lib/rfc2617.c

   1 /* The source in this file is derived from the reference implementation
   2  * in RFC 2617.
   3  * RFC 2617 is Copyright (C) The Internet Society (1999).  All Rights Reserved.
   4  *
   5  * The following copyright and licence statement covers all changes made to the
   6  * reference implementation.
   7  *
   8  * Key changes were: alteration to a plain C layout.
   9  * Create CvtBin function
  10  * Allow CalcHA1 to make use of precaculated username:password:realm hash's
  11  * to prevent squid knowing the users password (idea suggested in RFC 2617).
  12  */
  13
  14
  15 /*
  16  * $Id$
  17  *
  18  * DEBUG:
  19  * AUTHOR: RFC 2617 & Robert Collins
  20  *
  21  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
  22  * ----------------------------------------------------------
  23  *
  24  *  Squid is the result of efforts by numerous individuals from the
  25  *  Internet community.  Development is led by Duane Wessels of the
  26  *  National Laboratory for Applied Network Research and funded by the
  27  *  National Science Foundation.  Squid is Copyrighted (C) 1998 by
  28  *  the Regents of the University of California.  Please see the
  29  *  COPYRIGHT file for full details.  Squid incorporates software
  30  *  developed and/or copyrighted by other sources.  Please see the
  31  *  CREDITS file for full details.
  32  *
  33  *  This program is free software; you can redistribute it and/or modify
  34  *  it under the terms of the GNU General Public License as published by
  35  *  the Free Software Foundation; either version 2 of the License, or
  36  *  (at your option) any later version.
  37  *
  38  *  This program is distributed in the hope that it will be useful,
  39  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  40  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  41  *  GNU General Public License for more details.
  42  *
  43  *  You should have received a copy of the GNU General Public License
  44  *  along with this program; if not, write to the Free Software
  45  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  46  *
  47  */
  48
  49 #include "config.h"
  50 #include <string.h>
  51 #include "rfc2617.h"
  52 #include "md5.h"
  53
  54 void
  55 CvtHex(const HASH Bin, HASHHEX Hex)
  56 {
  57     unsigned short i;
  58     unsigned char j;
  59
  60     for (i = 0; i < HASHLEN; i++) {
  61         j = (Bin[i] >> 4) & 0xf;
  62         if (j <= 9)
  63             Hex[i * 2] = (j + '0');
  64         else
  65             Hex[i * 2] = (j + 'a' - 10);
  66         j = Bin[i] & 0xf;
  67         if (j <= 9)
  68             Hex[i * 2 + 1] = (j + '0');
  69         else
  70             Hex[i * 2 + 1] = (j + 'a' - 10);
  71     }
  72     Hex[HASHHEXLEN] = '\0';
  73 }
  74
  75 void
  76 CvtBin(const HASHHEX Hex, HASH Bin)
  77 {
  78     unsigned short i;
  79     unsigned char j;
  80
  81     for (i = 0; i < HASHHEXLEN; i++) {
  82         unsigned char n;
  83         j = Hex[i];
  84         if (('0' <= j) && (j <= '9'))
  85             n = j - '0';
  86         else if (('a' <= j) && (j <= 'f'))
  87             n = j - 'a' + 10;
  88         else if (('A' <= j) && (j <= 'F'))
  89             n = j - 'A' + 10;
  90         else
  91             continue;
  92         if (i % 2 == 0)
  93             Bin[i / 2] = n << 4;
  94         else
  95             Bin[i / 2] |= n;
  96     }
  97 /* FIXME: Coverity detects the below as dead code.
