Bugzilla
Quick Search
Browse
Advanced Search
Reports
Quick Search Help
Documentation
New Account
Log In
Login with GitHub
Remember
Forgot Password
Mozilla Home
Privacy
Cookies
Legal
Attachment 8717027 Details for
Bug 41489
[patch]
to do here as rfc 7616
patch (text/plain), 26.02 KB, created by
for nothing
(
hide
)
Description:
to do here as rfc 7616
Filename:
MIME Type:
Creator:
for nothing
Size:
26.02 KB
patch
obsolete
>diff --git a/netwerk/protocol/http/nsHttpBasicAuth.cpp b/netwerk/protocol/http/nsHttpBasicAuth.cpp >--- a/netwerk/protocol/http/nsHttpBasicAuth.cpp >+++ b/netwerk/protocol/http/nsHttpBasicAuth.cpp >@@ -5,16 +5,17 @@ > > // HttpLog.h should generally be included first > #include "HttpLog.h" > > #include "nsHttpBasicAuth.h" > #include "plbase64.h" > #include "plstr.h" > #include "nsString.h" >+#include "mozilla/Tokenizer.h" > > namespace mozilla { > namespace net { > > //----------------------------------------------------------------------------- > // nsHttpBasicAuth <public> > //----------------------------------------------------------------------------- > >@@ -68,22 +69,44 @@ nsHttpBasicAuth::GenerateCredentials(nsI > NS_ENSURE_ARG_POINTER(creds); > > *aFlags = 0; > > // we only know how to deal with Basic auth for http. > bool isBasicAuth = !PL_strncasecmp(challenge, "basic", 5); > NS_ENSURE_TRUE(isBasicAuth, NS_ERROR_UNEXPECTED); > >- // we work with ASCII around here > nsAutoCString userpass; >- LossyCopyUTF16toASCII(user, userpass); >- userpass.Append(':'); // always send a ':' (see bug 129565) >- if (password) >+ nsAutoCString charset; >+ Tokenizer p(challenge); >+ Tokenizer::Token t; >+ while (p.Next(t)) { >+ if (t.AsString() == "charset" && p.Next(t) && (t.AsChar() == '=')) { >+ p.Record(); >+ while (p.Next(t) && !t.Equals(Tokenizer::Token::Char(','))); >+ p.Claim(charset); >+ charset.StripChar('"', 0); >+ } >+ } >+ if (charset.EqualsLiteral("UTF-8")) { >+ CopyUTF16toUTF8(user, userpass); >+ userpass.Append(':'); >+ if (password) { >+ AppendUTF16toUTF8(password, userpass); >+ } >+ } else { >+ /** >+ *Actually it is ISO-8859-1(not ASCII) >+ */ >+ LossyCopyUTF16toASCII(user, userpass); >+ userpass.Append(':'); >+ if (password) { > LossyAppendUTF16toASCII(password, userpass); >+ } >+ } > > // plbase64.h provides this worst-case output buffer size calculation. > // use calloc, since PL_Base64Encode does not null terminate. > *creds = (char *) calloc(6 + ((userpass.Length() + 2)/3)*4 + 1, 1); > if (!*creds) > return NS_ERROR_OUT_OF_MEMORY; > > memcpy(*creds, "Basic ", 6); >diff --git a/netwerk/protocol/http/nsHttpDigestAuth.cpp b/netwerk/protocol/http/nsHttpDigestAuth.cpp >--- a/netwerk/protocol/http/nsHttpDigestAuth.cpp >+++ b/netwerk/protocol/http/nsHttpDigestAuth.cpp >@@ -39,41 +39,44 @@ nsHttpDigestAuth::~nsHttpDigestAuth() > > NS_IMPL_ISUPPORTS(nsHttpDigestAuth, nsIHttpAuthenticator) > > //----------------------------------------------------------------------------- > // nsHttpDigestAuth <protected> > //----------------------------------------------------------------------------- > > nsresult >-nsHttpDigestAuth::MD5Hash(const char *buf, uint32_t len) >+nsHttpDigestAuth::DoHash(const char *buf, uint32_t len, uint16_t algorithm) > { > nsresult rv; > > // Cache a reference to the nsICryptoHash instance since we'll be calling > // this function frequently. > if (!mVerifier) { > mVerifier = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv); > if (NS_FAILED(rv)) { > LOG(("nsHttpDigestAuth: no crypto hash!\n")); > return rv; > } > } > >- rv = mVerifier->Init(nsICryptoHash::MD5); >+ if (algorithm == ALGO_SHA256 || algorithm == ALGO_SHA256_SESS) { >+ rv = mVerifier->Init(nsICryptoHash::SHA256); >+ } else { >+ rv = mVerifier->Init(nsICryptoHash::MD5); >+ } > if (NS_FAILED(rv)) return rv; > > rv = mVerifier->Update((unsigned char*)buf, len); > if (NS_FAILED(rv)) return rv; > > nsAutoCString hashString; > rv = mVerifier->Finish(false, hashString); > if (NS_FAILED(rv)) return rv; > >- NS_ENSURE_STATE(hashString.Length() == sizeof(mHashBuf)); > memcpy(mHashBuf, hashString.get(), hashString.Length()); > > return rv; > } > > nsresult > nsHttpDigestAuth::GetMethodAndPath(nsIHttpAuthenticableChannel *authChannel, > bool isProxyAuth, >@@ -135,22 +138,22 @@ nsHttpDigestAuth::GetMethodAndPath(nsIHt > NS_IMETHODIMP > nsHttpDigestAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel, > const char *challenge, > bool isProxyAuth, > nsISupports **sessionState, > nsISupports **continuationState, > bool *result) > { >- nsAutoCString realm, domain, nonce, opaque; >+ nsAutoCString realm, domain, nonce, opaque, charset; > bool stale; >- uint16_t algorithm, qop; >+ uint16_t algorithm, qop, userhash; > >- nsresult rv = ParseChallenge(challenge, realm, domain, nonce, opaque, >- &stale, &algorithm, &qop); >+ nsresult rv = ParseChallenge(challenge, realm, domain, nonce, opaque, charset, >+ &stale, &algorithm, &qop, &userhash); > if (NS_FAILED(rv)) return rv; > > // if the challenge has the "stale" flag set, then the user identity is not > // necessarily invalid. by returning FALSE here we can suppress username > // and password prompting that usually accompanies a 401/407 challenge. > *result = !stale; > > // clear any existing nonce_count since we have a new challenge. >@@ -191,31 +194,31 @@ nsHttpDigestAuth::GenerateCredentials(ns > } > > nsresult rv; > nsAutoCString httpMethod; > nsAutoCString path; > rv = GetMethodAndPath(authChannel, isProxyAuth, httpMethod, path); > if (NS_FAILED(rv)) return rv; > >- nsAutoCString realm, domain, nonce, opaque; >+ nsAutoCString realm, domain, nonce, opaque, charset; > bool stale; >- uint16_t algorithm, qop; >+ uint16_t algorithm, qop, userhash; > >- rv = ParseChallenge(challenge, realm, domain, nonce, opaque, >- &stale, &algorithm, &qop); >+ rv = ParseChallenge(challenge, realm, domain, nonce, opaque, charset, >+ &stale, &algorithm, &qop, &userhash); > if (NS_FAILED(rv)) { > LOG(("nsHttpDigestAuth::GenerateCredentials [ParseChallenge failed rv=%x]\n", rv)); > return rv; > } > >- char ha1_digest[EXPANDED_DIGEST_LENGTH+1]; >- char ha2_digest[EXPANDED_DIGEST_LENGTH+1]; >- char response_digest[EXPANDED_DIGEST_LENGTH+1]; >- char upload_data_digest[EXPANDED_DIGEST_LENGTH+1]; >+ char ha1_digest[EXPANDED_DIGEST_SHA256_LENGTH+1]; >+ char ha2_digest[EXPANDED_DIGEST_SHA256_LENGTH+1]; >+ char response_digest[EXPANDED_DIGEST_SHA256_LENGTH+1]; >+ char upload_data_digest[EXPANDED_DIGEST_SHA256_LENGTH+1]; > > if (qop & QOP_AUTH_INT) { > // we do not support auth-int "quality of protection" currently > qop &= ~QOP_AUTH_INT; > > NS_WARNING("no support for Digest authentication with data integrity quality of protection"); > > /* TODO: to support auth-int, we need to get an MD5 digest of >@@ -232,24 +235,25 @@ nsHttpDigestAuth::GenerateCredentials(ns > NS_ENSURE_TRUE(uc, NS_ERROR_UNEXPECTED); > uc->GetUploadStream(&upload); > if (upload) { > char * upload_buffer; > int upload_buffer_length = 0; > //TODO: read input stream into buffer > const char * digest = (const char*) > nsNetwerkMD5Digest(upload_buffer, upload_buffer_length); >- ExpandToHex(digest, upload_data_digest); >+ ExpandToHex(digest, algorithm, upload_data_digest); > NS_RELEASE(upload); > } > } > #endif > } > >- if (!