
            <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">if </span><span style="color: #000000;">(</span><span style="color: #0000ff;">string</span><span style="color: #000000;">.IsNullOrEmpty(_realm))</span>
            <span style="color: #000000;">{</span>
                <span style="color: #0000ff;">throw new </span><span style="color: #808000;">ArgumentException</span><span style="color: #000000;">(</span><span style="color: #ff00ff;">"No realm was specified."</span><span style="color: #000000;">);</span>
            <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">if </span><span style="color: #000000;">(</span><span style="color: #0000ff;">string</span><span style="color: #000000;">.IsNullOrEmpty(cnonce))</span>
            <span style="color: #000000;">{</span>
                <span style="color: #000000;">_cnonce =</span>
                    <span style="color: #000000;">Guid.NewGuid().ToString().TrimStart(</span><span style="color: #ff00ff;">'{'</span><span style="color: #000000;">).TrimEnd(</span><span style="color: #ff00ff;">'}'</span><span style="color: #000000;">)</span>
                        <span style="color: #000000;">.Replace(</span><span style="color: #ff00ff;">"-"</span><span style="color: #000000;">, </span><span style="color: #0000ff;">string</span><span style="color: #000000;">.Empty).ToLowerInvariant();</span>
            <span style="color: #000000;">}</span>
            <span style="color: #0000ff;">else</span>
            <span style="color: #000000;">{</span>
                <span style="color: #000000;">_cnonce = cnonce;</span>
            <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">if </span><span style="color: #000000;">(</span><span style="color: #0000ff;">string</span><span style="color: #000000;">.IsNullOrEmpty(digestUri))</span>
            <span style="color: #000000;">{</span>
                <span style="color: #000000;">_digestUri = </span><span style="color: #0000ff;">string</span><span style="color: #000000;">.Format(</span><span style="color: #ff00ff;">"xmpp/{0}"</span><span style="color: #000000;">, _challenge.Realm);</span>
            <span style="color: #000000;">}</span>
            <span style="color: #0000ff;">else</span>
            <span style="color: #000000;">{</span>
                <span style="color: #000000;">_digestUri = digestUri;</span>
            <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">            <span style="color: #008000;">// Main work here:</span>
            <span style="color: #000000;">_decodedContent = GetDecodedContent();</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] bytes = _encoding.GetBytes(_decodedContent);</span></span>

<span style="font-family: lucida console;">            <span style="color: #000000;">_encodedContent = </span><span style="color: #808000;">Convert</span><span style="color: #000000;">.ToBase64String(bytes);</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Gets the body of the response in a decoded format.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;returns&gt;The raw response string.&lt;/returns&gt;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">GetDecodedContent()</span>
        <span style="color: #000000;">{</span>
            <span style="color: #008000;">// Gets the response token according to the algorithm in RFC4422 </span>
            <span style="color: #008000;">// and RFC2831</span>
            <span style="color: #000000;">_responseTokenMd5HashHex = GetResponse();</span></span>

<span style="font-family: lucida console;">            <span style="color: #808000;">StringBuilder </span><span style="color: #000000;">buffer = </span><span style="color: #0000ff;">new </span><span style="color: #808000;">StringBuilder</span><span style="color: #000000;">();</span></span>

<span style="font-family: lucida console;">            <span style="color: #000000;">buffer.AppendFormat(</span><span style="color: #ff00ff;">"username=\"{0}\","</span><span style="color: #000000;">, _username);</span>
            <span style="color: #000000;">buffer.AppendFormat(</span><span style="color: #ff00ff;">"realm=\"{0}\","</span><span style="color: #000000;">, _challenge.Realm);</span>
            <span style="color: #000000;">buffer.AppendFormat(</span><span style="color: #ff00ff;">"nonce=\"{0}\","</span><span style="color: #000000;">, _challenge.Nonce);</span>
            <span style="color: #000000;">buffer.AppendFormat(</span><span style="color: #ff00ff;">"cnonce=\"{0}\","</span><span style="color: #000000;">, _cnonce);</span>
            <span style="color: #000000;">buffer.Append(</span><span style="color: #ff00ff;">"nc=00000001,qop=auth,"</span><span style="color: #000000;">);</span>
            <span style="color: #000000;">buffer.AppendFormat(</span><span style="color: #ff00ff;">"digest-uri=\"{0}\","</span><span style="color: #000000;">, _digestUri);</span>
            <span style="color: #000000;">buffer.AppendFormat(</span><span style="color: #ff00ff;">"response={0},"</span><span style="color: #000000;">, _responseTokenMd5HashHex);</span>
            <span style="color: #000000;">buffer.Append(</span><span style="color: #ff00ff;">"charset=utf-8"</span><span style="color: #000000;">);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">return </span><span style="color: #000000;">buffer.ToString();</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// HEX( KD ( HEX(H(A1)), { nonce-value, ":" nc-value, ":", cnonce-value, </span>
        <span style="color: #008000;">/// ":", qop-value, ":", HEX(H(A2)) }))</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">GetResponse()</span>
        <span style="color: #000000;">{</span>
            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] a1 = GetA1();</span>
            <span style="color: #0000ff;">string </span><span style="color: #000000;">a2 = GetA2();</span></span>

