static int mkdigest(uint8_t *digest, const struct realm *realm,
const char *met, const char *uri, uint64_t cnonce)
{
uint8_t ha1[MD5_SIZE], ha2[MD5_SIZE];
int err;
err = md5_printf(ha1, "%s:%s:%s",
realm->user, realm->realm, realm->pass);
if (err)
return err;
err = md5_printf(ha2, "%s:%s", met, uri);
if (err)
return err;
if (realm->qop)
return md5_printf(digest, "%w:%s:%08x:%016llx:auth:%w",
ha1, sizeof(ha1),
realm->nonce,
realm->nc,
cnonce,
ha2, sizeof(ha2));
else
return md5_printf(digest, "%w:%s:%w",
ha1, sizeof(ha1),
realm->nonce,
ha2, sizeof(ha2));
}
void md5_string(void)
{
MD5_STRUCT md5s;
UINT4 leng,i,index;
char *str;
UCHAR data[64];
str = inputstr;
memset(&md5s, 0, sizeof(md5s));
md5s.sa = ORI_A;
md5s.sb = ORI_B;
md5s.sc = ORI_C;
md5s.sd = ORD_D;
md5s.sl = 0;
leng = strlen(str);
while(1) {
if(strlen(str)< 64)
break;
memset(data, 0, sizeof(data));
memcpy(data, str, 64);
deal_512bits(&md5s, data);
str += 64;
md5s.sl += 512;
}
leng = strlen(str);
md5s.sl += leng*8;
if(leng<= 56) {
memcpy(data, str, leng);
index = leng;
leng = 56-leng;
data[index]=0x80;
memset(data+index+1, 0x00, leng-1);
*(UINT8 *)(data+56) = md5s.sl;
deal_512bits(&md5s, data);
} else {
memcpy(data, str, leng);
data[leng]=0x80;
memset(data+leng+1, 0x00, 64-leng-1);
deal_512bits(&md5s, data);
data[0]=0x80;
memset(data+1, 0x00, 55);
*(UINT8 *)(data+56) = md5s.sl;
deal_512bits(&md5s, data);
}
md5_printf(md5s.sa);
md5_printf(md5s.sb);
md5_printf(md5s.sc);
md5_printf(md5s.sd);
printf("\n");
return;
}
static bool sharedsecret_auth_calc_ha1(const struct stun_attr *user, const uint8_t *secret, const size_t secret_length, uint8_t *key)
{
uint8_t expected[SHA_DIGEST_LENGTH];
char expected_base64[SHA_DIGEST_LENGTH/2*3];
size_t b64len;
uint8_t ha1[MD5_SIZE];
int retval;
if (!secret_length) {
/*
restund_warning("auth: calc_ha1 no secret length %s\n", secret);
*/
return false;
}
hmac_sha1(secret, secret_length,
(uint8_t *) user->v.username, strlen(user->v.username),
expected, SHA_DIGEST_LENGTH);
b64len = sizeof expected_base64;
if ((retval = base64_encode(expected, SHA_DIGEST_LENGTH, expected_base64, &b64len)) != 0) {
restund_warning("auth: failed to base64 encode hmac, error %d\n", retval);
return false;
}
expected_base64[b64len] = 0;
if ((retval = md5_printf(ha1, "%s:%s:%s", user->v.username, restund_realm(), expected_base64)) != 0) {
restund_warning("auth: failed to md5_printf ha1, error %d\n", retval);
return false;
}
memcpy(key, &ha1, MD5_SIZE);
return true;
}
int turnc_keygen(struct turnc *turnc, const struct stun_msg *msg)
{
struct stun_attr *realm, *nonce;
realm = stun_msg_attr(msg, STUN_ATTR_REALM);
nonce = stun_msg_attr(msg, STUN_ATTR_NONCE);
if (!realm || !nonce)
return EPROTO;
mem_deref(turnc->realm);
mem_deref(turnc->nonce);
turnc->realm = mem_ref(realm->v.realm);
turnc->nonce = mem_ref(nonce->v.nonce);
return md5_printf(turnc->md5_hash, "%s:%s:%s",
turnc->username, turnc->realm, turnc->password);
}
int test_md5(void)
{
const struct pl str = PL("a93akjshdla81mx.kjda09sdkjl12jdlksaldkjas");
const uint8_t ref[16] = {
0x9d, 0x97, 0xa5, 0xf8, 0x8d, 0x1b, 0x09, 0x7c,
0x9f, 0xf9, 0xe2, 0x9d, 0xd5, 0x43, 0xb1, 0x1d
};
uint8_t digest[16];
int err;
/* Test constants */
if (16 != MD5_SIZE) {
DEBUG_WARNING("MD5_SIZE is %u (should be 16)\n", MD5_SIZE);
return EINVAL;
}
if (33 != MD5_STR_SIZE) {
DEBUG_WARNING("MD5_STR_SIZE is %u (should be 33)\n",
MD5_STR_SIZE);
return EINVAL;
}
/* Test md5() */
md5((const uint8_t *)str.p, str.l, digest);
if (0 != memcmp(digest, ref, sizeof(digest))) {
DEBUG_WARNING("md5 b0Rken: %02w\n", digest, sizeof(digest));
return EINVAL;
