From: "정지우 | Eugene" <eugene@bitsensing.com>
To: "ffmpeg-devel@ffmpeg.org" <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization (Combined)
Date: Wed, 3 Apr 2024 09:51:29 +0000
Message-ID: <SL2P216MB1481DDDD06F1804717BC71F2B83D2@SL2P216MB1481.KORP216.PROD.OUTLOOK.COM> (raw)
- add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h
- make_digest_auth_sha() : A1hash-> a1_hash and A2hash -> a2_hash
- combine with lint fix patch
(Please ignore previous patch requests that were requested by mistake):
[FFmpeg-devel] [PATCH] fix typo(1),style(1),nit(4) issue
Signed-off-by: Eugene-bitsensing <eugene@bitsensing.com>
---
libavformat/httpauth.c | 130 +++++++++-
libavformat/httpauth.h | 8 +
...h-add-SHA-256-Digest-Authorization-Com.eml | 224 ++++++++++++++++++
3 files changed, 354 insertions(+), 8 deletions(-)
create mode 100644 outputfolder/0001-avformat-httpauth-add-SHA-256-Digest-Authorization-Com.eml
diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
index 9780928357..6069523bca 100644
--- a/libavformat/httpauth.c
+++ b/libavformat/httpauth.c
@@ -25,6 +25,7 @@
#include "internal.h"
#include "libavutil/random_seed.h"
#include "libavutil/md5.h"
+#include "libavutil/hash.h"
#include "urldecode.h"
static void handle_basic_params(HTTPAuthState *state, const char *key,
@@ -143,7 +144,7 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
char cnonce[17];
char nc[9];
int i;
- char A1hash[33], A2hash[33], response[33];
+ char a1_hash[33], a2_hash[33], response[33];
struct AVMD5 *md5ctx;
uint8_t hash[16];
char *authstr;
@@ -163,14 +164,14 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
av_md5_init(md5ctx);
update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
av_md5_final(md5ctx, hash);
- ff_data_to_hex(A1hash, hash, 16, 1);
+ ff_data_to_hex(a1_hash, hash, 16, 1);
if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
} else if (!strcmp(digest->algorithm, "MD5-sess")) {
av_md5_init(md5ctx);
- update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
+ update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, ":", cnonce, NULL);
av_md5_final(md5ctx, hash);
- ff_data_to_hex(A1hash, hash, 16, 1);
+ ff_data_to_hex(a1_hash, hash, 16, 1);
} else {
/* Unsupported algorithm */
av_free(md5ctx);
@@ -180,14 +181,14 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
av_md5_init(md5ctx);
update_md5_strings(md5ctx, method, ":", uri, NULL);
av_md5_final(md5ctx, hash);
- ff_data_to_hex(A2hash, hash, 16, 1);
+ ff_data_to_hex(a2_hash, hash, 16, 1);
av_md5_init(md5ctx);
- update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
+ update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, NULL);
if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
}
- update_md5_strings(md5ctx, ":", A2hash, NULL);
+ update_md5_strings(md5ctx, ":", a2_hash, NULL);
av_md5_final(md5ctx, hash);
ff_data_to_hex(response, hash, 16, 1);
@@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
return authstr;
}
+/**
+ * Generate a digest reply SHA-256, according to RFC 7616.
+ * TODO : support other RFC 7616 Algorithm
+ */
+static char *make_digest_auth_sha(HTTPAuthState *state, const char *username,
+ const char *password, const char *uri,
+ const char *method, const char *algorithm)
+{
+ DigestParams *digest = &state->digest_params;
+ int len;
+ uint32_t cnonce_buf[2];
+ char cnonce[17];
+ char nc[9];
+ int i;
+ char a1_hash[65], a2_hash[65], response[65];
+ struct AVHashContext *hashctx;
+ uint8_t hash[64];
+ char *authstr;
+
+ digest->nc++;
+ snprintf(nc, sizeof(nc), "%08x", digest->nc);
+
+ /* Generate a client nonce. */
+ for (i = 0; i < 2; i++)
+ cnonce_buf[i] = av_get_random_seed();
+ ff_data_to_hex(cnonce, (const uint8_t *)cnonce_buf, sizeof(cnonce_buf), 1);
+
+ /* Allocate a hash context based on the provided algorithm */
+ int ret = av_hash_alloc(&hashctx, algorithm);
+ if (ret < 0) {
+ return NULL;
+ }
+
+ /* Initialize the hash context */
+ av_hash_init(hashctx);
+
+ /* Update the hash context with A1 data */
+ av_hash_update(hashctx, (const uint8_t *)username, strlen(username));
+ av_hash_update(hashctx, (const uint8_t *)":", 1);
+ av_hash_update(hashctx, (const uint8_t *)state->realm, strlen(state->realm));
+ av_hash_update(hashctx, (const uint8_t *)":", 1);
