]>
git.ipfire.org Git - thirdparty/squid.git/blob - lib/rfc2617.c
1 /* The source in this file is derived from the reference implementation
3 * RFC 2617 is Copyright (C) The Internet Society (1999). All Rights Reserved.
5 * The following copyright and licence statement covers all changes made to the
6 * reference implementation.
8 * Key changes were: alteration to a plain C layout.
9 * Create CvtBin function
10 * Allow CalcHA1 to make use of precaculated username:password:realm hash's
11 * to prevent squid knowing the users password (idea suggested in RFC 2617).
19 * AUTHOR: RFC 2617 & Robert Collins
21 * SQUID Internet Object Cache http://squid.nlanr.net/Squid/
22 * ----------------------------------------------------------
24 * Squid is the result of efforts by numerous individuals from the
25 * Internet community. Development is led by Duane Wessels of the
26 * National Laboratory for Applied Network Research and funded by the
27 * National Science Foundation. Squid is Copyrighted (C) 1998 by
28 * the Regents of the University of California. Please see the
29 * COPYRIGHT file for full details. Squid incorporates software
30 * developed and/or copyrighted by other sources. Please see the
31 * CREDITS file for full details.
33 * This program is free software; you can redistribute it and/or modify
34 * it under the terms of the GNU General Public License as published by
35 * the Free Software Foundation; either version 2 of the License, or
36 * (at your option) any later version.
38 * This program is distributed in the hope that it will be useful,
39 * but WITHOUT ANY WARRANTY; without even the implied warranty of
40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41 * GNU General Public License for more details.
43 * You should have received a copy of the GNU General Public License
44 * along with this program; if not, write to the Free Software
45 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
55 CvtHex(const HASH Bin
, HASHHEX Hex
)
60 for (i
= 0; i
< HASHLEN
; i
++) {
61 j
= (Bin
[i
] >> 4) & 0xf;
63 Hex
[i
* 2] = (j
+ '0');
65 Hex
[i
* 2] = (j
+ 'a' - 10);
68 Hex
[i
* 2 + 1] = (j
+ '0');
70 Hex
[i
* 2 + 1] = (j
+ 'a' - 10);
72 Hex
[HASHHEXLEN
] = '\0';
76 CvtBin(const HASHHEX Hex
, HASH Bin
)
81 for (i
= 0; i
< HASHHEXLEN
; i
++) {
84 if (('0' <= j
) && (j
<= '9'))
86 else if (('a' <= j
) && (j
<= 'f'))
88 else if (('A' <= j
) && (j
<= 'F'))
97 /* FIXME: Coverity detects the below as dead code.
98 Why? :: right here i == 32
99 which means the first step of the for loop makes i==16
100 and cannot be < HASHLEN (which is also 16)
102 for (i
= i
/ 2; i
< HASHLEN
; i
++) {
108 /* calculate H(A1) as per spec */
112 const char *pszUserName
,
113 const char *pszRealm
,
114 const char *pszPassword
,
115 const char *pszNonce
,
116 const char *pszCNonce
,
124 SquidMD5Init(&Md5Ctx
);
125 SquidMD5Update(&Md5Ctx
, pszUserName
, strlen(pszUserName
));
126 SquidMD5Update(&Md5Ctx
, ":", 1);
127 SquidMD5Update(&Md5Ctx
, pszRealm
, strlen(pszRealm
));
128 SquidMD5Update(&Md5Ctx
, ":", 1);
129 SquidMD5Update(&Md5Ctx
, pszPassword
, strlen(pszPassword
));
130 SquidMD5Final((unsigned char *) HA1
, &Md5Ctx
);
132 if (strcasecmp(pszAlg
, "md5-sess") == 0) {
134 CvtHex(HA1
, HA1Hex
); /* RFC2617 errata */
135 SquidMD5Init(&Md5Ctx
);
136 SquidMD5Update(&Md5Ctx
, HA1Hex
, HASHHEXLEN
);
137 SquidMD5Update(&Md5Ctx
, ":", 1);
138 SquidMD5Update(&Md5Ctx
, pszNonce
, strlen(pszNonce
));
139 SquidMD5Update(&Md5Ctx
, ":", 1);
140 SquidMD5Update(&Md5Ctx
, pszCNonce
, strlen(pszCNonce
));
141 SquidMD5Final((unsigned char *) HA1
, &Md5Ctx
);
143 CvtHex(HA1
, SessionKey
);
146 /* calculate request-digest/response-digest as per HTTP Digest spec */
149 const HASHHEX HA1
, /* H(A1) */
150 const char *pszNonce
, /* nonce from server */
151 const char *pszNonceCount
, /* 8 hex digits */
152 const char *pszCNonce
, /* client nonce */
153 const char *pszQop
, /* qop-value: "", "auth", "auth-int" */
154 const char *pszMethod
, /* method from the request */
155 const char *pszDigestUri
, /* requested URL */
156 const HASHHEX HEntity
, /* H(entity body) if qop="auth-int" */
157 HASHHEX Response
/* request-digest or response-digest */
167 SquidMD5Init(&Md5Ctx
);
168 SquidMD5Update(&Md5Ctx
, pszMethod
, strlen(pszMethod
));
169 SquidMD5Update(&Md5Ctx
, ":", 1);
170 SquidMD5Update(&Md5Ctx
, pszDigestUri
, strlen(pszDigestUri
));
171 if (pszQop
&& strcasecmp(pszQop
, "auth-int") == 0) {
172 SquidMD5Update(&Md5Ctx
, ":", 1);
173 SquidMD5Update(&Md5Ctx
, HEntity
, HASHHEXLEN
);
175 SquidMD5Final((unsigned char *) HA2
, &Md5Ctx
);
178 /* calculate response
180 SquidMD5Init(&Md5Ctx
);
181 SquidMD5Update(&Md5Ctx
, HA1
, HASHHEXLEN
);
182 SquidMD5Update(&Md5Ctx
, ":", 1);
183 SquidMD5Update(&Md5Ctx
, pszNonce
, strlen(pszNonce
));
184 SquidMD5Update(&Md5Ctx
, ":", 1);
186 SquidMD5Update(&Md5Ctx
, pszNonceCount
, strlen(pszNonceCount
));
187 SquidMD5Update(&Md5Ctx
, ":", 1);
188 SquidMD5Update(&Md5Ctx
, pszCNonce
, strlen(pszCNonce
));
189 SquidMD5Update(&Md5Ctx
, ":", 1);
190 SquidMD5Update(&Md5Ctx
, pszQop
, strlen(pszQop
));
191 SquidMD5Update(&Md5Ctx
, ":", 1);
193 SquidMD5Update(&Md5Ctx
, HA2Hex
, HASHHEXLEN
);
194 SquidMD5Final((unsigned char *) RespHash
, &Md5Ctx
);
195 CvtHex(RespHash
, Response
);