/**@ingroup thttp_auth_group * Generates digest HA2 value as per RFC 2617 subclause 3.2.2.3. * * * @param [in,out] method The HTTP/SIP method name. * @param [in,out] url The HTTP URL or SIP URI of the request. * @param [in,out] entity_body The entity body. * @param [in,out] qop The Quality Of Protection. * @param [in,out] ha2 A pointer to the response. * * @return Zero if succeed and non-zero error code otherwise. **/ int thttp_auth_digest_HA2(const char* method, const char* url, const tsk_buffer_t* entity_body, const char* qop, tsk_md5string_t* ha2) { int ret; /* RFC 2617 - 3.2.2.3 A2 If the "qop" directive's value is "auth" or is unspecified, then A2 is: A2 = Method ":" digest-url-value If the "qop" value is "auth-int", then A2 is: A2 = Method ":" digest-url-value ":" H(entity-body) */ char *a2 = tsk_null; if (!qop || tsk_strempty(qop) || tsk_striequals(qop, "auth")){ tsk_sprintf(&a2, "%s:%s", method, url); } else if (tsk_striequals(qop, "auth-int")) { if (entity_body && entity_body->data){ tsk_md5string_t hEntity; if ((ret = tsk_md5compute(entity_body->data, entity_body->size, &hEntity))){ goto bail; } tsk_sprintf(&a2, "%s:%s:%s", method, url, hEntity); } else{ tsk_sprintf(&a2, "%s:%s:%s", method, url, TSK_MD5_EMPTY); } } ret = tsk_md5compute(a2, tsk_strlen(a2), ha2); bail: TSK_FREE(a2); return ret; }
/**@ingroup thttp_auth_group * Generates digest HA1 value as per RFC 2617 subclause 3.2.2.2. * * * @param [in,out] username The user's name (unquoted) in the specified @a realm. * @param [in,out] realm The realm. (unquoted) * @param [in,out] password The user's password. * @param [in,out] ha1 A pointer to the result. * * @return Zero if succeed and non-zero error code otherwise. **/ int thttp_auth_digest_HA1(const char* username, const char* realm, const char* password, tsk_md5string_t* ha1) { int ret; /* RFC 2617 - 3.2.2.2 A1 A1 = unq(username-value) ":" unq(realm-value) ":" passwd */ char *a1 = tsk_null; tsk_sprintf(&a1, "%s:%s:%s", username, realm, password); ret = tsk_md5compute(a1, tsk_strlen(a1), ha1); TSK_FREE(a1); return ret; }
/**@ingroup thttp_auth_group * * Generates digest HA1 value for 'MD5-sess' algo as per RFC 2617 subclause 3.2.2.2. * * * @param [in,out] username The user's name (unquoted) in the specified @a realm. * @param [in,out] realm The realm (unquoted). * @param [in,out] password The user's password. * @param [in,out] nonce The nonce (unquoted). * @param [in,out] cnonce The client nonce (unquoted). * @param [in,out] ha1sess A pointer to the result. * * @return Zero if succeed and non-zero error code otherwise. **/ int thttp_auth_digest_HA1sess(const char* username, const char* realm, const char* password, const char* nonce, const char* cnonce, tsk_md5string_t* ha1sess) { int ret; /* RFC 2617 - 3.2.2.2 A1 A1 = H( unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value) */ char *a1sess = tsk_null; tsk_sprintf(&a1sess, "%s:%s:%s:%s:%s", username, realm, password, nonce, cnonce); ret = tsk_md5compute(a1sess, tsk_strlen(a1sess), ha1sess); TSK_FREE(a1sess); return ret; }
static int _thttp_challenge_reset_cnonce(thttp_challenge_t *self) { if (self) { if (self->qop) { /* client nonce is only used if qop=auth, auth-int or both */ #if 0 memcpy(self->cnonce, "f221681c1e42fb5f8f9957bf7e72eb2b", 32); #else tsk_istr_t istr; tsk_strrandom(&istr); tsk_md5compute(istr, tsk_strlen(istr), &self->cnonce); #endif self->nc = 1; } } return -1; }
int tsip_challenge_reset_cnonce(tsip_challenge_t *self) { if(self) { if(self->qop) { /* client nonce is only used if qop=auth, auth-int or both */ #if 0 memcpy(self->cnonce, "ecb1d3f6931803ce7ae68099cb946594", 32); #else tsk_istr_t istr; tsk_strrandom(&istr); tsk_md5compute(istr, tsk_strlen(istr), &self->cnonce); #endif self->nc = 1; } } return -1; }
/**@ingroup thttp_auth_group * * Generates HTTP digest response as per RFC 2617 subclause 3.2.2.1. * * @param [in,out] ha1 HA1 string generated using @ref thttp_auth_digest_HA1 or @ref thttp_auth_digest_HA1sess. * @param [in,out] nonce The nonce value. * @param [in,out] noncecount The nonce count. * @param [in,out] cnonce The client nounce (unquoted). * @param [in,out] qop The Quality Of Protection (unquoted). * @param [in,out] ha2 HA2 string generated using @ref thttp_auth_digest_HA2. * @param [in,out] response A pointer to the response. * * @return Zero if succeed and non-zero error code otherwise. **/ int thttp_auth_digest_response(const tsk_md5string_t *ha1, const char* nonce, const nonce_count_t noncecount, const char* cnonce, const char* qop, const tsk_md5string_t* ha2, tsk_md5string_t* response) { int ret; /* RFC 2617 3.2.2.1 Request-Digest ============ CASE 1 ============ If the "qop" value is "auth" or "auth-int": request-digest = <"> < KD ( H(A1), unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" H(A2) ) <"> ============ CASE 2 ============ If the "qop" directive is not present (this construction is for compatibility with RFC 2069): request-digest = <"> < KD ( H(A1), unq(nonce-value) ":" H(A2) ) > <"> */ char *res = tsk_null; if (tsk_striequals(qop, "auth") || tsk_striequals(qop, "auth-int")){ /* CASE 1 */ tsk_sprintf(&res, "%s:%s:%s:%s:%s:%s", *ha1, nonce, noncecount, cnonce, qop, *ha2); } else{ /* CASE 2 */ tsk_sprintf(&res, "%s:%s:%s", *ha1, nonce, *ha2); } ret = tsk_md5compute(res, tsk_strlen(res), response); TSK_FREE(res); return ret; }