From patchwork Mon Apr 15 02:32:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?7KCV7KeA7JqwIHwgRXVnZW5l?= X-Patchwork-Id: 48062 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:670b:b0:1a9:af23:56c1 with SMTP id wh11csp1589911pzb; Sun, 14 Apr 2024 19:32:30 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXhGShU3gXN6WxQp0jNu++FHfLd4+TEuckxBtRqwQw4py5HJwnF4/7abcCbeI8ZZGbOS+YRz0vK9Y2o9joWiHwODXbxpT2o/IDvvg== X-Google-Smtp-Source: AGHT+IHOxQojh8iAgODNFBhIU96gBRn23b3xD86gpbNGbDTWIrNqhpB106NxpxiP/Nh/OqWg9ZJQ X-Received: by 2002:a2e:3209:0:b0:2d8:3d69:b066 with SMTP id y9-20020a2e3209000000b002d83d69b066mr4394654ljy.7.1713148350635; Sun, 14 Apr 2024 19:32:30 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id u23-20020a50c057000000b0056e0e0be157si4003552edd.223.2024.04.14.19.32.30; Sun, 14 Apr 2024 19:32:30 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@bitsensing.onmicrosoft.com header.s=selector1-bitsensing-onmicrosoft-com header.b=hhEPmu4y; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6A26C68D398; Mon, 15 Apr 2024 05:32:26 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from PUWP216CU001.outbound.protection.outlook.com (mail-koreasouthazon11020002.outbound.protection.outlook.com [52.101.156.2]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2060D68D2F2 for ; Mon, 15 Apr 2024 05:32:18 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bwe2pGTLml9j/w0WbfGcZx6VNd89T7xzp+b6b79HJ6Uxd7vZcm10hKqyBwcvJD/M0GGBM7cCSlleEFLxJQftDMxYQ0Sya32d+pZ93Hk9s27XcNVC+nOc3PV+y6aKcvEidoUxjiPxREg0p9PU4f7stkd8D+6WFEuXig2pJuNcTk7mSdTvrtNtA31QWEbAZAHXuEQ2+lK7OYBqid+n32DpoJtOKLi50cC6+fwrnSTyAALl61qnFg++ihjGD08Os5AmqD+myg11RfpWD/yf9mc8XRQc9bqsEAX7oMgLiRrmyE5HstKw8FF06wqcMCYrRBaAf1uLGv/hDKJ1o/StAnJu/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2yaAdQR9uif/30TROAfDQWq1rQ8FHsfmQO+UZMjwZGw=; b=MD/eAXTTLZ94SBydgyuA27/uLyeiLe4uAFRYhiPgxyNOTwD8OUz6bSoXTYMcvRGXFE+1GINo7ikf+T6bcNuWy4LyxhBJoZLXa+qUdCaKJrc4Fq1ABcsFKHb0pvo8FF1bMsJr01ma+ulxI0rDxkrTeGlfauA3WMpdHqEmtj6ySYA7xiV/hWXq0Z6EHpa6M8a+Hlwn4wXKXBYTZeJ1qC1CWBnvDzKGmJy2Pnd/AW2H6SpP5xIGqP+rdZmkekNtXw0jDbKfoefsREi2lVKvoVOvkrZqLcz4bCWk394AtPMSQc2//XNzJAnf3++1WgFN7xD9/wKaOgTjFADOZhXz5p1UIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitsensing.com; dmarc=pass action=none header.from=bitsensing.com; dkim=pass header.d=bitsensing.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitsensing.onmicrosoft.com; s=selector1-bitsensing-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2yaAdQR9uif/30TROAfDQWq1rQ8FHsfmQO+UZMjwZGw=; b=hhEPmu4y4bawk3EPJIxHI+N+YLUBgwB8SyXcOxfArmC7egzmY6K5CiiGECK/wacgZcZZzOzsZfdLikVSfIoRKe4AFmRYpqyZpKCoj19a0cLSOvZbWMZT+BAKgf4qbTbYrQyNHOpgUxwx3h/z6GnevIQH2xm0fr5XqRppzgTGQ0A= Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM (2603:1096:101:1f::7) by SE2P216MB1537.KORP216.PROD.OUTLOOK.COM (2603:1096:101:2c::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Mon, 15 Apr 2024 02:32:14 +0000 Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22]) by SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22%4]) with mapi id 15.20.7452.049; Mon, 15 Apr 2024 02:32:14 +0000 From: =?ks_c_5601-1987?b?waTB9r/sIHwgRXVnZW5l?= To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH] avformat/httpauth.c Support RFC7616 [Style fixed] Thread-Index: AdqO3MDVmeQg5337R3mX0lhwfo9qpw== Date: Mon, 15 Apr 2024 02:32:14 +0000 Message-ID: Accept-Language: ko-KR, en-US Content-Language: ko-KR X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=bitsensing.