Add SHA256 support for digest auth

https://tools.ietf.org/html/rfc7616 PUBLISHED_FROM=c2f045511b68d7dbcf4765cf32a312361a966eeb
mongoose-os-libs · Apr 10, 2021 · bc084da · bc084da
1 parent ba4b8ac
commit bc084da
Showing 1 changed file with 40 additions and 6 deletions.
diff --git a/include/mongoose.h b/include/mongoose.h
@@ -4704,13 +4704,16 @@ extern void mg_hash_md5_v(size_t num_msgs, const uint8_t *msgs[],
                           const size_t *msg_lens, uint8_t *digest);
 extern void mg_hash_sha1_v(size_t num_msgs, const uint8_t *msgs[],
                            const size_t *msg_lens, uint8_t *digest);
+extern void mg_hash_sha256_v(size_t num_msgs, const uint8_t *msgs[],
+                             const size_t *msg_lens, uint8_t *digest);
 
 /*
  * Flags for `mg_http_is_authorized()`.
  */
 #define MG_AUTH_FLAG_IS_DIRECTORY (1 << 0)
 #define MG_AUTH_FLAG_IS_GLOBAL_PASS_FILE (1 << 1)
 #define MG_AUTH_FLAG_ALLOW_MISSING_FILE (1 << 2)
+#define MG_AUTH_FLAG_ALGO(algo) ((((int) algo) & 3) << 8)
 
 /*
  * Checks whether an http request is authorized. `domain` is the authentication
@@ -4723,12 +4726,6 @@ int mg_http_is_authorized(struct http_message *hm, struct mg_str path,
                           const char *domain, const char *passwords_file,
                           int flags);
 
-/*
- * Sends 401 Unauthorized response.
- */
-void mg_http_send_digest_auth_request(struct mg_connection *c,
-                                      const char *domain);
-
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */
@@ -4879,6 +4876,14 @@ size_t mg_parse_multipart(const char *buf, size_t buf_len, char *var_name,
 int mg_get_http_var(const struct mg_str *buf, const char *name, char *dst,
                     size_t dst_len);
 
+/*
+ * Supported digest auth algorithms.
+ */
+enum mg_auth_algo {
+  MG_AUTH_ALGO_MD5 = 0,
+  MG_AUTH_ALGO_SHA256 = 1,
+};
+
 #if MG_ENABLE_FILESYSTEM
 /*
  * This structure defines how `mg_serve_http()` works.
@@ -4915,6 +4920,11 @@ struct mg_serve_http_opts {
    */
   const char *global_auth_file;
 
+  /*
+   * Password hashing algorithm used by the password files.
+   */
+  enum mg_auth_algo auth_algo;
+
   /* Set to "no" to disable directory listing. Enabled by default. */
   const char *enable_directory_listing;
 
@@ -5166,19 +5176,31 @@ struct mg_http_endpoint_opts {
   /* Authorization domain (realm) */
   const char *auth_domain;
   const char *auth_file;
+  enum mg_auth_algo auth_algo;
 };
 
 void mg_register_http_endpoint_opt(struct mg_connection *nc,
                                    const char *uri_path,
                                    mg_event_handler_t handler,
                                    struct mg_http_endpoint_opts opts);
 
+/*
+ * Sends 401 Unauthorized response.
+ */
+void mg_http_send_digest_auth_request(struct mg_connection *c,
+                                      const char *domain);
+void mg_http_send_digest_auth_request_algo(struct mg_connection *c,
+                                           const char *domain,
+                                           enum mg_auth_algo algo);
+
 /*
  * Authenticates a HTTP request against an opened password file.
  * Returns 1 if authenticated, 0 otherwise.
  */
 int mg_http_check_digest_auth(struct http_message *hm, const char *auth_domain,
                               FILE *fp);
+int mg_http_check_digest_auth_algo(struct http_message *hm, const char *auth_domain,
+                              enum mg_auth_algo fp_algo, FILE *fp);
 
 /*
  * Authenticates given response params against an opened password file.
@@ -5191,6 +5213,12 @@ int mg_check_digest_auth(struct mg_str method, struct mg_str uri,
                          struct mg_str response, struct mg_str qop,
                          struct mg_str nc, struct mg_str nonce,
                          struct mg_str auth_domain, FILE *fp);
+int mg_check_digest_auth_algo(struct mg_str method, struct mg_str uri,
+                              struct mg_str username, struct mg_str cnonce,
+                              struct mg_str response, struct mg_str qop,
+                              struct mg_str nc, struct mg_str nonce,
+                              struct mg_str auth_domain, enum mg_auth_algo algo,
+                              FILE *fp);
 
 /*
  * Sends buffer `buf` of size `len` to the client using chunked HTTP encoding.
@@ -5360,6 +5388,12 @@ int mg_http_create_digest_auth_header(char *buf, size_t buf_len,
                                       const char *method, const char *uri,
                                       const char *auth_domain, const char *user,
                                       const char *passwd, const char *nonce);
+int mg_http_create_digest_auth_header_algo(char *buf, size_t buf_len,
+                                           const char *method, const char *uri,
+                                           const char *auth_domain,
+                                           const char *user, const char *passwd,
+                                           const char *nonce,
+                                           enum mg_auth_algo algo);
 
 #ifdef __cplusplus
 }