From patchwork Thu Apr 4 02:07:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?7KCV7KeA7JqwIHwgRXVnZW5l?= X-Patchwork-Id: 47783 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:24a8:b0:1a3:b6bb:3029 with SMTP id m40csp49452pzd; Wed, 3 Apr 2024 19:07:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW6mIBQFmzMIvxeUIxU4qhhW3tL9cZy1zjUIT/gGrs6RBLJHxN8rD6uS+vRUoMK27TrjUTMNIgnqYOjA0RZaFM47pq3TeaCk3Y+RQ== X-Google-Smtp-Source: AGHT+IFA94+xRuDaP/8GjsiLXXQUzpLXOUUgS/pR78wCvAKMVK1CyG6aeJH3e9lvAxrTky/CMxTZ X-Received: by 2002:a05:6402:3cf:b0:56e:aca:83cd with SMTP id t15-20020a05640203cf00b0056e0aca83cdmr706095edw.26.1712196456569; Wed, 03 Apr 2024 19:07:36 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id v7-20020a056402348700b0056def6999afsi2308452edc.314.2024.04.03.19.07.32; Wed, 03 Apr 2024 19:07:36 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@bitsensing.onmicrosoft.com header.s=selector1-bitsensing-onmicrosoft-com header.b="B/oniNum"; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 436D968D10E; Thu, 4 Apr 2024 05:07:29 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from SLXP216CU001.outbound.protection.outlook.com (mail-koreacentralazon11020002.outbound.protection.outlook.com [52.101.154.2]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7A02668CB2B for ; Thu, 4 Apr 2024 05:07:21 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZOfHYG3X4ZPn9os8txwjgClw4uNnNvcN7HR14M0+yKCs2mpsj027ZJz1VV45ZzPzrrPiWjYJtc5vOHTeLRfPU53jCFqKAIdyWINMNCCyypev1uO7OaIRm7vqauyfKnjXc93gBYvltQS7dwZFJZucHy9kNOr/qw7WrzI0jOyyGzLOXVmlSoCW83N3NXtt9VQUpDC7mynkeG5gfHSXBn9wHT6LY0uzeTPvzzR66nOQ3rFhwKr8JhPgNJxBhn0fOvrlbFhwCh8M5R/8Bltovrk9qV+CGu/Iax4RGiXGVv46tQBSBz0jdAkjrB97T/zBDWnBSocrYDYZFSaAE6RG1jXcRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sPEOwcKkfv5N+Xz+vxruM9updc/Dbjcao42zoNxo85A=; b=SXqeaoqYTIKXHZMX64HCN/2B3J9XKFW9b2iTfNvoJk6DZyJ9DHGdVH+A9qBJVf+UNcJzZ3R0z2oQD2IynIYYXbOVkjHDAFWODPepDfv4W5VelpKUrvQU0OxrcxjHUNjJixXFq9KtRQDjRMiY6jHtjWF31V5o7ddVGDNTPdeiM7x3z3EOPHZQ+DYSdHt8lgmEgsqxdqaV79mTHOE3sjBGyTKtb3qDzcpfk5K9ljQ1sMC1PcmRx5gH2CxwXxPOjUK3cIgcNm6RwsRJ/0NML7jYE/ljRPfaRfad8bm1jGbRXiGdl6a3yZTnoBk/S82m5ufnxyDdZB3gspZXR4QvBaOWSQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitsensing.com; dmarc=pass action=none header.from=bitsensing.com; dkim=pass header.d=bitsensing.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitsensing.onmicrosoft.com; s=selector1-bitsensing-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sPEOwcKkfv5N+Xz+vxruM9updc/Dbjcao42zoNxo85A=; b=B/oniNum6cQUV6av/uUjkGlNjAgde6AA0vSUVeC63DygpGiSgAQTC5duV5QNnWyQfVF41qHu9HWBuRztB6FJuXpvg420eTaVNODUA6nXnKwh2MfTrZBNX+/tTL5gvGSa9sBjN9EyFvwCjDn/ceCa+OC6IoMSFOFasQh4o7PkRbE= Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM (2603:1096:101:1f::7) by SE2P216MB2161.KORP216.PROD.OUTLOOK.COM (2603:1096:101:11f::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Thu, 4 Apr 2024 02:07:17 +0000 Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22]) by SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22%4]) with mapi id 15.20.7409.042; Thu, 4 Apr 2024 02:07:17 +0000 From: =?ks_c_5601-1987?b?waTB9r/sIHwgRXVnZW5l?