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SL2P216MB1481:EE_|SE2P216MB1537:EE_ x-ms-office365-filtering-correlation-id: ab3fd179-6aa4-439d-3d0f-08dc5cf442e9 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: k9CHbpjUcS4aBdf2L+hSjvS6xlA4ZKLlUowDmFzH5vrPVZvVxgPb8nme3Sq0q9ksD34KeMC5QOi8PMdxdA5L2txgi2933WsqTor26Sxo0A8Wj46nnDIsK0JX3MJXoUD5hLTNT8cfkoqwQolj7vfJn+xVgceXNKFK+BbdlOJtwc5ba5OBFZ6qzVoD4xovuNW42t/75hudL3rLYJESpvVgAEdaVRYlJ2UNo2C1LQlV6ohDYt6IXCdEEtyDy7LctBJ8sZSP5aN5tJfSC27OppzflFK4g4IHY3v9JXm4g7X0r2aC6Jqv6h/kCXNxMR4ofmg6vbjg5uNVPHEqpZBYlHPhSNd2L4M7H6uxpnua3Gu0ve588QeqtYXNLaRkJPMomLEtSl6lTOnZhHOwU8leKPb82u8qsG8JwRsyH5eKLj85UZ16yjevD8AnMMsxEANAkTfnpj5kHn27TOp+VrcETTCdB3w2hcY/MIlmcCsfEKqBb9I+5ObyHdoxhHHbMOKopjM4dAelZm7H/LPu+C1skjV8jTZpq72xGoztI8ZbIBPsTVRZDNES0ShquEbOJq31ZN/VBNzfrdIC/zR4prQ1TVphVjpO0ZOMXdoLQQHkRJKbbJr/p7RgzUE44GcIsDEJE6OumXdOXU4P5pCTRIQWqqIN5wxJD8lBBZSoSBkgi6Ia/+3yx6j2U2ilYJeI2Wluwpd8pZxCUXSEcQyfomzzQ1c5Cs6ssuAj+J0LIjypl8aCsMM= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:ko; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SL2P216MB1481.KORP216.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366007)(376005)(1800799015)(38070700009); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?ks_c_5601-1987?q?PmkEfMY6bm3ticxweCN?= =?ks_c_5601-1987?q?D7yL+UOz1lEXrPwMWQb1bAZt/cIXGmAGgXpTzlmznwrlBAFAj+hXNR8R?= =?ks_c_5601-1987?q?s1V3kr9h7b0m1KZlcgL2Vdbr7O0Zw65EtnLNpQA0yhOlpavKJR06PP6m?= =?ks_c_5601-1987?q?Kr90pl+vYQky0pQNYNY4/h6T74khYNKmqC5K72A3zOBmVA9fKZxAmUjO?= =?ks_c_5601-1987?q?n+XXGxqQ9HlLnNmBBT0xwWi54cDIfCKET5er54A23OQdcXxQVawTwcCy?= =?ks_c_5601-1987?q?JJaBxBlYV9P+ShZ3TTtnXWhPlazxfxRy/s8XZcibYbFGnvXbIi8Ywo0y?= =?ks_c_5601-1987?q?nZs6nxNMm9hwpknEE3cR6QqtTQPGqobf14cdQ8ew2wW0doZWta4Bpc7M?= =?ks_c_5601-1987?q?P5yzVHQDX4niwgLJ0bUK2QSwXXYR6iwEJ3iCTHHdaFlKbYgobqMk1vXp?= =?ks_c_5601-1987?q?l3yP8wJgSsEWek3iD4I00uUgFqh1gCQK7ApJkppULjcK/Gz7D0LbL0nK?= =?ks_c_5601-1987?q?PFDYJJ7nFfxRXmfiroqbUa2rgp/B7g5yhwcYF4Wnktav4t22Nh+sDgR6?= =?ks_c_5601-1987?q?vroTpunCzJLNg2ruW/cIHRrHovD4UrXG+qZOgJNPDV/ysH61i1ttiNEe?= =?ks_c_5601-1987?q?8LoqI64SL2nqLbFBFR3XZaD8ed1e2aEFzbPk/vIUFy72S78aTOOZghjv?= =?ks_c_5601-1987?q?mgV3cDaqftXFmdAnxDv3vy9TLuRxoKaU8NO+B8YzUTJs015v3RfUFiRE?= =?ks_c_5601-1987?q?AURBPBZFxxx6XsxP34mDWQk/G1cvB8C+kYT6K3DtUus3hbv4bJ6+UElI?= =?ks_c_5601-1987?q?IqtAA2wvngoGawnBAqvBqrvCyfmKhefgf+7QF9IJ+s8Zg8g8Qcsqn6sf?= =?ks_c_5601-1987?q?zxtTSl8/8ZD8E/hF+SQjXEQOAV3/DDZSk5Xxz8hRrdskQgsrobDcasmB?= =?ks_c_5601-1987?q?I2PGVnQClHbuTiPhhcpsutT+4MehqF+8cZ0stJ/l3ahQ/Y/A6Yn+3AsX?= =?ks_c_5601-1987?q?Ezgtl0gN8AEKsgX3oXJrEeLZRmlMscmGxPk9od3D61ehNuMY8Bkm+m2R?= =?ks_c_5601-1987?q?7vxcOng8bgklFGL81bsw32SYDh8alWfsvK9VU4Fj70k58w4dHXL+tNVM?= =?ks_c_5601-1987?q?YlOk/+tbBcf46cvb/6pB7el0Vu64P1qRKaBfuvXi/uF17CDN08DNA5e/?= =?ks_c_5601-1987?q?XP3h7EZaV2htCYaUx4AP95FEq5QEIEILE/8E0xjGyustHlWAAbgTfUGI?= =?ks_c_5601-1987?q?yZOgwuxXQj4UtMde5ONVshqf56I3KTNZI6u6zZ/+cwLU8lohbMHbirN/?= =?ks_c_5601-1987?q?v4xpLPBHzGbnr3+B5xjlrVAIYT6msCFq/ovIc4rNVAZwm0T7XqfsKv4C?= =?ks_c_5601-1987?q?2RQh1KJ1xu9JmsyTVn/HYixjjw8IP3nEOrj8k/vIajVWc78Zr+e1rgw1?= =?ks_c_5601-1987?q?SNO4XbjofhytZUwEIaDR1169N7nvCX8ucdmWvNg5vyIVM9w/klUHjYFj?= =?ks_c_5601-1987?q?yRYJk1oOPvMtIExCrFgKZD5sCOWEWjTg+hf3wbRKxiRzZmaVvMyUWk+L?