+ av_hash_update(hashctx, (const uint8_t *)password, strlen(password));
+ av_hash_final(hashctx, hash);
+ ff_data_to_hex(a1_hash, hash, av_hash_get_size(hashctx), 1);
+
+ /* Initialize the hash context for A2 */
+ av_hash_init(hashctx);
+ av_hash_update(hashctx, (const uint8_t *)method, strlen(method));
+ av_hash_update(hashctx, (const uint8_t *)":", 1);
+ av_hash_update(hashctx, (const uint8_t *)uri, strlen(uri));
+ av_hash_final(hashctx, hash);
+ ff_data_to_hex(a2_hash, hash, av_hash_get_size(hashctx), 1);
+
+ /* Initialize the hash context for response */
+ av_hash_init(hashctx);
+ av_hash_update(hashctx, (const uint8_t *)a1_hash, strlen(a1_hash));
+ av_hash_update(hashctx, (const uint8_t *)":", 1);
+ av_hash_update(hashctx, (const uint8_t *)digest->nonce, strlen(digest->nonce));
+ av_hash_update(hashctx, (const uint8_t *)":", 1);
+ av_hash_update(hashctx, (const uint8_t *)nc, strlen(nc));
+ av_hash_update(hashctx, (const uint8_t *)":", 1);
+ av_hash_update(hashctx, (const uint8_t *)cnonce, strlen(cnonce));
+ av_hash_update(hashctx, (const uint8_t *)":", 1);
+ av_hash_update(hashctx, (const uint8_t *)digest->qop, strlen(digest->qop));
+ av_hash_update(hashctx, (const uint8_t *)":", 1);
+ av_hash_update(hashctx, (const uint8_t *)a2_hash, strlen(a2_hash));
+ av_hash_final(hashctx, hash);
+ ff_data_to_hex(response, hash, av_hash_get_size(hashctx), 1);
+
+ /* Free the hash context */
+ av_hash_freep(&hashctx);
+
+ len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
+ strlen(uri) + strlen(response) + strlen(digest->algorithm) +
+ strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
+ strlen(nc) + 150;
+
+ authstr = av_malloc(len);
+ if (!authstr) {
+ return NULL;
+ }
+
+ /* Generate Header same way as *make_digest_auth */
+ snprintf(authstr, len, "Authorization: Digest ");
+
+ av_strlcatf(authstr, len, "username=\"%s\"", username);
+ av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm);
+ av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce);
+ av_strlcatf(authstr, len, ", uri=\"%s\"", uri);
+ av_strlcatf(authstr, len, ", response=\"%s\"", response);
+
+ if (digest->algorithm[0])
+ av_strlcatf(authstr, len, ", algorithm=\"%s\"", digest->algorithm);
+
+ if (digest->opaque[0])
+ av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque);
+ if (digest->qop[0]) {
+ av_strlcatf(authstr, len, ", qop=\"%s\"", digest->qop);
+ av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce);
+ av_strlcatf(authstr, len, ", nc=%s", nc);
+ }
+
+ av_strlcatf(authstr, len, "\r\n");
+
+ return authstr;
+}
+
+
char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
const char *path, const char *method)
{
@@ -276,7 +385,12 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
if ((password = strchr(username, ':'))) {
*password++ = 0;
- authstr = make_digest_auth(state, username, password, path, method);
+ /* add digest algorithm SHA-256 */
+ if (!strcmp(state->digest_params.algorithm, "SHA256")) {
+ authstr = make_digest_auth_sha(state, username, password, path, method,"SHA256");
+ } else {
+ authstr = make_digest_auth(state, username, password, path, method);
+ }
}
av_free(username);
}
diff --git a/libavformat/httpauth.h b/libavformat/httpauth.h
index 0e7085901c..a55986ea3e 100644
--- a/libavformat/httpauth.h
+++ b/libavformat/httpauth.h
@@ -76,4 +76,12 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
const char *path, const char *method);
+/**
+ * New function declaration for RFC7616
+ * SHA-256 digest authentication
+ * SHA-256-sess, SHA-512-256 and SHA-512-256-sess not supported yet
+ */
+static char *make_digest_auth_sha(HTTPAuthState *state, const char *username,
+ const char *password, const char *uri,
+ const char *method, const char *algorithm);
#endif /* AVFORMAT_HTTPAUTH_H */
diff --git a/outputfolder/0001-avformat-httpauth-add-SHA-256-Digest-Authorization-Com.eml b/outputfolder/0001-avformat-httpauth-add-SHA-256-Digest-Authorization-Com.eml
new file mode 100644
index 0000000000..3d4d23a559
--- /dev/null
+++ b/outputfolder/0001-avformat-httpauth-add-SHA-256-Digest-Authorization-Com.eml
@@ -0,0 +1,224 @@
+From 02f3abcb9f9bf3eb9792b30ea43058479516c52b Mon Sep 17 00:00:00 2001
+From: Eugene-bitsensing <eugene@bitsensing.com>
