mirror of https://github.com/moparisthebest/xeps
updated examples to track rfc3920bis
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@425 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Peter Saint-Andre
parent
6e4a3cfd2f
commit
c091b4c77d
105
xep-0185.xml
105
xep-0185.xml
|
|
@ -71,22 +71,33 @@
|
|||
<p>&nistfips198a; recommends that the length of the key should be at least half the size of the hash function output. To fulfill this requirement, the secret SHOULD be hashed with the hash function prior to usage as a key in HMAC.</p>
|
||||
<p>The Stream ID and the involved hostnames should be concatenated with a unicode space character (U+0020) for the delimiter.</p>
|
||||
<code>
|
||||
key = HEX( HMAC-SHA256( SHA256(Secret), { Receiving Server, ' ',
|
||||
Originating or Authoritative server, ' ', Stream ID } ) )
|
||||
key = HMAC-SHA256
|
||||
(
|
||||
SHA256(Secret),
|
||||
{
|
||||
Receiving Server, ' ',
|
||||
Originating or Authoritative server, ' ',
|
||||
Stream ID
|
||||
}
|
||||
)
|
||||
</code>
|
||||
<p>To avoid problems of encoding, a hexadecimal representation of the digest algorithm output SHOULD be used.</p>
|
||||
<p>To avoid encoding problems, the digest algorithm output MUST be provided in the hexadecimal representation.</p>
|
||||
</section1>
|
||||
<section1 topic='Key Generation and Validation'>
|
||||
<p>This document closely follows the description of the dialback protocol in <cite>RFC 3920</cite>, but omits steps that are not important for the generation and validation of the dialback keys. For ease of comparison the numbering of the steps is the same as in section 8.3 of <cite>RFC 3920</cite>. Any line breaks in the examples are included for the purpose of readability only.</p>
|
||||
<p>The following data values are used in the examples:</p>
|
||||
<table caption='Data Used in Examples'>
|
||||
<tr>
|
||||
<td>Originating and Authoritative Server</td>
|
||||
<td>example.com</td>
|
||||
<td>Originating Server</td>
|
||||
<td>example.org</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Authoritative Server</td>
|
||||
<td>example.org</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Receiving Server</td>
|
||||
<td>example.net</td>
|
||||
<td>xmpp.example.com</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Secret</td>
|
||||
|
|
@ -103,8 +114,8 @@ key = HEX( HMAC-SHA256( SHA256(Secret), { Receiving Server, ' ',
|
|||
xmlns:stream='http://etherx.jabber.org/streams'
|
||||
xmlns='jabber:server'
|
||||
xmlns:db='jabber:server:dialback'
|
||||
to='example.com'
|
||||
from='example.net'
|
||||
to='xmpp.example.com'
|
||||
from='example.org'
|
||||
id='D60000229F'>
|
||||
]]></code>
|
||||
<p>The Originating Server now generates a dialback key to be sent to the Receiving Server:</p>
|
||||
|
|
@ -115,52 +126,52 @@ key = HMAC-SHA256(
|
|||
)
|
||||
= HMAC-SHA256(
|
||||
SHA256('s3cr3tf0rd14lb4ck'),
|
||||
{ 'example.net', ' ', 'example.com', ' ', 'D60000229F' }
|
||||
{ 'xmpp.example.com', ' ', 'example.org', ' ', 'D60000229F' }
|
||||
)
|
||||
= HMAC-SHA256(
|
||||
'a7136eb1f46c9ef18c5e78c36ca257067c69b3d518285f0b18a96c33beae9acc',
|
||||
'example.net example.com D60000229F'
|
||||
'xmpp.example.com example.org D60000229F'
|
||||
)
|
||||
= '008c689ff366b50c63d69a3e2d2c0e0e1f8404b0118eb688a0102c87cb691bdc'
