lib/rfc2617.c

   1 /* The source in this file is derived from the reference implementation
   2  * in RFC 2617.
   3  * RFC 2617 is Copyright (C) The Internet Society (1999).  All Rights Reserved.
   4  *
   5  * The following copyright and licence statement covers all changes made to the
   6  * reference implementation.
   7  *
   8  * Key changes were: alteration to a plain C layout.
   9  * Create CvtBin function
  10  * Allow CalcHA1 to make use of precaculated username:password:realm hash's
  11  * to prevent squid knowing the users password (idea suggested in RFC 2617).
  12  */
  13
  14 /*
  15  * DEBUG:
  16  * AUTHOR: RFC 2617 & Robert Collins
  17  *
  18  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
  19  * ----------------------------------------------------------
  20  *
  21  *  Squid is the result of efforts by numerous individuals from the
  22  *  Internet community.  Development is led by Duane Wessels of the
  23  *  National Laboratory for Applied Network Research and funded by the
  24  *  National Science Foundation.  Squid is Copyrighted (C) 1998 by
  25  *  the Regents of the University of California.  Please see the
  26  *  COPYRIGHT file for full details.  Squid incorporates software
  27  *  developed and/or copyrighted by other sources.  Please see the
  28  *  CREDITS file for full details.
  29  *
  30  *  This program is free software; you can redistribute it and/or modify
  31  *  it under the terms of the GNU General Public License as published by
  32  *  the Free Software Foundation; either version 2 of the License, or
  33  *  (at your option) any later version.
  34  *
  35  *  This program is distributed in the hope that it will be useful,
  36  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  37  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  38  *  GNU General Public License for more details.
  39  *
  40  *  You should have received a copy of the GNU General Public License
  41  *  along with this program; if not, write to the Free Software
  42  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  43  *
  44  */
  45
  46 #include "squid.h"
  47 #include <string.h>
  48 #include "md5.h"
  49 #include "rfc2617.h"
  50
  51 void
  52 CvtHex(const HASH Bin, HASHHEX Hex)
  53 {
  54     unsigned short i;
  55     unsigned char j;
  56
  57     for (i = 0; i < HASHLEN; i++) {
  58         j = (Bin[i] >> 4) & 0xf;
  59         if (j <= 9)
  60             Hex[i * 2] = (j + '0');
  61         else
  62             Hex[i * 2] = (j + 'a' - 10);
  63         j = Bin[i] & 0xf;
  64         if (j <= 9)
  65             Hex[i * 2 + 1] = (j + '0');
  66         else
  67             Hex[i * 2 + 1] = (j + 'a' - 10);
  68     }
  69     Hex[HASHHEXLEN] = '\0';
  70 }
  71
  72 void
  73 CvtBin(const HASHHEX Hex, HASH Bin)
  74 {
  75     unsigned short i;
  76     unsigned char j;
  77
  78     for (i = 0; i < HASHHEXLEN; i++) {
  79         unsigned char n;
  80         j = Hex[i];
  81         if (('0' <= j) && (j <= '9'))
  82             n = j - '0';
  83         else if (('a' <= j) && (j <= 'f'))
  84             n = j - 'a' + 10;
  85         else if (('A' <= j) && (j <= 'F'))
  86             n = j - 'A' + 10;
  87         else
  88             continue;
  89         if (i % 2 == 0)
  90             Bin[i / 2] = n << 4;
  91         else
  92             Bin[i / 2] |= n;
  93     }
  94     /* FIXME: Coverity detects the below as dead code.
  95       Why? :: right here i == 32
  96         which means the first step of the for loop makes i==16
  97         and cannot be < HASHLEN (which is also 16)
  98     */
  99     for (i = i / 2; i < HASHLEN; i++) {
 100         Bin[i] = '\0';
 101     }
 102 }
 103
 104 /* calculate H(A1) as per spec */
 105 void
 106 DigestCalcHA1(
 107     const char *pszAlg,
 108     const char *pszUserName,
 109     const char *pszRealm,
 110     const char *pszPassword,
 111     const char *pszNonce,
 112     const char *pszCNonce,
 113     HASH HA1,
 114     HASHHEX SessionKey
 115 )
 116 {
 117     SquidMD5_CTX Md5Ctx;
 118
 119     if (pszUserName) {
 120         SquidMD5Init(&Md5Ctx);
 121         SquidMD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
 122         SquidMD5Update(&Md5Ctx, ":", 1);
 123         SquidMD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
 124         SquidMD5Update(&Md5Ctx, ":", 1);
 125         SquidMD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
 126         SquidMD5Final((unsigned char *) HA1, &Md5Ctx);
 127     }
 128     if (strcasecmp(pszAlg, "md5-sess") == 0) {
 129         HASHHEX HA1Hex;
 130         CvtHex(HA1, HA1Hex);    /* RFC2617 errata */
 131         SquidMD5Init(&Md5Ctx);
 132         SquidMD5Update(&Md5Ctx, HA1Hex, HASHHEXLEN);
 133         SquidMD5Update(&Md5Ctx, ":", 1);
 134         SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
 135         SquidMD5Update(&Md5Ctx, ":", 1);
 136         SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
 137         SquidMD5Final((unsigned char *) HA1, &Md5Ctx);
 138     }
 139     CvtHex(HA1, SessionKey);
 140 }
 141
 142 /* calculate request-digest/response-digest as per HTTP Digest spec */
 143 void
 144 DigestCalcResponse(
 145     const HASHHEX HA1,          /* H(A1) */
 146     const char *pszNonce,       /* nonce from server */
 147     const char *pszNonceCount,  /* 8 hex digits */
 148     const char *pszCNonce,      /* client nonce */
 149     const char *pszQop,         /* qop-value: "", "auth", "auth-int" */
 150     const char *pszMethod,      /* method from the request */
 151     const char *pszDigestUri,   /* requested URL */
 152     const HASHHEX HEntity,      /* H(entity body) if qop="auth-int" */
 153     HASHHEX Response            /* request-digest or response-digest */
 154 )
 155 {
 156     SquidMD5_CTX Md5Ctx;
 157     HASH HA2;
 158     HASH RespHash;
 159     HASHHEX HA2Hex;
 160
 161     /*  calculate H(A2)
 162      */
 163     SquidMD5Init(&Md5Ctx);
 164     SquidMD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
 165     SquidMD5Update(&Md5Ctx, ":", 1);
 166     SquidMD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
 167     if (pszQop && strcasecmp(pszQop, "auth-int") == 0) {
 168         SquidMD5Update(&Md5Ctx, ":", 1);
 169         SquidMD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
 170     }
 171     SquidMD5Final((unsigned char *) HA2, &Md5Ctx);
 172     CvtHex(HA2, HA2Hex);
 173
 174     /* calculate response
 175      */
 176     SquidMD5Init(&Md5Ctx);
 177     SquidMD5Update(&Md5Ctx, HA1, HASHHEXLEN);
 178     SquidMD5Update(&Md5Ctx, ":", 1);
 179     SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
 180     SquidMD5Update(&Md5Ctx, ":", 1);
 181     if (pszQop) {
 182         SquidMD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
 183         SquidMD5Update(&Md5Ctx, ":", 1);
 184         SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
 185         SquidMD5Update(&Md5Ctx, ":", 1);
 186         SquidMD5Update(&Md5Ctx, pszQop, strlen(pszQop));
 187         SquidMD5Update(&Md5Ctx, ":", 1);
 188     }
 189     SquidMD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN);
 190     SquidMD5Final((unsigned char *) RespHash, &Md5Ctx);
 191     CvtHex(RespHash, Response);
 192 }