<span style="font-family: lucida console;">            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"a1=" </span><span style="color: #000000;">+ ConvertToBase16String(a1));</span>
            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"a2=" </span><span style="color: #000000;">+ a2);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] a2Bytes = _encoding.GetBytes(a2);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] a1Hash = _md5.ComputeHash(a1);</span>
            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] a2Hash = _md5.ComputeHash(a2Bytes);</span></span>

<span style="font-family: lucida console;">            <span style="color: #000000;">_a1Md5HashHex = ConvertToBase16String(a1Hash);</span>
            <span style="color: #000000;">_a2Md5HashHex = ConvertToBase16String(a2Hash);</span></span>

<span style="font-family: lucida console;">            <span style="color: #008000;">// Let KD(k, s) be H({k, ":", s})</span>
            <span style="color: #0000ff;">string </span><span style="color: #000000;">kdString = </span><span style="color: #0000ff;">string</span><span style="color: #000000;">.Format(</span><span style="color: #ff00ff;">"{0}:{1}:{2}:{3}:{4}:{5}"</span><span style="color: #000000;">,</span>
                <span style="color: #000000;">_a1Md5HashHex, _challenge.Nonce, </span><span style="color: #ff00ff;">"00000001"</span><span style="color: #000000;">,</span>
                <span style="color: #000000;">_cnonce, </span><span style="color: #ff00ff;">"auth"</span><span style="color: #000000;">, _a2Md5HashHex);</span></span>

<span style="font-family: lucida console;">            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"kd=" </span><span style="color: #000000;">+ kdString);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] kdBytes = _encoding.GetBytes(kdString);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] kd = _md5.ComputeHash(kdBytes);</span>
            <span style="color: #0000ff;">string </span><span style="color: #000000;">kdBase16 = ConvertToBase16String(kd);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">return </span><span style="color: #000000;">kdBase16;</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// A1 = { H( { username-value, ":", realm-value, ":", passwd } ), </span>
        <span style="color: #008000;">/// ":", nonce-value, ":", cnonce-value }</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #0000ff;">private byte</span><span style="color: #000000;">[] GetA1()</span>
        <span style="color: #000000;">{</span>
            <span style="color: #0000ff;">string </span><span style="color: #000000;">userToken = </span><span style="color: #0000ff;">string</span><span style="color: #000000;">.Format(</span><span style="color: #ff00ff;">"{0}:{1}:{2}"</span><span style="color: #000000;">,</span>
                                             <span style="color: #000000;">_username, _realm, _password);</span></span>

<span style="font-family: lucida console;">            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #ff00ff;">"userToken=" </span><span style="color: #000000;">+ userToken);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] bytes = _encoding.GetBytes(userToken);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] md5Hash = _md5.ComputeHash(bytes);</span></span>

<span style="font-family: lucida console;">            <span style="color: #008000;">// Use this for validation purposes from unit testing.</span>
            <span style="color: #000000;">_userTokenMd5HashHex = ConvertToBase16String(md5Hash);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">string </span><span style="color: #000000;">nonces = </span><span style="color: #0000ff;">string</span><span style="color: #000000;">.Format(</span><span style="color: #ff00ff;">":{0}:{1}"</span><span style="color: #000000;">,</span>
                                          <span style="color: #000000;">_challenge.Nonce, _cnonce);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] nonceBytes = _encoding.GetBytes(nonces);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">byte</span><span style="color: #000000;">[] result = </span><span style="color: #0000ff;">new byte</span><span style="color: #000000;">[md5Hash.Length + nonceBytes.Length];</span></span>

