[thirdparty/squid.git] / lib / rfc2617.c

/* The source in this file is derived from the reference implementation 
 * in RFC 2617. 
 * RFC 2617 is Copyright (C) The Internet Society (1999).  All Rights Reserved.
 *
 * The following copyright and licence statement covers all changes made to the 
 * reference implementation.
 * 
 * Key changes were: alteration to a plain C layout.
 * Create CvtBin function
 * Allow CalcHA1 to make use of precaculated username:password:realm hash's
 * to prevent squid knowing the users password (idea suggested in RFC 2617).
 */


/*
 * $Id: rfc2617.c,v 1.4 2001/10/17 12:41:48 hno Exp $
 *
 * DEBUG:
 * AUTHOR: RFC 2617 & Robert Collins
 *
 * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
 * ----------------------------------------------------------
 *
 *  Squid is the result of efforts by numerous individuals from the
 *  Internet community.  Development is led by Duane Wessels of the
 *  National Laboratory for Applied Network Research and funded by the
 *  National Science Foundation.  Squid is Copyrighted (C) 1998 by
 *  the Regents of the University of California.  Please see the
 *  COPYRIGHT file for full details.  Squid incorporates software
 *  developed and/or copyrighted by other sources.  Please see the
 *  CREDITS file for full details.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "config.h"
#include <string.h>
#include "rfc2617.h"
#include "md5.h"

void
CvtHex(const HASH Bin, HASHHEX Hex)
{
    unsigned short i;
    unsigned char j;

    for (i = 0; i < HASHLEN; i++) {
	j = (Bin[i] >> 4) & 0xf;
	if (j <= 9)
	    Hex[i * 2] = (j + '0');
	else
	    Hex[i * 2] = (j + 'a' - 10);
	j = Bin[i] & 0xf;
	if (j <= 9)
	    Hex[i * 2 + 1] = (j + '0');
	else
	    Hex[i * 2 + 1] = (j + 'a' - 10);
    };
    Hex[HASHHEXLEN] = '\0';
};

void
CvtBin(const HASHHEX Hex, HASH Bin)
{
    unsigned short i;
    unsigned char j;

    for (i = 0; i < HASHHEXLEN; i++) {
	j = Hex[i];
	if (('0' <= j) && (j <= '9'))
	    Bin[i / 2] |= ((j - '0') << ((i % 2 == 0) ? 4 : 0));
	else
	    Bin[i / 2] |= ((j - 'a' + 10) << ((i % 2 == 0) ? 4 : 0));
    };
    Bin[HASHLEN] = '\0';
};


/* calculate H(A1) as per spec */
void
DigestCalcHA1(
    const char *pszAlg,
    const char *pszUserName,
    const char *pszRealm,
    const char *pszPassword,
    const char *pszNonce,
    const char *pszCNonce,
    HASH HA1,
    HASHHEX SessionKey
)
{
    MD5_CTX Md5Ctx;

    if (pszUserName) {
	MD5Init(&Md5Ctx);
	MD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
	MD5Update(&Md5Ctx, ":", 1);
	MD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
	MD5Update(&Md5Ctx, ":", 1);
	MD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
	MD5Final(HA1, &Md5Ctx);
    }
    if (strcasecmp(pszAlg, "md5-sess") == 0) {
	MD5Init(&Md5Ctx);
	MD5Update(&Md5Ctx, HA1, HASHLEN);
	MD5Update(&Md5Ctx, ":", 1);
	MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
	MD5Update(&Md5Ctx, ":", 1);
	MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
	MD5Final(HA1, &Md5Ctx);
    };
    CvtHex(HA1, SessionKey);
};

/* calculate request-digest/response-digest as per HTTP Digest spec */
void
DigestCalcResponse(
    const HASHHEX HA1,		/* H(A1) */
    const char *pszNonce,	/* nonce from server */
    const char *pszNonceCount,	/* 8 hex digits */
    const char *pszCNonce,	/* client nonce */
    const char *pszQop,		/* qop-value: "", "auth", "auth-int" */
    const char *pszMethod,	/* method from the request */
    const char *pszDigestUri,	/* requested URL */
    const HASHHEX HEntity,	/* H(entity body) if qop="auth-int" */
    HASHHEX Response		/* request-digest or response-digest */
)
{
    MD5_CTX Md5Ctx;
    HASH HA2;
    HASH RespHash;
    HASHHEX HA2Hex;

