mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-03-13 15:37:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

digest: support SHA-512/256

Browse Source 
Also fix the tests. New implementation tested with GNU libmicrohttpd.
The new numbers in tests are real SHA-512/256 numbers (not just some
random ;) numbers ).
This commit is contained in:
Evgeny Grin 2024-02-08 10:31:12 +01:00 committed by Daniel Stenberg
parent 6d6113e122
commit e3461bbd05
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
5 changed files with 40 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
lib/vauth/digest.c
View File

@ -38,6 +38,7 @@
#include "curl_hmac.h"
#include "curl_md5.h"
#include "curl_sha256.h"
#include "curl_sha512_256.h"
#include "vtls/vtls.h"
#include "warnless.h"
#include "strtok.h"
@ -150,7 +151,7 @@ static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */
msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]);
}
/* Convert sha256 chunk to RFC7616 -suitable ascii string */
/* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ascii string */
static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */
unsigned char *dest) /* 65 bytes */
{
@ -601,10 +602,20 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
digest->algo = ALGO_SHA256;
else if(strcasecompare(content, "SHA-256-SESS"))
digest->algo = ALGO_SHA256SESS;
else if(strcasecompare(content, "SHA-512-256"))
else if(strcasecompare(content, "SHA-512-256")) {
#ifdef CURL_HAVE_SHA512_256
digest->algo = ALGO_SHA512_256;
else if(strcasecompare(content, "SHA-512-256-SESS"))
#else /* ! CURL_HAVE_SHA512_256 */
return CURLE_NOT_BUILT_IN;
#endif /* ! CURL_HAVE_SHA512_256 */
}
else if(strcasecompare(content, "SHA-512-256-SESS")) {
#ifdef CURL_HAVE_SHA512_256
digest->algo = ALGO_SHA512_256SESS;
#else /* ! CURL_HAVE_SHA512_256 */
return CURLE_NOT_BUILT_IN;
#endif /* ! CURL_HAVE_SHA512_256 */
}
else
return CURLE_BAD_CONTENT_ENCODING;
}
@ -957,12 +968,24 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
outptr, outlen,
auth_digest_md5_to_ascii,
Curl_md5it);
DEBUGASSERT(digest->algo <= ALGO_SHA512_256SESS);
return auth_create_digest_http_message(data, userp, passwdp,
request, uripath, digest,
outptr, outlen,
auth_digest_sha256_to_ascii,
Curl_sha256it);
if(digest->algo <= ALGO_SHA256SESS)
return auth_create_digest_http_message(data, userp, passwdp,
request, uripath, digest,
outptr, outlen,
auth_digest_sha256_to_ascii,
Curl_sha256it);
#ifdef CURL_HAVE_SHA512_256
if(digest->algo <= ALGO_SHA512_256SESS)
return auth_create_digest_http_message(data, userp, passwdp,
request, uripath, digest,
outptr, outlen,
auth_digest_sha256_to_ascii,
Curl_sha512_256it);
#endif /* CURL_HAVE_SHA512_256 */
/* Should be unreachable */
return CURLE_BAD_CONTENT_ENCODING;
}
/*

3
tests/data/test2060
View File

@ -67,6 +67,7 @@ http
!SSPI
crypto
proxy
sha512-256
</features>
<name>
HTTP POST --digest with PUT, resumed upload, modified method, SHA-512-256 and userhash=false
@ -92,7 +93,7 @@ Content-Length: 0
GET http://%HOSTIP:%HTTPPORT/%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="3ce1e25ffa611bdbe90e2ab367b9602fa223db9f6de76ac667f0d6157e2178a6", algorithm=SHA-512-256
Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="691867f4a06c79fd0a175c1857e3df7015f6fff3ce8676497d2f1f805b5a8eca", algorithm=SHA-512-256
Content-Range: bytes 2-4/5
User-Agent: curl/%VERSION
Accept: */*

3
tests/data/test2062
View File

@ -54,6 +54,7 @@ http
<features>
!SSPI
crypto
sha512-256
</features>
<name>
HTTP with RFC7616 SHA-512-256 Digest authorization and userhash=false
@ -73,7 +74,7 @@ Accept: */*
GET /%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Digest username="testuser", realm="testrealm", nonce="1053604145", uri="/%TESTNUMBER", response="2af735ec3508f4dff99248ffbbe9de9002bfd7cc770cfa2b026cb334042a54e3", algorithm=SHA-512-256
Authorization: Digest username="testuser", realm="testrealm", nonce="1053604145", uri="/%TESTNUMBER", response="9d3256ee6526ec40dd48743bb48e51ee9baba587c78f15c3a86166242150af98", algorithm=SHA-512-256
User-Agent: curl/%VERSION
Accept: */*

3
tests/data/test2065
View File

@ -54,6 +54,7 @@ http
<features>
!SSPI
crypto
sha512-256
</features>
<name>
HTTP with RFC7616 Digest authorization with bad password, SHA-512-256 and userhash=false
@ -73,7 +74,7 @@ Accept: */*
GET /%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Digest username="testuser", realm="testrealm", nonce="2053604145", uri="/%TESTNUMBER", response="5a5f20b0e601aeddc6f96422c2332d49ff431c49ab143b5f836ef76e9ac78f5e", algorithm=SHA-512-256
Authorization: Digest username="testuser", realm="testrealm", nonce="2053604145", uri="/%TESTNUMBER", response="0373a49d7d352ff54884faaf762fc6c89281b4112ad8fcbbe1d1ee52dcf7a802", algorithm=SHA-512-256
User-Agent: curl/%VERSION
Accept: */*

3
tests/data/test2068
View File

@ -52,6 +52,7 @@ http
<features>
!SSPI
crypto
sha512-256
</features>
<name>
HTTP POST --digest with SHA-512-256, userhash=false and user-specified Content-Length header
@ -76,7 +77,7 @@ Content-Type: application/x-www-form-urlencoded
POST /%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="4bc9c97a72f1856bcec9b0e1518c6b7ee28773f91357d56840bdc30bd89ca68f", algorithm=SHA-512-256
Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="0ba2f7ec8045446588eea82bb0c3812aedb05f4eac8883ea65040a52e9c5629e", algorithm=SHA-512-256
User-Agent: curl/%VERSION
Accept: */*
Content-Length: 11