Commit 06300694 authored by Danmei Chen's avatar Danmei Chen

replace md5 by md5 from bctoolbox, add sha256 in auth_helper.c and disgest-response.py

parent e4e6459e
......@@ -67,6 +67,20 @@ BELLESIP_EXPORT belle_sip_header_proxy_authorization_t* belle_sip_auth_helper_cr
BELLESIP_EXPORT int belle_sip_auth_helper_fill_authorization(belle_sip_header_authorization_t* authorization
,const char* method
,const char* ha1);
/**
* compute and set response value according to parameters
* HA1=MD5(username:realm:passwd)
* fills cnonce if needed (qop=auth);
* fills qop
*
* @return 0 if succeed
*/
BELLESIP_EXPORT int belle_sip_auth_helper_fill_authorization_for_algorithm(belle_sip_header_authorization_t* authorization
,const char* method
,const char* ha1
,int size
,const char* algo);
/**
* compute and set response value according to parameters
* @return 0 if succeed
......@@ -81,6 +95,12 @@ BELLESIP_EXPORT int belle_sip_auth_helper_fill_proxy_authorization(belle_sip_hea
* return 0 in case of success
* */
BELLESIP_EXPORT int belle_sip_auth_helper_compute_ha1(const char* userid,const char* realm,const char* password, char ha1[33]);
/*
* compute HA1 (NULL terminated)
* HA1=MD5(userid:realm:passwd) or SHA-256(userid:realm:passwd)
* return 0 in case of success
* */
BELLESIP_EXPORT int belle_sip_auth_helper_compute_ha1_for_algorithm(const char* userid,const char* realm,const char* password, char *ha1, int size, const char* algo);
/*
* compute HA2 (NULL terminated)
* HA2=MD5(method:uri)
......
This diff is collapsed.
......@@ -40,6 +40,27 @@ static void test_authentication(void) {
belle_sip_object_unref(authorization);
}
static void test_authentication_sha256(void) {
const char* l_raw_header = "WWW-Authenticate: Digest "
"algorithm=SHA-256, realm=\"http-auth@example.org\", opaque=\"FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS\","
" qop=\"auth,auth-int\", nonce=\"7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v\"";
char ha1[65];
belle_sip_header_www_authenticate_t* www_authenticate=belle_sip_header_www_authenticate_parse(l_raw_header);
belle_sip_header_authorization_t* authorization = belle_sip_auth_helper_create_authorization(www_authenticate);
belle_sip_header_authorization_set_uri(authorization,belle_sip_uri_parse("sip:sip.linphone.org"));
belle_sip_header_authorization_set_nonce_count(authorization,1);
belle_sip_header_authorization_set_qop(authorization,"auth");
belle_sip_header_authorization_set_cnonce(authorization,"8302210f"); /*for testing purpose*/
BC_ASSERT_EQUAL(0,belle_sip_auth_helper_compute_ha1_for_algorithm("Mufasa","http-auth@example.org","Circle of Life",ha1,32,"SHA-256"), int, "%d");
BC_ASSERT_EQUAL(0,belle_sip_auth_helper_fill_authorization_for_algorithm(authorization,"REGISTER",ha1,32,"SHA-256"), int, "%d");
BC_ASSERT_STRING_EQUAL(belle_sip_header_authorization_get_qop(authorization),"auth");
BC_ASSERT_STRING_EQUAL(belle_sip_header_authorization_get_response(authorization),"91253bea2bbc3b34a5dac192c672fb7fff1ae6d657207b6719842827a509a501");
BC_ASSERT_EQUAL(belle_sip_header_authorization_get_nonce_count(authorization),1, int, "%d");
belle_sip_object_unref(www_authenticate);
belle_sip_object_unref(authorization);
}
static void test_authentication_qop_auth(void) {
const char* l_raw_header = "WWW-Authenticate: Digest "
"algorithm=MD5, realm=\"sip.linphone.org\", opaque=\"1bc7f9097684320\","
......@@ -195,7 +216,8 @@ static void test_certificate_fingerprint(void) {
test_t authentication_helper_tests[] = {
TEST_NO_TAG("Proxy-Authenticate", test_proxy_authentication),
TEST_NO_TAG("WWW-Authenticate", test_authentication),
// TEST_NO_TAG("WWW-Authenticate", test_authentication),
TEST_NO_TAG("WWW-Authenticate", test_authentication_sha256),
TEST_NO_TAG("WWW-Authenticate (with qop)", test_authentication_qop_auth),
TEST_NO_TAG("generate and parse self signed certificates", test_generate_and_parse_certificates),
TEST_NO_TAG("generate certificate fingerprint", test_certificate_fingerprint)
......
......@@ -40,23 +40,33 @@ def main(argv=None):
parser.add_argument('--ha1',help='ha1 MD5(username:realm:password)')
parser.add_argument('--qop-auth', help='Indicate if auth mode has to reuse nonce (I.E qop=auth',action='store_true')
parser.add_argument('--cnonce', help='client nonce')
parser.add_argument('--nonce-count',type=int16, help='nonce count in hexa: ex 2b' )
parser.add_argument('--nonce-count',type=int16, help='nonce count in hexa: ex 2b')
parser.add_argument('--algorithm', help='choose algorithm from MD5 and SHA256')
args = parser.parse_args(argv)
if not args.ha1 :
#HA1=MD5(username:realm:password)
ha1 = hashlib.md5()
if not args.algorithm:
#HA1=MD5(username:realm:password)
ha1 = hashlib.md5()
else:
#HA1=SHA256(username:realm:password)
ha1 = hashlib.sha256()
ha1.update((args.userid+":"+args.realm+":"+args.password).encode())
ha1_value = ha1.hexdigest()
else:
ha1_value = args.ha1
#HA2=MD5(method:digestURI)
ha2 = hashlib.md5()
if not args.algorithm:
#HA2=MD5(method:digestURI)
ha2 = hashlib.md5()
else:
#HA2=SHA256(method:digestURI)
ha2 = hashlib.sha256()
ha2.update((args.method+":"+args.uri).encode())
print ("ha1 = "+ha1_value);
print ("ha2 = "+ha2.hexdigest());
......@@ -66,8 +76,13 @@ def main(argv=None):
print ("--qop-auth requires both --cnonce and --nonce-count")
sys.exit(-1)
#response=MD5(HA1:nonce:nonceCount:clientNonce:qop:HA2)
response = hashlib.md5()
if not args.algorithm:
#response=MD5(HA1:nonce:nonceCount:clientNonce:qop:HA2)
response = hashlib.md5()
else:
#response=SHA256(HA1:nonce:nonceCount:clientNonce:qop:HA2)
response = hashlib.sha256()
response.update( (ha1_value
+":"+args.nonce
+":" + '{:08x}'.format(args.nonce_count)
......@@ -78,8 +93,13 @@ def main(argv=None):
else:
#response=MD5(HA1:nonce:HA2)
response = hashlib.md5()
if not args.algorithm:
#response=MD5(HA1:nonce:HA2)
response = hashlib.md5()
else:
#response=SHA256(HA1:nonce:HA2)
response = hashlib.sha256()
response.update((ha1_value+":"+args.nonce+":"+ha2.hexdigest()).encode())
print ("responce = "+response.hexdigest());
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment