From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 170694A682 for ; Wed, 3 Apr 2024 09:51:44 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id DBED968D112; Wed, 3 Apr 2024 12:51:40 +0300 (EEST) Received: from PUWP216CU001.outbound.protection.outlook.com (mail-koreasouthazon11020003.outbound.protection.outlook.com [52.101.156.3]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C29CB68D093 for ; Wed, 3 Apr 2024 12:51:33 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n29eGcs+gMYXsHiXxYHgcC8d4k1KtBQ0IbQXsKkCXCET1onkISsDFEutVnT3t1ytls3jdVSYdhqHI0VC45xPPJJUIgPm3L/MhrpaTVawp5QXXNuEGvYl07KepvT7KFGYw+3WsQxmvsY9HSG3dQckLAAtDQK1h6tT5kRSWL9j3kNMr6K1pDJV/NEAoGve5lmQw5ox5q+txKfceD6x1Tx8BmdsYANsh8G1wOy/dKaQeHX63+iz7TdRRNfrRPTpJm2SSk/uAao3T4NjSjQ5giy6axDK0iWDXsI9tyO0luseeoMhiV/yDhFrXgMIIv63oLdnmSB+OuB0QIy+JBSJg6iaaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yys2hMgzvbU576MQsawf7eigiZGWP822zhgEdR8v7vU=; b=RW1x166SEouiSU1XzzJ7g2WRohPMErr7KHIRu02zOV3qVPS6q06FgB2/esbwoWinZizrxFQ2Q79EwSdAyqgHE/qs42i7C7zmeZIEg/8qsJlktpK5/aUf2bCXRcRT9HtEUcL5IxUJ+bi8dGtHoyScIawktEtMqkwEwDl5XEd4bU3OnJCYyFD521NkmFoH/X/ByGDouVCr4H/Ps4WAn3YsscRCwTa66JQYYMTk+MtxlBhOgTmkwwKEB76ly7AdAxZmUesyMTXnfv/hkstZI3sSydmVZC2+6Y0jw8nSbYQDoN9TwUgA/Mm0g1/nnmM/DNe40/d1M16sIK1sp+QJpVErVw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitsensing.com; dmarc=pass action=none header.from=bitsensing.com; dkim=pass header.d=bitsensing.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitsensing.onmicrosoft.com; s=selector1-bitsensing-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yys2hMgzvbU576MQsawf7eigiZGWP822zhgEdR8v7vU=; b=rZxKV20Xhi69yCBNg5atq3TQQNxOp/SlZuM84OpNkg6fS/JBynJfqX0vpMxeZTYIDBaBfrDVAXulPH0+5f6vs3+kZOJeDMlkToSGsSeJ6BalXx/qCq96qUeJ8rGyG+309x0PWO7rNdMtE/qLihU9X8otsO0zrf+qylDvP7jtw74= Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM (2603:1096:101:1f::7) by SE2P216MB2039.KORP216.PROD.OUTLOOK.COM (2603:1096:101:11b::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Wed, 3 Apr 2024 09:51:29 +0000 Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22]) by SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22%4]) with mapi id 15.20.7409.042; Wed, 3 Apr 2024 09:51:29 +0000 From: =?ks_c_5601-1987?B?waTB9r/sIHwgRXVnZW5l?= To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH] avformat/httpauth: add SHA-256 Digest Authorization (Combined) Thread-Index: AdqFq/ZcVkeDvNfHSnmQaiPTOZIjOg== Date: Wed, 3 Apr 2024 09:51:29 +0000 Message-ID: Accept-Language: ko-KR, en-US Content-Language: ko-KR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SL2P216MB1481:EE_|SE2P216MB2039:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: DxvtfDVxq58dEnwWd4IQgUzbGC2JVCTICDu7kJHldwlsQzWTCW5ydfKab1yvur7sLgJMicxlkcYCVV7lSeVW5TITQT25OVaUn2UlA0UXvQWYaW/p8qTsOutU+MiV4jYeJ7nQK9FTKRZzFCEiCvlGeZWkf+passBCe2Lh+QoLzHsgT+lsHbtdf1GRF94n8PNW3Ev8imEjLtVzA5vDbOvFMNefIdn7n2FqtVFaLv8qRAXNir1LtOkEC+DHuq3hztX23eIR9cOTqYdYdE9pDMRZiU/CGfP0avyqWo2aywfpVUCvvF3rgUiXfwKMRO1eZDjr98KE2y0ovnNLOuRfxBvMwG1RN5Z0PRq6dNc+yeSgK98iO3jIIRLQc8tWNWS4evB6WqSxAx4EkOK+rNJVHs/nCVR6akjAeyf5/DeTc78IZ0gcsu9OZRVE1jAUFfMgNpTGXMmxSuyVrlsH//NAQMEqjRqezYVUfHViiFUTCBG7HvlhESeBQBvLWYx281byx4zoff2HIWnDqcx6Zbajm0nOdq/My42HO8WUIpNXFdsR0fwhBOt7nhbRFsefRGl3gPn5HU8lSSdDmNAgF201MDtJ0nI4FTGQlYfN9CEdpJM6ILCAi0q80JXQRweWK4gUXalw/+xP4bGh3HKu6POGvZjKiwpcTgzEvl16yd8jEMgKv80= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:ko; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SL2P216MB1481.KORP216.