|
||||
= '37c69b1cf07a3f67c04a5ef5902fa5114f2c76fe4a2686482ba5b89323075643'
|
||||
</code>
|
||||
<p>4. The Originating Server sends the generated dialback key to the Receiving Server:</p>
|
||||
<code><![CDATA[
|
||||
<db:result
|
||||
to='example.net'
|
||||
from='example.com'>
|
||||
008c689ff366b50c63d69a3e2d2c0e0e1f8404b0118eb688a0102c87cb691bdc
|
||||
to='xmpp.example.com'
|
||||
from='example.org'>
|
||||
37c69b1cf07a3f67c04a5ef5902fa5114f2c76fe4a2686482ba5b89323075643
|
||||
</db:result>
|
||||
]]></code>
|
||||
<p>8. The Receiving Server sends the Authoritative Server a request for verification of the key:</p>
|
||||
<code><![CDATA[
|
||||
<db:verify
|
||||
to='example.com'
|
||||
from='example.net'
|
||||
to='example.org'
|
||||
from='xmpp.example.com'
|
||||
id='D60000229F'>
|
||||
008c689ff366b50c63d69a3e2d2c0e0e1f8404b0118eb688a0102c87cb691bdc
|
||||
37c69b1cf07a3f67c04a5ef5902fa5114f2c76fe4a2686482ba5b89323075643
|
||||
</db:verify>
|
||||
]]></code>
|
||||
<p>The Authoritative Server calculates the valid key for this verify request, using data supplied in the packet and the secret shared with the Originating Server.</p>
|
||||
<code>
|
||||
key = HMAC-SHA256(
|
||||
secret,
|
||||
SHA256(secret),
|
||||
{ Receiving Server, ' ', Authoritative Server, ' ', Stream ID }
|
||||
)
|
||||
= HMAC-SHA256(
|
||||
SHA256('s3cr3tf0rd14lb4ck'),
|
||||
{ 'example.net', ' ', 'example.com', ' ', 'D60000229F' }
|
||||
{ 'xmpp.example.com', ' ', 'example.org', ' ', 'D60000229F' }
|
||||
)
|
||||
= HMAC-SHA256(
|
||||
'a7136eb1f46c9ef18c5e78c36ca257067c69b3d518285f0b18a96c33beae9acc',
|
||||
'example.net example.com D60000229F'
|
||||
'xmpp.example.com example.org D60000229F'
|
||||
)
|
||||
= '008c689ff366b50c63d69a3e2d2c0e0e1f8404b0118eb688a0102c87cb691bdc'
|
||||
= '37c69b1cf07a3f67c04a5ef5902fa5114f2c76fe4a2686482ba5b89323075643'
|
||||
</code>
|
||||
<p>9. The Authoritative Server compares this value to the key contained in the verification requests and informs the Originating Server of the result, in our example a success:</p>
|
||||
<code><![CDATA[
|
||||
<db:verify
|
||||
to='example.net'
|
||||
from='example.com'
|
||||
to='xmpp.example.com'
|
||||
from='example.org'
|
||||
id='D60000229F'
|
||||
type='valid'/>
|
||||
]]></code>
|
||||
|
|
@ -181,19 +192,19 @@ key = HMAC-SHA256(
|
|||
<code>
|
||||
key = SHA1({ Secret, Receiving Server, Stream ID })
|
||||
</code>
|
||||
<p>The dialback keys generated for the originating domains 'example.com' and 'example.net' are the same, which might disclose that the secret used to generate the keys for these domains is equal. An attacker cannot exploit this any further.</p>
|
||||
<p>The dialback keys generated for the originating domains 'example.org' and 'xmpp.example.com' are the same, which might disclose that the secret used to generate the keys for these domains is equal. An attacker cannot exploit this any further.</p>
|
||||
<code><![CDATA[
|
||||
<db:verify
|
||||
to='example.com'
|
||||
from='example.net'
|
||||
to='example.org'
|
||||
from='xmpp.example.com'
|
||||
id='D60000229F'>
|
||||
dba68f5de5b1766d55e70109f42842695bdeb6e4
|
||||
22f8a639f5864d851556c566f52683ac3790bd35
|
||||
</db:verify>
|
||||
]]></code>
|
||||
<p>This key is generated using:</p>
