doxygen/httpdigest_8c_source.html

/*

 *  OpenVPN -- An application to securely tunnel IP networks

 *             over a single TCP/UDP port, with support for SSL/TLS-based

 *             session authentication and key exchange,

 *             packet encryption, packet authentication, and

 *             packet compression.

 *

 *  Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License version 2

 *  as published by the Free Software Foundation.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, write to the Free Software Foundation, Inc.,

 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

 */


#ifdef HAVE_CONFIG_H

#include "config.h"

#endif


#include "syshead.h"


#if PROXY_DIGEST_AUTH


#include "crypto.h"

#include "httpdigest.h"


static void

CvtHex(

    IN HASH Bin,

    OUT HASHHEX Hex

    )

{

    unsigned short i;

    unsigned char j;


    for (i = 0; i < HASHLEN; i++)

    {

        j = (Bin[i] >> 4) & 0xf;

        if (j <= 9)

        {

            Hex[i*2] = (j + '0');

        }

        else

        {

            Hex[i*2] = (j + 'a' - 10);

        }

        j = Bin[i] & 0xf;

        if (j <= 9)

        {

            Hex[i*2+1] = (j + '0');

        }

        else

        {

            Hex[i*2+1] = (j + 'a' - 10);

        }

    }

    Hex[HASHHEXLEN] = '\0';

}


/* calculate H(A1) as per spec */

void

DigestCalcHA1(

    IN char *pszAlg,

    IN char *pszUserName,

    IN char *pszRealm,

    IN char *pszPassword,

    IN char *pszNonce,

    IN char *pszCNonce,

    OUT HASHHEX SessionKey

    )

{

    HASH HA1;

    md_ctx_t *md5_ctx = md_ctx_new();


    md_ctx_init(md5_ctx, "MD5");

    md_ctx_update(md5_ctx, (const uint8_t *) pszUserName, strlen(pszUserName));

    md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

    md_ctx_update(md5_ctx, (const uint8_t *) pszRealm, strlen(pszRealm));

    md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

    md_ctx_update(md5_ctx, (const uint8_t *) pszPassword, strlen(pszPassword));

    md_ctx_final(md5_ctx, HA1);

    if (pszAlg && strcasecmp(pszAlg, "md5-sess") == 0)

    {

        md_ctx_init(md5_ctx, "MD5");

        md_ctx_update(md5_ctx, HA1, HASHLEN);

        md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

        md_ctx_update(md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));

        md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

        md_ctx_update(md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));

        md_ctx_final(md5_ctx, HA1);

    }

    md_ctx_cleanup(md5_ctx);

    md_ctx_free(md5_ctx);

    CvtHex(HA1, SessionKey);

}


/* calculate request-digest/response-digest as per HTTP Digest spec */

void

DigestCalcResponse(

    IN HASHHEX HA1,                          /* H(A1) */

    IN char *pszNonce,                       /* nonce from server */

    IN char *pszNonceCount,                  /* 8 hex digits */

    IN char *pszCNonce,                      /* client nonce */

    IN char *pszQop,                         /* qop-value: "", "auth", "auth-int" */

    IN char *pszMethod,                      /* method from the request */

    IN char *pszDigestUri,                   /* requested URL */

    IN HASHHEX HEntity,                      /* H(entity body) if qop="auth-int" */

    OUT HASHHEX Response                     /* request-digest or response-digest */

    )

{

    HASH HA2;

    HASH RespHash;

    HASHHEX HA2Hex;


    md_ctx_t *md5_ctx = md_ctx_new();


    /* calculate H(A2) */

    md_ctx_init(md5_ctx, "MD5");

    md_ctx_update(md5_ctx, (const uint8_t *) pszMethod, strlen(pszMethod));

    md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

    md_ctx_update(md5_ctx, (const uint8_t *) pszDigestUri, strlen(pszDigestUri));

    if (strcasecmp(pszQop, "auth-int") == 0)

    {

        md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

        md_ctx_update(md5_ctx, HEntity, HASHHEXLEN);

    }

    md_ctx_final(md5_ctx, HA2);

    CvtHex(HA2, HA2Hex);


    /* calculate response */

    md_ctx_init(md5_ctx, "MD5");

    md_ctx_update(md5_ctx, HA1, HASHHEXLEN);

    md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

    md_ctx_update(md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));

    md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

    if (*pszQop)

    {

        md_ctx_update(md5_ctx, (const uint8_t *) pszNonceCount, strlen(pszNonceCount));

        md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

        md_ctx_update(md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));

        md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

        md_ctx_update(md5_ctx, (const uint8_t *) pszQop, strlen(pszQop));

        md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);

    }

    md_ctx_update(md5_ctx, HA2Hex, HASHHEXLEN);

    md_ctx_final(md5_ctx, RespHash);

    md_ctx_cleanup(md5_ctx);

    md_ctx_free(md5_ctx);

    CvtHex(RespHash, Response);

}


#endif /* if PROXY_DIGEST_AUTH */