/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "syshead.h"
#if PROXY_DIGEST_AUTH
#include "crypto.h"
#include "httpdigest.h"
static void
CvtHex(
IN HASH Bin,
OUT HASHHEX Hex
)
{
unsigned short i;
unsigned char j;
for (i = 0; i < HASHLEN; i++) {
j = (Bin[i] >> 4) & 0xf;
if (j <= 9)
Hex[i*2] = (j + '0');
else
Hex[i*2] = (j + 'a' - 10);
j = Bin[i] & 0xf;
if (j <= 9)
Hex[i*2+1] = (j + '0');
else
Hex[i*2+1] = (j + 'a' - 10);
};
Hex[HASHHEXLEN] = '\0';
};
/* calculate H(A1) as per spec */
void
DigestCalcHA1(
IN char * pszAlg,
IN char * pszUserName,
IN char * pszRealm,
IN char * pszPassword,
IN char * pszNonce,
IN char * pszCNonce,
OUT HASHHEX SessionKey
)
{
HASH HA1;
md_ctx_t md5_ctx;
const md_kt_t *md5_kt = md_kt_get("MD5");
md_ctx_init(&md5_ctx, md5_kt);
md_ctx_update(&md5_ctx, pszUserName, strlen(pszUserName));
md_ctx_update(&md5_ctx, ":", 1);
md_ctx_update(&md5_ctx, pszRealm, strlen(pszRealm));
md_ctx_update(&md5_ctx, ":", 1);
md_ctx_update(&md5_ctx, pszPassword, strlen(pszPassword));
md_ctx_final(&md5_ctx, HA1);
if (pszAlg && strcasecmp(pszAlg, "md5-sess") == 0)
{
md_ctx_init(&md5_ctx, md5_kt);
md_ctx_update(&md5_ctx, HA1, HASHLEN);
md_ctx_update(&md5_ctx, ":", 1);
md_ctx_update(&md5_ctx, pszNonce, strlen(pszNonce));
md_ctx_update(&md5_ctx, ":", 1);
md_ctx_update(&md5_ctx, pszCNonce, strlen(pszCNonce));
md_ctx_final(&md5_ctx, HA1);
};
md_ctx_cleanup(&md5_ctx);
CvtHex(HA1, SessionKey);
}
/* calculate request-digest/response-digest as per HTTP Digest spec */
void
DigestCalcResponse(
IN HASHHEX HA1, /* H(A1) */
IN char * pszNonce, /* nonce from server */
IN char * pszNonceCount, /* 8 hex digits */
IN char * pszCNonce, /* client nonce */
IN char * pszQop, /* qop-value: "", "auth", "auth-int" */
IN char * pszMethod, /* method from the request */
IN char * pszDigestUri, /* requested URL */
IN HASHHEX HEntity, /* H(entity body) if qop="auth-int" */
OUT HASHHEX Response /* request-digest or response-digest */
)
{
HASH HA2;
HASH RespHash;
HASHHEX HA2Hex;
md_ctx_t md5_ctx;
const md_kt_t *md5_kt = md_kt_get("MD5");
// calculate H(A2)
md_ctx_init(&md5_ctx, md5_kt);
md_ctx_update(&md5_ctx, pszMethod, strlen(pszMethod));
md_ctx_update(&md5_ctx, ":", 1);
md_ctx_update(&md5_ctx, pszDigestUri, strlen(pszDigestUri));
if (strcasecmp(pszQop, "auth-int") == 0)
{
md_ctx_update(&md5_ctx, ":", 1);
md_ctx_update(&md5_ctx, HEntity, HASHHEXLEN);
};
md_ctx_final(&md5_ctx, HA2);
CvtHex(HA2, HA2Hex);
// calculate response
md_ctx_init(&md5_ctx, md5_kt);
md_ctx_update(&md5_ctx, HA1, HASHHEXLEN);
md_ctx_update(&md5_ctx, ":", 1);
md_ctx_update(&md5_ctx, pszNonce, strlen(pszNonce));
md_ctx_update(&md5_ctx, ":", 1);
if (*pszQop)
{
md_ctx_update(&md5_ctx, pszNonceCount, strlen(pszNonceCount));
md_ctx_update(&md5_ctx, ":", 1);
md_ctx_update(&md5_ctx, pszCNonce, strlen(pszCNonce));
md_ctx_update(&md5_ctx, ":", 1);
md_ctx_update(&md5_ctx, pszQop, strlen(pszQop));
md_ctx_update(&md5_ctx, ":", 1);
};
md_ctx_update(&md5_ctx, HA2Hex, HASHHEXLEN);
md_ctx_final(&md5_ctx, RespHash);
md_ctx_cleanup(&md5_ctx);
CvtHex(RespHash, Response);
}
#endif