|
||||
<code>
|
||||
SHA1('s3cr3tf0rd14lb4ckexample.netD60000229F') =
|
||||
'dba68f5de5b1766d55e70109f42842695bdeb6e4'
|
||||
SHA1('s3cr3tf0rd14lb4ckxmpp.example.comD60000229F') =
|
||||
'22f8a639f5864d851556c566f52683ac3790bd35'
|
||||
</code>
|
||||
</section2>
|
||||
<section2 topic='Stream ID Not Considered'>
|
||||
|
|
@ -204,24 +215,24 @@ key = SHA1({ Secret, Receiving Server, Originating Server })
|
|||
<p>If the attacker is able to obtain a single valid dialback key exchanged between the two domains, this key can be used to validate any stream.</p>
|
||||
<code><![CDATA[
|
||||
<db:verify
|
||||
to='example.com'
|
||||
from='example.net'
|
||||
to='example.org'
|
||||
from='xmpp.example.com'
|
||||
id='D60000229F'>
|
||||
48337750828778765f5e2abbce14a6c5680f2fff
|
||||
7c39e9cbd28b63676c1ae74e9b98ac229c611cfc
|
||||
</db:verify>
|
||||
]]></code>
|
||||
<p>This key is generated using the empty string instead of the id:</p>
|
||||
<code>
|
||||
SHA1('s3cr3tf0rd14lb4ckexample.netexample.com') =
|
||||
'48337750828778765f5e2abbce14a6c5680f2fff'
|
||||
SHA1('s3cr3tf0rd14lb4ckxmpp.example.comexample.org') =
|
||||
'7c39e9cbd28b63676c1ae74e9b98ac229c611cfc'
|
||||
</code>
|
||||
<p>This key is also valid for</p>
|
||||
<code><![CDATA[
|
||||
<db:verify
|
||||
to='example.com'
|
||||
from='example.net'
|
||||
to='example.org'
|
||||
from='xmpp.example.com'
|
||||
id='anyidyouwant'>
|
||||
48337750828778765f5e2abbce14a6c5680f2fff
|
||||
7c39e9cbd28b63676c1ae74e9b98ac229c611cfc
|
||||
</db:verify>
|
||||
]]></code>
|
||||
</section2>
|
||||
|
|
@ -233,16 +244,16 @@ key = SHA1({ Secret, Originating Server, Stream ID })
|
|||
<p>The attacker can use a dialback key and stream ID we have sent to a domain under his control.</p>
|
||||
<code><![CDATA[
|
||||
<db:verify
|
||||
to='example.com'
|
||||
from='example.net'
|
||||
to='example.org'
|
||||
from='xmpp.example.com'
|
||||
id='D60000229F'>
|
||||
eb6c42adee0ced8782175f98a56e4c00b2503602
|
||||
ffe5f8139d3eee683068de52481ae61a131e7025
|
||||
</db:verify>
|
||||
]]></code>
|
||||
<p>This key is generated using:</p>
|
||||
<code>
|
||||
SHA1('s3cr3tf0rd14lb4ckexample.comD60000229F') =
|
||||
'eb6c42adee0ced8782175f98a56e4c00b2503602'
|
||||
SHA1('s3cr3tf0rd14lb4ckexample.orgD60000229F') =
|
||||
'ffe5f8139d3eee683068de52481ae61a131e7025'
|
||||
</code>
|
||||
</section2>
|
||||
<section2 topic='Shared Secret Not Considered'>
|
||||
|
|
@ -253,16 +264,16 @@ key = SHA1({ Receiving Server, Originating Server, Stream ID })
|
|||
<p>In both cases the attacker is able to generate an arbitrary number of dialback keys.</p>
|
||||
<code><![CDATA[
|
||||
<db:verify
|
||||
to='example.com'
|
||||
from='example.net'
|
||||
to='example.org'
|
||||
from='xmpp.example.com'
|
||||
id='D60000229F'>
|
||||
c08b18d349a9c4d6aaca2dc3baa772bb7749e3b8
|
||||
65d94be830a9cba41edb50b6f6ec72a89754a2a5
|
||||
</db:verify>
|
||||
]]></code>
|
||||
<p>This key is generated using:</p>
|
||||
<code>
|
||||
SHA1('example.netexample.comD60000229F') =
|
||||
'c08b18d349a9c4d6aaca2dc3baa772bb7749e3b8'
|
||||
SHA1('xmpp.example.comexample.orgD60000229F') =
|
||||
'65d94be830a9cba41edb50b6f6ec72a89754a2a5'
|
||||
</code>
|
||||
</section2>
|
||||
</section1>
|
||||
|
|
|
|||
Loading…
Reference in New Issue