<span style="font-family: lucida console;">            <span style="color: #000000;">md5Hash.CopyTo(result, </span><span style="color: #800080;">0</span><span style="color: #000000;">);</span>
            <span style="color: #000000;">nonceBytes.CopyTo(result, md5Hash.Length);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">return </span><span style="color: #000000;">result;</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// A2 = { "AUTHENTICATE:", digest-uri-value }</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">GetA2()</span>
        <span style="color: #000000;">{</span>
            <span style="color: #0000ff;">string </span><span style="color: #000000;">result = </span><span style="color: #0000ff;">string</span><span style="color: #000000;">.Format(</span><span style="color: #ff00ff;">"AUTHENTICATE:{0}"</span><span style="color: #000000;">, _digestUri);</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">return </span><span style="color: #000000;">result;</span>
        <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">        <span style="color: #008000;">/// &lt;summary&gt;</span>
        <span style="color: #008000;">/// Converts a byte array to a base16 string.</span>
        <span style="color: #008000;">/// &lt;/summary&gt;</span>
        <span style="color: #008000;">/// &lt;param name="bytes"&gt;The bytes to convert.&lt;/param&gt;</span>
        <span style="color: #008000;">/// &lt;returns&gt;The hexadecimal string representation of the contents </span>
        <span style="color: #008000;">/// of the byte array.&lt;/returns&gt;</span>
        <span style="color: #0000ff;">private string </span><span style="color: #000000;">ConvertToBase16String(</span><span style="color: #0000ff;">byte</span><span style="color: #000000;">[] bytes)</span>
        <span style="color: #000000;">{</span>
            <span style="color: #808000;">StringBuilder </span><span style="color: #000000;">buffer = </span><span style="color: #0000ff;">new </span><span style="color: #808000;">StringBuilder</span><span style="color: #000000;">();</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">foreach </span><span style="color: #000000;">(</span><span style="color: #0000ff;">byte </span><span style="color: #000000;">b </span><span style="color: #0000ff;">in </span><span style="color: #000000;">bytes)</span>
            <span style="color: #000000;">{</span>
                <span style="color: #0000ff;">string </span><span style="color: #000000;">s = </span><span style="color: #808000;">Convert</span><span style="color: #000000;">.ToString(b, </span><span style="color: #800080;">16</span><span style="color: #000000;">).PadLeft(</span><span style="color: #800080;">2</span><span style="color: #000000;">, </span><span style="color: #ff00ff;">'0'</span><span style="color: #000000;">);</span></span>

<span style="font-family: lucida console;">                <span style="color: #000000;">buffer.Append(s);</span>
            <span style="color: #000000;">}</span></span>

<span style="font-family: lucida console;">            <span style="color: #808000;">Debug</span><span style="color: #000000;">.WriteLine(</span><span style="color: #0000ff;">string</span><span style="color: #000000;">.Format(</span><span style="color: #ff00ff;">"Converted {0} bytes"</span><span style="color: #000000;">, </span>
                <span style="color: #000000;">bytes.Length));</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">string </span><span style="color: #000000;">result = buffer.ToString();</span></span>

<span style="font-family: lucida console;">            <span style="color: #0000ff;">return </span><span style="color: #000000;">result;</span>
        <span style="color: #000000;">}</span>
    <span style="color: #000000;">}</span>
<span style="color: #000000;">}</span></span>

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

using System;

using System.Security.Cryptography;

namespace Xmpp.Client

{

/// <summary>

/// Partial implementation of the SASL authentication protocol

/// using the DIGEST-MD5 mechanism.

/// </summary>

/// <remarks>

/// See <see href="http://www.ietf.org/rfc/rfc4422.txt"/> and

/// <see href="http://www.ietf.org/rfc/rfc2831.txt"/> for details.

/// </remarks>

public class SaslChallengeResponse

{

#region fields

private static readonly Encoding _encoding;

private static readonly MD5 _md5;

private readonly SaslChallenge _challenge;

private readonly string _cnonce;

private readonly string _decodedContent;

private readonly string _digestUri;

private readonly string _encodedContent;

private readonly string _password;

private readonly string _realm;

private readonly string _username;

private string _a1Md5HashHex;

private string _a2Md5HashHex;

private string _responseTokenMd5HashHex;

private string _userTokenMd5HashHex;

#endregion

#region properties

/// <summary>

/// Gets the final, base64 encoded content of the challenge response.

