]>
git.ipfire.org Git - thirdparty/squid.git/blob - lib/rfc2617.c
1 /* The source in this file is derived from the reference implementation
3 * RFC 2617 is Copyright (C) The Internet Society (1999). All Rights Reserved.
5 * The following copyright and licence statement covers all changes made to the
6 * reference implementation.
8 * Key changes were: alteration to a plain C layout.
9 * Create CvtBin function
10 * Allow CalcHA1 to make use of precaculated username:password:realm hash's
11 * to prevent squid knowing the users password (idea suggested in RFC 2617).
18 * AUTHOR: RFC 2617 & Robert Collins
20 * SQUID Internet Object Cache http://squid.nlanr.net/Squid/
21 * ----------------------------------------------------------
23 * Squid is the result of efforts by numerous individuals from the
24 * Internet community. Development is led by Duane Wessels of the
25 * National Laboratory for Applied Network Research and funded by the
26 * National Science Foundation. Squid is Copyrighted (C) 1998 by
27 * the Regents of the University of California. Please see the
28 * COPYRIGHT file for full details. Squid incorporates software
29 * developed and/or copyrighted by other sources. Please see the
30 * CREDITS file for full details.
32 * This program is free software; you can redistribute it and/or modify
33 * it under the terms of the GNU General Public License as published by
34 * the Free Software Foundation; either version 2 of the License, or
35 * (at your option) any later version.
37 * This program is distributed in the hope that it will be useful,
38 * but WITHOUT ANY WARRANTY; without even the implied warranty of
39 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
40 * GNU General Public License for more details.
42 * You should have received a copy of the GNU General Public License
43 * along with this program; if not, write to the Free Software
44 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
54 CvtHex(const HASH Bin
, HASHHEX Hex
)
59 for (i
= 0; i
< HASHLEN
; i
++) {
60 j
= (Bin
[i
] >> 4) & 0xf;
62 Hex
[i
* 2] = (j
+ '0');
64 Hex
[i
* 2] = (j
+ 'a' - 10);
67 Hex
[i
* 2 + 1] = (j
+ '0');
69 Hex
[i
* 2 + 1] = (j
+ 'a' - 10);
71 Hex
[HASHHEXLEN
] = '\0';
75 CvtBin(const HASHHEX Hex
, HASH Bin
)
80 for (i
= 0; i
< HASHHEXLEN
; i
++) {
83 if (('0' <= j
) && (j
<= '9'))
85 else if (('a' <= j
) && (j
<= 'f'))
87 else if (('A' <= j
) && (j
<= 'F'))
96 /* FIXME: Coverity detects the below as dead code.
97 Why? :: right here i == 32
98 which means the first step of the for loop makes i==16
99 and cannot be < HASHLEN (which is also 16)
101 for (i
= i
/ 2; i
< HASHLEN
; i
++) {
106 /* calculate H(A1) as per spec */
110 const char *pszUserName
,
111 const char *pszRealm
,
112 const char *pszPassword
,
113 const char *pszNonce
,
114 const char *pszCNonce
,
122 SquidMD5Init(&Md5Ctx
);
123 SquidMD5Update(&Md5Ctx
, pszUserName
, strlen(pszUserName
));
124 SquidMD5Update(&Md5Ctx
, ":", 1);
125 SquidMD5Update(&Md5Ctx
, pszRealm
, strlen(pszRealm
));
126 SquidMD5Update(&Md5Ctx
, ":", 1);
127 SquidMD5Update(&Md5Ctx
, pszPassword
, strlen(pszPassword
));
128 SquidMD5Final((unsigned char *) HA1
, &Md5Ctx
);
130 if (strcasecmp(pszAlg
, "md5-sess") == 0) {
132 CvtHex(HA1
, HA1Hex
); /* RFC2617 errata */
133 SquidMD5Init(&Md5Ctx
);
134 SquidMD5Update(&Md5Ctx
, HA1Hex
, HASHHEXLEN
);
135 SquidMD5Update(&Md5Ctx
, ":", 1);
136 SquidMD5Update(&Md5Ctx
, pszNonce
, strlen(pszNonce
));
137 SquidMD5Update(&Md5Ctx
, ":", 1);
138 SquidMD5Update(&Md5Ctx
, pszCNonce
, strlen(pszCNonce
));
139 SquidMD5Final((unsigned char *) HA1
, &Md5Ctx
);
141 CvtHex(HA1
, SessionKey
);
144 /* calculate request-digest/response-digest as per HTTP Digest spec */
147 const HASHHEX HA1
, /* H(A1) */
148 const char *pszNonce
, /* nonce from server */
149 const char *pszNonceCount
, /* 8 hex digits */
150 const char *pszCNonce
, /* client nonce */
151 const char *pszQop
, /* qop-value: "", "auth", "auth-int" */
152 const char *pszMethod
, /* method from the request */
153 const char *pszDigestUri
, /* requested URL */
154 const HASHHEX HEntity
, /* H(entity body) if qop="auth-int" */
155 HASHHEX Response
/* request-digest or response-digest */
165 SquidMD5Init(&Md5Ctx
);
166 SquidMD5Update(&Md5Ctx
, pszMethod
, strlen(pszMethod
));
167 SquidMD5Update(&Md5Ctx
, ":", 1);
168 SquidMD5Update(&Md5Ctx
, pszDigestUri
, strlen(pszDigestUri
));
169 if (pszQop
&& strcasecmp(pszQop
, "auth-int") == 0) {
170 SquidMD5Update(&Md5Ctx
, ":", 1);
171 SquidMD5Update(&Md5Ctx
, HEntity
, HASHHEXLEN
);
173 SquidMD5Final((unsigned char *) HA2
, &Md5Ctx
);
176 /* calculate response
178 SquidMD5Init(&Md5Ctx
);
179 SquidMD5Update(&Md5Ctx
, HA1
, HASHHEXLEN
);
180 SquidMD5Update(&Md5Ctx
, ":", 1);
181 SquidMD5Update(&Md5Ctx
, pszNonce
, strlen(pszNonce
));
182 SquidMD5Update(&Md5Ctx
, ":", 1);
184 SquidMD5Update(&Md5Ctx
, pszNonceCount
, strlen(pszNonceCount
));
185 SquidMD5Update(&Md5Ctx
, ":", 1);
186 SquidMD5Update(&Md5Ctx
, pszCNonce
, strlen(pszCNonce
));
187 SquidMD5Update(&Md5Ctx
, ":", 1);
188 SquidMD5Update(&Md5Ctx
, pszQop
, strlen(pszQop
));
189 SquidMD5Update(&Md5Ctx
, ":", 1);
191 SquidMD5Update(&Md5Ctx
, HA2Hex
, HASHHEXLEN
);
192 SquidMD5Final((unsigned char *) RespHash
, &Md5Ctx
);
193 CvtHex(RespHash
, Response
);