mirror of
https://github.com/espressif/esp-idf.git
synced 2025-08-08 04:02:27 +00:00
feat(esp_http_client): SHA256 support in digest auth
Added support for using SHA256 algorithm while calculating digest auth in HTTP client connection Closes https://github.com/espressif/esp-idf/issues/12383
This commit is contained in:
@@ -12,6 +12,7 @@
|
||||
#include "sys/socket.h"
|
||||
#include "esp_rom_md5.h"
|
||||
#include "esp_tls_crypto.h"
|
||||
#include "mbedtls/sha256.h"
|
||||
|
||||
#include "esp_log.h"
|
||||
#include "esp_check.h"
|
||||
@@ -20,6 +21,8 @@
|
||||
#include "http_auth.h"
|
||||
|
||||
#define MD5_MAX_LEN (33)
|
||||
#define SHA256_LEN (32)
|
||||
#define SHA256_HEX_LEN (65)
|
||||
#define HTTP_AUTH_BUF_LEN (1024)
|
||||
|
||||
static const char *TAG = "HTTP_AUTH";
|
||||
@@ -59,6 +62,54 @@ static int md5_printf(char *md, const char *fmt, ...)
|
||||
return MD5_MAX_LEN;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief This function hash a formatted string with SHA256 and format the result as ascii characters
|
||||
*
|
||||
* @param sha The buffer will hold the ascii result
|
||||
* @param[in] fmt The format
|
||||
*
|
||||
* @return Length of the result
|
||||
*/
|
||||
static int sha256_sprintf(char *sha, const char *fmt, ...)
|
||||
{
|
||||
|
||||
unsigned char *buf;
|
||||
unsigned char digest[SHA256_LEN];
|
||||
int len, i;
|
||||
va_list ap;
|
||||
va_start(ap, fmt);
|
||||
len = vasprintf((char **)&buf, fmt, ap);
|
||||
if (buf == NULL) {
|
||||
va_end(ap);
|
||||
return ESP_FAIL;
|
||||
}
|
||||
|
||||
int ret = 0;
|
||||
mbedtls_sha256_context sha256;
|
||||
mbedtls_sha256_init(&sha256);
|
||||
if (mbedtls_sha256_starts(&sha256, 0) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
if (mbedtls_sha256_update(&sha256, buf, len) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
if (mbedtls_sha256_finish(&sha256, digest) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
for (i = 0; i < 32; ++i) {
|
||||
sprintf(&sha[i * 2], "%02x", (unsigned int)digest[i]);
|
||||
}
|
||||
sha[SHA256_HEX_LEN - 1] = '\0';
|
||||
ret = SHA256_HEX_LEN;
|
||||
|
||||
exit:
|
||||
free(buf);
|
||||
mbedtls_sha256_free(&sha256);
|
||||
va_end(ap);
|
||||
return ret;
|
||||
}
|
||||
|
||||
char *http_auth_digest(const char *username, const char *password, esp_http_auth_data_t *auth_data)
|
||||
{
|
||||
char *ha1, *ha2 = NULL;
|
||||
@@ -68,57 +119,67 @@ char *http_auth_digest(const char *username, const char *password, esp_http_auth
|
||||
esp_err_t ret = ESP_OK;
|
||||
|
||||
if (username == NULL ||
|
||||
password == NULL ||
|
||||
auth_data->nonce == NULL ||
|
||||
auth_data->uri == NULL ||
|
||||
auth_data->realm == NULL) {
|
||||
password == NULL ||
|
||||
auth_data->nonce == NULL ||
|
||||
auth_data->uri == NULL ||
|
||||
auth_data->realm == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ha1 = calloc(1, MD5_MAX_LEN);
|
||||
int digest_size = MD5_MAX_LEN;
|
||||
int (*digest_func)(char *digest, const char *fmt, ...) = md5_printf;
|
||||
if (!memcmp(auth_data->algorithm, "SHA256", strlen("SHA256")) ||
|
||||
!memcmp(auth_data->algorithm, "SHA-256", strlen("SHA-256"))) {
|
||||
digest_size = SHA256_HEX_LEN;
|
||||
digest_func = sha256_sprintf;
|
||||
}
|
||||
|
||||