}
/* Test md5_printf() */
err = md5_printf(digest, "%r", &str);
if (err)
goto out;
if (0 != memcmp(digest, ref, sizeof(digest))) {
DEBUG_WARNING("md5_printf() is b0Rken: %02w\n", digest,
sizeof(digest));
return EINVAL;
}
out:
return err;
}
static int auth_handler(const char *user, uint8_t *ha1)
{
uint8_t key[MD5_SIZE], digest[SHA_DIGEST_LENGTH];
const char *username;
time_t expires, now;
char pass[28];
size_t len;
int err;
err = decode_user(&expires, &username, user);
if (err)
return err;
now = time(NULL);
if (expires < now) {
restund_debug("restauth: user '%s' expired %lli seconds ago\n",
user, now - expires);
return ETIMEDOUT;
}
/* avoid recursive loops */
restund_db_set_auth_handler(NULL);
err = restund_get_ha1(username, key);
restund_db_set_auth_handler(auth_handler);
if (err)
return err;
hmac_sha1(key, sizeof(key),
(uint8_t *)user, strlen(user),
digest, sizeof(digest));
len = sizeof(pass);
err = base64_encode(digest, sizeof(digest), pass, &len);
if (err)
return err;
return md5_printf(ha1, "%s:%s:%b", user, restund_realm(), pass, len);
}
int test_stun_reqltc(void)
{
struct stun_msg *msg = NULL;
struct stun_attr *attr;
struct mbuf *mb;
uint8_t md5_hash[MD5_SIZE];
int r, err;
mb = mbuf_alloc(1024);
if (!mb) {
err = ENOMEM;
goto out;
}
/* use long-term credentials */
err = md5_printf(md5_hash, "%s:%s:%s", username_ltc, realm_ltc,
password_ltc);
if (err)
goto out;
err = stun_msg_encode(mb, STUN_METHOD_BINDING, STUN_CLASS_REQUEST,
tid_ltc, NULL,
md5_hash, sizeof(md5_hash),
false, 0x00, 3,
STUN_ATTR_USERNAME, username_ltc,
STUN_ATTR_NONCE, nonce_ltc,
STUN_ATTR_REALM, realm_ltc);
if (err)
goto out;
r = memcmp(mb->buf, reqltc, mb->end);
if ((sizeof(reqltc)-1) != mb->end || 0 != r) {
err = EBADMSG;
DEBUG_WARNING("compare failed (r=%d)\n", r);
(void)re_printf("msg: [%02w]\n", mb->buf, mb->end);
(void)re_printf("ref: [%02w]\n", reqltc, sizeof(reqltc)-1);
goto out;
}
/* Decode STUN message */
mb->pos = 0;
err = stun_msg_decode(&msg, mb, NULL);
if (err)
goto out;
if (STUN_CLASS_REQUEST != stun_msg_class(msg))
goto bad;
if (STUN_METHOD_BINDING != stun_msg_method(msg))
goto bad;
err = stun_msg_chk_mi(msg, md5_hash, sizeof(md5_hash));
if (err)
goto out;
if (EPROTO != stun_msg_chk_fingerprint(msg))
goto bad;
attr = stun_msg_attr(msg, STUN_ATTR_USERNAME);
if (!attr || strcmp(username_ltc, attr->v.username))
goto bad;
attr = stun_msg_attr(msg, STUN_ATTR_NONCE);
if (!attr || strcmp(nonce_ltc, attr->v.nonce))
goto bad;
attr = stun_msg_attr(msg, STUN_ATTR_REALM);
if (!attr || strcmp(realm_ltc, attr->v.realm))
goto bad;
goto out;
bad:
err = EBADMSG;
out:
mem_deref(msg);
mem_deref(mb);
return err;
}
void md5_file(void)
{
FILE *fp;
MD5_STRUCT md5s;
UINT4 leng,i,index;
int readn;
UCHAR data[64];
memset(&md5s, 0, sizeof(md5s));
md5s.sa = ORI_A;
md5s.sb = ORI_B;
md5s.sc = ORI_C;
md5s.sd = ORD_D;
md5s.sl = 0;
fp = fopen(filename, "r");
if(fp == NULL) {
printf("open file error[%s]\n",
filename);
printf("error[%d],[%s]",
errno, strerror(errno));
exit(0);
}
while(1) {
readn = fread(data, 1, 64, fp);
if(readn < 64)
break;
deal_512bits(&md5s, data);
md5s.sl += 512;
}
md5s.sl += readn*8;
if(readn<= 56) {
index = readn;
leng = 56-readn;
data[index]=0x80;
memset(data+index+1, 0x00, leng-1);
*(UINT8 *)(data+56) = md5s.sl;
deal_512bits(&md5s, data);
} else {
data[readn]=0x80;
memset(data+readn+1, 0x00, 64-readn-1);
deal_512bits(&md5s, data);
data[0]=0x80;
memset(data+1, 0x00, 55);
*(UINT8 *)(data+56) = md5s.sl;
deal_512bits(&md5s, data);
}
md5_printf(md5s.sa);
md5_printf(md5s.sb);
md5_printf(md5s.sc);
md5_printf(md5s.sd);
printf("\n");
return;
}
