]>
Commit | Line | Data |
---|---|---|
2d70df72 | 1 | /* The source in this file is derived from the reference implementation |
2 | * in RFC 2617. | |
3 | * RFC 2617 is Copyright (C) The Internet Society (1999). All Rights Reserved. | |
4 | * | |
5 | * The following copyright and licence statement covers all changes made to the | |
6 | * reference implementation. | |
7 | * | |
8 | * Key changes were: alteration to a plain C layout. | |
9 | * Create CvtBin function | |
10 | * Allow CalcHA1 to make use of precaculated username:password:realm hash's | |
11 | * to prevent squid knowing the users password (idea suggested in RFC 2617). | |
12 | */ | |
13 | ||
14 | ||
15 | /* | |
9bea1d5b | 16 | * $Id: rfc2617.c,v 1.4 2001/10/17 12:41:48 hno Exp $ |
2d70df72 | 17 | * |
18 | * DEBUG: | |
19 | * AUTHOR: RFC 2617 & Robert Collins | |
20 | * | |
21 | * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ | |
22 | * ---------------------------------------------------------- | |
23 | * | |
24 | * Squid is the result of efforts by numerous individuals from the | |
25 | * Internet community. Development is led by Duane Wessels of the | |
26 | * National Laboratory for Applied Network Research and funded by the | |
27 | * National Science Foundation. Squid is Copyrighted (C) 1998 by | |
28 | * the Regents of the University of California. Please see the | |
29 | * COPYRIGHT file for full details. Squid incorporates software | |
30 | * developed and/or copyrighted by other sources. Please see the | |
31 | * CREDITS file for full details. | |
32 | * | |
33 | * This program is free software; you can redistribute it and/or modify | |
34 | * it under the terms of the GNU General Public License as published by | |
35 | * the Free Software Foundation; either version 2 of the License, or | |
36 | * (at your option) any later version. | |
37 | * | |
38 | * This program is distributed in the hope that it will be useful, | |
39 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
40 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
41 | * GNU General Public License for more details. | |
42 | * | |
43 | * You should have received a copy of the GNU General Public License | |
44 | * along with this program; if not, write to the Free Software | |
45 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
46 | * | |
47 | */ | |
48 | ||
49 | #include "config.h" | |
50 | #include <string.h> | |
51 | #include "rfc2617.h" | |
1f7c9178 | 52 | #include "md5.h" |
2d70df72 | 53 | |
9bea1d5b | 54 | void |
2d70df72 | 55 | CvtHex(const HASH Bin, HASHHEX Hex) |
56 | { | |
57 | unsigned short i; | |
58 | unsigned char j; | |
59 | ||
60 | for (i = 0; i < HASHLEN; i++) { | |
61 | j = (Bin[i] >> 4) & 0xf; | |
62 | if (j <= 9) | |
63 | Hex[i * 2] = (j + '0'); | |
64 | else | |
65 | Hex[i * 2] = (j + 'a' - 10); | |
66 | j = Bin[i] & 0xf; | |
67 | if (j <= 9) | |
68 | Hex[i * 2 + 1] = (j + '0'); | |
69 | else | |
70 | Hex[i * 2 + 1] = (j + 'a' - 10); | |
71 | }; | |
72 | Hex[HASHHEXLEN] = '\0'; | |
73 | }; | |
74 | ||
9bea1d5b | 75 | void |
2d70df72 | 76 | CvtBin(const HASHHEX Hex, HASH Bin) |
77 | { | |
78 | unsigned short i; | |
79 | unsigned char j; | |
80 | ||
81 | for (i = 0; i < HASHHEXLEN; i++) { | |
82 | j = Hex[i]; | |
83 | if (('0' <= j) && (j <= '9')) | |
84 | Bin[i / 2] |= ((j - '0') << ((i % 2 == 0) ? 4 : 0)); | |
85 | else | |
86 | Bin[i / 2] |= ((j - 'a' + 10) << ((i % 2 == 0) ? 4 : 0)); | |
