nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
Code Issues Projects Releases Wiki Activity
42120dd1c5
putty-source/proxy/nocproxy.c
Simon Tatham 3c21fa54c5 HTTP proxy: implement Digest authentication. 
In http.c, this drops in reasonably neatly alongside the existing
support for Basic, now that we're waiting for an initial 407 response
from the proxy to tell us which auth mechanism it would prefer to use.

The rest of this patch is mostly contriving to add testcrypt support
for the function in cproxy.c that generates the complicated output
header to go in the HTTP request: you need about a dozen assorted
parameters, the actual response hash has two more hashes in its
preimage, and there's even an option to hash the username as well if
necessary. Much more complicated than CHAP (which is just plain
HMAC-MD5), so it needs testing!

Happily, RFC 7616 comes with some reasonably useful test cases, and
I've managed to transcribe them directly into cryptsuite.py and
demonstrate that my response-generator agrees with them.

End-to-end testing of the whole system was done against Squid 4.13
(specifically, the squid package in Debian bullseye, version 4.13-10).
2021-11-20 15:08:19 +00:00

32 lines
955 B
C
Raw Blame History

/*
* Routines to refuse to do cryptographic interaction with proxies
* in PuTTY. This is a stub implementation of the same interfaces
* provided by cproxy.c, for use in PuTTYtel.
*/
#include <assert.h>
#include <ctype.h>
#include <string.h>
#include "putty.h"
#include "network.h"
#include "proxy.h"
const bool socks5_chap_available = false;
const bool http_digest_available = false;
strbuf *chap_response(ptrlen challenge, ptrlen password)
{
unreachable("CHAP is not built into this binary");
}
const char *const httphashnames[] = { NULL }; /* dummy to prevent link error */
void http_digest_response(BinarySink *bs, ptrlen username, ptrlen password,
ptrlen realm, ptrlen method, ptrlen uri, ptrlen qop,
ptrlen nonce, ptrlen opaque, uint32_t nonce_count,
HttpDigestHash hash, bool hash_username)
{
unreachable("HTTP DIGEST is not built into this binary");
}
Reference in New Issue View Git Blame Copy Permalink