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(366007)(376005); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?ks_c_5601-1987?B?MjJib1pxOERsa2Z3aTQxZS9XUG8vaXdFdnBib2lVemFSZkl3YnNT?= =?ks_c_5601-1987?B?L2hrZ0J2L29ycVFIVVhYdzB4VDlsOUczWWpwSCtFckxTditlMWF4?= =?ks_c_5601-1987?B?OHJ3cjZrM015bFVkejN0MnU5Q1Q1bHBsV1JQVFhWY1duQ2tORzdp?= =?ks_c_5601-1987?B?cU00cGp0YXZoMmRWT1MzczZmWVlJYzFYYWxlS2lLNUZZZlE4d2N4?= =?ks_c_5601-1987?B?SzMyYzhCRkRDc1JvaEh3ajI1N3FSWW5wdk5TR2d1SmtjTk0wV1ZI?= =?ks_c_5601-1987?B?MmkyRFUrL2lCelBuYU9IOFRYQjZEQTNWa2tDUFJnN3UramNvT0hs?= =?ks_c_5601-1987?B?YmtkSHpTbmZSODBFOTA5SlpZRndkOWxSUHllczROKzBrbWJrMk1X?= =?ks_c_5601-1987?B?ZkJ3TDd5SGdVaW1RUko2RTR1cmNpN2l2YmxjR1BEMVAraXpWTVdK?= =?ks_c_5601-1987?B?d013VjFkYm9pNkt3c1I1S2NQb2JnZVBMaDBMN1Z6RzZQb1NLbGRQ?= =?ks_c_5601-1987?B?OXNYOTZoR0JzWWR0ZlhVbHIxOE1WOE0zUzFDMEFjSDAzekErZGFT?= =?ks_c_5601-1987?B?cTZqVG5vRVhrVTF5cm1kcVZlSkdhZHlCc3BZeFV4VVhRbWJhYS9F?= =?ks_c_5601-1987?B?YUVwbDFqaG80WS9uaEpYbTVSelJPbDBzVnRIRGdhL2FZR083cXRs?= =?ks_c_5601-1987?B?c1IvdTFrRFViMTk0NkdFc2hHWWFwdkhNNms1bVo1ZTV3V3hHV2tw?= =?ks_c_5601-1987?B?OGF1Zm5WdnZ4YndRME0rdE5KT1FvWjF2N3pYOU4vR2U1amRxOWRh?= =?ks_c_5601-1987?B?Z1RGcEEzdUhKcDI2dTdGQTNsWmhjcUM2R2pPUHFCY0hqbmFBQXZO?= =?ks_c_5601-1987?B?SXpnWHhLdzdlcXBpd1BmM1FEZy9SWWF3QjVCcVRkR1dEL2dTNDQ4?= =?ks_c_5601-1987?B?ZCt0TThJV015OXJhUHN2VDlLSzl2Z014TzJPSm5hNXR0WXZKSW5w?= =?ks_c_5601-1987?B?c295bERrMzQyQnJJSStUUXF5REVVZk95QVAxVytjMDM4ZncxYlND?= =?ks_c_5601-1987?B?QmxkSlE5V3pqL01vVFlVZFBBajltOHdUSmxNZk8wUW5FQ2wxR2hs?= =?ks_c_5601-1987?B?b2JBQ3ByeDNjUmlrRUh1V3MvdWJHL3ZncVNEZDZ2WVk4UkJrNzlX?= =?ks_c_5601-1987?B?ZDQyc2QzamRwcUh5eFBVMnZRZUo3bENQSmxiUDdqRFgyZ3hLQVFX?= =?ks_c_5601-1987?B?MUUwZmRyVHkzUG1VdTVaTCtUUTlpTENRWDcvQXpKNmEvOC9NYkg2?= =?ks_c_5601-1987?B?VzFGcVVHc2diSGtiRTJOS09oamUrVlNocG5HaW9WL2FYUndndFI4?= =?ks_c_5601-1987?B?TUxrNEl4QmMzMytzMDViUVQ0Zk8rRjR4cTlHc2hDY1hxd2ZSQ0pU?= =?ks_c_5601-1987?B?T2o0cHJlTU9aNlpiWGxRR0pOWTRDa1pQQ29SRTgyb0o2UHRYTk1U?= =?ks_c_5601-1987?B?WExiTDEyZHVxSzNscjY0V1JhdHVuNjB4M044eEZXcWxiQUdwY055?= =?ks_c_5601-1987?B?dUlNQ2RMWER0eHVJenZid0RBL0EwbGFST2pZZjJsWDVYWUN2eGRi?= =?ks_c_5601-1987?B?bkhwYk5iTWY2ektTeDlPVUNMNTI4cUFpMTd6RzdXaVgxaDAzcS9V?= =?ks_c_5601-1987?B?NmxGRE9HREFKZmkvSjJOa0l0bytxN0Q2YjM5R0VSZGFVUzJ6SFJY?= =?ks_c_5601-1987?B?amsyckJUREN3OGJlQ3YzMi9GdXl1aExqYXFiTkFqTUJ4dGVQVnJZ?= =?ks_c_5601-1987?B?Qmt3MTNZY2RwR3U3b29RQWxaZmRmVUtrZFJpRitmSlArRlRXQ0wy?= =?ks_c_5601-1987?B?MVozMWltem1EcTM0L01pNXB0a0N2OXlyUk9JT3Nab2ozekJPS2tY?= =?ks_c_5601-1987?B?MWVkR3JZME5yUEFCcnlnazdPK25DSXNtckFGM2RudllJdklLdDFH?= =?ks_c_5601-1987?B?ellGQVNhYTlQWHh4RjV4UEpDYmk5ZTZSUlpob0ZVNzBCYTFGdXo1?= =?ks_c_5601-1987?B?UnpzRmVaV3E5K2ZaZ3NDcTBxRkthdEh5KzJ3NHBJYXNnZjluNEJ6?= =?ks_c_5601-1987?B?QzJNMmVnaStiQUpFc1FoaE8vQlhhZkhnQml2a0NhZFc0YTcxY3JM?= =?ks_c_5601-1987?B?RkpRZkFOb1IzMlJ5RHdBcGkyVzhrcGYzSUMwTXdGazhnYVlYZDcr?= =?ks_c_5601-1987?B?RXlBQ3U2cDdjTVJVeVlCaEtuNDM1TUhlN0d0d1ZTTDdFMmF3SzVX?= =?ks_c_5601-1987?B?bmhhNmpza3RsRDZZQ3RndVVOdmhOalZNamJrSmRFWS9rZjhpckdX?= =?ks_c_5601-1987?B?NTc5OVVDSXVteTZ0dVg0TDRTNGx2ak1jVnlyZlQ2Nm12YitIYlZK?= =?ks_c_5601-1987?Q?f/iLTl8boXj8905RXHgBKLd0e8L08Bg67bH4Fft3?= MIME-Version: 1.0 X-OriginatorOrg: bitsensing.