= To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH] avformat/httpauth: add SHA-256 Digest Authorization [update] Thread-Index: AdqGNKVER3jNlLq5RxyVznI4YAiTzw== Date: Thu, 4 Apr 2024 02:07:17 +0000 Message-ID: Accept-Language: ko-KR, en-US Content-Language: ko-KR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SL2P216MB1481:EE_|SE2P216MB2161:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 42TSEtD6r68wtFuZMgLLiVrc6TkPuNMRLuYFBp8o9o0ZgrksUwP6qHmfr+6dNc845y1d+ejUCLOm928pfMJHxYExm5/Gcrd4VvfqB/lhOCfMrI+bFXAf2fAhgf5xzOeJmCNOdLZM6I6RwlabAlH+sVR6Br7drrvct+QaluWNiqZhldP170SVfl0tMPtryqWtVqyitAX8I9qb9hS56HOYzu9MngXgDbWR/ekrvMwSLYR3/BcmH9ggZ+wHpZAhDaL+TUbkmGS1KWKsYYhb0EpKaxx5uRYjxglxzbnfnCZRWJ88qxnKBvocsfEj7mlG3mqeY51dMC/6O+d9ioe3y/3AJAGmM8GOgb+5Q0hOEzOu4d1jyrXS+cSyvAEMoDHj7ZteglW5Y+HQP77N+QExEy3mIvJz86N2kX/bx45vN2mYuta+Ldt5GBdUo5Cv2ncCAScKpuxh18ZWotXOzL8V4beIkFF5v8gl5b+1X4dwhFTnbT+okF3GrNNvkvsDSNWS2RS8leldOI9UXwfSVKfGGlE0kbF6OVeT/9aDcWgq2tzqNKSOg/Bce4ZMu3eTVQKrSX5BPJ9OlqlqrdVPb9FXIH/mm4WjZxnqBPfhX6G7/WnGXbmXyimOsWj80c7PdZB0f/LAjgxlo2I+/94SYyTYJ9OWrUN2ohrCzcnPbMuSgi4eEVs= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:ko; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SL2P216MB1481.KORP216.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?ks_c_5601-1987?q?xjyenDv/xqFw9gklEL1?= =?ks_c_5601-1987?q?xzMFTiV8XMVgBI3O/zGT+t/cOsKGBcKUcVJQuIrZOwhlfqz7CZRDobXw?= =?ks_c_5601-1987?q?lDmEtWySBrt0ZLkXDjo6nDL/jt46JKWvqMeWmthjapp7oX4t4rMQb27R?= =?ks_c_5601-1987?q?6KHDGlFFyk3HyXtBrSOXekQ9bKfNfgiLc/8ug1PAkw3/XpVIsAIyaQ2D?= =?ks_c_5601-1987?q?RD0Glp0xFoKDQWtboo05lduhy694waRnA+xwz/0uvQBoxcuDhay62w3P?= =?ks_c_5601-1987?q?YIJ+aQ4mFFX63aW+rj2UkMZNsZsv74TSt0EEncZKNlzfCa2+J7LatGn/?= =?ks_c_5601-1987?q?ndSRNon4QLklOoiD9VFK/199PB8odVR/87/1Pf/fNcI0TpZj2OgGJfu/?= =?ks_c_5601-1987?q?+51eaHPNPE3+D8RwrY8fPNbnDDUQhA/ky8C3LJLPbjx5lKUKvhcx4i2P?= =?ks_c_5601-1987?q?zRhJFlUXGRtLsIOXRSoFrTENL2xw7MZrO9joYINAAhZaMOTQndh7jLY2?= =?ks_c_5601-1987?q?sPNksrtITlKert+O+ja3tOFm4E1Rs8fdg+57B6U2i7PIuaGwxq9VayXg?= =?ks_c_5601-1987?q?VJsW6u+mlCNOGIeRzwIJMsvAJ+kk3tb6qXwFvjwk0l/he3YLqD5Y1TEH?= =?ks_c_5601-1987?q?wabUanOoWCkLXujNVFo/yF7usM8ms2BSwnxaIL1IYThDeK4X9u/sCJDL?= =?ks_c_5601-1987?q?VZVSagdmirmlSSZqSDGFtDyJj44Hhsei368RqbefvWSVTj+dn8I7N15T?= =?ks_c_5601-1987?q?+axpCp+4koHYhCYCuJcVv4SUMZASdIFq7sSR3ikTDQMTwKT4b4jcIqtR?= =?ks_c_5601-1987?q?UaMqz1pccth7iRHLsVqnwWhsR2dllRDF0B1t0+ctgwdrTDFfBYn4RUX7?= =?ks_c_5601-1987?q?Fl3OfS7P5Qdi8UKNTLuLtqenMl2UaRTlNKlpVQZZOW4nmar8VV+QI+7t?= =?ks_c_5601-1987?q?keb2BVQAn3OYWdY6PcuNuKQ1rK8OdA/qBlWBWWnVHvV/bRwSlYlpBTor?= =?ks_c_5601-1987?q?MKPZ3c/eYbehSqJ0cFrK+S8sqOaj6h3CyVWiohUarzKHvfpK4yj+YKml?= =?ks_c_5601-1987?q?nlCt8Gz9uCEWUs5diBFaisrnodNkpqa3bfqR2bcJO/0GqJRjqA00/j0L?= =?ks_c_5601-1987?q?heSBXfhAJ6bdyX3g7SKvxd8W61XBD8BAFQLq2hcjYenTce9tVw/VWTvd?= =?ks_c_5601-1987?q?HQLjeeKE8EMeGb10YkTpJE3YIyzSVnL+C4M0Vn29HnEcTn5XK3JTuLai?= =?ks_c_5601-1987?q?RsvRIURsFILYW4zEuqXRO2xVaG94W6mjLn0drtZFboygGAV78NYs+8UF?= =?ks_c_5601-1987?q?/aYWHhDG/Zk0Hsbk7lHOqAA1/6HgrA7gBuH3HWXLMsnIx8t/BdFSRse5?= =?ks_c_5601-1987?q?gdnFXeFTEi3Ui5eQdpwCpATHIDkSyarjbde71lgLe78KOPqQuM7ZZYAS?= =?ks_c_5601-1987?q?NQ5b1PCkR021ndCEeYTDJkoN1xi51keYW1hoMDy9PEyWsn0Izh0mSDNq?= =?ks_c_5601-1987?q?Eu4V7yr77VOfFJGyMnI3p4C7Zwpzv+ZR3cClxcRWHNQcfQgoCpxolg0r?= =?ks_c_5601-1987?q?HZT2Ar33rVIOA3/639O0thoKYiHbqeZI0If+MAqx7FCKi6crH4K9/5PT?= =?ks_c_5601-1987?q?zojY8qtVQlXEJlQL5TWg61+943HERXxBGFToGc0UFOxMRYujZ+h/PVN4?= =?ks_c_5601-1987?q?cYBcFarYfAiTQkD4Z+rpkyND9IErndn0cRFpsSo0y7ZqdUM4Hy0WS80U?= =?ks_c_5601-1987?q?yzmBsApZtJan3?= MIME-Version: 1.0 X-OriginatorOrg: bitsensing.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SL2P216MB1481.KORP216.