subject:"\[FFmpeg\-devel\] \[PATCH\] avformat\/httpauth\: add SHA\-256 Digest Authorization"

Re: [FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization [update]

2024-04-04 Thread Stefano Sabatini

On date Thursday 2024-04-04 02:07:17 +, �� | Eugene wrote:
>  add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h
> - make_digest_auth_sha() : A1hash-> a1_hash and A2hash -> a2_hash
> - combine with lint fix patch
> 
> Signed-off-by: Eugene-bitsensing 
> ---
>  libavformat/httpauth.c | 130 ++---
>  libavformat/httpauth.h |   8 +++
>  2 files changed, 130 insertions(+), 8 deletions(-)
> 
> diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
> index 9780928357..6069523bca 100644
> --- a/libavformat/httpauth.c
> +++ b/libavformat/httpauth.c
> @@ -25,6 +25,7 @@
>  #include "internal.h"
>  #include "libavutil/random_seed.h"
>  #include "libavutil/md5.h"
> +#include "libavutil/hash.h"
>  #include "urldecode.h"
>  

>  static void handle_basic_params(HTTPAuthState *state, const char *key,
> @@ -143,7 +144,7 @@ static char *make_digest_auth(HTTPAuthState *state, const 
> char *username,
>  char cnonce[17];
>  char nc[9];
>  int i;
> -char A1hash[33], A2hash[33], response[33];
> +char a1_hash[33], a2_hash[33], response[33];
>  struct AVMD5 *md5ctx;
>  uint8_t hash[16];
>  char *authstr;
> @@ -163,14 +164,14 @@ static char *make_digest_auth(HTTPAuthState *state, 
> const char *username,
>  av_md5_init(md5ctx);
>  update_md5_strings(md5ctx, username, ":", state->realm, ":", password, 
> NULL);
>  av_md5_final(md5ctx, hash);
> -ff_data_to_hex(A1hash, hash, 16, 1);
> +ff_data_to_hex(a1_hash, hash, 16, 1);
>  
>  if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) 
> {
>  } else if (!strcmp(digest->algorithm, "MD5-sess")) {
>  av_md5_init(md5ctx);
> -update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, 
> NULL);
> +update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, ":", cnonce, 
> NULL);
>  av_md5_final(md5ctx, hash);
> -ff_data_to_hex(A1hash, hash, 16, 1);
> +ff_data_to_hex(a1_hash, hash, 16, 1);
>  } else {
>  /* Unsupported algorithm */
>  av_free(md5ctx);
> @@ -180,14 +181,14 @@ static char *make_digest_auth(HTTPAuthState *state, 
> const char *username,
>  av_md5_init(md5ctx);
>  update_md5_strings(md5ctx, method, ":", uri, NULL);
>  av_md5_final(md5ctx, hash);
> -ff_data_to_hex(A2hash, hash, 16, 1);
> +ff_data_to_hex(a2_hash, hash, 16, 1);
>  
>  av_md5_init(md5ctx);
> -update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
> +update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, NULL);
>  if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
>  update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, 
> NULL);
>  }
> -update_md5_strings(md5ctx, ":", A2hash, NULL);
> +update_md5_strings(md5ctx, ":", a2_hash, NULL);
>  av_md5_final(md5ctx, hash);
>  ff_data_to_hex(response, hash, 16, 1);

this is fine but it would be better sent as a separate patch (to avoid
mixing functional and cosmetical changes)

>  
> @@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, 
> const char *username,
>  return authstr;
>  }
>  

> +/**
> + * Generate a digest reply SHA-256, according to RFC 7616.
> + * TODO : support other RFC 7616 Algorithm 
> + */
> +static char *make_digest_auth_sha(HTTPAuthState *state, const char *username,
> +  const char *password, const char *uri,
> +  const char *method, const char *algorithm)
> +{

BTW I see this function contains much duplicated code from
make_digest_auth().

Is it possible to make make_digest_auth use this new function with the
MD5 algorithm? This would avoid much code duplication.