/// </summary>

/// <value>A base64 encoded string of the response content.</value>

public string EncodedContent

{

get { return _encodedContent; }

}

/// <summary>

/// Gets the unencoded content of the challenge response.

/// </summary>

/// <value>The response content in plain text.</value>

public string DecodedContent

{

get { return _decodedContent; }

}

/// <summary>

/// Gets the hexadecimal string representation of the user token MD5

/// hash value.

/// </summary>

/// <value>The hexadecimal representation of the user token MD5 hash

/// value.</value>

public string UserTokenMd5HashHex

{

get { return _userTokenMd5HashHex; }

}

/// <summary>

/// Gets the hexadecimal string representation of the response token

/// MD5 hash value.

/// </summary>

/// <value>The hexadecimal string representation of the response token

/// MD5 hash value.</value>

public string ResponseTokenMd5HashHex

{

get { return _responseTokenMd5HashHex; }

}

/// <summary>

/// Gets the hexadecimal string representation of the A1 MD5 hash

/// value (see RFC4422 and RFC2831)

/// </summary>

/// <value>The hexadecimal string representation of the A1 MD5 hash

/// value (see RFC4422 and RFC2831)</value>

public string A1Md5HashHex

{

get { return _a1Md5HashHex; }

}

/// <summary>

/// Gets the hexadecimal string representation of the A2 MD5 hash

/// value (see RFC4422 and RFC2831)

/// </summary>

/// <value>The hexadecimal string representation of the A2 MD5 hash

/// value (see RFC4422 and RFC2831)</value>

public string A2Md5HashHex

{

get { return _a2Md5HashHex; }

}

#endregion

/// <summary>

/// Initializes the <see cref="SaslChallengeResponse"/> class.

/// </summary>

static SaslChallengeResponse()

{

_md5 = MD5.Create();

_encoding = Encoding.UTF8;

}

/// <summary>

/// Initializes a new instance of the <see cref="SaslChallengeResponse"/>

/// class.

/// </summary>

/// <param name="challenge">The challenge.</param>

/// <param name="username">The username.</param>

/// <param name="password">The password.</param>

public SaslChallengeResponse(SaslChallenge challenge,

string username, string password)

: this(challenge, username, password, null, null, null)

{

}

/// <summary>

/// Initializes a new instance of the <see cref="SaslChallengeResponse"/>

/// class.

/// </summary>

/// <param name="challenge">The challenge.</param>

/// <param name="username">The username.</param>

/// <param name="password">The password.</param>

/// <param name="cnonce">A specific cnonce to use.</param>

public SaslChallengeResponse(SaslChallenge challenge, string username,

string password, string cnonce)

{

}

/// <summary>

/// Initializes a new instance of the <see cref="SaslChallengeResponse"/>

/// class.

/// </summary>

/// <param name="challenge">The challenge.</param>

/// <param name="username">The username.</param>

/// <param name="password">The password.</param>

/// <param name="realm">A specific realm, different from the one in the

/// challenge.</param>

/// <param name="digestUri">The digest URI.</param>

/// <param name="cnonce">A specific client nonce to use.</param>

string password, string realm, string digestUri, string cnonce)

{

_challenge = challenge;

_username = username;

_password = password;

if (string.IsNullOrEmpty(_challenge.Realm))

{

_realm = realm;

}

else

{

_realm = challenge.Realm;

}

{

throw new ArgumentException("No realm was specified.");

}

{

_cnonce =

Guid.NewGuid().ToString().TrimStart('{').TrimEnd('}')

.Replace("-", string.Empty).ToLowerInvariant();

}

else

{

_cnonce = cnonce;

}

{

_digestUri = string.Format("xmpp/{0}", _challenge.Realm);

}

else

{

_digestUri = digestUri;

}

// Main work here:

_decodedContent = GetDecodedContent();

byte[] bytes = _encoding.GetBytes(_decodedContent);

_encodedContent = Convert.ToBase64String(bytes);

}

/// <summary>

/// Gets the body of the response in a decoded format.