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 2d459b5e-835c-44b9-05dd-08dc544bf3e7 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2024 02:07:17.0701 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5039430d-7fb7-4b01-9192-aeefd0db9500 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: fc2aX3cqzQrdTsLjHBLPeZRX/0H64MCUNbGNzcnnF7DrNJns1XQqez3O0k93Nx8SWMT+dy60sCg947vaONCucw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SE2P216MB2161 Subject: [FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization [update] X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: ERpWv6xx7nSR add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h - make_digest_auth_sha() : A1hash-> a1_hash and A2hash -> a2_hash - combine with lint fix patch Signed-off-by: Eugene-bitsensing --- libavformat/httpauth.c | 130 ++++++++++++++++++++++++++++++++++++++--- libavformat/httpauth.h | 8 +++ 2 files changed, 130 insertions(+), 8 deletions(-) diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index 9780928357..6069523bca 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -25,6 +25,7 @@ #include "internal.h" #include "libavutil/random_seed.h" #include "libavutil/md5.h" +#include "libavutil/hash.h" #include "urldecode.h" static void handle_basic_params(HTTPAuthState *state, const char *key, @@ -143,7 +144,7 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, char cnonce[17]; char nc[9]; int i; - char A1hash[33], A2hash[33], response[33]; + char a1_hash[33], a2_hash[33], response[33]; struct AVMD5 *md5ctx; uint8_t hash[16]; char *authstr; @@ -163,14 +164,14 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, av_md5_init(md5ctx); update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL); av_md5_final(md5ctx, hash); - ff_data_to_hex(A1hash, hash, 16, 1); + ff_data_to_hex(a1_hash, hash, 16, 1); if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) { } else if (!strcmp(digest->algorithm, "MD5-sess")) { av_md5_init(md5ctx); - update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL); + update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, ":", cnonce, NULL); av_md5_final(md5ctx, hash); - ff_data_to_hex(A1hash, hash, 16, 1); + ff_data_to_hex(a1_hash, hash, 16, 1); } else { /* Unsupported algorithm */ av_free(md5ctx); @@ -180,14 +181,14 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, av_md5_init(md5ctx); update_md5_strings(md5ctx, method, ":", uri, NULL); av_md5_final(md5ctx, hash); - ff_data_to_hex(A2hash, hash, 16, 1); + ff_data_to_hex(a2_hash, hash, 16, 1); av_md5_init(md5ctx); - update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL); + update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, NULL); if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) { update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL); } - update_md5_strings(md5ctx, ":", A2hash, NULL); + update_md5_strings(md5ctx, ":", a2_hash, NULL); av_md5_final(md5ctx, hash); ff_data_to_hex(response, hash, 16, 1); @@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, return authstr; } +/** + * Generate a digest reply SHA-256, according to RFC 7616. + * TODO : support other RFC 7616 Algorithm + */ +static char *make_digest_auth_sha(HTTPAuthState *state, const char *username, + const char *password, const char *uri, + const char *method, const char *algorithm) +{ + DigestParams *digest = &state->digest_params; + int len; + uint32_t cnonce_buf[2]; + char cnonce[17]; + char nc[9]; + int i; + char a1_hash[65], a2_hash[65], response[65]; + struct AVHashContext *hashctx; + uint8_t hash[64]; + char *authstr; + + digest->nc++; + snprintf(nc, sizeof(nc), "%08x", digest->nc); + + /* Generate a client nonce. */ + for (i = 0; i < 2; i++) + cnonce_buf[i] = av_get_random_seed(); + ff_data_to_hex(cnonce, (const uint8_t *)cnonce_buf, sizeof(cnonce_buf), 1); + + /* Allocate a hash context based on the provided algorithm */ + int ret = av_hash_alloc(&hashctx, algorithm); + if (ret < 0) { + return NULL; + } + + /* Initialize the hash context */ + av_hash_init(hashctx); + + /* Update the hash context with A1 data */ + av_hash_update(hashctx, (const uint8_t *)username, strlen(username)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)state->realm, strlen(state->realm)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)password, strlen(password)); + av_hash_final(hashctx, hash); + ff_data_to_hex(a1_hash, hash, av_hash_get_size(hashctx), 1); + + /* Initialize the hash context for A2 */ + av_hash_init(hashctx); + av_hash_update(hashctx, (const uint8_t *)method, strlen(method)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)uri, strlen(uri)); + av_hash_final(hashctx, hash); + ff_data_to_hex(a2_hash, hash, av_hash_get_size(hashctx), 1); + + /* Initialize the hash context for response */ + av_hash_init(hashctx); + av_hash_update(hashctx, (const uint8_t *)a1_hash, strlen(a1_hash)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)digest->nonce, strlen(digest->nonce)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)nc, strlen(nc)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)cnonce, strlen(cnonce)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)digest->qop, strlen(digest->qop)); + av_hash_update(hashctx, (const uint8_t *)":", 1); + av_hash_update(hashctx, (const uint8_t *)a2_hash, strlen(a2_hash)); + av_hash_final(hashctx, hash); + ff_data_to_hex(response, hash, av_hash_get_size(hashctx), 1); + + /* Free the hash context */ + av_hash_freep(&hashctx); + + len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) + + strlen(uri) + strlen(response) + strlen(digest->algorithm) + + strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) + + strlen(nc) + 150; + + authstr = av_malloc(len); + if (!authstr) { + return NULL; + } + + /* Generate Header same way as *make_digest_auth */ + snprintf(authstr, len, "Authorization: Digest "); + + av_strlcatf(authstr, len, "username=\"%s\"", username); + av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm); + av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce); + av_strlcatf(authstr, len, ", uri=\"%s\"", uri); + av_strlcatf(authstr, len, ", response=\"%s\"", response); + + if (digest->algorithm[0]) + av_strlcatf(authstr, len, ", algorithm=\"%s\"", digest->algorithm); + + if (digest->opaque[0]) + av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque); + if (digest->qop[0]) { + av_strlcatf(authstr, len, ", qop=\"%s\"", digest->qop); + av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce); + av_strlcatf(authstr, len, ", nc=%s", nc); + } + + av_strlcatf(authstr, len, "\r\n"); + + return authstr; +} + + char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, const char *path, const char *method) { @@ -276,7 +385,12 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, if ((password = strchr(username, ':'))) { *password++ = 0; - authstr = make_digest_auth(state, username, password, path, method); + /* add digest algorithm SHA-256 */ + if (!strcmp(state->digest_params.algorithm, "SHA256")) { + authstr = make_digest_auth_sha(state, username, password, path, method,"SHA256"); + } else { + authstr = make_digest_auth(state, username, password, path, method); + } } av_free(username); } diff --git a/libavformat/httpauth.h b/libavformat/httpauth.h index 0e7085901c..a55986ea3e 100644 --- a/libavformat/httpauth.h +++ b/libavformat/httpauth.h @@ -76,4 +76,12 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, const char *path, const char *method); +/** + * New function declaration for RFC7616 + * SHA-256 digest authentication + * SHA-256-sess, SHA-512-256 and SHA-512-256-sess not supported yet + */ +static char *make_digest_auth_sha(HTTPAuthState *state, const char *username, + const char *password, const char *uri, + const char *method, const char *algorithm); #endif /* AVFORMAT_HTTPAUTH_H */