lib/rfc2617.c

   1 /* The source in this file is derived from the reference implementation
   2  * in RFC 2617.
   3  * RFC 2617 is Copyright (C) The Internet Society (1999).  All Rights Reserved.
   4  *
   5  * The following copyright and licence statement covers all changes made to the
   6  * reference implementation.
   7  *
   8  * Key changes were: alteration to a plain C layout.
   9  * Create CvtBin function
  10  * Allow CalcHA1 to make use of precaculated username:password:realm hash's
  11  * to prevent squid knowing the users password (idea suggested in RFC 2617).
  12  */
  13
  14
  15 /*
  16  * $Id: rfc2617.c,v 1.13 2007/12/30 01:54:02 hno Exp $
  17  *
  18  * DEBUG:
  19  * AUTHOR: RFC 2617 & Robert Collins
  20  *
  21  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
  22  * ----------------------------------------------------------
  23  *
  24  *  Squid is the result of efforts by numerous individuals from the
  25  *  Internet community.  Development is led by Duane Wessels of the
  26  *  National Laboratory for Applied Network Research and funded by the
  27  *  National Science Foundation.  Squid is Copyrighted (C) 1998 by
  28  *  the Regents of the University of California.  Please see the
  29  *  COPYRIGHT file for full details.  Squid incorporates software
  30  *  developed and/or copyrighted by other sources.  Please see the
  31  *  CREDITS file for full details.
  32  *
  33  *  This program is free software; you can redistribute it and/or modify
  34  *  it under the terms of the GNU General Public License as published by
  35  *  the Free Software Foundation; either version 2 of the License, or
  36  *  (at your option) any later version.
  37  *
  38  *  This program is distributed in the hope that it will be useful,
  39  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  40  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  41  *  GNU General Public License for more details.
  42  *
  43  *  You should have received a copy of the GNU General Public License
  44  *  along with this program; if not, write to the Free Software
  45  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  46  *
  47  */
  48
  49 #include "config.h"
  50 #include <string.h>
  51 #include "rfc2617.h"
  52 #include "md5.h"
  53
  54 void
  55 CvtHex(const HASH Bin, HASHHEX Hex)
  56 {
  57     unsigned short i;
  58     unsigned char j;
  59
  60     for (i = 0; i < HASHLEN; i++) {
  61         j = (Bin[i] >> 4) & 0xf;
  62         if (j <= 9)
  63             Hex[i * 2] = (j + '0');
  64         else
  65             Hex[i * 2] = (j + 'a' - 10);
  66         j = Bin[i] & 0xf;
  67         if (j <= 9)
  68             Hex[i * 2 + 1] = (j + '0');
  69         else
  70             Hex[i * 2 + 1] = (j + 'a' - 10);
  71     }
  72     Hex[HASHHEXLEN] = '\0';
  73 }
  74
  75 void
  76 CvtBin(const HASHHEX Hex, HASH Bin)
  77 {
  78     unsigned short i;
  79     unsigned char j;
  80
  81     for (i = 0; i < HASHHEXLEN; i++) {
  82         unsigned char n;
  83         j = Hex[i];
  84         if (('0' <= j) && (j <= '9'))
  85             n = j - '0';
  86         else if (('a' <= j) && (j <= 'f'))
  87             n = j - 'a' + 10;
  88         else if (('A' <= j) && (j <= 'F'))
  89             n = j - 'A' + 10;
  90         else
  91             continue;
  92         if (i % 2 == 0)
  93             Bin[i / 2] = n << 4;
  94         else
  95             Bin[i / 2] |= n;
  96     }
  97     for (i = i / 2; i < HASHLEN; i++) {
  98         Bin[i] = '\0';
  99     }
 100 }
 101
 102
 103 /* calculate H(A1) as per spec */
 104 void
 105 DigestCalcHA1(
 106     const char *pszAlg,
 107     const char *pszUserName,
 108     const char *pszRealm,
 109     const char *pszPassword,
 110     const char *pszNonce,
 111     const char *pszCNonce,
 112     HASH HA1,
 113     HASHHEX SessionKey
 114 )
 115 {
 116     SquidMD5_CTX Md5Ctx;
 117
 118     if (pszUserName) {
 119         SquidMD5Init(&Md5Ctx);
 120         SquidMD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
 121         SquidMD5Update(&Md5Ctx, ":", 1);
 122         SquidMD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
 123         SquidMD5Update(&Md5Ctx, ":", 1);
 124         SquidMD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
 125         SquidMD5Final((unsigned char *) HA1, &Md5Ctx);
 126     }
 127     if (strcasecmp(pszAlg, "md5-sess") == 0) {
 128         HASHHEX HA1Hex;
 129         CvtHex(HA1, HA1Hex);    /* RFC2617 errata */
 130         SquidMD5Init(&Md5Ctx);
 131         SquidMD5Update(&Md5Ctx, HA1Hex, HASHHEXLEN);
 132         SquidMD5Update(&Md5Ctx, ":", 1);
 133         SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
 134         SquidMD5Update(&Md5Ctx, ":", 1);
 135         SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
 136         SquidMD5Final((unsigned char *) HA1, &Md5Ctx);
 137     }
 138     CvtHex(HA1, SessionKey);
 139 }
 140
 141 /* calculate request-digest/response-digest as per HTTP Digest spec */
 142 void
 143 DigestCalcResponse(
 144     const HASHHEX HA1,          /* H(A1) */
 145     const char *pszNonce,       /* nonce from server */
 146     const char *pszNonceCount,  /* 8 hex digits */
 147     const char *pszCNonce,      /* client nonce */
 148     const char *pszQop,         /* qop-value: "", "auth", "auth-int" */
 149     const char *pszMethod,      /* method from the request */
 150     const char *pszDigestUri,   /* requested URL */
 151     const HASHHEX HEntity,      /* H(entity body) if qop="auth-int" */
 152     HASHHEX Response            /* request-digest or response-digest */
 153 )
 154 {
 155     SquidMD5_CTX Md5Ctx;
 156     HASH HA2;
 157     HASH RespHash;
 158     HASHHEX HA2Hex;
 159
 160     /*  calculate H(A2)
 161      */
 162     SquidMD5Init(&Md5Ctx);
 163     SquidMD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
 164     SquidMD5Update(&Md5Ctx, ":", 1);
 165     SquidMD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
 166     if (strcasecmp(pszQop, "auth-int") == 0) {
 167         SquidMD5Update(&Md5Ctx, ":", 1);
 168         SquidMD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
 169     }
 170     SquidMD5Final((unsigned char *) HA2, &Md5Ctx);
 171     CvtHex(HA2, HA2Hex);
 172
 173     /* calculate response
 174      */
 175     SquidMD5Init(&Md5Ctx);
 176     SquidMD5Update(&Md5Ctx, HA1, HASHHEXLEN);
 177     SquidMD5Update(&Md5Ctx, ":", 1);
 178     SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
 179     SquidMD5Update(&Md5Ctx, ":", 1);
 180     if (*pszQop) {
 181         SquidMD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
 182         SquidMD5Update(&Md5Ctx, ":", 1);
 183         SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
 184         SquidMD5Update(&Md5Ctx, ":", 1);
 185         SquidMD5Update(&Md5Ctx, pszQop, strlen(pszQop));
 186         SquidMD5Update(&Md5Ctx, ":", 1);
 187     }
 188     SquidMD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN);
 189     SquidMD5Final((unsigned char *) RespHash, &Md5Ctx);
 190     CvtHex(RespHash, Response);
 191 }