  98   Why? :: right here i == 32
  99     which means the first step of the for loop makes i==16
 100     and cannot be < HASHLEN (which is also 16)
 101 */
 102     for (i = i / 2; i < HASHLEN; i++) {
 103         Bin[i] = '\0';
 104     }
 105 }
 106
 107
 108 /* calculate H(A1) as per spec */
 109 void
 110 DigestCalcHA1(
 111     const char *pszAlg,
 112     const char *pszUserName,
 113     const char *pszRealm,
 114     const char *pszPassword,
 115     const char *pszNonce,
 116     const char *pszCNonce,
 117     HASH HA1,
 118     HASHHEX SessionKey
 119 )
 120 {
 121     SquidMD5_CTX Md5Ctx;
 122
 123     if (pszUserName) {
 124         SquidMD5Init(&Md5Ctx);
 125         SquidMD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
 126         SquidMD5Update(&Md5Ctx, ":", 1);
 127         SquidMD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
 128         SquidMD5Update(&Md5Ctx, ":", 1);
 129         SquidMD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
 130         SquidMD5Final((unsigned char *) HA1, &Md5Ctx);
 131     }
 132     if (strcasecmp(pszAlg, "md5-sess") == 0) {
 133         HASHHEX HA1Hex;
 134         CvtHex(HA1, HA1Hex);    /* RFC2617 errata */
 135         SquidMD5Init(&Md5Ctx);
 136         SquidMD5Update(&Md5Ctx, HA1Hex, HASHHEXLEN);
 137         SquidMD5Update(&Md5Ctx, ":", 1);
 138         SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
 139         SquidMD5Update(&Md5Ctx, ":", 1);
 140         SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
 141         SquidMD5Final((unsigned char *) HA1, &Md5Ctx);
 142     }
 143     CvtHex(HA1, SessionKey);
 144 }
 145
 146 /* calculate request-digest/response-digest as per HTTP Digest spec */
 147 void
 148 DigestCalcResponse(
 149     const HASHHEX HA1,          /* H(A1) */
 150     const char *pszNonce,       /* nonce from server */
 151     const char *pszNonceCount,  /* 8 hex digits */
 152     const char *pszCNonce,      /* client nonce */
 153     const char *pszQop,         /* qop-value: "", "auth", "auth-int" */
 154     const char *pszMethod,      /* method from the request */
 155     const char *pszDigestUri,   /* requested URL */
 156     const HASHHEX HEntity,      /* H(entity body) if qop="auth-int" */
 157     HASHHEX Response            /* request-digest or response-digest */
 158 )
 159 {
 160     SquidMD5_CTX Md5Ctx;
 161     HASH HA2;
 162     HASH RespHash;
 163     HASHHEX HA2Hex;
 164
 165     /*  calculate H(A2)
 166      */
 167     SquidMD5Init(&Md5Ctx);
 168     SquidMD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
 169     SquidMD5Update(&Md5Ctx, ":", 1);
 170     SquidMD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
 171     if (strcasecmp(pszQop, "auth-int") == 0) {
 172         SquidMD5Update(&Md5Ctx, ":", 1);
 173         SquidMD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
 174     }
 175     SquidMD5Final((unsigned char *) HA2, &Md5Ctx);
 176     CvtHex(HA2, HA2Hex);
 177
 178     /* calculate response
 179      */
 180     SquidMD5Init(&Md5Ctx);
 181     SquidMD5Update(&Md5Ctx, HA1, HASHHEXLEN);
 182     SquidMD5Update(&Md5Ctx, ":", 1);
 183     SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
 184     SquidMD5Update(&Md5Ctx, ":", 1);
 185     if (*pszQop) {
 186         SquidMD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
 187         SquidMD5Update(&Md5Ctx, ":", 1);
 188         SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
 189         SquidMD5Update(&Md5Ctx, ":", 1);
 190         SquidMD5Update(&Md5Ctx, pszQop, strlen(pszQop));
 191         SquidMD5Update(&Md5Ctx, ":", 1);
 192     }
 193     SquidMD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN);
 194     SquidMD5Final((unsigned char *) RespHash, &Md5Ctx);
 195     CvtHex(RespHash, Response);
 196 }