[...]
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization [update]

2024-04-03 Thread 정지우 | Eugene

 add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h
- make_digest_auth_sha() : A1hash-> a1_hash and A2hash -> a2_hash
- combine with lint fix patch

Signed-off-by: Eugene-bitsensing 
---
 libavformat/httpauth.c | 130 ++---
 libavformat/httpauth.h |   8 +++
 2 files changed, 130 insertions(+), 8 deletions(-)

diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
index 9780928357..6069523bca 100644
--- a/libavformat/httpauth.c
+++ b/libavformat/httpauth.c
@@ -25,6 +25,7 @@
 #include "internal.h"
 #include "libavutil/random_seed.h"
 #include "libavutil/md5.h"
+#include "libavutil/hash.h"
 #include "urldecode.h"
 
 static void handle_basic_params(HTTPAuthState *state, const char *key,
@@ -143,7 +144,7 @@ static char *make_digest_auth(HTTPAuthState *state, const 
char *username,
 char cnonce[17];
 char nc[9];
 int i;
-char A1hash[33], A2hash[33], response[33];
+char a1_hash[33], a2_hash[33], response[33];
 struct AVMD5 *md5ctx;
 uint8_t hash[16];
 char *authstr;
@@ -163,14 +164,14 @@ static char *make_digest_auth(HTTPAuthState *state, const 
char *username,
 av_md5_init(md5ctx);
 update_md5_strings(md5ctx, username, ":", state->realm, ":", password, 
NULL);
 av_md5_final(md5ctx, hash);
-ff_data_to_hex(A1hash, hash, 16, 1);
+ff_data_to_hex(a1_hash, hash, 16, 1);
 
 if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
 } else if (!strcmp(digest->algorithm, "MD5-sess")) {
 av_md5_init(md5ctx);
-update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, 
NULL);
+update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, ":", cnonce, 
NULL);
 av_md5_final(md5ctx, hash);
-ff_data_to_hex(A1hash, hash, 16, 1);
+ff_data_to_hex(a1_hash, hash, 16, 1);
 } else {
 /* Unsupported algorithm */
 av_free(md5ctx);
@@ -180,14 +181,14 @@ static char *make_digest_auth(HTTPAuthState *state, const 
char *username,
 av_md5_init(md5ctx);
 update_md5_strings(md5ctx, method, ":", uri, NULL);
 av_md5_final(md5ctx, hash);
-ff_data_to_hex(A2hash, hash, 16, 1);
+ff_data_to_hex(a2_hash, hash, 16, 1);
 
 av_md5_init(md5ctx);
-update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
+update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, NULL);
 if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
 update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, 
NULL);
 }
-update_md5_strings(md5ctx, ":", A2hash, NULL);
+update_md5_strings(md5ctx, ":", a2_hash, NULL);
 av_md5_final(md5ctx, hash);
 ff_data_to_hex(response, hash, 16, 1);
 
@@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, const 
char *username,
 return authstr;
 }
 
+/**
+ * Generate a digest reply SHA-256, according to RFC 7616.
+ * TODO : support other RFC 7616 Algorithm 
+ */
+static char *make_digest_auth_sha(HTTPAuthState *state, const char *username,
+  const char *password, const char *uri,
+  const char *method, const char *algorithm)
+{
+DigestParams *digest = >digest_params;
+int len;
+uint32_t cnonce_buf[2];
+char cnonce[17];
+char nc[9];
+int i;
+char a1_hash[65], a2_hash[65], response[65];
+struct AVHashContext *hashctx;
+uint8_t hash[64];
+char *authstr;
+
+digest->nc++;
+snprintf(nc, sizeof(nc), "%08x", digest->nc);
+
+/* Generate a client nonce. */
+for (i = 0; i < 2; i++)
+cnonce_buf[i] = av_get_random_seed();
+ff_data_to_hex(cnonce, (const uint8_t *)cnonce_buf, sizeof(cnonce_buf), 1);
+
+/* Allocate a hash context based on the provided algorithm */
+int ret = av_hash_alloc(, algorithm);
+if (ret < 0) {
+return NULL;
+}
+
+/* Initialize the hash context */
+av_hash_init(hashctx);
+
+/* Update the hash context with A1 data */
+av_hash_update(hashctx, (const uint8_t *)username, strlen(username));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)state->realm, 
strlen(state->realm));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)password, strlen(password));
+av_hash_final(hashctx, hash);
+ff_data_to_hex(a1_hash, hash, av_hash_get_size(hashctx), 1);
+
+/* Initialize the hash context for A2 */
+av_hash_init(hashctx);
+av_hash_update(hashctx, (const uint8_t *)method, strlen(method));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)uri, strlen(uri));
+av_hash_final(hashctx, hash);
+ff_data_to_hex(a2_hash, hash, av_hash_get_size(hashctx), 1);
+
+/* Initialize the hash context for response */
+av_hash_init(hashctx);
+av_hash_update(hashctx, (const uint8_t *)a1_hash,