ha1 = calloc(1, digest_size);
|
||||
ESP_GOTO_ON_FALSE(ha1, ESP_FAIL, _digest_exit, TAG, "Memory exhausted");
|
||||
|
||||
ha2 = calloc(1, MD5_MAX_LEN);
|
||||
ha2 = calloc(1, digest_size);
|
||||
ESP_GOTO_ON_FALSE(ha2, ESP_FAIL, _digest_exit, TAG, "Memory exhausted");
|
||||
|
||||
digest = calloc(1, MD5_MAX_LEN);
|
||||
digest = calloc(1, digest_size);
|
||||
ESP_GOTO_ON_FALSE(digest, ESP_FAIL, _digest_exit, TAG, "Memory exhausted");
|
||||
|
||||
if (md5_printf(ha1, "%s:%s:%s", username, auth_data->realm, password) <= 0) {
|
||||
if (digest_func(ha1, "%s:%s:%s", username, auth_data->realm, password) <= 0) {
|
||||
goto _digest_exit;
|
||||
}
|
||||
|
||||
ESP_LOGD(TAG, "%s %s %s %s", "Digest", username, auth_data->realm, password);
|
||||
if (strcasecmp(auth_data->algorithm, "md5-sess") == 0) {
|
||||
if (md5_printf(ha1, "%s:%s:%016llx", ha1, auth_data->nonce, auth_data->cnonce) <= 0) {
|
||||
if ((strcasecmp(auth_data->algorithm, "md5-sess") == 0) ||
|
||||
(strcasecmp(auth_data->algorithm, "SHA256") == 0) ||
|
||||
(strcasecmp(auth_data->algorithm, "md5-sess") == 0)) {
|
||||
if (digest_func(ha1, "%s:%s:%016llx", ha1, auth_data->nonce, auth_data->cnonce) <= 0) {
|
||||
goto _digest_exit;
|
||||
}
|
||||
}
|
||||
if (md5_printf(ha2, "%s:%s", auth_data->method, auth_data->uri) <= 0) {
|
||||
if (digest_func(ha2, "%s:%s", auth_data->method, auth_data->uri) <= 0) {
|
||||
goto _digest_exit;
|
||||
}
|
||||
|
||||
//support qop = auth
|
||||
if (auth_data->qop && strcasecmp(auth_data->qop, "auth-int") == 0) {
|
||||
if (md5_printf(ha2, "%s:%s", ha2, "entity") <= 0) {
|
||||
if (digest_func(ha2, "%s:%s", ha2, "entity") <= 0) {
|
||||
goto _digest_exit;
|
||||
}
|
||||
}
|
||||
|
||||
if (auth_data->qop) {
|
||||
// response=MD5(HA1:nonce:nonceCount:cnonce:qop:HA2)
|
||||
if (md5_printf(digest, "%s:%s:%08x:%016llx:%s:%s", ha1, auth_data->nonce, auth_data->nc, auth_data->cnonce, auth_data->qop, ha2) <= 0) {
|
||||
// response=digest_func(HA1:nonce:nonceCount:cnonce:qop:HA2)
|
||||
if (digest_func(digest, "%s:%s:%08x:%016llx:%s:%s", ha1, auth_data->nonce, auth_data->nc, auth_data->cnonce, auth_data->qop, ha2) <= 0) {
|
||||
goto _digest_exit;
|
||||
}
|
||||
} else {
|
||||
// response=MD5(HA1:nonce:HA2)
|
||||
if (md5_printf(digest, "%s:%s:%s", ha1, auth_data->nonce, ha2) <= 0) {
|
||||
// response=digest_func(HA1:nonce:HA2)
|
||||
if (digest_func(digest, "%s:%s:%s", ha1, auth_data->nonce, ha2) <= 0) {
|
||||
goto _digest_exit;
|
||||
}
|
||||
}
|
||||
int rc = asprintf(&auth_str, "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", algorithm=\"MD5\", "
|
||||
"response=\"%s\", qop=%s, nc=%08x, cnonce=%016"PRIx64,
|
||||
username, auth_data->realm, auth_data->nonce, auth_data->uri, digest, auth_data->qop, auth_data->nc, auth_data->cnonce);
|
||||
int rc = asprintf(&auth_str, "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", algorithm=%s, "
|
||||
"response=\"%s\", qop=%s, nc=%08x, cnonce=\"%016"PRIx64"\"",
|
||||
username, auth_data->realm, auth_data->nonce, auth_data->uri, auth_data->algorithm, digest, auth_data->qop, auth_data->nc, auth_data->cnonce);
|
||||
if (rc < 0) {
|
||||
ESP_LOGE(TAG, "asprintf() returned: %d", rc);
|
||||
ret = ESP_FAIL;
|
||||
|
Reference in New Issue
Block a user