87 | }; | |
88 | Bin[HASHLEN] = '\0'; | |
89 | }; | |
90 | ||
91 | ||
92 | /* calculate H(A1) as per spec */ | |
9bea1d5b | 93 | void |
2d70df72 | 94 | DigestCalcHA1( |
95 | const char *pszAlg, | |
96 | const char *pszUserName, | |
97 | const char *pszRealm, | |
98 | const char *pszPassword, | |
99 | const char *pszNonce, | |
100 | const char *pszCNonce, | |
101 | HASH HA1, | |
102 | HASHHEX SessionKey | |
103 | ) | |
104 | { | |
105 | MD5_CTX Md5Ctx; | |
106 | ||
107 | if (pszUserName) { | |
108 | MD5Init(&Md5Ctx); | |
109 | MD5Update(&Md5Ctx, pszUserName, strlen(pszUserName)); | |
110 | MD5Update(&Md5Ctx, ":", 1); | |
111 | MD5Update(&Md5Ctx, pszRealm, strlen(pszRealm)); | |
112 | MD5Update(&Md5Ctx, ":", 1); | |
113 | MD5Update(&Md5Ctx, pszPassword, strlen(pszPassword)); | |
114 | MD5Final(HA1, &Md5Ctx); | |
115 | } | |
a8cb0f62 | 116 | if (strcasecmp(pszAlg, "md5-sess") == 0) { |
2d70df72 | 117 | MD5Init(&Md5Ctx); |
118 | MD5Update(&Md5Ctx, HA1, HASHLEN); | |
119 | MD5Update(&Md5Ctx, ":", 1); | |
120 | MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce)); | |
121 | MD5Update(&Md5Ctx, ":", 1); | |
122 | MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce)); | |
123 | MD5Final(HA1, &Md5Ctx); | |
124 | }; | |
125 | CvtHex(HA1, SessionKey); | |
126 | }; | |
127 | ||
128 | /* calculate request-digest/response-digest as per HTTP Digest spec */ | |
9bea1d5b | 129 | void |
2d70df72 | 130 | DigestCalcResponse( |
131 | const HASHHEX HA1, /* H(A1) */ | |
132 | const char *pszNonce, /* nonce from server */ | |
133 | const char *pszNonceCount, /* 8 hex digits */ | |
134 | const char *pszCNonce, /* client nonce */ | |
135 | const char *pszQop, /* qop-value: "", "auth", "auth-int" */ | |
136 | const char *pszMethod, /* method from the request */ | |
137 | const char *pszDigestUri, /* requested URL */ | |
138 | const HASHHEX HEntity, /* H(entity body) if qop="auth-int" */ | |
139 | HASHHEX Response /* request-digest or response-digest */ | |
140 | ) | |
141 | { | |
142 | MD5_CTX Md5Ctx; | |
143 | HASH HA2; | |
144 | HASH RespHash; | |
145 | HASHHEX HA2Hex; | |
146 | ||
147 | /* calculate H(A2) | |
148 | */ | |
149 | MD5Init(&Md5Ctx); | |
150 | MD5Update(&Md5Ctx, pszMethod, strlen(pszMethod)); | |
151 | MD5Update(&Md5Ctx, ":", 1); | |
152 | MD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri)); | |
a8cb0f62 | 153 | if (strcasecmp(pszQop, "auth-int") == 0) { |
2d70df72 | 154 | MD5Update(&Md5Ctx, ":", 1); |
155 | MD5Update(&Md5Ctx, HEntity, HASHHEXLEN); | |
156 | }; | |
157 | MD5Final(HA2, &Md5Ctx); | |
158 | CvtHex(HA2, HA2Hex); | |
159 | ||
160 | /* calculate response | |
161 | */ | |
162 | MD5Init(&Md5Ctx); | |
163 | MD5Update(&Md5Ctx, HA1, HASHHEXLEN); | |
164 | MD5Update(&Md5Ctx, ":", 1); | |
165 | MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce)); | |
166 | MD5Update(&Md5Ctx, ":", 1); | |
167 | if (*pszQop) { | |
168 | MD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount)); | |
169 | MD5Update(&Md5Ctx, ":", 1); | |
170 | MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce)); | |
171 | MD5Update(&Md5Ctx, ":", 1); | |
172 | MD5Update(&Md5Ctx, pszQop, strlen(pszQop)); | |
173 | MD5Update(&Md5Ctx, ":", 1); | |
174 | }; | |
175 | MD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN); | |
176 | MD5Final(RespHash, &Md5Ctx); | |
177 | CvtHex(RespHash, Response); | |
178 | }; |