Re: [FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization (Combined)

2024-04-03 Thread Andreas Rheinhardt

정지우 | Eugene:
> - add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h
> - make_digest_auth_sha() : A1hash-> a1_hash and A2hash -> a2_hash
> - combine with lint fix patch 
> (Please ignore previous patch requests that were requested by mistake): 
> [FFmpeg-devel] [PATCH] fix typo(1),style(1),nit(4) issue
> 
> Signed-off-by: Eugene-bitsensing 
> ---
>  libavformat/httpauth.c| 130 +-
>  libavformat/httpauth.h|   8 +
>  ...h-add-SHA-256-Digest-Authorization-Com.eml | 224 ++
>  3 files changed, 354 insertions(+), 8 deletions(-)
>  create mode 100644 
> outputfolder/0001-avformat-httpauth-add-SHA-256-Digest-Authorization-Com.eml

You should not try to commit the eml file corresponding to your patch.

- Andreas

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization (Combined)

2024-04-03 Thread 정지우 | Eugene

- add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h
- make_digest_auth_sha() : A1hash-> a1_hash and A2hash -> a2_hash
- combine with lint fix patch 
(Please ignore previous patch requests that were requested by mistake): 
[FFmpeg-devel] [PATCH] fix typo(1),style(1),nit(4) issue

Signed-off-by: Eugene-bitsensing 
---
 libavformat/httpauth.c| 130 +-
 libavformat/httpauth.h|   8 +
 ...h-add-SHA-256-Digest-Authorization-Com.eml | 224 ++
 3 files changed, 354 insertions(+), 8 deletions(-)
 create mode 100644 
outputfolder/0001-avformat-httpauth-add-SHA-256-Digest-Authorization-Com.eml

diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
index 9780928357..6069523bca 100644
--- a/libavformat/httpauth.c
+++ b/libavformat/httpauth.c
@@ -25,6 +25,7 @@
 #include "internal.h"
 #include "libavutil/random_seed.h"
 #include "libavutil/md5.h"
+#include "libavutil/hash.h"
 #include "urldecode.h"
 
 static void handle_basic_params(HTTPAuthState *state, const char *key,
@@ -143,7 +144,7 @@ static char *make_digest_auth(HTTPAuthState *state, const 
char *username,
 char cnonce[17];
 char nc[9];
 int i;
-char A1hash[33], A2hash[33], response[33];
+char a1_hash[33], a2_hash[33], response[33];
 struct AVMD5 *md5ctx;
 uint8_t hash[16];
 char *authstr;
@@ -163,14 +164,14 @@ static char *make_digest_auth(HTTPAuthState *state, const 
char *username,
 av_md5_init(md5ctx);
 update_md5_strings(md5ctx, username, ":", state->realm, ":", password, 
NULL);
 av_md5_final(md5ctx, hash);
-ff_data_to_hex(A1hash, hash, 16, 1);
+ff_data_to_hex(a1_hash, hash, 16, 1);
 
 if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
 } else if (!strcmp(digest->algorithm, "MD5-sess")) {
 av_md5_init(md5ctx);
-update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, 
NULL);
+update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, ":", cnonce, 
NULL);
 av_md5_final(md5ctx, hash);
-ff_data_to_hex(A1hash, hash, 16, 1);
+ff_data_to_hex(a1_hash, hash, 16, 1);
 } else {
 /* Unsupported algorithm */
 av_free(md5ctx);
@@ -180,14 +181,14 @@ static char *make_digest_auth(HTTPAuthState *state, const 
char *username,
 av_md5_init(md5ctx);
 update_md5_strings(md5ctx, method, ":", uri, NULL);
 av_md5_final(md5ctx, hash);
-ff_data_to_hex(A2hash, hash, 16, 1);
+ff_data_to_hex(a2_hash, hash, 16, 1);
 
 av_md5_init(md5ctx);
-update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
+update_md5_strings(md5ctx, a1_hash, ":", digest->nonce, NULL);
 if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
 update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, 
NULL);
 }
-update_md5_strings(md5ctx, ":", A2hash, NULL);
+update_md5_strings(md5ctx, ":", a2_hash, NULL);
 av_md5_final(md5ctx, hash);
 ff_data_to_hex(response, hash, 16, 1);
 
@@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, const 
char *username,
 return authstr;
 }
 
+/**
+ * Generate a digest reply SHA-256, according to RFC 7616.
+ * TODO : support other RFC 7616 Algorithm 
+ */
+static char *make_digest_auth_sha(HTTPAuthState *state, const char *username,
+  const char *password, const char *uri,
+  const char *method, const char *algorithm)
+{
+DigestParams *digest = >digest_params;
+int len;
+uint32_t cnonce_buf[2];
+char cnonce[17];
+char nc[9];
+int i;
+char a1_hash[65], a2_hash[65], response[65];
+struct AVHashContext *hashctx;
+uint8_t hash[64];
+char *authstr;
+
+digest->nc++;
+snprintf(nc, sizeof(nc), "%08x", digest->nc);
+
+/* Generate a client nonce. */
+for (i = 0; i < 2; i++)
+cnonce_buf[i] = av_get_random_seed();
+ff_data_to_hex(cnonce, (const uint8_t *)cnonce_buf, sizeof(cnonce_buf), 1);
+
+/* Allocate a hash context based on the provided algorithm */
+int ret = av_hash_alloc(, algorithm);
+if (ret < 0) {
+return NULL;
+}
+
+/* Initialize the hash context */
+av_hash_init(hashctx);
+
+/* Update the hash context with A1 data */
+av_hash_update(hashctx, (const uint8_t *)username, strlen(username));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)state->realm, 
strlen(state->realm));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)password, strlen(password));
+av_hash_final(hashctx, hash);
+ff_data_to_hex(a1_hash, hash, av_hash_get_size(hashctx), 1);
+
+/* Initialize the hash context for A2 */
+av_hash_init(hashctx);
+av_hash_update(hashctx, (const uint8_t *)method, strlen(method));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+

Re: [FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization

2024-03-26 Thread Stefano Sabatini

On date Tuesday 2024-03-26 05:52:59 +, �� | Eugene wrote:
> - add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h
> 
> Signed-off-by: Eugene-bitsensing 
> ---
>  libavformat/httpauth.c | 116 -
>  libavformat/httpauth.h |   8 +++
>  2 files changed, 123 insertions(+), 1 deletion(-)

missing entry to Changelog

> 
> diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
> index 9780928357..8391b6f32f 100644
> --- a/libavformat/httpauth.c
> +++ b/libavformat/httpauth.c
> @@ -25,6 +25,7 @@
>  #include "internal.h"
>  #include "libavutil/random_seed.h"
>  #include "libavutil/md5.h"
> +#include "libavutil/hash.h"
>  #include "urldecode.h"
>  
>  static void handle_basic_params(HTTPAuthState *state, const char *key,
> @@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, 
> const char *username,
>  return authstr;
>  }
>  
> +/**
> + * Generate a digest reply SHA-256, according to RFC 7616.

> + * TODO : support other RFIC 7616 Algorithm 

typo: RFC ... algorithms

> + */
> +static char *make_digest_auth_sha(HTTPAuthState *state, const char *username,

> +  const char *password, const char *uri,
> +  const char *method, const char *algorithm)

nit: weird indent, align to HTTPAuthState

> +{
> +DigestParams *digest = >digest_params;
> +int len;
> +uint32_t cnonce_buf[2];
> +char cnonce[17];
> +char nc[9];
> +int i;

> +char A1hash[65], A2hash[65], response[65];

style: use snake_case (a1_hash etc.)

