summaryrefslogtreecommitdiff
path: root/src/openvpn/httpdigest.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/httpdigest.c')
-rw-r--r--src/openvpn/httpdigest.c196
1 files changed, 102 insertions, 94 deletions
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index 99bbda4..01301c0 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -37,118 +37,126 @@
static void
CvtHex(
- IN HASH Bin,
- OUT HASHHEX Hex
- )
+ IN HASH Bin,
+ OUT HASHHEX Hex
+ )
{
- unsigned short i;
- unsigned char j;
+ unsigned short i;
+ unsigned char j;
- for (i = 0; i < HASHLEN; i++) {
- j = (Bin[i] >> 4) & 0xf;
- if (j <= 9)
- Hex[i*2] = (j + '0');
- else
- Hex[i*2] = (j + 'a' - 10);
- j = Bin[i] & 0xf;
- if (j <= 9)
- Hex[i*2+1] = (j + '0');
- else
- Hex[i*2+1] = (j + 'a' - 10);
- };
- Hex[HASHHEXLEN] = '\0';
-};
+ for (i = 0; i < HASHLEN; i++) {
+ j = (Bin[i] >> 4) & 0xf;
+ if (j <= 9)
+ {
+ Hex[i*2] = (j + '0');
+ }
+ else
+ {
+ Hex[i*2] = (j + 'a' - 10);
+ }
+ j = Bin[i] & 0xf;
+ if (j <= 9)
+ {
+ Hex[i*2+1] = (j + '0');
+ }
+ else
+ {
+ Hex[i*2+1] = (j + 'a' - 10);
+ }
+ }
+ Hex[HASHHEXLEN] = '\0';
+}
/* calculate H(A1) as per spec */
void
DigestCalcHA1(
- IN char * pszAlg,
- IN char * pszUserName,
- IN char * pszRealm,
- IN char * pszPassword,
- IN char * pszNonce,
- IN char * pszCNonce,
- OUT HASHHEX SessionKey
- )
+ IN char *pszAlg,
+ IN char *pszUserName,
+ IN char *pszRealm,
+ IN char *pszPassword,
+ IN char *pszNonce,
+ IN char *pszCNonce,
+ OUT HASHHEX SessionKey
+ )
{
- HASH HA1;
- md_ctx_t md5_ctx;
- const md_kt_t *md5_kt = md_kt_get("MD5");
+ HASH HA1;
+ md_ctx_t md5_ctx;
+ const md_kt_t *md5_kt = md_kt_get("MD5");
- md_ctx_init(&md5_ctx, md5_kt);
- md_ctx_update(&md5_ctx, (const uint8_t *) pszUserName, strlen(pszUserName));
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(&md5_ctx, (const uint8_t *) pszRealm, strlen(pszRealm));
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(&md5_ctx, (const uint8_t *) pszPassword, strlen(pszPassword));
- md_ctx_final(&md5_ctx, HA1);
- if (pszAlg && strcasecmp(pszAlg, "md5-sess") == 0)
+ md_ctx_init(&md5_ctx, md5_kt);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszUserName, strlen(pszUserName));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszRealm, strlen(pszRealm));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszPassword, strlen(pszPassword));
+ md_ctx_final(&md5_ctx, HA1);
+ if (pszAlg && strcasecmp(pszAlg, "md5-sess") == 0)
{
- md_ctx_init(&md5_ctx, md5_kt);
- md_ctx_update(&md5_ctx, HA1, HASHLEN);
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(&md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(&md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));
- md_ctx_final(&md5_ctx, HA1);
- };
- md_ctx_cleanup(&md5_ctx);
- CvtHex(HA1, SessionKey);
+ md_ctx_init(&md5_ctx, md5_kt);
+ md_ctx_update(&md5_ctx, HA1, HASHLEN);
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));
+ md_ctx_final(&md5_ctx, HA1);
+ }
+ md_ctx_cleanup(&md5_ctx);
+ CvtHex(HA1, SessionKey);
}
/* calculate request-digest/response-digest as per HTTP Digest spec */
void
DigestCalcResponse(
- IN HASHHEX HA1, /* H(A1) */
- IN char * pszNonce, /* nonce from server */
