digest: support SHA-512/256

author Evgeny Grin <k2k@narod.ru>

Thu, 8 Feb 2024 09:31:12 +0000 (10:31 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Tue, 20 Feb 2024 10:36:12 +0000 (11:36 +0100)
author Evgeny Grin <k2k@narod.ru>
Thu, 8 Feb 2024 09:31:12 +0000 (10:31 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Tue, 20 Feb 2024 10:36:12 +0000 (11:36 +0100)
diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c

index 416da0fcc731a2c26b24c2a91f0856b5c39d4cc1..417ee111f9c53936b65b3e54e9ac760bceb7a6fa 100644 (file)
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -38,6 +38,7 @@
  #include "curl_hmac.h"
  #include "curl_md5.h"
  #include "curl_sha256.h"
+#include "curl_sha512_256.h"
  #include "vtls/vtls.h"
  #include "warnless.h"
  #include "strtok.h"
@@ -150,7 +151,7 @@ static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */
      msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]);
  }
  
-/* Convert sha256 chunk to RFC7616 -suitable ascii string */
+/* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ascii string */
  static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */
                                       unsigned char *dest) /* 65 bytes */
  {
@@ -601,10 +602,20 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
            digest->algo = ALGO_SHA256;
          else if(strcasecompare(content, "SHA-256-SESS"))
            digest->algo = ALGO_SHA256SESS;
-        else if(strcasecompare(content, "SHA-512-256"))
+        else if(strcasecompare(content, "SHA-512-256")) {
+#ifdef CURL_HAVE_SHA512_256
            digest->algo = ALGO_SHA512_256;
-        else if(strcasecompare(content, "SHA-512-256-SESS"))
+#else  /* ! CURL_HAVE_SHA512_256 */
+          return CURLE_NOT_BUILT_IN;
+#endif /* ! CURL_HAVE_SHA512_256 */
+        }
+        else if(strcasecompare(content, "SHA-512-256-SESS")) {
+#ifdef CURL_HAVE_SHA512_256
            digest->algo = ALGO_SHA512_256SESS;
+#else  /* ! CURL_HAVE_SHA512_256 */
+          return CURLE_NOT_BUILT_IN;
+#endif /* ! CURL_HAVE_SHA512_256 */
+        }
          else
            return CURLE_BAD_CONTENT_ENCODING;
        }
@@ -957,12 +968,24 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
                                             outptr, outlen,
                                             auth_digest_md5_to_ascii,
                                             Curl_md5it);
-  DEBUGASSERT(digest->algo <= ALGO_SHA512_256SESS);
-  return auth_create_digest_http_message(data, userp, passwdp,
-                                         request, uripath, digest,
-                                         outptr, outlen,
-                                         auth_digest_sha256_to_ascii,
-                                         Curl_sha256it);
+
+  if(digest->algo <= ALGO_SHA256SESS)
+    return auth_create_digest_http_message(data, userp, passwdp,
+                                           request, uripath, digest,
+                                           outptr, outlen,
+                                           auth_digest_sha256_to_ascii,
+                                           Curl_sha256it);
+#ifdef CURL_HAVE_SHA512_256
+  if(digest->algo <= ALGO_SHA512_256SESS)
+    return auth_create_digest_http_message(data, userp, passwdp,
+                                           request, uripath, digest,
+                                           outptr, outlen,
+                                           auth_digest_sha256_to_ascii,
+                                           Curl_sha512_256it);
+#endif /* CURL_HAVE_SHA512_256 */
+
+  /* Should be unreachable */
+  return CURLE_BAD_CONTENT_ENCODING;
  }
  
  /*
diff --git a/tests/data/test2060 b/tests/data/test2060

index dc4223ec618c8dedfc862bf7d638062cd57526d0..e1632a387d64f2b01da4481bdb9d42d8015459dd 100644 (file)
--- a/tests/data/test2060
+++ b/tests/data/test2060
@@ -67,6 +67,7 @@ http
  !SSPI
  crypto
  proxy
+sha512-256
  </features>
  <name>
  HTTP POST --digest with PUT, resumed upload, modified method, SHA-512-256 and userhash=false
@@ -92,7 +93,7 @@ Content-Length: 0
  \r
  GET http://%HOSTIP:%HTTPPORT/%TESTNUMBER HTTP/1.1\r
  Host: %HOSTIP:%HTTPPORT\r
-Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="3ce1e25ffa611bdbe90e2ab367b9602fa223db9f6de76ac667f0d6157e2178a6", algorithm=SHA-512-256\r
+Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="691867f4a06c79fd0a175c1857e3df7015f6fff3ce8676497d2f1f805b5a8eca", algorithm=SHA-512-256\r
  Content-Range: bytes 2-4/5\r
  User-Agent: curl/%VERSION\r
  Accept: */*\r
diff --git a/tests/data/test2062 b/tests/data/test2062