    /*  calculate H(A2)
     */
    MD5Init(&Md5Ctx);
    MD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
    MD5Update(&Md5Ctx, ":", 1);
    MD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
    if (strcasecmp(pszQop, "auth-int") == 0) {
	MD5Update(&Md5Ctx, ":", 1);
	MD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
    };
    MD5Final(HA2, &Md5Ctx);
    CvtHex(HA2, HA2Hex);

    /* calculate response
     */
    MD5Init(&Md5Ctx);
    MD5Update(&Md5Ctx, HA1, HASHHEXLEN);
    MD5Update(&Md5Ctx, ":", 1);
    MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
    MD5Update(&Md5Ctx, ":", 1);
    if (*pszQop) {
	MD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
	MD5Update(&Md5Ctx, ":", 1);
	MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
	MD5Update(&Md5Ctx, ":", 1);
	MD5Update(&Md5Ctx, pszQop, strlen(pszQop));
	MD5Update(&Md5Ctx, ":", 1);
    };
    MD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN);
    MD5Final(RespHash, &Md5Ctx);
    CvtHex(RespHash, Response);
};
Commit	Line	Data
2d70df72	1	/* The source in this file is derived from the reference implementation
	2	* in RFC 2617.
	3	* RFC 2617 is Copyright (C) The Internet Society (1999). All Rights Reserved.
	4	*
	5	* The following copyright and licence statement covers all changes made to the
	6	* reference implementation.
	7	*
	8	* Key changes were: alteration to a plain C layout.
	9	* Create CvtBin function
	10	* Allow CalcHA1 to make use of precaculated username:password:realm hash's
	11	* to prevent squid knowing the users password (idea suggested in RFC 2617).
	12	*/
	13
	14
	15	/*
9bea1d5b	16	* $Id: rfc2617.c,v 1.4 2001/10/17 12:41:48 hno Exp $
2d70df72	17	*
	18	* DEBUG:
	19	* AUTHOR: RFC 2617 & Robert Collins
	20	*
	21	* SQUID Internet Object Cache http://squid.nlanr.net/Squid/
	22	* ----------------------------------------------------------
	23	*
	24	* Squid is the result of efforts by numerous individuals from the
	25	* Internet community. Development is led by Duane Wessels of the
	26	* National Laboratory for Applied Network Research and funded by the
	27	* National Science Foundation. Squid is Copyrighted (C) 1998 by
	28	* the Regents of the University of California. Please see the
	29	* COPYRIGHT file for full details. Squid incorporates software
	30	* developed and/or copyrighted by other sources. Please see the
	31	* CREDITS file for full details.
	32	*
	33	* This program is free software; you can redistribute it and/or modify
	34	* it under the terms of the GNU General Public License as published by
	35	* the Free Software Foundation; either version 2 of the License, or
	36	* (at your option) any later version.
	37	*
	38	* This program is distributed in the hope that it will be useful,
	39	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	40	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	41	* GNU General Public License for more details.
	42	*
	43	* You should have received a copy of the GNU General Public License
	44	* along with this program; if not, write to the Free Software
	45	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	46	*
	47	*/
	48
	49	#include "config.h"
	50	#include <string.h>
	51	#include "rfc2617.h"
1f7c9178	52	#include "md5.h"
2d70df72	53
9bea1d5b	54	void
2d70df72	55	CvtHex(const HASH Bin, HASHHEX Hex)
	56	{
	57	unsigned short i;
	58	unsigned char j;
	59
	60	for (i = 0; i < HASHLEN; i++) {
	61	j = (Bin[i] >> 4) & 0xf;
	62	if (j <= 9)
	63	Hex[i * 2] = (j + '0');
	64	else
	65	Hex[i * 2] = (j + 'a' - 10);
	66	j = Bin[i] & 0xf;
	67	if (j <= 9)
	68	Hex[i * 2 + 1] = (j + '0');
	69	else
	70	Hex[i * 2 + 1] = (j + 'a' - 10);
	71	};
	72	Hex[HASHHEXLEN] = '\0';
	73	};
	74
9bea1d5b	75	void
2d70df72	76	CvtBin(const HASHHEX Hex, HASH Bin)
	77	{
	78	unsigned short i;
	79	unsigned char j;
	80
	81	for (i = 0; i < HASHHEXLEN; i++) {
	82	j = Hex[i];
	83	if (('0' <= j) && (j <= '9'))
	84	Bin[i / 2] \|= ((j - '0') << ((i % 2 == 0) ? 4 : 0));
	85	else
	86	Bin[i / 2] \|= ((j - 'a' + 10) << ((i % 2 == 0) ? 4 : 0));
	87	};
	88	Bin[HASHLEN] = '\0';
	89	};
	90
	91
	92	/* calculate H(A1) as per spec */
9bea1d5b	93	void
2d70df72	94	DigestCalcHA1(
	95	const char *pszAlg,
	96	const char *pszUserName,
	97	const char *pszRealm,
	98	const char *pszPassword,
	99	const char *pszNonce,
	100	const char *pszCNonce,
	101	HASH HA1,
	102	HASHHEX SessionKey
	103	)
	104	{
	105	MD5_CTX Md5Ctx;
	106
	107	if (pszUserName) {
	108	MD5Init(&Md5Ctx);
	109	MD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
	110	MD5Update(&Md5Ctx, ":", 1);
	111	MD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
	112	MD5Update(&Md5Ctx, ":", 1);
	113	MD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
	114	MD5Final(HA1, &Md5Ctx);
	115	}
a8cb0f62	116	if (strcasecmp(pszAlg, "md5-sess") == 0) {
2d70df72	117	MD5Init(&Md5Ctx);
	118	MD5Update(&Md5Ctx, HA1, HASHLEN);
	119	MD5Update(&Md5Ctx, ":", 1);
	120	MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
	121	MD5Update(&Md5Ctx, ":", 1);
	122	MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
	123	MD5Final(HA1, &Md5Ctx);
	124	};
	125	CvtHex(HA1, SessionKey);
	126	};
	127
	128	/* calculate request-digest/response-digest as per HTTP Digest spec */
9bea1d5b	129	void
2d70df72	130	DigestCalcResponse(
	131	const HASHHEX HA1, /* H(A1) */
	132	const char pszNonce, / nonce from server */
	133	const char pszNonceCount, / 8 hex digits */
	134	const char pszCNonce, / client nonce */
	135	const char pszQop, / qop-value: "", "auth", "auth-int" */
	136	const char pszMethod, / method from the request */
	137	const char pszDigestUri, / requested URL */
	138	const HASHHEX HEntity, /* H(entity body) if qop="auth-int" */
	139	HASHHEX Response /* request-digest or response-digest */
	140	)
	141	{
	142	MD5_CTX Md5Ctx;
	143	HASH HA2;
	144	HASH RespHash;
	145	HASHHEX HA2Hex;
	146
	147	/* calculate H(A2)
	148	*/
	149	MD5Init(&Md5Ctx);
	150	MD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
	151	MD5Update(&Md5Ctx, ":", 1);
	152	MD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
a8cb0f62	153	if (strcasecmp(pszQop, "auth-int") == 0) {
2d70df72	154	MD5Update(&Md5Ctx, ":", 1);
	155	MD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
	156	};
	157	MD5Final(HA2, &Md5Ctx);
	158	CvtHex(HA2, HA2Hex);
	159
	160	/* calculate response
	161	*/
	162	MD5Init(&Md5Ctx);
	163	MD5Update(&Md5Ctx, HA1, HASHHEXLEN);
	164	MD5Update(&Md5Ctx, ":", 1);
	165	MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
	166	MD5Update(&Md5Ctx, ":", 1);
	167	if (*pszQop) {
	168	MD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
	169	MD5Update(&Md5Ctx, ":", 1);
	170	MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
	171	MD5Update(&Md5Ctx, ":", 1);
	172	MD5Update(&Md5Ctx, pszQop, strlen(pszQop));
	173	MD5Update(&Md5Ctx, ":", 1);
	174	};
	175	MD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN);
	176	MD5Final(RespHash, &Md5Ctx);
	177	CvtHex(RespHash, Response);
	178	};