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SL2P216MB1481.KORP216.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 45c24865-e837-47c0-4752-08dc53c3a2a3 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2024 09:51:29.2061 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5039430d-7fb7-4b01-9192-aeefd0db9500 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6uzRneDM/q4uJAgeXxpQiFSk077OTwYV9v9vO19WivZg+KiPnKwsqe4OTW/LARtgzuqckuRYwmIqwFOKOuZdBg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SE2P216MB2039 Subject: [FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization (Combined) X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: - add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h - make_digest_auth_sha() : A1hash-> a1_hash and A2hash -> a2_hash - combine with lint fix patch (Please ignore previous patch requests that were requested by mistake): [FFmpeg-devel] [PATCH] fix typo(1),style(1),nit(4) issue Signed-off-by: Eugene-bitsensing --- libavformat/httpauth.c | 130 +++++++++- libavformat/httpauth.h | 8 + ...h-add-SHA-256-Digest-Authorization-Com.eml | 224 ++++++++++++++++++ 3 files changed, 354 insertions(+), 8 deletions(-) create mode 100644 outputfolder/0001-avformat-httpauth-add-SHA-256-Digest-Authorization-Com.eml diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index 9780928357..6069523bca 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -25,6 +25,7 @@ #include "internal.h" #include "libavutil/random_seed.h" #include "libavutil/md5.h" +#include "libavutil/hash.h" #include "urldecode.h" static void handle_basic_params(HTTPAuthState *state, const char *key, @@ -143,7 +144,7 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, char cnonce[17]; char nc[9]; int i; - char A1hash[33], A2hash[33], response[33]; + char a1_hash[33], a2_hash[33], response[33]; struct AVMD5 *md5ctx; uint8_t hash[16]; char *authstr; @@ -163,14 +164,14 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, av_md5_init(md5ctx); update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL); av_md5_final(md5ctx, hash); - ff_data_to_hex(A1hash, hash, 16, 1); + ff_data_to_hex(a1_hash, hash, 16, 1); if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) { } else if (!strcmp(digest->algorithm, "MD5-sess")) { av_md5_init(md5ctx); - update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL); + update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, ":", cnonce, NULL); av_md5_final(md5ctx, hash); - ff_data_to_hex(A1hash, hash, 16, 1); + ff_data_to_hex(a1_hash, hash, 16, 1); } else { /* Unsupported algorithm */ av_free(md5ctx); @@ -180,14 +181,14 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, av_md5_init(md5ctx); update_md5_strings(md5ctx, method, ":", uri, NULL); av_md5_final(md5ctx, hash); - ff_data_to_hex(A2hash, hash, 16, 1); + ff_data_to_hex(a2_hash, hash, 16, 1); av_md5_init(md5ctx); - update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL); + update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, NULL); if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) { update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL); } - update_md5_strings(md5ctx, ":", A2hash, NULL); + update_md5_strings(md5ctx, ":", a2_hash, NULL); av_md5_final(md5ctx, hash); ff_data_to_hex(response, hash, 16, 