+Date: Wed, 3 Apr 2024 18:47:38 +0900
+Subject: [PATCH] avformat/httpauth: add SHA-256 Digest Authorization (Combined
+ with ly)
+X-Unsent: 1
+To: ffmpeg-devel@ffmpeg.org
+
+- add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h
+- make_digest_auth_sha() : A1hash-> a1_hash and A2hash -> a2_hash
+- combine with lint fix patch
+
+Signed-off-by: Eugene-bitsensing <eugene@bitsensing.com>
+---
+ libavformat/httpauth.c | 130 ++++++++++++++++++++++++++++++++++++++---
+ libavformat/httpauth.h | 8 +++
+ 2 files changed, 130 insertions(+), 8 deletions(-)
+
+diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
+index 9780928357..6069523bca 100644
+--- a/libavformat/httpauth.c
++++ b/libavformat/httpauth.c
+@@ -25,6 +25,7 @@
+ #include "internal.h"
+ #include "libavutil/random_seed.h"
+ #include "libavutil/md5.h"
++#include "libavutil/hash.h"
+ #include "urldecode.h"
+
+ static void handle_basic_params(HTTPAuthState *state, const char *key,
+@@ -143,7 +144,7 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
+ char cnonce[17];
+ char nc[9];
+ int i;
+- char A1hash[33], A2hash[33], response[33];
++ char a1_hash[33], a2_hash[33], response[33];
+ struct AVMD5 *md5ctx;
+ uint8_t hash[16];
+ char *authstr;
+@@ -163,14 +164,14 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
+ av_md5_init(md5ctx);
+ update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
+ av_md5_final(md5ctx, hash);
+- ff_data_to_hex(A1hash, hash, 16, 1);
++ ff_data_to_hex(a1_hash, hash, 16, 1);
+
+ if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
+ } else if (!strcmp(digest->algorithm, "MD5-sess")) {
+ av_md5_init(md5ctx);
+- update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
++ update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, ":", cnonce, NULL);
+ av_md5_final(md5ctx, hash);
+- ff_data_to_hex(A1hash, hash, 16, 1);
++ ff_data_to_hex(a1_hash, hash, 16, 1);
+ } else {
+ /* Unsupported algorithm */
+ av_free(md5ctx);
+@@ -180,14 +181,14 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
+ av_md5_init(md5ctx);
+ update_md5_strings(md5ctx, method, ":", uri, NULL);
+ av_md5_final(md5ctx, hash);
+- ff_data_to_hex(A2hash, hash, 16, 1);
++ ff_data_to_hex(a2_hash, hash, 16, 1);
+
+ av_md5_init(md5ctx);
+- update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
++ update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, NULL);
+ if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
+ update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
+ }
+- update_md5_strings(md5ctx, ":", A2hash, NULL);
++ update_md5_strings(md5ctx, ":", a2_hash, NULL);
+ av_md5_final(md5ctx, hash);
+ ff_data_to_hex(response, hash, 16, 1);
+
+@@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
+ return authstr;
+ }
+
++/**
++ * Generate a digest reply SHA-256, according to RFC 7616.
++ * TODO : support other RFC 7616 Algorithm
++ */
++static char *make_digest_auth_sha(HTTPAuthState *state, const char *username,
++ const char *password, const char *uri,
++ const char *method, const char *algorithm)
++{
++ DigestParams *digest = &state->digest_params;
++ int len;
++ uint32_t cnonce_buf[2];
++ char cnonce[17];
++ char nc[9];
++ int i;
++ char a1_hash[65], a2_hash[65], response[65];
++ struct AVHashContext *hashctx;
++ uint8_t hash[64];
++ char *authstr;
++
++ digest->nc++;
++ snprintf(nc, sizeof(nc), "%08x", digest->nc);
++
++ /* Generate a client nonce. */
++ for (i = 0; i < 2; i++)
++ cnonce_buf[i] = av_get_random_seed();
++ ff_data_to_hex(cnonce, (const uint8_t *)cnonce_buf, sizeof(cnonce_buf), 1);
++
++ /* Allocate a hash context based on the provided algorithm */
++ int ret = av_hash_alloc(&hashctx, algorithm);
++ if (ret < 0) {
++ return NULL;
++ }
++
++ /* Initialize the hash context */
++ av_hash_init(hashctx);
++
++ /* Update the hash context with A1 data */
++ av_hash_update(hashctx, (const uint8_t *)username, strlen(username));
++ av_hash_update(hashctx, (const uint8_t *)":", 1);
++ av_hash_update(hashctx, (const uint8_t *)state->realm, strlen(state->realm));
++ av_hash_update(hashctx, (const uint8_t *)":", 1);
++ av_hash_update(hashctx, (const uint8_t *)password, strlen(password));
++ av_hash_final(hashctx, hash);
++ ff_data_to_hex(a1_hash, hash, av_hash_get_size(hashctx), 1);
