]>
git.ipfire.org Git - thirdparty/squid.git/blob - lib/rfc2617.c
1 /* The source in this file is derived from the reference implementation
3 * RFC 2617 is Copyright (C) The Internet Society (1999). All Rights Reserved.
5 * The following copyright and licence statement covers all changes made to the
6 * reference implementation.
8 * Key changes were: alteration to a plain C layout.
9 * Create CvtBin function
10 * Allow CalcHA1 to make use of precaculated username:password:realm hash's
11 * to prevent squid knowing the users password (idea suggested in RFC 2617).
16 * $Id: rfc2617.c,v 1.9 2003/11/07 17:23:03 hno Exp $
19 * AUTHOR: RFC 2617 & Robert Collins
21 * SQUID Internet Object Cache http://squid.nlanr.net/Squid/
22 * ----------------------------------------------------------
24 * Squid is the result of efforts by numerous individuals from the
25 * Internet community. Development is led by Duane Wessels of the
26 * National Laboratory for Applied Network Research and funded by the
27 * National Science Foundation. Squid is Copyrighted (C) 1998 by
28 * the Regents of the University of California. Please see the
29 * COPYRIGHT file for full details. Squid incorporates software
30 * developed and/or copyrighted by other sources. Please see the
31 * CREDITS file for full details.
33 * This program is free software; you can redistribute it and/or modify
34 * it under the terms of the GNU General Public License as published by
35 * the Free Software Foundation; either version 2 of the License, or
36 * (at your option) any later version.
38 * This program is distributed in the hope that it will be useful,
39 * but WITHOUT ANY WARRANTY; without even the implied warranty of
40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41 * GNU General Public License for more details.
43 * You should have received a copy of the GNU General Public License
44 * along with this program; if not, write to the Free Software
45 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
55 CvtHex(const HASH Bin
, HASHHEX Hex
)
60 for (i
= 0; i
< HASHLEN
; i
++) {
61 j
= (Bin
[i
] >> 4) & 0xf;
63 Hex
[i
* 2] = (j
+ '0');
65 Hex
[i
* 2] = (j
+ 'a' - 10);
68 Hex
[i
* 2 + 1] = (j
+ '0');
70 Hex
[i
* 2 + 1] = (j
+ 'a' - 10);
72 Hex
[HASHHEXLEN
] = '\0';
76 CvtBin(const HASHHEX Hex
, HASH Bin
)
81 for (i
= 0; i
< HASHHEXLEN
; i
++) {
84 if (('0' <= j
) && (j
<= '9'))
97 /* calculate H(A1) as per spec */
101 const char *pszUserName
,
102 const char *pszRealm
,
103 const char *pszPassword
,
104 const char *pszNonce
,
105 const char *pszCNonce
,
114 MD5Update(&Md5Ctx
, pszUserName
, strlen(pszUserName
));
115 MD5Update(&Md5Ctx
, ":", 1);
116 MD5Update(&Md5Ctx
, pszRealm
, strlen(pszRealm
));
117 MD5Update(&Md5Ctx
, ":", 1);
118 MD5Update(&Md5Ctx
, pszPassword
, strlen(pszPassword
));
119 MD5Final((unsigned char *) HA1
, &Md5Ctx
);
121 if (strcasecmp(pszAlg
, "md5-sess") == 0) {
123 CvtHex(HA1
, HA1Hex
); /* RFC2617 errata */
125 MD5Update(&Md5Ctx
, HA1Hex
, HASHHEXLEN
);
126 MD5Update(&Md5Ctx
, ":", 1);
127 MD5Update(&Md5Ctx
, pszNonce
, strlen(pszNonce
));
128 MD5Update(&Md5Ctx
, ":", 1);
129 MD5Update(&Md5Ctx
, pszCNonce
, strlen(pszCNonce
));
130 MD5Final((unsigned char *) HA1
, &Md5Ctx
);
132 CvtHex(HA1
, SessionKey
);
135 /* calculate request-digest/response-digest as per HTTP Digest spec */
138 const HASHHEX HA1
, /* H(A1) */
139 const char *pszNonce
, /* nonce from server */
140 const char *pszNonceCount
, /* 8 hex digits */
141 const char *pszCNonce
, /* client nonce */
142 const char *pszQop
, /* qop-value: "", "auth", "auth-int" */
143 const char *pszMethod
, /* method from the request */
144 const char *pszDigestUri
, /* requested URL */
145 const HASHHEX HEntity
, /* H(entity body) if qop="auth-int" */
146 HASHHEX Response
/* request-digest or response-digest */
157 MD5Update(&Md5Ctx
, pszMethod
, strlen(pszMethod
));
158 MD5Update(&Md5Ctx
, ":", 1);
159 MD5Update(&Md5Ctx
, pszDigestUri
, strlen(pszDigestUri
));
160 if (strcasecmp(pszQop
, "auth-int") == 0) {
161 MD5Update(&Md5Ctx
, ":", 1);
162 MD5Update(&Md5Ctx
, HEntity
, HASHHEXLEN
);
164 MD5Final((unsigned char *) HA2
, &Md5Ctx
);
167 /* calculate response
170 MD5Update(&Md5Ctx
, HA1
, HASHHEXLEN
);
171 MD5Update(&Md5Ctx
, ":", 1);
172 MD5Update(&Md5Ctx
, pszNonce
, strlen(pszNonce
));
173 MD5Update(&Md5Ctx
, ":", 1);
175 MD5Update(&Md5Ctx
, pszNonceCount
, strlen(pszNonceCount
));
176 MD5Update(&Md5Ctx
, ":", 1);
177 MD5Update(&Md5Ctx
, pszCNonce
, strlen(pszCNonce
));
178 MD5Update(&Md5Ctx
, ":", 1);
179 MD5Update(&Md5Ctx
, pszQop
, strlen(pszQop
));
180 MD5Update(&Md5Ctx
, ":", 1);
182 MD5Update(&Md5Ctx
, HA2Hex
, HASHHEXLEN
);
183 MD5Final((unsigned char *) RespHash
, &Md5Ctx
);
184 CvtHex(RespHash
, Response
);