1); @@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, return authstr; } +/** + * Generate a digest reply SHA-256, according to RFC 7616. + * TODO : support other RFC 7616 Algorithm + */ +static char *make_digest_auth_sha(HTTPAuthState *state, const char *username, + const char *password, const char *uri, + const char *method, const char *algorithm) +{ + DigestParams *digest = &state->digest_params; + int len; + uint32_t cnonce_buf[2]; + char cnonce[17]; + char nc[9]; + int i; + char a1_hash[65], a2_hash[65], response[65]; + struct AVHashContext *hashctx; + uint8_t hash[64]; + char *authstr; + + digest->nc++; + snprintf(nc, sizeof(nc), "%08x", digest->nc); + + /* Generate a client nonce. */ + for (i = 0; i < 2; i++) + cnonce_buf[i] = av_get_random_seed(); + ff_data_to_hex(cnonce, (const uint8_t *)cnonce_buf, sizeof(cnonce_buf), 1); + + /* Allocate a hash context based on the provided algorithm */ + int ret = av_hash_alloc(&hashctx, algorithm); + if (ret < 0) { + return NULL; + } + + /* Initialize the hash context */ + av_hash_init(hashctx); + + /* Update the hash context with A1 data */ + av_hash_update(hashctx, (const uint8_t *)username, strlen(username)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)state->realm, strlen(state->realm)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)password, strlen(password)); + av_hash_final(hashctx, hash); + ff_data_to_hex(a1_hash, hash, av_hash_get_size(hashctx), 1); + + /* Initialize the hash context for A2 */ + av_hash_init(hashctx); + av_hash_update(hashctx, (const uint8_t *)method, strlen(method)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)uri, strlen(uri)); + av_hash_final(hashctx, hash); + ff_data_to_hex(a2_hash, hash, av_hash_get_size(hashctx), 1); + + /* Initialize the hash context for response */ + av_hash_init(hashctx); + av_hash_update(hashctx, (const uint8_t *)a1_hash, strlen(a1_hash)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)digest->nonce, strlen(digest->nonce)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)nc, strlen(nc)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)cnonce, strlen(cnonce)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)digest->qop, strlen(digest->qop)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)a2_hash, strlen(a2_hash)); + av_hash_final(hashctx, hash); + ff_data_to_hex(response, hash, av_hash_get_size(hashctx), 1); + + /* Free the hash context */ + av_hash_freep(&hashctx); + + len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) + + strlen(uri) + strlen(response) + strlen(digest->algorithm) + + strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) + + strlen(nc) + 150; + + authstr = av_malloc(len); + if (!authstr) { + return NULL; + } + + /* Generate Header same way as *make_digest_auth */ + snprintf(authstr, len, "Authorization: Digest "); + + av_strlcatf(authstr, len, "username=\"%s\"", username); + av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm); + av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce); + av_strlcatf(authstr, len, ", uri=\"%s\"", uri); + av_strlcatf(authstr, len, ", response=\"%s\"", response); + + if (digest->algorithm[0]) + av_strlcatf(authstr, len, ", algorithm=\"%s\"", digest->algorithm); + + if (digest->opaque[0]) + av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque); + if (digest->qop[0]) { + av_strlcatf(authstr, len, ", qop=\"%s\"", digest->qop); + av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce); + av_strlcatf(authstr, len, ", nc=%s", nc); + } + + av_strlcatf(authstr, len, "\r\n"); + + return authstr; +} + + char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, const char *path, const char *method) { @@ -276,7 +385,12 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, if ((password = strchr(username, ':'))) { *password++ = 0; - authstr = make_digest_auth(state, username, password, path, method); + /* add digest algorithm SHA-256 */ + if (!strcmp(state->digest_params.algorithm, "SHA256")) { + authstr = make_digest_auth_sha(state, username, password, path, method,"SHA256"); + } else { + authstr = make_digest_auth(state, username, password, path, method); + } } av_free(username); } diff --git a/libavformat/httpauth.h b/libavformat/httpauth.h index 0e7085901c..a55986ea3e 100644 --- a/libavformat/httpauth.h +++ b/libavformat/httpauth.h @@ -76,4 +76,12 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, const char *path, const char *method); +/** + * New function declaration for RFC7616 + * SHA-256 digest authentication + * SHA-256-sess, SHA-512-256 and SHA-512-256-sess not supported yet + */ +static char *make_digest_auth_sha(HTTPAuthState *state, const char *username, + const char *password, const char *uri, + const char *method, const char *algorithm); #endif /* AVFORMAT_HTTPAUTH_H */ diff --git a/outputfolder/0001-avformat-httpauth-add-SHA-256-Digest-Authorization-Com.eml b/outputfolder/0001-avformat-httpauth-add-SHA-256-Digest-Authorization-Com.eml new file mode 100644 index 0000000000..3d4d23a559 --- /dev/null +++ b/outputfolder/0001-avformat-httpauth-add-SHA-256-Digest-Authorization-Com.eml @@ -0,0 +1,224 @@ +From 02f3abcb9f9bf3eb9792b30ea43058479516c52b Mon Sep 17 00:00:00 2001 +From: Eugene-bitsensing +Date: Wed, 3 Apr 2024 18:47:38 +0900 +Subject: [PATCH] avformat/httpauth: add SHA-256 Digest Authorization (Combined + with ly) +X-Unsent: 1 +To: ffmpeg-devel@ffmpeg.org + +- add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h +- make_digest_auth_sha() : A1hash-> a1_hash and A2hash -> a2_hash +- combine with lint fix patch + +Signed-off-by: Eugene-bitsensing +--- + libavformat/httpauth.c | 130 ++++++++++++++++++++++++++++++++++++++--- + libavformat/httpauth.h | 8 +++ + 2 files changed, 130 insertions(+), 8 deletions(-) + +diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c +index 9780928357..6069523bca 100644 +--- a/libavformat/httpauth.c ++++ b/libavformat/httpauth.c +@@ -25,6 +25,7 @@ + #include "internal.h" + #include "libavutil/random_seed.h" + #include "libavutil/md5.h" ++#include "libavutil/hash.h" + #include "urldecode.h" + + static void handle_basic_params(HTTPAuthState *state, const char *key, +@@ -143,7 +144,7 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, + char cnonce[17]; + char nc[9]; + int i; +- char A1hash[33], A2hash[33], response[33]; ++ char a1_hash[33], a2_hash[33], response[33]; + struct AVMD5 *md5ctx; + uint8_t hash[16]; + char *authstr; +@@ -163,14 +164,14 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, + av_md5_init(md5ctx); + update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL); + av_md5_final(md5ctx, hash); +- ff_data_to_hex(A1hash, hash, 16, 1); ++ ff_data_to_hex(a1_hash, hash, 