]> git.ipfire.org Git - thirdparty/squid.git/blob - lib/rfc2617.c
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bug #787: digest auth never detects password changes
[thirdparty/squid.git] / lib / rfc2617.c
1 /* The source in this file is derived from the reference implementation
2 * in RFC 2617.
3 * RFC 2617 is Copyright (C) The Internet Society (1999). All Rights Reserved.
4 *
5 * The following copyright and licence statement covers all changes made to the
6 * reference implementation.
7 *
8 * Key changes were: alteration to a plain C layout.
9 * Create CvtBin function
10 * Allow CalcHA1 to make use of precaculated username:password:realm hash's
11 * to prevent squid knowing the users password (idea suggested in RFC 2617).
12 */
13
14
15 /*
16 * $Id: rfc2617.c,v 1.9 2003/11/07 17:23:03 hno Exp $
17 *
18 * DEBUG:
19 * AUTHOR: RFC 2617 & Robert Collins
20 *
21 * SQUID Internet Object Cache http://squid.nlanr.net/Squid/
22 * ----------------------------------------------------------
23 *
24 * Squid is the result of efforts by numerous individuals from the
25 * Internet community. Development is led by Duane Wessels of the
26 * National Laboratory for Applied Network Research and funded by the
27 * National Science Foundation. Squid is Copyrighted (C) 1998 by
28 * the Regents of the University of California. Please see the
29 * COPYRIGHT file for full details. Squid incorporates software
30 * developed and/or copyrighted by other sources. Please see the
31 * CREDITS file for full details.
32 *
33 * This program is free software; you can redistribute it and/or modify
34 * it under the terms of the GNU General Public License as published by
35 * the Free Software Foundation; either version 2 of the License, or
36 * (at your option) any later version.
37 *
38 * This program is distributed in the hope that it will be useful,
39 * but WITHOUT ANY WARRANTY; without even the implied warranty of
40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41 * GNU General Public License for more details.
42 *
43 * You should have received a copy of the GNU General Public License
44 * along with this program; if not, write to the Free Software
45 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
46 *
47 */
48
49 #include "config.h"
50 #include <string.h>
51 #include "rfc2617.h"
52 #include "md5.h"
53
54 void
55 CvtHex(const HASH Bin, HASHHEX Hex)
56 {
57 unsigned short i;
58 unsigned char j;
59
60 for (i = 0; i < HASHLEN; i++) {
61 j = (Bin[i] >> 4) & 0xf;
62 if (j <= 9)
63 Hex[i * 2] = (j + '0');
64 else
65 Hex[i * 2] = (j + 'a' - 10);
66 j = Bin[i] & 0xf;
67 if (j <= 9)
68 Hex[i * 2 + 1] = (j + '0');
69 else
70 Hex[i * 2 + 1] = (j + 'a' - 10);
71 }
72 Hex[HASHHEXLEN] = '\0';
73 }
74
75 void
76 CvtBin(const HASHHEX Hex, HASH Bin)
77 {
78 unsigned short i;
79 unsigned char j;
80
81 for (i = 0; i < HASHHEXLEN; i++) {
82 unsigned char n;
83 j = Hex[i];
84 if (('0' <= j) && (j <= '9'))
85 n = j - '0';
86 else
87 n = j - 'a' + 10;
88 if (i % 2 == 0)
89 Bin[i / 2] = n << 4;
90 else
91 Bin[i / 2] |= n;
92 }
93 Bin[HASHLEN] = '\0';
94 }
95
96
97 /* calculate H(A1) as per spec */
98 void
99 DigestCalcHA1(
100 const char *pszAlg,
101 const char *pszUserName,
102 const char *pszRealm,
103 const char *pszPassword,
104 const char *pszNonce,
105 const char *pszCNonce,
106 HASH HA1,
107 HASHHEX SessionKey
108 )
109 {
110 MD5_CTX Md5Ctx;
111
112 if (pszUserName) {
113 MD5Init(&Md5Ctx);
114 MD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
115 MD5Update(&Md5Ctx, ":", 1);
116 MD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
117 MD5Update(&Md5Ctx, ":", 1);
118 MD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
119 MD5Final((unsigned char *) HA1, &Md5Ctx);
120 }
121 if (strcasecmp(pszAlg, "md5-sess") == 0) {
122 HASHHEX HA1Hex;
123 CvtHex(HA1, HA1Hex); /* RFC2617 errata */
124 MD5Init(&Md5Ctx);
125 MD5Update(&Md5Ctx, HA1Hex, HASHHEXLEN);
126 MD5Update(&Md5Ctx, ":", 1);
127 MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
128 MD5Update(&Md5Ctx, ":", 1);
129 MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
130 MD5Final((unsigned char *) HA1, &Md5Ctx);
131 }
132 CvtHex(HA1, SessionKey);
133 }
134
135 /* calculate request-digest/response-digest as per HTTP Digest spec */
136 void
137 DigestCalcResponse(
138 const HASHHEX HA1, /* H(A1) */
139 const char *pszNonce, /* nonce from server */
140 const char *pszNonceCount, /* 8 hex digits */
141 const char *pszCNonce, /* client nonce */
142 const char *pszQop, /* qop-value: "", "auth", "auth-int" */
143 const char *pszMethod, /* method from the request */
144 const char *pszDigestUri, /* requested URL */
145 const HASHHEX HEntity, /* H(entity body) if qop="auth-int" */
146 HASHHEX Response /* request-digest or response-digest */
147 )
148 {
149 MD5_CTX Md5Ctx;
150 HASH HA2;
151 HASH RespHash;
152 HASHHEX HA2Hex;
153
154 /* calculate H(A2)
155 */
156 MD5Init(&Md5Ctx);
157 MD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
158 MD5Update(&Md5Ctx, ":", 1);
159 MD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
160 if (strcasecmp(pszQop, "auth-int") == 0) {
161 MD5Update(&Md5Ctx, ":", 1);
162 MD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
163 }
164 MD5Final((unsigned char *) HA2, &Md5Ctx);
165 CvtHex(HA2, HA2Hex);
166
167 /* calculate response
168 */
169 MD5Init(&Md5Ctx);
170 MD5Update(&Md5Ctx, HA1, HASHHEXLEN);
171 MD5Update(&Md5Ctx, ":", 1);
172 MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
173 MD5Update(&Md5Ctx, ":", 1);
174 if (*pszQop) {
175 MD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
176 MD5Update(&Md5Ctx, ":", 1);
177 MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
178 MD5Update(&Md5Ctx, ":", 1);
179 MD5Update(&Md5Ctx, pszQop, strlen(pszQop));
180 MD5Update(&Md5Ctx, ":", 1);
181 }
182 MD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN);
183 MD5Final((unsigned char *) RespHash, &Md5Ctx);
184 CvtHex(RespHash, Response);
185 }
Mirror of https://github.com/squid-cache/squid.git