= =?ks_c_5601-1987?q?FYuEuYjXhQCOZSz1AFP+G2ver/d3l5vlO/Ty/lZFqy2JnH6gIcbFhLWB?= =?ks_c_5601-1987?q?weQZxAep14mEhAWVCyrNvcruToSUWy29kMt2hnrNPHhM0Uw/DI3p0ktY?= =?ks_c_5601-1987?q?dY9T9kBXlNtpY5F70fu+8UJ2GswZ0YgsmHa6a3gft4eHWBy+NhYKmhf/?= =?ks_c_5601-1987?q?9hgOKKfT1O8ZZ?= MIME-Version: 1.0 X-OriginatorOrg: bitsensing.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SL2P216MB1481.KORP216.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: ab3fd179-6aa4-439d-3d0f-08dc5cf442e9 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2024 02:32:14.3998 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5039430d-7fb7-4b01-9192-aeefd0db9500 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: D+flQeMuLX98gPTItobI0O+H0Il71bGu4fICs28cjju5RRexqESZZ1yPF0+bYCyIVmXY03OcM5P4+y7+GD5qGQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SE2P216MB1537 Subject: [FFmpeg-devel] [PATCH] avformat/httpauth.c Support RFC7616 [Style fixed] X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: gKAwG1Ent2E8 Update digest authentication in httpauth.c - Refactor make_digest_auth() to support RFC 2617 and RFC 7617 - Add support for SHA-256 and SHA-512/256 algorithms along with MD5 - MD5 and SHA-256 tested, but SHA-512/256 untested due to lack of server - Replace AVMD5 structure with AVHashContext for hash algorithm flexibility - Rename update_md5_strings() to update_hash_strings() for consistency - Address coding style feedback from reviewer: This is a feature update focused on digest authentication enhancements. Some lint issues in the existing code remain unaddressed in this patch. Signed-off-by: Eugene-bitsensing --- libavformat/httpauth.c | 102 +++++++++++++++++++++-------------------- 1 file changed, 53 insertions(+), 49 deletions(-) diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index 9780928357..2592140526 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -24,7 +24,7 @@ #include "libavutil/avstring.h" #include "internal.h" #include "libavutil/random_seed.h" -#include "libavutil/md5.h" +#include "libavutil/hash.h" #include "urldecode.h" static void handle_basic_params(HTTPAuthState *state, const char *key, @@ -117,35 +117,35 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, } } - -static void update_md5_strings(struct AVMD5 *md5ctx, ...) +/* Generate hash string, updated to use AVHashContext to support other algorithms */ +static void update_hash_strings(struct AVHashContext *hash_ctx, ...) { va_list vl; - va_start(vl, md5ctx); + va_start(vl, hash_ctx); while (1) { - const char* str = va_arg(vl, const char*); + const char *str = va_arg(vl, const char*); if (!str) break; - av_md5_update(md5ctx, str, strlen(str)); + av_hash_update(hash_ctx, (const uint8_t *)str, strlen(str)); } va_end(vl); } -/* Generate a digest reply, according to RFC 2617. */ +/* Generate a digest reply, according to RFC 2617. Update to support RFC 7617*/ static char *make_digest_auth(HTTPAuthState *state, const char *username, const char *password, const char *uri, const char *method) { DigestParams *digest = &state->digest_params; - int len; + size_t len; uint32_t cnonce_buf[2]; char cnonce[17]; char nc[9]; int i; - char A1hash[33], A2hash[33], response[33]; - struct AVMD5 *md5ctx; - uint8_t hash[16]; + char a1_hash[65], a2_hash[65], response[65]; + struct AVHashContext *hash_ctx = NULL; // use AVHashContext for other algorithm support + size_t len_hash = 