++
++ /* Initialize the hash context for A2 */
++ av_hash_init(hashctx);
++ av_hash_update(hashctx, (const uint8_t *)method, strlen(method));
++ av_hash_update(hashctx, (const uint8_t *)":", 1);
++ av_hash_update(hashctx, (const uint8_t *)uri, strlen(uri));
++ av_hash_final(hashctx, hash);
++ ff_data_to_hex(a2_hash, hash, av_hash_get_size(hashctx), 1);
++
++ /* Initialize the hash context for response */
++ av_hash_init(hashctx);
++ av_hash_update(hashctx, (const uint8_t *)a1_hash, strlen(a1_hash));
++ av_hash_update(hashctx, (const uint8_t *)":", 1);
++ av_hash_update(hashctx, (const uint8_t *)digest->nonce, strlen(digest->nonce));
++ av_hash_update(hashctx, (const uint8_t *)":", 1);
++ av_hash_update(hashctx, (const uint8_t *)nc, strlen(nc));
++ av_hash_update(hashctx, (const uint8_t *)":", 1);
++ av_hash_update(hashctx, (const uint8_t *)cnonce, strlen(cnonce));
++ av_hash_update(hashctx, (const uint8_t *)":", 1);
++ av_hash_update(hashctx, (const uint8_t *)digest->qop, strlen(digest->qop));
++ av_hash_update(hashctx, (const uint8_t *)":", 1);
++ av_hash_update(hashctx, (const uint8_t *)a2_hash, strlen(a2_hash));
++ av_hash_final(hashctx, hash);
++ ff_data_to_hex(response, hash, av_hash_get_size(hashctx), 1);
++
++ /* Free the hash context */
++ av_hash_freep(&hashctx);
++
++ len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
++ strlen(uri) + strlen(response) + strlen(digest->algorithm) +
++ strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
++ strlen(nc) + 150;
++
++ authstr = av_malloc(len);
++ if (!authstr) {
++ return NULL;
++ }
++
++ /* Generate Header same way as *make_digest_auth */
++ snprintf(authstr, len, "Authorization: Digest ");
++
++ av_strlcatf(authstr, len, "username=\"%s\"", username);
++ av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm);
++ av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce);
++ av_strlcatf(authstr, len, ", uri=\"%s\"", uri);
++ av_strlcatf(authstr, len, ", response=\"%s\"", response);
++
++ if (digest->algorithm[0])
++ av_strlcatf(authstr, len, ", algorithm=\"%s\"", digest->algorithm);
++
++ if (digest->opaque[0])
++ av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque);
++ if (digest->qop[0]) {
++ av_strlcatf(authstr, len, ", qop=\"%s\"", digest->qop);
++ av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce);
++ av_strlcatf(authstr, len, ", nc=%s", nc);
++ }
++
++ av_strlcatf(authstr, len, "\r\n");
++
++ return authstr;
++}
++
++
+ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
+ const char *path, const char *method)
+ {
+@@ -276,7 +385,12 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
+
+ if ((password = strchr(username, ':'))) {
+ *password++ = 0;
+- authstr = make_digest_auth(state, username, password, path, method);
++ /* add digest algorithm SHA-256 */
++ if (!strcmp(state->digest_params.algorithm, "SHA256")) {
++ authstr = make_digest_auth_sha(state, username, password, path, method,"SHA256");
++ } else {
++ authstr = make_digest_auth(state, username, password, path, method);
++ }
+ }
+ av_free(username);
+ }
+diff --git a/libavformat/httpauth.h b/libavformat/httpauth.h
+index 0e7085901c..a55986ea3e 100644
+--- a/libavformat/httpauth.h
++++ b/libavformat/httpauth.h
+@@ -76,4 +76,12 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
+ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
+ const char *path, const char *method);
+
++/**
++ * New function declaration for RFC7616
++ * SHA-256 digest authentication
++ * SHA-256-sess, SHA-512-256 and SHA-512-256-sess not supported yet
++ */
++static char *make_digest_auth_sha(HTTPAuthState *state, const char *username,
++ const char *password, const char *uri,
++ const char *method, const char *algorithm);
+ #endif /* AVFORMAT_HTTPAUTH_H */
+--
+2.42.0.windows.2
+
--
2.42.0.windows.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next reply other threads:[~2024-04-03 9:51 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 9:51 정지우 | Eugene [this message]
2024-04-03 15:36 ` Andreas Rheinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SL2P216MB1481DDDD06F1804717BC71F2B83D2@SL2P216MB1481.KORP216.PROD.OUTLOOK.COM \
--to=eugene@bitsensing.com \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git