]>
git.ipfire.org Git - thirdparty/squid.git/blob - lib/rfc2617.c
1 /* The source in this file is derived from the reference implementation
3 * RFC 2617 is Copyright (C) The Internet Society (1999). All Rights Reserved.
5 * The following copyright and licence statement covers all changes made to the
6 * reference implementation.
8 * Key changes were: alteration to a plain C layout.
9 * Create CvtBin function
10 * Allow CalcHA1 to make use of precaculated username:password:realm hash's
11 * to prevent squid knowing the users password (idea suggested in RFC 2617).
16 * AUTHOR: RFC 2617 & Robert Collins
18 * SQUID Internet Object Cache http://squid.nlanr.net/Squid/
19 * ----------------------------------------------------------
21 * Squid is the result of efforts by numerous individuals from the
22 * Internet community. Development is led by Duane Wessels of the
23 * National Laboratory for Applied Network Research and funded by the
24 * National Science Foundation. Squid is Copyrighted (C) 1998 by
25 * the Regents of the University of California. Please see the
26 * COPYRIGHT file for full details. Squid incorporates software
27 * developed and/or copyrighted by other sources. Please see the
28 * CREDITS file for full details.
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
40 * You should have received a copy of the GNU General Public License
41 * along with this program; if not, write to the Free Software
42 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
52 CvtHex(const HASH Bin
, HASHHEX Hex
)
57 for (i
= 0; i
< HASHLEN
; i
++) {
58 j
= (Bin
[i
] >> 4) & 0xf;
60 Hex
[i
* 2] = (j
+ '0');
62 Hex
[i
* 2] = (j
+ 'a' - 10);
65 Hex
[i
* 2 + 1] = (j
+ '0');
67 Hex
[i
* 2 + 1] = (j
+ 'a' - 10);
69 Hex
[HASHHEXLEN
] = '\0';
73 CvtBin(const HASHHEX Hex
, HASH Bin
)
78 for (i
= 0; i
< HASHHEXLEN
; i
++) {
81 if (('0' <= j
) && (j
<= '9'))
83 else if (('a' <= j
) && (j
<= 'f'))
85 else if (('A' <= j
) && (j
<= 'F'))
94 /* FIXME: Coverity detects the below as dead code.
95 Why? :: right here i == 32
96 which means the first step of the for loop makes i==16
97 and cannot be < HASHLEN (which is also 16)
99 for (i
= i
/ 2; i
< HASHLEN
; i
++) {
104 /* calculate H(A1) as per spec */
108 const char *pszUserName
,
109 const char *pszRealm
,
110 const char *pszPassword
,
111 const char *pszNonce
,
112 const char *pszCNonce
,
120 SquidMD5Init(&Md5Ctx
);
121 SquidMD5Update(&Md5Ctx
, pszUserName
, strlen(pszUserName
));
122 SquidMD5Update(&Md5Ctx
, ":", 1);
123 SquidMD5Update(&Md5Ctx
, pszRealm
, strlen(pszRealm
));
124 SquidMD5Update(&Md5Ctx
, ":", 1);
125 SquidMD5Update(&Md5Ctx
, pszPassword
, strlen(pszPassword
));
126 SquidMD5Final((unsigned char *) HA1
, &Md5Ctx
);
128 if (strcasecmp(pszAlg
, "md5-sess") == 0) {
130 CvtHex(HA1
, HA1Hex
); /* RFC2617 errata */
131 SquidMD5Init(&Md5Ctx
);
132 SquidMD5Update(&Md5Ctx
, HA1Hex
, HASHHEXLEN
);
133 SquidMD5Update(&Md5Ctx
, ":", 1);
134 SquidMD5Update(&Md5Ctx
, pszNonce
, strlen(pszNonce
));
135 SquidMD5Update(&Md5Ctx
, ":", 1);
136 SquidMD5Update(&Md5Ctx
, pszCNonce
, strlen(pszCNonce
));
137 SquidMD5Final((unsigned char *) HA1
, &Md5Ctx
);
139 CvtHex(HA1
, SessionKey
);
142 /* calculate request-digest/response-digest as per HTTP Digest spec */
145 const HASHHEX HA1
, /* H(A1) */
146 const char *pszNonce
, /* nonce from server */
147 const char *pszNonceCount
, /* 8 hex digits */
148 const char *pszCNonce
, /* client nonce */
149 const char *pszQop
, /* qop-value: "", "auth", "auth-int" */
150 const char *pszMethod
, /* method from the request */
151 const char *pszDigestUri
, /* requested URL */
152 const HASHHEX HEntity
, /* H(entity body) if qop="auth-int" */
153 HASHHEX Response
/* request-digest or response-digest */
163 SquidMD5Init(&Md5Ctx
);
164 SquidMD5Update(&Md5Ctx
, pszMethod
, strlen(pszMethod
));
165 SquidMD5Update(&Md5Ctx
, ":", 1);
166 SquidMD5Update(&Md5Ctx
, pszDigestUri
, strlen(pszDigestUri
));
167 if (pszQop
&& strcasecmp(pszQop
, "auth-int") == 0) {
168 SquidMD5Update(&Md5Ctx
, ":", 1);
169 SquidMD5Update(&Md5Ctx
, HEntity
, HASHHEXLEN
);
171 SquidMD5Final((unsigned char *) HA2
, &Md5Ctx
);
174 /* calculate response
176 SquidMD5Init(&Md5Ctx
);
177 SquidMD5Update(&Md5Ctx
, HA1
, HASHHEXLEN
);
178 SquidMD5Update(&Md5Ctx
, ":", 1);
179 SquidMD5Update(&Md5Ctx
, pszNonce
, strlen(pszNonce
));
180 SquidMD5Update(&Md5Ctx
, ":", 1);
182 SquidMD5Update(&Md5Ctx
, pszNonceCount
, strlen(pszNonceCount
));
183 SquidMD5Update(&Md5Ctx
, ":", 1);
184 SquidMD5Update(&Md5Ctx
, pszCNonce
, strlen(pszCNonce
));
185 SquidMD5Update(&Md5Ctx
, ":", 1);
186 SquidMD5Update(&Md5Ctx
, pszQop
, strlen(pszQop
));
187 SquidMD5Update(&Md5Ctx
, ":", 1);
189 SquidMD5Update(&Md5Ctx
, HA2Hex
, HASHHEXLEN
);
190 SquidMD5Final((unsigned char *) RespHash
, &Md5Ctx
);
191 CvtHex(RespHash
, Response
);