index b6a1e01f9344ed248e6a4c814462fca153b423ee..039354382daa21ef536f483eb52c29d4b7197d31 100644 (file)
--- a/tests/data/test2062
+++ b/tests/data/test2062
@@ -54,6 +54,7 @@ http
  <features>
  !SSPI
  crypto
+sha512-256
  </features>
  <name>
  HTTP with RFC7616 SHA-512-256 Digest authorization and userhash=false
@@ -73,7 +74,7 @@ Accept: */*
  \r
  GET /%TESTNUMBER HTTP/1.1\r
  Host: %HOSTIP:%HTTPPORT\r
-Authorization: Digest username="testuser", realm="testrealm", nonce="1053604145", uri="/%TESTNUMBER", response="2af735ec3508f4dff99248ffbbe9de9002bfd7cc770cfa2b026cb334042a54e3", algorithm=SHA-512-256\r
+Authorization: Digest username="testuser", realm="testrealm", nonce="1053604145", uri="/%TESTNUMBER", response="9d3256ee6526ec40dd48743bb48e51ee9baba587c78f15c3a86166242150af98", algorithm=SHA-512-256\r
  User-Agent: curl/%VERSION\r
  Accept: */*\r
  \r
diff --git a/tests/data/test2065 b/tests/data/test2065

index 0b794302df6aedc1b72f8527c8a086bd4d63fd75..4f3a510744ce96ce58ec50732e3853d52e09f888 100644 (file)
--- a/tests/data/test2065
+++ b/tests/data/test2065
@@ -54,6 +54,7 @@ http
  <features>
  !SSPI
  crypto
+sha512-256
  </features>
  <name>
  HTTP with RFC7616 Digest authorization with bad password, SHA-512-256 and userhash=false
@@ -73,7 +74,7 @@ Accept: */*
  \r
  GET /%TESTNUMBER HTTP/1.1\r
  Host: %HOSTIP:%HTTPPORT\r
-Authorization: Digest username="testuser", realm="testrealm", nonce="2053604145", uri="/%TESTNUMBER", response="5a5f20b0e601aeddc6f96422c2332d49ff431c49ab143b5f836ef76e9ac78f5e", algorithm=SHA-512-256\r
+Authorization: Digest username="testuser", realm="testrealm", nonce="2053604145", uri="/%TESTNUMBER", response="0373a49d7d352ff54884faaf762fc6c89281b4112ad8fcbbe1d1ee52dcf7a802", algorithm=SHA-512-256\r
  User-Agent: curl/%VERSION\r
  Accept: */*\r
  \r
diff --git a/tests/data/test2068 b/tests/data/test2068

index 429e5d5660545354f712a3c26179b3929d2cf3b1..32afd26290ae0a6bb6a6ee9786dda411f8e5ff2a 100644 (file)
--- a/tests/data/test2068
+++ b/tests/data/test2068
@@ -52,6 +52,7 @@ http
  <features>
  !SSPI
  crypto
+sha512-256
  </features>
  <name>
  HTTP POST --digest with SHA-512-256, userhash=false and user-specified Content-Length header
@@ -76,7 +77,7 @@ Content-Type: application/x-www-form-urlencoded
  \r
  POST /%TESTNUMBER HTTP/1.1\r
  Host: %HOSTIP:%HTTPPORT\r
-Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="4bc9c97a72f1856bcec9b0e1518c6b7ee28773f91357d56840bdc30bd89ca68f", algorithm=SHA-512-256\r
+Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="0ba2f7ec8045446588eea82bb0c3812aedb05f4eac8883ea65040a52e9c5629e", algorithm=SHA-512-256\r
  User-Agent: curl/%VERSION\r
  Accept: */*\r
  Content-Length: 11\r
author	Evgeny Grin <k2k@narod.ru>
	Thu, 8 Feb 2024 09:31:12 +0000 (10:31 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Tue, 20 Feb 2024 10:36:12 +0000 (11:36 +0100)
lib/vauth/digest.c		patch \| blob \| blame \| history
tests/data/test2060		patch \| blob \| blame \| history
tests/data/test2062		patch \| blob \| blame \| history
tests/data/test2065		patch \| blob \| blame \| history
tests/data/test2068		patch \| blob \| blame \| history