nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Code Issues Projects Releases Wiki Activity
3743859f97
putty-source/proxy/cproxy.h
Simon Tatham 3c21fa54c5 HTTP proxy: implement Digest authentication. 
In http.c, this drops in reasonably neatly alongside the existing
support for Basic, now that we're waiting for an initial 407 response
from the proxy to tell us which auth mechanism it would prefer to use.

The rest of this patch is mostly contriving to add testcrypt support
for the function in cproxy.c that generates the complicated output
header to go in the HTTP request: you need about a dozen assorted
parameters, the actual response hash has two more hashes in its
preimage, and there's even an option to hash the username as well if
necessary. Much more complicated than CHAP (which is just plain
HMAC-MD5), so it needs testing!

Happily, RFC 7616 comes with some reasonably useful test cases, and
I've managed to transcribe them directly into cryptsuite.py and
demonstrate that my response-generator agrees with them.

End-to-end testing of the whole system was done against Squid 4.13
(specifically, the squid package in Debian bullseye, version 4.13-10).
2021-11-20 15:08:19 +00:00

26 lines
1.1 KiB
C
Raw Blame History

/*
* Header for the interaction between proxy.c and cproxy.c. Separated
* from proxy.h proper so that testcrypt can include it conveniently.
*/
extern const bool socks5_chap_available;
strbuf *chap_response(ptrlen challenge, ptrlen password);
extern const bool http_digest_available;
#define HTTP_DIGEST_HASHES(X) \
X(HTTP_DIGEST_MD5, "MD5", &ssh_md5, 128) \
X(HTTP_DIGEST_SHA256, "SHA-256", &ssh_sha256, 256) \
X(HTTP_DIGEST_SHA512_256, "SHA-512-256", &ssh_sha512, 256) \
/* end of list */
typedef enum HttpDigestHash {
#define DECL_ENUM(id, str, alg, bits) id,
HTTP_DIGEST_HASHES(DECL_ENUM)
#undef DECL_ENUM
N_HTTP_DIGEST_HASHES
} HttpDigestHash;
extern const char *const httphashnames[];
void http_digest_response(BinarySink *bs, ptrlen username, ptrlen password,
ptrlen realm, ptrlen method, ptrlen uri, ptrlen qop,
ptrlen nonce, ptrlen opaque, uint32_t nonce_count,
HttpDigestHash hash, bool hash_username);
Reference in New Issue View Git Blame Copy Permalink