From patchwork Tue Mar 26 05:52:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?7KCV7KeA7JqwIHwgRXVnZW5l?= X-Patchwork-Id: 47487 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:c889:b0:1a3:b6bb:3029 with SMTP id hb9csp1616255pzb; Mon, 25 Mar 2024 22:53:14 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXl+Ekvm7GXCPuWgF49V1csmITF/mcgrvnOFHMsCTr+12BAkXGd6ANs6haTW4V2H9lN8FjCgOGnZruYZJeHqbnfbP+hhPAgzdigcg== X-Google-Smtp-Source: AGHT+IEol211nqZD0Uvnzau75RdDnwJYMHRHo5rhMOwgVfpdW75nwLIl3CqXPMEjSmKz8n65G6to X-Received: by 2002:a05:6512:3119:b0:513:aef5:b431 with SMTP id n25-20020a056512311900b00513aef5b431mr5548943lfb.4.1711432394300; Mon, 25 Mar 2024 22:53:14 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id g2-20020a170906198200b00a4720ded97dsi3184153ejd.185.2024.03.25.22.53.13; Mon, 25 Mar 2024 22:53:14 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@bitsensing.onmicrosoft.com header.s=selector1-bitsensing-onmicrosoft-com header.b=ihEv1+Tb; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CB4DC68D516; Tue, 26 Mar 2024 07:53:10 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from SEVP216CU002.outbound.protection.outlook.com (mail-koreacentralazon11022019.outbound.protection.outlook.com [52.101.154.19]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9097E68D01B for ; Tue, 26 Mar 2024 07:53:03 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EnNNsrkUeFagpXwlo2pNkopOfVA9HtSyYhZvIA3oEOkqq06Ao7YIISLF7ikIX8ZtSawvigl2AyWdcsHPsXnmpXSwNWdp6wj+xT2xxENV2Z9FzzCSPCHShGer4rkkhvwXmzzlsa4c4slXb4C3r/S92+ZaKxi9ogCYxKGykQd5OqtKAAzcCVhgBnuZx7DBqLlh2WVyTbOoi/inKtXEl25AwzXLBs8xEWR5nQiYUpsGYyhhbouAlVhUEIktT1azjFFn4a4UR2op4gl9kgiVtPpBW5aAThYtFZycdYVRk2tdqRGB0G7WumVkNHa+3HQUm34FSm4H1MXr0r4PLJAy03hrbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ys0HLx3a1aH5FqmqY0Lx72hoGoKNiZfSkFBoVWe81Zc=; b=lZBPTiRwOCGj8cK/Y6UMD1gMFXTg0StawxUR0jwMEfQFwtiLop+oehLTwcVRDH+e3FgmoKwcZZYXCDxqanveOmZXvdsP+BWufqN7wWapqRduiewAGNNo1+fng2la69BjhN05OItdab0iSSnoBYZp9t8JpUC2VIThRajP3KVtbzo5XsWmVt589flfw4rXhX3uK2HIgl0M/mQiUs8urgz5iQE6G8AR3jVnUc4W/clRAX7+0YGbRM0xw4ETXZY/CjPFkp04RUsKSFVaMbTxTE0LKS/U6MeHZ26dN6CZm2NGCF8m7unOOJ7WxMZqMhjezb30wrkDYIeOGJ73K1eP608gsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitsensing.com; dmarc=pass action=none header.from=bitsensing.com; dkim=pass header.d=bitsensing.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitsensing.onmicrosoft.com; s=selector1-bitsensing-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ys0HLx3a1aH5FqmqY0Lx72hoGoKNiZfSkFBoVWe81Zc=; b=ihEv1+TbcnhvMvaPXeM0HA60B1bfd4Ghkye5drA6/Ul3Us9K/WFAS+uJAkujyhk5Rvvs1SGw7TTXi+bT7VIjrV5k8xZWyh7mB4gs2IFDE/3/40FMmD0KQKQMNhUPvGYGcwJnwdUyD/E2rzK2PI/1VqE72uTF7SkQz8IYDA7/bro= Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM (2603:1096:101:1f::7) by PU4P216MB2185.KORP216.PROD.OUTLOOK.COM (2603:1096:301:12c::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.32; Tue, 26 Mar 2024 05:52:59 +0000 Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22]) by SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22%4]) with mapi id 15.20.7409.031; Tue, 26 Mar 2024 05:52:59 +0000 From: =?ks_c_5601-1987?b?waTB9r/sIHwgRXVnZW5l?