33; // Modifiable hash length, MD5:32, SHA-2:64 char *authstr; digest->nc++; @@ -156,52 +156,56 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, cnonce_buf[i] = av_get_random_seed(); ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1); - md5ctx = av_md5_alloc(); - if (!md5ctx) - return NULL; - - av_md5_init(md5ctx); - update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(A1hash, hash, 16, 1); - - if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) { - } else if (!strcmp(digest->algorithm, "MD5-sess")) { - av_md5_init(md5ctx); - update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(A1hash, hash, 16, 1); - } else { - /* Unsupported algorithm */ - av_free(md5ctx); + /* Generate hash context by algorithm. */ + const char *algorithm = digest->algorithm; + const char *hashing_algorithm; + if (!*algorithm) { + algorithm = "MD5"; // if empty, use MD5 as Default + hashing_algorithm = "MD5"; + } else if (av_stristr(algorithm, "MD5")) { + hashing_algorithm = "MD5"; + } else if (av_stristr(algorithm, "sha256") || av_stristr(algorithm, "sha-256")) { + hashing_algorithm = "SHA256"; + len_hash = 65; // SHA-2: 64 characters. + } else if (av_stristr(algorithm, "sha512-256") || av_stristr(algorithm, "sha-512-256")) { + hashing_algorithm = "SHA512_256"; + len_hash = 65; // SHA-2: 64 characters. + } else { // Unsupported algorithm return NULL; } - av_md5_init(md5ctx); - update_md5_strings(md5ctx, method, ":", uri, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(A2hash, hash, 16, 1); + int ret = av_hash_alloc(&hash_ctx, hashing_algorithm); + if (ret < 0) + return NULL; - av_md5_init(md5ctx); - update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL); - if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) { - update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL); + /* a1 hash calculation */ + av_hash_init(hash_ctx); + update_hash_strings(hash_ctx, username, ":", state->realm, ":", password, NULL); + if (av_stristr(algorithm, "-sess")) { + update_hash_strings(hash_ctx, ":", digest->nonce, ":", cnonce, NULL); } - update_md5_strings(md5ctx, ":", A2hash, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(response, hash, 16, 1); - - av_free(md5ctx); - - if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) { - } else if (!strcmp(digest->qop, "auth-int")) { - /* qop=auth-int not supported */ - return NULL; - } else { - /* Unsupported qop value. */ + av_hash_final_hex(hash_ctx, a1_hash, len_hash); + + /* a2 hash calculation */ + av_hash_init(hash_ctx); + update_hash_strings(hash_ctx, method, ":", uri, NULL); + av_hash_final_hex(hash_ctx, a2_hash, len_hash); + + /* response hash calculation */ + av_hash_init(hash_ctx); + update_hash_strings(hash_ctx, a1_hash, ":", digest->nonce, NULL); + if (!strcmp(digest->qop, "auth")) { + update_hash_strings(hash_ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL); + } else if (!strcmp(digest->qop, "auth-int")) { // unsupported + av_hash_freep(&hash_ctx); return NULL; } + update_hash_strings(hash_ctx, ":", a2_hash, NULL); + update_hash_strings(hash_ctx, NULL); + av_hash_final_hex(hash_ctx, response, len_hash); + av_hash_freep(&hash_ctx); + /* Authorization header generation */ len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) + strlen(uri) + strlen(response) + strlen(digest->algorithm) + strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +