]>
git.ipfire.org Git - thirdparty/squid.git/blob - lib/rfc2617.c
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* The source in this file is derived from the reference implementation
11 * RFC 2617 is Copyright (C) The Internet Society (1999). All Rights Reserved.
13 * The Squid copyright and licence statement covers all changes made to the
14 * reference implementation.
16 * Key changes were: alteration to a plain C layout.
17 * Create CvtBin function
18 * Allow CalcHA1 to make use of precaculated username:password:realm hash's
19 * to prevent squid knowing the users password (idea suggested in RFC 2617).
28 CvtHex(const HASH Bin
, HASHHEX Hex
)
33 for (i
= 0; i
< HASHLEN
; i
++) {
34 j
= (Bin
[i
] >> 4) & 0xf;
36 Hex
[i
* 2] = (j
+ '0');
38 Hex
[i
* 2] = (j
+ 'a' - 10);
41 Hex
[i
* 2 + 1] = (j
+ '0');
43 Hex
[i
* 2 + 1] = (j
+ 'a' - 10);
45 Hex
[HASHHEXLEN
] = '\0';
49 CvtBin(const HASHHEX Hex
, HASH Bin
)
54 for (i
= 0; i
< HASHHEXLEN
; i
++) {
57 if (('0' <= j
) && (j
<= '9'))
59 else if (('a' <= j
) && (j
<= 'f'))
61 else if (('A' <= j
) && (j
<= 'F'))
71 #if HASHHEXLEN != (2*HASHLEN)
73 Why? :: right here i == 32
74 which means the first step of the for loop makes i==16
75 and cannot be < HASHLEN (which is also 16)
77 But only guaranteed if HASHHEXLEN == 2*HASHLEN
78 This will ensure correct 0-ing of bins no matter what.
80 for (i
= i
/ 2; i
< HASHLEN
; i
++) {
86 /* calculate H(A1) as per spec */
90 const char *pszUserName
,
92 const char *pszPassword
,
94 const char *pszCNonce
,
102 SquidMD5Init(&Md5Ctx
);
103 SquidMD5Update(&Md5Ctx
, pszUserName
, strlen(pszUserName
));
104 SquidMD5Update(&Md5Ctx
, ":", 1);
105 SquidMD5Update(&Md5Ctx
, pszRealm
, strlen(pszRealm
));
106 SquidMD5Update(&Md5Ctx
, ":", 1);
107 SquidMD5Update(&Md5Ctx
, pszPassword
, strlen(pszPassword
));
108 SquidMD5Final((unsigned char *) HA1
, &Md5Ctx
);
110 if (strcasecmp(pszAlg
, "md5-sess") == 0) {
112 CvtHex(HA1
, HA1Hex
); /* RFC2617 errata */
113 SquidMD5Init(&Md5Ctx
);
114 SquidMD5Update(&Md5Ctx
, HA1Hex
, HASHHEXLEN
);
115 SquidMD5Update(&Md5Ctx
, ":", 1);
116 SquidMD5Update(&Md5Ctx
, pszNonce
, strlen(pszNonce
));
117 SquidMD5Update(&Md5Ctx
, ":", 1);
118 SquidMD5Update(&Md5Ctx
, pszCNonce
, strlen(pszCNonce
));
119 SquidMD5Final((unsigned char *) HA1
, &Md5Ctx
);
121 CvtHex(HA1
, SessionKey
);
124 /* calculate request-digest/response-digest as per HTTP Digest spec */
127 const HASHHEX HA1
, /* H(A1) */
128 const char *pszNonce
, /* nonce from server */
129 const char *pszNonceCount
, /* 8 hex digits */
130 const char *pszCNonce
, /* client nonce */
131 const char *pszQop
, /* qop-value: "", "auth", "auth-int" */
132 const char *pszMethod
, /* method from the request */
133 const char *pszDigestUri
, /* requested URL */
134 const HASHHEX HEntity
, /* H(entity body) if qop="auth-int" */
135 HASHHEX Response
/* request-digest or response-digest */
145 SquidMD5Init(&Md5Ctx
);
146 SquidMD5Update(&Md5Ctx
, pszMethod
, strlen(pszMethod
));
147 SquidMD5Update(&Md5Ctx
, ":", 1);
148 SquidMD5Update(&Md5Ctx
, pszDigestUri
, strlen(pszDigestUri
));
149 if (pszQop
&& strcasecmp(pszQop
, "auth-int") == 0) {
150 SquidMD5Update(&Md5Ctx
, ":", 1);
151 SquidMD5Update(&Md5Ctx
, HEntity
, HASHHEXLEN
);
153 SquidMD5Final((unsigned char *) HA2
, &Md5Ctx
);
156 /* calculate response
158 SquidMD5Init(&Md5Ctx
);
159 SquidMD5Update(&Md5Ctx
, HA1
, HASHHEXLEN
);
160 SquidMD5Update(&Md5Ctx
, ":", 1);
161 SquidMD5Update(&Md5Ctx
, pszNonce
, strlen(pszNonce
));
162 SquidMD5Update(&Md5Ctx
, ":", 1);
164 SquidMD5Update(&Md5Ctx
, pszNonceCount
, strlen(pszNonceCount
));
165 SquidMD5Update(&Md5Ctx
, ":", 1);
166 SquidMD5Update(&Md5Ctx
, pszCNonce
, strlen(pszCNonce
));
167 SquidMD5Update(&Md5Ctx
, ":", 1);
168 SquidMD5Update(&Md5Ctx
, pszQop
, strlen(pszQop
));
169 SquidMD5Update(&Md5Ctx
, ":", 1);
171 SquidMD5Update(&Md5Ctx
, HA2Hex
, HASHHEXLEN
);
172 SquidMD5Final((unsigned char *) RespHash
, &Md5Ctx
);
173 CvtHex(RespHash
, Response
);