= To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH] avformat/httpauth: add SHA-256 Digest Authorization Thread-Index: Adp/QC/zSlALdDpjSYOcn2k8PrSvBA== Date: Tue, 26 Mar 2024 05:52:59 +0000 Message-ID: Accept-Language: ko-KR, en-US Content-Language: ko-KR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SL2P216MB1481:EE_|PU4P216MB2185:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: sbCgmdyR45lHw3fTKGzlbeg9XOnzTSkP9FQymnAzerj+Jlwmwiyjs9/RA2dQutsnAJuIb3Jj2jBvtx08YL+zoAF+DDsCp0j2AjDYEeQUyUyWsuYpHTDScptxJFcjkY3uxxA8HAymAy7iQ0FjFK5VvWJU0vFSU6kG7eP6QJNbGh8zrgAWxBBGPdO09Nz3EBBpTmwCUp26YqjjPGuJKU8tlYMm2k3aahHq7OSU9Aop0AlTSZOZRHgf1Olt8eARFw7MPTlzyd5VpsOmRAqzuuVdUGLTcAiMGI1huF09hhLOB/wFh1ctV037JwwmPzOtMRTH6bkmxfO88BZg+dPpaHh8zNPr3W1ANVUoLkIknOMqy5syOdIPHqlZ3zVoIWive8teyj1HpiESoPePKNZ++5/4ZOiFWes25Kp0Mfk4HOBpjg75Q5lyQJyyaePxck5rq39wWCQ/JWwTTIUWfEetgq4eiMN26HubMpWc4BFI0E65lO/bqqykSiKlmFEcBlgz1Eak9kK1TreL2cBdriftgziwpegr5nBzAng88t79zPO6lafV5axaoHtiBHke4b6xnPPvK2ku3b0O0Auo46O7y7/KgY+T0vLdnw0Fg4yfWToQoGm85y3uFamk0PjRvI8da8lTYwIDmOUnWl1d7/vtEDn1VQZ+eAgSB7xKzdExXudlFAc= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:ko; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SL2P216MB1481.KORP216.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?ks_c_5601-1987?q?eljYZFy8SdSVSrPMQER?= =?ks_c_5601-1987?q?OKbRcKWj/DDgPONdT63gt0B1RU8ObBpZGcLHWyHEcJdIXcGWWpwYWLeD?= =?ks_c_5601-1987?q?lKRUvCLE8Irw5/fNtXwGyibrlzLcOkQeGMbuBi7WQbBy+WFHruPcyGxD?= =?ks_c_5601-1987?q?9IA0JTQpZjl28HRArA/VIv3gx7fUURbQF7iW0B4hyw4dvU1a4EVaIpqO?= =?ks_c_5601-1987?q?e78Xw5Vz1lxyFes5TZgnJoTDeNq80Mo1IrddCCFss7V569ieUHWZ+ZM+?= =?ks_c_5601-1987?q?gJzdzopG4AstIwEvxUNfvPC8vzjo2VAKoTUOnvcviXbXASo9/SKt6xW7?= =?ks_c_5601-1987?q?pH0dB/oS9IbCxCJGvy9WEXBu6EhRNy87kmnllJzIY2yc4B6/6PRaQBMl?= =?ks_c_5601-1987?q?H5yxrizU3vCK8uoIJin8ZsiyAK9B6RvtVbAgtBpWU/3SSobStTNOgCAA?= =?ks_c_5601-1987?q?FCjsgasJy17YXPrAiqQ3gi6+10uw4uKVYQWgaU7QxfP2qb4nv5yY+vtm?= =?ks_c_5601-1987?q?MPGr6su30oHA2J3FurXm2xVysXrB/CSimoaNXhwuTmUCUjiFGvNjK7ww?= =?ks_c_5601-1987?q?zFwaKdjahR4lGRE52KXhs4ZKFFN0HCgj+YvSxPykZ+B2ppSS0/ILtxHV?= =?ks_c_5601-1987?q?vqJd0cuV3SME6xEd5ATX+RgN7dSNNcSWuXR824ubuQ581piWuE0IAeaJ?= =?ks_c_5601-1987?q?5j+FaViwGg/dXrvSt/9pnTq5DPQJMj7XFEcPhy1Q+IdY58dgT3VcKJOu?= =?ks_c_5601-1987?q?8wrrFOyyMiRyBUdn7IbJQjhFcxCFztlMJxeGJnoiLQFm4a99bgariw7Q?= =?ks_c_5601-1987?q?e22n2nr7ZWB3j9xd0JJpOnttDih8sFAU9sElxiTu/O3kJNNDb++bwzhv?= =?ks_c_5601-1987?q?PeYyeuHnSnb+kSmiA/nbXj1yrj+6D+sPQrQ1z8mrI3XopYEPeSCDDwpV?= =?ks_c_5601-1987?q?fl7rsNlBoBbcf+Vpkjw10Dx4UyCEOxvjL0YZikUQNtQu2aGzsw6U29v0?= =?ks_c_5601-1987?q?0nAMGjkasB+o+U05kA7Z/Rz63o5dbz4ASofBtheR9sKxss9V2Tp7NH9+?= =?ks_c_5601-1987?q?KxkPAVH4DKuitVxvAhk+t3LKfEvHWUUIo7wNBhu2pTtXm4LEFEWUt4KX?= =?ks_c_5601-1987?q?snMK1McfOrtJYNxu0A+7aHrJJQwxrSO2Rc3HVKbS8ehsVUYgtp5pE+JD?= =?ks_c_5601-1987?q?5GiIOcTew10l0irpV8qwUthdp7Wha66lFiBZGLGYd/Jan0MMK8fePG4n?= =?ks_c_5601-1987?q?XjYqFSQB6+FvVMN5wf3Ppiy1MxHZ9711lkPLO4cNi05mvKjakRuhQ5Hu?= =?ks_c_5601-1987?q?HioxoYi5ZMmm8azCEMbu6JS7ellSdq/8qTMkSZujCcUG7rPqahIFmCmW?= =?ks_c_5601-1987?q?L8NWVu2xonZP02EOHXLfLXn7SRE53VjqJkxAAQc2p0aFLv2C+tCB8gMv?= =?ks_c_5601-1987?q?k/M4u45zdAB4Cqw0C8cMhwxi/VKnACpLWiVRqco0cSbO4QKMxc05tVyM?