The problem is in your key
87b8937f61d38d0e29cd2d5600b3f4da0aa48ac41de36a0efe84bb4a9872ceb7
Your test vector decodes this hex string into a 64 byte binary value and
then uses that as the key. While you are using the key as-is.
Bad:
hmac.new('87b8937f61d38d0e29cd2d5600b3f4da0aa48ac41de36a0efe84bb4a9872ceb7',
"hawk.1.header\n1426168115\nPZ5oR8+A1cg=\nGET\n/simplesync/account/keys\nlocalhost\n443\n\n\n",
hashlib.sha256).digest().encode('base64')
'NnjwluoNCZXutov27mON9WJYIoXawk5ERrEtHPvg5WY=\n'
Good:
hmac.new('87b8937f61d38d0e29cd2d5600b3f4da0aa48ac41de36a0efe84bb4a9872ceb7'.decode('hex'),
"hawk.1.header\n1426168115\nPZ5oR8+A1cg=\nGET\n/simplesync/account/keys\nlocalhost\n443\n\n\n",
hashlib.sha256).digest().encode('base64')
'BcLvmko79juoZDTfdHDVpi/D5logg7xg9MdcraBo3zI=\n'
(Second version has a .decode('hex') in there)
S.
On Thu, Mar 12, 2015 at 10:02 AM, Peter Mueller <[email protected]> wrote:
> Hi,
> I am emulating the FxA protocol and I have trouble authenticating a Hawk
> request sent by the Desktop client to /account/keys on Server using the
> standard Hawk lib.
>
> After reading and trying a lot I am at a loss why I don't get the
> correct mac value for the following parameters and I am thankful for
> comments. Using a different Hawk-lib results in the same mac, so I
> somehow build the wrong normalized string, but I don't know what goes
> wrong. Ideas?
>
> I am using the given test vectors for KeyFetchToken, therefore the key
> should be:
> 87b8937f61d38d0e29cd2d5600b3f4da0aa48ac41de36a0efe84bb4a9872ceb7
>
> Sent Apache Authorization Header from client:
> Hawk
> id="3d0a7c02a15a62a2882f76e39b6494b500c022a8816e048625a495718998ba60",
> ts="1426168115", nonce="PZ5oR8+A1cg=",
> mac="BcLvmko79juoZDTfdHDVpi/D5logg7xg9MdcraBo3zI="
>
> Here are the variables I am using:
> key = "87b8937f61d38d0e29cd2d5600b3f4da0aa48ac41de36a0efe84bb4a9872ceb7";
> ts = "1426168115";
> nonce = "PZ5oR8+A1cg=";
> method = "GET";
> resource = "/simplesync/account/keys";
> host = "localhost";
> port = "443";
> payload_hash = ""; // no hash given
> extra = "";
>
> which results in the following normalized String (without -----):
>
> |-----------
> hawk.1.header
> 1426168115
> PZ5oR8+A1cg=
> GET
> /simplesync/account/keys
> localhost
> 443
>
>
>
> -----------
> and the following mac for my string = |||
> |NnjwluoNCZXutov27mON9WJYIoXawk5ERrEtHPvg5WY=|
>
> And the raw Request in full:
> GET https://localhost/simplesync/account/keys HTTP/1.1
> Host: localhost
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101
> Firefox/36.0
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: de, en-US, en
> Accept-Encoding: gzip, deflate
> Authorization: Hawk
> id="3d0a7c02a15a62a2882f76e39b6494b500c022a8816e048625a495718998ba60",
> ts="1426168115", nonce="PZ5oR8+A1cg=",
> mac="BcLvmko79juoZDTfdHDVpi/D5logg7xg9MdcraBo3zI="
> Content-Type: text/plain
> Connection: keep-alive
> Pragma: no-cache
> Cache-Control: no-cache
>
> Thanks
> Peter
>
>
>
>
> _______________________________________________
> Sync-dev mailing list
> [email protected]
> https://mail.mozilla.org/listinfo/sync-dev
>
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