/// </summary>

/// <returns>The raw response string.</returns>

private string GetDecodedContent()

{

// Gets the response token according to the algorithm in RFC4422

// and RFC2831

_responseTokenMd5HashHex = GetResponse();

StringBuilder buffer = new StringBuilder();

buffer.AppendFormat("username=\"{0}\",", _username);

buffer.AppendFormat("realm=\"{0}\",", _challenge.Realm);

buffer.AppendFormat("nonce=\"{0}\",", _challenge.Nonce);

buffer.AppendFormat("cnonce=\"{0}\",", _cnonce);

buffer.Append("nc=00000001,qop=auth,");

buffer.AppendFormat("digest-uri=\"{0}\",", _digestUri);

buffer.AppendFormat("response={0},", _responseTokenMd5HashHex);

buffer.Append("charset=utf-8");

return buffer.ToString();

}

/// <summary>

/// HEX( KD ( HEX(H(A1)), { nonce-value, ":" nc-value, ":", cnonce-value,

/// ":", qop-value, ":", HEX(H(A2)) }))

/// </summary>

private string GetResponse()

{

byte[] a1 = GetA1();

string a2 = GetA2();

Debug.WriteLine("a1=" + ConvertToBase16String(a1));

Debug.WriteLine("a2=" + a2);

byte[] a2Bytes = _encoding.GetBytes(a2);

byte[] a1Hash = _md5.ComputeHash(a1);

byte[] a2Hash = _md5.ComputeHash(a2Bytes);

_a1Md5HashHex = ConvertToBase16String(a1Hash);

_a2Md5HashHex = ConvertToBase16String(a2Hash);

// Let KD(k, s) be H({k, ":", s})

string kdString = string.Format("{0}:{1}:{2}:{3}:{4}:{5}",

_a1Md5HashHex, _challenge.Nonce, "00000001",

_cnonce, "auth", _a2Md5HashHex);

Debug.WriteLine("kd=" + kdString);

byte[] kdBytes = _encoding.GetBytes(kdString);

byte[] kd = _md5.ComputeHash(kdBytes);

string kdBase16 = ConvertToBase16String(kd);

return kdBase16;

}

/// <summary>

/// A1 = { H( { username-value, ":", realm-value, ":", passwd } ),

/// ":", nonce-value, ":", cnonce-value }

/// </summary>

private byte[] GetA1()

{

string userToken = string.Format("{0}:{1}:{2}",

_username, _realm, _password);

Debug.WriteLine("userToken=" + userToken);

byte[] bytes = _encoding.GetBytes(userToken);

byte[] md5Hash = _md5.ComputeHash(bytes);

// Use this for validation purposes from unit testing.

_userTokenMd5HashHex = ConvertToBase16String(md5Hash);

string nonces = string.Format(":{0}:{1}",

_challenge.Nonce, _cnonce);

byte[] nonceBytes = _encoding.GetBytes(nonces);

byte[] result = new byte[md5Hash.Length + nonceBytes.Length];

md5Hash.CopyTo(result, 0);

nonceBytes.CopyTo(result, md5Hash.Length);

return result;

}

/// <summary>

/// A2 = { "AUTHENTICATE:", digest-uri-value }

/// </summary>

private string GetA2()

{

string result = string.Format("AUTHENTICATE:{0}", _digestUri);

return result;

}

/// <summary>

/// Converts a byte array to a base16 string.

/// </summary>

/// <param name="bytes">The bytes to convert.</param>

/// <returns>The hexadecimal string representation of the contents

/// of the byte array.</returns>

private string ConvertToBase16String(byte[] bytes)

{

StringBuilder buffer = new StringBuilder();

foreach (byte b in bytes)

{

string s = Convert.ToString(b, 16).PadLeft(2, '0');

buffer.Append(s);

}

Debug.WriteLine(string.Format("Converted {0} bytes",

bytes.Length));

string result = buffer.ToString();

return result;

}

}

Happy DIGESTing!

XMPP SASL Challenge-Response Using DIGEST-MD5 In C#

You may also like...

2 Responses

Recent Posts

Recommended

Calendar

Browse by Category

Browse Archives

Meta

XMPP SASL Challenge-Response Using DIGEST-MD5 In C#

SHARE

You may also like...

Adventures in Single-Sign-On: Cross Domain Script Request

Working with Box OpenAPI Clients

Stop Using var (C#)!

2 Responses

Recent Posts

Recommended

Calendar

Browse by Category

Browse Archives

Meta