= =?ks_c_5601-1987?q?OZIlVvByu9pMdl9P0lYU4jL9pDkt0Z/B9Du9FGUugQdmRvPe49WXeWGD?= =?ks_c_5601-1987?q?RigCOYh/7lPmhLw3F/xxKKqKF0M7hMuzpLSsyORjpS4aNCX8hhCjdz6R?= =?ks_c_5601-1987?q?qvc4NKjfZ9A4q2YHVIfD6hGIq5uPgqMFj40pg2guJVFaLci51Y504NtG?= =?ks_c_5601-1987?q?E+xYEMm+kzqHH7wQbCxRIDN6Bt+8XJIfsDYwWZfkOfVwtgX1TylOypKv?= =?ks_c_5601-1987?q?CG2zmE2BQZRfo?= MIME-Version: 1.0 X-OriginatorOrg: bitsensing.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SL2P216MB1481.KORP216.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: d8e0a701-e259-4706-cc08-08dc4d58fdf9 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Mar 2024 05:52:59.2705 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5039430d-7fb7-4b01-9192-aeefd0db9500 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: I9TVkp5PVkFX1ccfvsE8baH8Z9jhSo14ZJPYnCg/oPy+T+aCrjybyvNLJxX+ucMO9CKgL13f6Zt1rCCIeiKXgA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PU4P216MB2185 Subject: [FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: NgDZ5ibC+2m4 - add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h Signed-off-by: Eugene-bitsensing --- libavformat/httpauth.c | 116 ++++++++++++++++++++++++++++++++++++++++- libavformat/httpauth.h | 8 +++ 2 files changed, 123 insertions(+), 1 deletion(-) diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index 9780928357..8391b6f32f 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -25,6 +25,7 @@ #include "internal.h" #include "libavutil/random_seed.h" #include "libavutil/md5.h" +#include "libavutil/hash.h" #include "urldecode.h" static void handle_basic_params(HTTPAuthState *state, const char *key, @@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, return authstr; } +/** + * Generate a digest reply SHA-256, according to RFC 7616. + * TODO : support other RFIC 7616 Algorithm + */ +static char *make_digest_auth_sha(HTTPAuthState *state, const char *username, + const char *password, const char *uri, + const char *method, const char *algorithm) +{ + DigestParams *digest = &state->digest_params; + int len; + uint32_t cnonce_buf[2]; + char cnonce[17]; + char nc[9]; + int i; + char A1hash[65], A2hash[65], response[65]; + struct AVHashContext *hashctx; + uint8_t hash[64]; + char *authstr; + + digest->nc++; + snprintf(nc, sizeof(nc), "%08x", digest->nc); + + /* Generate a client nonce. */ + for (i = 0; i < 2; i++) + cnonce_buf[i] = av_get_random_seed(); + ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1); + + /* Allocate a hash context based on the provided algorithm */ + int ret = av_hash_alloc(&hashctx, algorithm); + if (ret < 0) { + return NULL; + } + + /* Initialize the hash context */ + av_hash_init(hashctx); + + /* Update the hash context with A1 data */ + av_hash_update(hashctx, (const uint8_t *)username, strlen(username)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)state->realm, strlen(state->realm)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)password, strlen(password)); + av_hash_final(hashctx, hash); + ff_data_to_hex(A1hash, hash, av_hash_get_size(hashctx), 1); + + /* Initialize the hash context for A2 */ + av_hash_init(hashctx); + av_hash_update(hashctx, (const uint8_t *)method, strlen(method)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)uri, strlen(uri)); + av_hash_final(hashctx, hash); + ff_data_to_hex(A2hash, hash, av_hash_get_size(hashctx), 1); + + /* Initialize the hash context for response */ + av_hash_init(hashctx); + av_hash_update(hashctx, (const uint8_t *)A1hash, strlen(A1hash)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)digest->nonce, strlen(digest->nonce)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)nc, strlen(nc)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)cnonce, strlen(cnonce)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)digest->qop, strlen(digest->qop)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)A2hash, strlen(A2hash)); + av_hash_final(hashctx, hash); + ff_data_to_hex(response, hash, av_hash_get_size(hashctx), 1); + + /* Free the hash context */ + av_hash_freep(&hashctx); + + len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) + + strlen(uri) + strlen(response) + strlen(digest->algorithm) + + strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) + + strlen(nc) + 150; + + authstr = av_malloc(len); + if (!authstr) { + return NULL; + } + + /* Generate Header same way as *make_digest_auth */ + snprintf(authstr, len, "Authorization: Digest "); + + av_strlcatf(authstr, len, "username=\"%s\"", username); + av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm); + av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce); + av_strlcatf(authstr, len, ", uri=\"%s\"", uri); + av_strlcatf(authstr, len, ", response=\"%s\"", response); + + if (digest->algorithm[0]) + av_strlcatf(authstr, len, ", algorithm=\"%s\"", digest->algorithm); + + if (digest->opaque[0]) + av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque); + if (digest->qop[0]) { + av_strlcatf(authstr, len, ", qop=\"%s\"", digest->qop); + av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce); + av_strlcatf(authstr, len, ", nc=%s", nc); + } + + av_strlcatf(authstr, len, "\r\n"); + + return authstr; +} + + char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, const char *path, const char *method) { @@ -276,7 +385,12 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, if ((password = strchr(username, ':'))) { *password++ = 0; - authstr = make_digest_auth(state, username, password, path, method); + /* add digest algorithm SHA-256 */ + if (!strcmp(state->digest_params.algorithm, "SHA-256")) { + authstr = make_digest_auth_sha(state, username, password, path, method,"SHA256"); + } else { + authstr = make_digest_auth(state, username, password, path, method); + } } av_free(username); } diff --git a/libavformat/httpauth.h b/libavformat/httpauth.h index 0e7085901c..4f45b4a0b9 100644 --- a/libavformat/httpauth.h +++ b/libavformat/httpauth.h @@ -76,4 +76,12 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, const char *path, const char *method); +/** + * New function declaration for RFC7616 + * SHA-256 digest authentication + * SHA-256-sess, SHA-512-256 and SHA-512-256-sess not supported yet + */ +static char *make_digest_auth_sha(HTTPAuthState *state, const char *username, + const char *password, const char *uri, + const char *method, const char *algorithm); #endif /* AVFORMAT_HTTPAUTH_H */