> +struct AVHashContext *hashctx;
> +uint8_t hash[64];
> +char *authstr;
> +
> +digest->nc++;
> +snprintf(nc, sizeof(nc), "%08x", digest->nc);
> +
> +/* Generate a client nonce. */
> +for (i = 0; i < 2; i++)
> +cnonce_buf[i] = av_get_random_seed();

> +ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 
> 1);

nit++: (const uint8_t *)cnonce_buf

> +
> +/* Allocate a hash context based on the provided algorithm */

> +int ret = av_hash_alloc(, algorithm);
> +if (ret < 0) {
> +return NULL;
> +}

unrelated, but it might be good to propagate the error code (it might
fail for several reasons - not blocking since this also impacts the
other function and can be done in a later change)

> +
> +/* Initialize the hash context */
> +av_hash_init(hashctx);
> +
> +/* Update the hash context with A1 data */
> +av_hash_update(hashctx, (const uint8_t *)username, strlen(username));
> +av_hash_update(hashctx, (const uint8_t *)":", 1);
> +av_hash_update(hashctx, (const uint8_t *)state->realm, 
> strlen(state->realm));
> +av_hash_update(hashctx, (const uint8_t *)":", 1);
> +av_hash_update(hashctx, (const uint8_t *)password, strlen(password));
> +av_hash_final(hashctx, hash);
> +ff_data_to_hex(A1hash, hash, av_hash_get_size(hashctx), 1);
> +
> +/* Initialize the hash context for A2 */
> +av_hash_init(hashctx);
> +av_hash_update(hashctx, (const uint8_t *)method, strlen(method));
> +av_hash_update(hashctx, (const uint8_t *)":", 1);
> +av_hash_update(hashctx, (const uint8_t *)uri, strlen(uri));
> +av_hash_final(hashctx, hash);
> +ff_data_to_hex(A2hash, hash, av_hash_get_size(hashctx), 1);
> +
> +/* Initialize the hash context for response */
> +av_hash_init(hashctx);
> +av_hash_update(hashctx, (const uint8_t *)A1hash, strlen(A1hash));
> +av_hash_update(hashctx, (const uint8_t *)":", 1);
> +av_hash_update(hashctx, (const uint8_t *)digest->nonce, 
> strlen(digest->nonce));
> +av_hash_update(hashctx, (const uint8_t *)":", 1);
> +av_hash_update(hashctx, (const uint8_t *)nc, strlen(nc));
> +av_hash_update(hashctx, (const uint8_t *)":", 1);
> +av_hash_update(hashctx, (const uint8_t *)cnonce, strlen(cnonce));
> +av_hash_update(hashctx, (const uint8_t *)":", 1);
> +av_hash_update(hashctx, (const uint8_t *)digest->qop, 
> strlen(digest->qop));
> +av_hash_update(hashctx, (const uint8_t *)":", 1);
> +av_hash_update(hashctx, (const uint8_t *)A2hash, strlen(A2hash));
> +av_hash_final(hashctx, hash);
> +ff_data_to_hex(response, hash, av_hash_get_size(hashctx), 1);
> +
> +/* Free the hash context */
> +av_hash_freep();
> +
> +len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
> +  strlen(uri) + strlen(response) + strlen(digest->algorithm) +
> +  strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
> +  strlen(nc) + 150;
> +
> +authstr = av_malloc(len);
> +if (!authstr) {
> +return NULL;
> +}
> +
> +/* Generate Header same way as *make_digest_auth */
> +snprintf(authstr, len, "Authorization: Digest ");
> +
> +av_strlcatf(authstr, len, "username=\"%s\"",   username);
> +av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm);
> +av_strlcatf(authstr, len,

[FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization

2024-03-25 Thread 정지우 | Eugene

- add SHA-256 Digest Authorization for RFC7616 using avutil/hash.h

Signed-off-by: Eugene-bitsensing 
---
 libavformat/httpauth.c | 116 -
 libavformat/httpauth.h |   8 +++
 2 files changed, 123 insertions(+), 1 deletion(-)

diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
index 9780928357..8391b6f32f 100644
--- a/libavformat/httpauth.c
+++ b/libavformat/httpauth.c
@@ -25,6 +25,7 @@
 #include "internal.h"
 #include "libavutil/random_seed.h"
 #include "libavutil/md5.h"
+#include "libavutil/hash.h"
 #include "urldecode.h"
 
 static void handle_basic_params(HTTPAuthState *state, const char *key,
@@ -236,6 +237,114 @@ static char *make_digest_auth(HTTPAuthState *state, const 
char *username,
 return authstr;
 }
 