16, 1); + + if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) { + } else if (!strcmp(digest->algorithm, "MD5-sess")) { + av_md5_init(md5ctx); +- update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL); ++ update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, ":", cnonce, NULL); + av_md5_final(md5ctx, hash); +- ff_data_to_hex(A1hash, hash, 16, 1); ++ ff_data_to_hex(a1_hash, hash, 16, 1); + } else { + /* Unsupported algorithm */ + av_free(md5ctx); +@@ -180,14 +181,14 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, + av_md5_init(md5ctx); + update_md5_strings(md5ctx, method, ":", uri, NULL); + av_md5_final(md5ctx, hash); +- ff_data_to_hex(A2hash, hash, 16, 1); ++ ff_data_to_hex(a2_hash, hash, 16, 1); + + av_md5_init(md5ctx); +- update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL); ++ update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, NULL); + if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) { + update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL); + } +- update_md5_strings(md5ctx, ":", A2hash, NULL); ++ update_md5_strings(md5ctx, ":", a2_hash, NULL); + av_md5_final(md5ctx, hash); + ff_data_to_hex(response, hash, 16, 1); + +@@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, + return authstr; + } + ++/** ++ * Generate a digest reply SHA-256, according to RFC 7616. ++ * TODO : support other RFC 7616 Algorithm ++ */ ++static char *make_digest_auth_sha(HTTPAuthState *state, const char *username, ++ const char *password, const char *uri, ++ const char *method, const char *algorithm) ++{ ++ DigestParams *digest = &state->digest_params; ++ int len; ++ uint32_t cnonce_buf[2]; ++ char cnonce[17]; ++ char nc[9]; ++ int i; ++ char a1_hash[65], a2_hash[65], response[65]; ++ struct AVHashContext *hashctx; ++ uint8_t hash[64]; ++ char *authstr; ++ ++ digest->nc++; ++ snprintf(nc, sizeof(nc), "%08x", digest->nc); ++ ++ /* Generate a client nonce. */ ++ for (i = 0; i < 2; i++) ++ cnonce_buf[i] = av_get_random_seed(); ++ ff_data_to_hex(cnonce, (const uint8_t *)cnonce_buf, sizeof(cnonce_buf), 1); ++ ++ /* Allocate a hash context based on the provided algorithm */ ++ int ret = av_hash_alloc(&hashctx, algorithm); ++ if (ret < 0) { ++ return NULL; ++ } ++ ++ /* Initialize the hash context */ ++ av_hash_init(hashctx); ++ ++ /* Update the hash context with A1 data */ ++ av_hash_update(hashctx, (const uint8_t *)username, strlen(username)); ++ av_hash_update(hashctx, (const uint8_t *)":", 1); ++ av_hash_update(hashctx, (const uint8_t *)state->realm, strlen(state->realm)); ++ av_hash_update(hashctx, (const uint8_t *)":", 1); ++ av_hash_update(hashctx, (const uint8_t *)password, strlen(password)); ++ av_hash_final(hashctx, hash); ++ ff_data_to_hex(a1_hash, hash, av_hash_get_size(hashctx), 1); ++ ++ /* Initialize the hash context for A2 */ ++ av_hash_init(hashctx); ++ av_hash_update(hashctx, (const uint8_t *)method, strlen(method)); ++ av_hash_update(hashctx, (const uint8_t *)":", 1); ++ av_hash_update(hashctx, (const uint8_t *)uri, strlen(uri)); ++ av_hash_final(hashctx, hash); ++ ff_data_to_hex(a2_hash, hash, av_hash_get_size(hashctx), 1); ++ ++ /* Initialize the hash context for response */ ++ av_hash_init(hashctx); ++ av_hash_update(hashctx, (const uint8_t *)a1_hash, strlen(a1_hash)); ++ av_hash_update(hashctx, (const uint8_t *)":", 1); ++ av_hash_update(hashctx, (const uint8_t *)digest->nonce, strlen(digest->nonce)); ++ av_hash_update(hashctx, (const uint8_t *)":", 1); ++ av_hash_update(hashctx, (const uint8_t *)nc, strlen(nc)); ++ av_hash_update(hashctx, (const uint8_t *)":", 1); ++ av_hash_update(hashctx, (const uint8_t *)cnonce, strlen(cnonce)); ++ av_hash_update(hashctx, (const uint8_t *)":", 1); ++ av_hash_update(hashctx, (const uint8_t *)digest->qop, strlen(digest->qop)); ++ av_hash_update(hashctx, (const uint8_t *)":", 1); ++ av_hash_update(hashctx, (const uint8_t *)a2_hash, strlen(a2_hash)); ++ av_hash_final(hashctx, hash); ++ ff_data_to_hex(response, hash, av_hash_get_size(hashctx), 1); ++ ++ /* Free the hash context */ ++ av_hash_freep(&hashctx); ++ ++ len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) + ++ strlen(uri) + strlen(response) + strlen(digest->algorithm) + ++ strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) + ++ strlen(nc) + 150; ++ ++ authstr = av_malloc(len); ++ if (!authstr) { ++ return NULL; ++ } ++ ++ /* Generate Header same way as *make_digest_auth */ ++ snprintf(authstr, len, "Authorization: Digest "); ++ ++ av_strlcatf(authstr, len, "username=\"%s\"", username); ++ av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm); ++ av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce); ++ av_strlcatf(authstr, len, ", uri=\"%s\"", uri); ++ av_strlcatf(authstr, len, ", response=\"%s\"", response); ++ ++ if (digest->algorithm[0]) ++ av_strlcatf(authstr, len, ", algorithm=\"%s\"", digest->algorithm); ++ ++ if (digest->opaque[0]) ++ av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque); ++ if (digest->qop[0]) { ++ av_strlcatf(authstr, len, ", qop=\"%s\"", digest->qop); ++ av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce); ++ av_strlcatf(authstr, len, ", nc=%s", nc); ++ } ++ ++ av_strlcatf(authstr, len, "\r\n"); ++ ++ return authstr; ++} ++ ++ + char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, + const char *path, const char *method) + { +@@ -276,7 +385,12 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, + + if ((password = strchr(username, ':'))) { + *password++ = 0; +- authstr = make_digest_auth(state, username, password, path, method); ++ /* add digest algorithm SHA-256 */ ++ if (!strcmp(state->digest_params.algorithm, "SHA256")) { ++ authstr = make_digest_auth_sha(state, username, password, path, method,"SHA256"); ++ } else { ++ authstr = make_digest_auth(state, username, password, path, method); ++ } + } + av_free(username); + } +diff --git a/libavformat/httpauth.h b/libavformat/httpauth.h +index 0e7085901c..a55986ea3e 100644 +--- a/libavformat/httpauth.h ++++ b/libavformat/httpauth.h +@@ -76,4 +76,12 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, + char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, + const char *path, const char *method); + ++/** ++ * New function declaration for RFC7616 ++ * SHA-256 digest authentication ++ * SHA-256-sess, SHA-512-256 and SHA-512-256-sess not supported yet ++ */ ++static char *make_digest_auth_sha(HTTPAuthState *state, const char *username, ++ const char *password, const char *uri, ++ const char *method, const char *algorithm); + #endif /* AVFORMAT_HTTPAUTH_H */ +-- +2.42.0.windows.2 + -- 2.42.0.windows.2 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".