- IN char * pszNonceCount, /* 8 hex digits */
- IN char * pszCNonce, /* client nonce */
- IN char * pszQop, /* qop-value: "", "auth", "auth-int" */
- IN char * pszMethod, /* method from the request */
- IN char * pszDigestUri, /* requested URL */
- IN HASHHEX HEntity, /* H(entity body) if qop="auth-int" */
- OUT HASHHEX Response /* request-digest or response-digest */
- )
+ IN HASHHEX HA1, /* H(A1) */
+ IN char *pszNonce, /* nonce from server */
+ IN char *pszNonceCount, /* 8 hex digits */
+ IN char *pszCNonce, /* client nonce */
+ IN char *pszQop, /* qop-value: "", "auth", "auth-int" */
+ IN char *pszMethod, /* method from the request */
+ IN char *pszDigestUri, /* requested URL */
+ IN HASHHEX HEntity, /* H(entity body) if qop="auth-int" */
+ OUT HASHHEX Response /* request-digest or response-digest */
+ )
{
- HASH HA2;
- HASH RespHash;
- HASHHEX HA2Hex;
+ HASH HA2;
+ HASH RespHash;
+ HASHHEX HA2Hex;
- md_ctx_t md5_ctx;
- const md_kt_t *md5_kt = md_kt_get("MD5");
+ md_ctx_t md5_ctx;
+ const md_kt_t *md5_kt = md_kt_get("MD5");
- /* calculate H(A2) */
- md_ctx_init(&md5_ctx, md5_kt);
- md_ctx_update(&md5_ctx, (const uint8_t *) pszMethod, strlen(pszMethod));
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(&md5_ctx, (const uint8_t *) pszDigestUri, strlen(pszDigestUri));
- if (strcasecmp(pszQop, "auth-int") == 0)
+ /* calculate H(A2) */
+ md_ctx_init(&md5_ctx, md5_kt);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszMethod, strlen(pszMethod));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszDigestUri, strlen(pszDigestUri));
+ if (strcasecmp(pszQop, "auth-int") == 0)
{
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(&md5_ctx, HEntity, HASHHEXLEN);
- };
- md_ctx_final(&md5_ctx, HA2);
- CvtHex(HA2, HA2Hex);
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, HEntity, HASHHEXLEN);
+ }
+ md_ctx_final(&md5_ctx, HA2);
+ CvtHex(HA2, HA2Hex);
- /* calculate response */
- md_ctx_init(&md5_ctx, md5_kt);
- md_ctx_update(&md5_ctx, HA1, HASHHEXLEN);
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(&md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- if (*pszQop)
+ /* calculate response */
+ md_ctx_init(&md5_ctx, md5_kt);
+ md_ctx_update(&md5_ctx, HA1, HASHHEXLEN);
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ if (*pszQop)
{
- md_ctx_update(&md5_ctx, (const uint8_t *) pszNonceCount, strlen(pszNonceCount));
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(&md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(&md5_ctx, (const uint8_t *) pszQop, strlen(pszQop));
- md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
- };
- md_ctx_update(&md5_ctx, HA2Hex, HASHHEXLEN);
- md_ctx_final(&md5_ctx, RespHash);
- md_ctx_cleanup(&md5_ctx);
- CvtHex(RespHash, Response);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszNonceCount, strlen(pszNonceCount));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszQop, strlen(pszQop));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ }
+ md_ctx_update(&md5_ctx, HA2Hex, HASHHEXLEN);
+ md_ctx_final(&md5_ctx, RespHash);
+ md_ctx_cleanup(&md5_ctx);
+ CvtHex(RespHash, Response);
}
-#endif
+#endif /* if PROXY_DIGEST_AUTH */