+/**
+ * Generate a digest reply SHA-256, according to RFC 7616.
+ * TODO : support other RFIC 7616 Algorithm 
+ */
+static char *make_digest_auth_sha(HTTPAuthState *state, const char *username,
+  const char *password, const char *uri,
+  const char *method, const char *algorithm)
+{
+DigestParams *digest = >digest_params;
+int len;
+uint32_t cnonce_buf[2];
+char cnonce[17];
+char nc[9];
+int i;
+char A1hash[65], A2hash[65], response[65];
+struct AVHashContext *hashctx;
+uint8_t hash[64];
+char *authstr;
+
+digest->nc++;
+snprintf(nc, sizeof(nc), "%08x", digest->nc);
+
+/* Generate a client nonce. */
+for (i = 0; i < 2; i++)
+cnonce_buf[i] = av_get_random_seed();
+ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
+
+/* Allocate a hash context based on the provided algorithm */
+int ret = av_hash_alloc(, algorithm);
+if (ret < 0) {
+return NULL;
+}
+
+/* Initialize the hash context */
+av_hash_init(hashctx);
+
+/* Update the hash context with A1 data */
+av_hash_update(hashctx, (const uint8_t *)username, strlen(username));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)state->realm, 
strlen(state->realm));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)password, strlen(password));
+av_hash_final(hashctx, hash);
+ff_data_to_hex(A1hash, hash, av_hash_get_size(hashctx), 1);
+
+/* Initialize the hash context for A2 */
+av_hash_init(hashctx);
+av_hash_update(hashctx, (const uint8_t *)method, strlen(method));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)uri, strlen(uri));
+av_hash_final(hashctx, hash);
+ff_data_to_hex(A2hash, hash, av_hash_get_size(hashctx), 1);
+
+/* Initialize the hash context for response */
+av_hash_init(hashctx);
+av_hash_update(hashctx, (const uint8_t *)A1hash, strlen(A1hash));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)digest->nonce, 
strlen(digest->nonce));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)nc, strlen(nc));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)cnonce, strlen(cnonce));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)digest->qop, strlen(digest->qop));
+av_hash_update(hashctx, (const uint8_t *)":", 1);
+av_hash_update(hashctx, (const uint8_t *)A2hash, strlen(A2hash));
+av_hash_final(hashctx, hash);
+ff_data_to_hex(response, hash, av_hash_get_size(hashctx), 1);
+
+/* Free the hash context */
+av_hash_freep();
+
+len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
+  strlen(uri) + strlen(response) + strlen(digest->algorithm) +
+  strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
+  strlen(nc) + 150;
+
+authstr = av_malloc(len);
+if (!authstr) {
+return NULL;
+}
+
+/* Generate Header same way as *make_digest_auth */
+snprintf(authstr, len, "Authorization: Digest ");
+
+av_strlcatf(authstr, len, "username=\"%s\"",   username);
+av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm);
+av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce);
+av_strlcatf(authstr, len, ", uri=\"%s\"",   uri);
+av_strlcatf(authstr, len, ", response=\"%s\"",  response);
+
+if (digest->algorithm[0])
+av_strlcatf(authstr, len, ", algorithm=\"%s\"",  digest->algorithm);
+
+if (digest->opaque[0])
+av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque);
+if (digest->qop[0]) {
+av_strlcatf(authstr, len, ", qop=\"%s\"",digest->qop);
+av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce);
+av_strlcatf(authstr, len, ", nc=%s", nc);
+}
+
+av_strlcatf(authstr, len, "\r\n");
+
+return authstr;
+}
+
+

Re: [FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization [update]

[FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization [update]

Re: [FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization (Combined)

[FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization (Combined)

Re: [FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization

[FFmpeg-devel] [PATCH] avformat/httpauth: add SHA-256 Digest Authorization

6 matches

Site Navigation

Mail list logo

Footer information