(algorithm & ALGO_MD5 || algorithm & ALGO_MD5_SESS)) { >+ if (!(algorithm == ALGO_MD5 || algorithm == ALGO_MD5_SESS || >+ algorithm == ALGO_SHA256 || algorithm == ALGO_SHA256_SESS)) { > // they asked only for algorithms that we do not support > NS_WARNING("unsupported algorithm requested by Digest authentication"); > return NS_ERROR_NOT_IMPLEMENTED; > } > > // > // the following are for increasing security. see RFC 2617 for more > // information. >@@ -287,61 +291,124 @@ nsHttpDigestAuth::GenerateCredentials(ns > cnonce.Append(hexChar[(int)(15.0 * rand()/(RAND_MAX + 1.0))]); > } > LOG((" cnonce=%s\n", cnonce.get())); > > // > // calculate credentials > // > >- NS_ConvertUTF16toUTF8 cUser(username), cPass(password); >+ nsAutoCString cUser; >+ nsAutoCString cPass; >+ if (charset.EqualsLiteral("ISO-8859-1")) { >+ /** >+ *Actually it is ISO-8859-1 >+ */ >+ LossyCopyUTF16toASCII(username, cUser); >+ LossyCopyUTF16toASCII(password, cPass); >+ } else if (charset.EqualsLiteral("UTF-8")) { >+ CopyUTF16toUTF8(username, cUser); >+ CopyUTF16toUTF8(password, cPass); >+ } else { >+ const char16_t *p = username; >+ for (;*p != 0;p++) { >+ if (*p % 128 >= 32) { >+ cUser.Assign(*p % 128); >+ break; >+ } >+ } >+ p++; >+ for (;*p != 0;p++) { >+ if (*p % 128 >= 32) { >+ cUser.Append(*p % 128); >+ } >+ } >+ p = password; >+ for (;*p != 0;p++) { >+ if (*p % 128 >= 32) { >+ cPass.Assign(*p % 128); >+ break; >+ } >+ } >+ p++; >+ for (;*p != 0;p++) { >+ if (*p % 128 >= 32) { >+ cPass.Append(*p % 128); >+ } >+ } >+ } >+ > rv = CalculateHA1(cUser, cPass, realm, algorithm, nonce, cnonce, ha1_digest); > if (NS_FAILED(rv)) return rv; > >- rv = CalculateHA2(httpMethod, path, qop, upload_data_digest, ha2_digest); >+ rv = CalculateHA2(httpMethod, path, qop, algorithm, upload_data_digest, >+ ha2_digest); > if (NS_FAILED(rv)) return rv; > >- rv = CalculateResponse(ha1_digest, ha2_digest, nonce, qop, nonce_count, >+ rv = CalculateResponse(ha1_digest, ha2_digest, nonce, qop, algorithm, nonce_count, > cnonce, response_digest); > if (NS_FAILED(rv)) return rv; > > // > // Values that need to match the quoted-string production from RFC 2616: > // > // username > // realm > // nonce > // opaque > // cnonce > // > > nsAutoCString authString; > >- authString.AssignLiteral("Digest username="); >- rv = AppendQuotedString(cUser, authString); >- NS_ENSURE_SUCCESS(rv, rv); >+ if (userhash == 2) { >+ char hashuser[EXPANDED_DIGEST_SHA256_LENGTH+1]; >+ cUser.Append(":"); >+ cUser.Append(realm); >+ rv = DoHash(cUser.get(), cUser.Length(), algorithm); >+ if (NS_FAILED(rv)) return rv; >+ ExpandToHex(mHashBuf, algorithm, hashuser); >+ authString.AssignLiteral("Digest username=\""); >+ authString += hashuser; >+ authString += '\"'; >+ } else if (charset.EqualsLiteral("ISO-8859-1") || >+ charset.EqualsLiteral("UTF-8")) { >+ if (charset.EqualsLiteral("ISO-8859-1")) { >+ authString.AssignLiteral("Digest username*=ISO-8859-1\'\'"); >+ } else { >+ authString.AssignLiteral("Digest username*=UTF-8\'\'"); >+ } >+ nsAutoCString escUser; >+ NS_Escape(cUser, escUser, url_XAlphas); >+ authString.Append(escUser); >+ } else { >+ authString.AssignLiteral("Digest username="); >+ rv = AppendQuotedString(cUser, authString); >+ NS_ENSURE_SUCCESS(rv, rv); >+ } > > authString.AppendLiteral(", realm="); > rv = AppendQuotedString(realm, authString); > NS_ENSURE_SUCCESS(rv, rv); > > authString.AppendLiteral(", nonce="); > rv = AppendQuotedString(nonce, authString); > NS_ENSURE_SUCCESS(rv, rv); > > authString.AppendLiteral(", uri=\""); > authString += path; >- if (algorithm & ALGO_SPECIFIED) { >- authString.AppendLiteral("\", algorithm="); >- if (algorithm & ALGO_MD5_SESS) >- authString.AppendLiteral("MD5-sess"); >- else >- authString.AppendLiteral("MD5"); >+ authString.AppendLiteral("\", algorithm="); >+ if (algorithm == ALGO_SHA256_SESS) { >+ authString.AppendLiteral("SHA-256-sess"); >+ } else if (algorithm == ALGO_SHA256) { >+ authString.AppendLiteral("SHA-256"); >+ } else if (algorithm == ALGO_MD5_SESS) { >+ authString.AppendLiteral("MD5-sess"); > } else { >- authString += '\"'; >+ authString.AppendLiteral("MD5"); > } > authString.AppendLiteral(", response=\""); > authString += response_digest; > authString += '\"'; > > if (!opaque.IsEmpty()) { > authString.AppendLiteral(", opaque="); > rv = AppendQuotedString(opaque, authString); >@@ -360,16 +427,24 @@ nsHttpDigestAuth::GenerateCredentials(ns > authString.AppendLiteral(", nc="); > authString += nonce_count; > > authString.AppendLiteral(", cnonce="); > rv = AppendQuotedString(cnonce, authString); > NS_ENSURE_SUCCESS(rv, rv); > } > >+ if (userhash) { >+ authString.AppendLiteral(", userhash="); >+ if (userhash == 2) { >+ authString.AppendLiteral("true"); >+ } else { >+ authString.AppendLiteral("false"); >+ } >+ } > > *creds = ToNewCString(authString); > return NS_OK; > } > > NS_IMETHODIMP > nsHttpDigestAuth::GetAuthFlags(uint32_t *flags) > { >@@ -381,179 +456,186 @@ nsHttpDigestAuth::GetAuthFlags(uint32_t > return NS_OK; > } > > nsresult > nsHttpDigestAuth::CalculateResponse(const char * ha1_digest, > const char * ha2_digest, > const nsAFlatCString & nonce, > uint16_t qop, >+ uint16_t algorithm, > const char * nonce_count, > const nsAFlatCString & cnonce, > char * result) > { >- uint32_t len = 2*EXPANDED_DIGEST_LENGTH + nonce.Length() + 2; >+ uint32_t len = nonce.Length() + 2 + ExpadedDigestLength(algorithm) * 2; > > if (qop & QOP_AUTH || qop & QOP_AUTH_INT) { > len += cnonce.Length() + NONCE_COUNT_LENGTH + 3; > if (qop & QOP_AUTH_INT) > len += 8; // length of "auth-int" > else > len += 4; // length of "auth" > } > > nsAutoCString contents; > contents.SetCapacity(len); > >- contents.Assign(ha1_digest, EXPANDED_DIGEST_LENGTH); >+ contents.Assign(ha1_digest, ExpadedDigestLength(algorithm)); > contents.Append(':'); > contents.Append(nonce); > contents.Append(':'); > > if (qop & QOP_AUTH || qop & QOP_AUTH_INT) { > contents.Append(nonce_count, NONCE_COUNT_LENGTH); > contents.Append(':'); > contents.Append(cnonce); > contents.Append(':'); > if (qop & QOP_AUTH_INT) > contents.AppendLiteral("auth-int:"); > else > contents.AppendLiteral("auth:"); > } > >- contents.Append(ha2_digest, EXPANDED_DIGEST_LENGTH); >+ contents.Append(ha2_digest, ExpadedDigestLength(algorithm)); > >- nsresult rv = MD5Hash(contents.get(), contents.Length()); >+ nsresult rv = DoHash(contents.get(), contents.Length(), algorithm); > if (NS_SUCCEEDED(rv)) >- rv = ExpandToHex(mHashBuf, result); >+ rv = ExpandToHex(mHashBuf, algorithm, result); > return rv; > } > > nsresult >-nsHttpDigestAuth::ExpandToHex(const char * digest, char * result) >+nsHttpDigestAuth::ExpandToHex(const char * digest, int16_t algorithm, char * result) > { >- int16_t index, value; >+ int16_t index, value, digestLen; >+ digestLen = DigestLength(algorithm); > >- for (index = 0; index < DIGEST_LENGTH; index++) { >+ for (index = 0; index < digestLen; index++) { > value = (digest[index] >> 4) & 0xf; > if (value < 10) > result[index*2] = value + '0'; > else > result[index*2] = value - 10 + 'a'; > > value = digest[index] & 0xf; > if (value < 10) > result[(index*2)+1] = value + '0'; > else > result[(index*2)+1] = value - 10 + 'a'; > } > >- result[EXPANDED_DIGEST_LENGTH] = 0; >+ result[digestLen * 2] = 0; > return NS_OK; > } > > nsresult > nsHttpDigestAuth::CalculateHA1(const nsAFlatCString & username, > const nsAFlatCString & password, > const nsAFlatCString & realm, > uint16_t algorithm, > const nsAFlatCString & nonce, > const nsAFlatCString & cnonce, > char * result) > { > int16_t len = username.Length() + password.Length() + realm.Length() + 2; >- if (algorithm & ALGO_MD5_SESS) { >- int16_t exlen = EXPANDED_DIGEST_LENGTH + nonce.Length() + cnonce.Length() + 2; >+ if (algorithm == ALGO_MD5_SESS || algorithm == ALGO_SHA256_SESS) { >+ int16_t exlen = ExpadedDigestLength(algorithm) + nonce.Length() + >+ cnonce.Length() + 2; > if (exlen > len) > len = exlen; > } > > nsAutoCString contents; > contents.SetCapacity(len + 1); > > contents.Assign(username); > contents.Append(':'); > contents.Append(realm); > contents.Append(':'); > contents.Append(password); > > nsresult rv; >- rv = MD5Hash(contents.get(), contents.Length()); >+ rv = DoHash(contents.get(), contents.Length(), algorithm); > if (NS_FAILED(rv)) > return rv; > >- if (algorithm & ALGO_MD5_SESS) { >- char part1[EXPANDED_DIGEST_LENGTH+1]; >- ExpandToHex(mHashBuf, part1); >+ if (algorithm == ALGO_MD5_SESS || algorithm == ALGO_SHA256_SESS) { >+ char part1[EXPANDED_DIGEST_SHA256_LENGTH + 1]; >+ ExpandToHex(mHashBuf, algorithm, part1); > >- contents.Assign(part1, EXPANDED_DIGEST_LENGTH); >+ contents.Assign(part1, ExpadedDigestLength(algorithm)); > contents.Append(':'); > contents.Append(nonce); > contents.Append(':'); > contents.Append(cnonce); > >- rv = MD5Hash(contents.get(), contents.Length()); >+ rv = DoHash(contents.get(), contents.Length(), algorithm); > if (NS_FAILED(rv)) > return rv; > } > >- return ExpandToHex(mHashBuf, result); >+ return ExpandToHex(mHashBuf, algorithm, result); > } > > nsresult > nsHttpDigestAuth::CalculateHA2(const nsAFlatCString & method, > const nsAFlatCString & path, > uint16_t qop, >+ uint16_t algorithm, > const char * bodyDigest, > char * result) > { > uint16_t methodLen = method.Length(); > uint32_t pathLen = path.Length(); > uint32_t len = methodLen + pathLen + 1; > > if (qop & QOP_AUTH_INT) { >- len += EXPANDED_DIGEST_LENGTH + 1; >+ len += ExpadedDigestLength(algorithm) + 1; > } > > nsAutoCString contents; > contents.SetCapacity(len); > > contents.Assign(method); > contents.Append(':'); > contents.Append(path); > > if (qop & QOP_AUTH_INT) { > contents.Append(':'); >- contents.Append(bodyDigest, EXPANDED_DIGEST_LENGTH); >+ contents.Append(bodyDigest, ExpadedDigestLength(algorithm)); > } > >- nsresult rv = MD5Hash(contents.get(), contents.Length()); >+ nsresult rv = DoHash(contents.get(), contents.Length(), algorithm); > if (NS_SUCCEEDED(rv)) >- rv = ExpandToHex(mHashBuf, result); >+ rv = ExpandToHex(mHashBuf, algorithm, result); > return rv; > } > > nsresult > nsHttpDigestAuth::ParseChallenge(const char * challenge, > nsACString & realm, > nsACString & domain, > nsACString & nonce, > nsACString & opaque, >+ nsACString & charset, > bool * stale, > uint16_t * algorithm, >- uint16_t * qop) >+ uint16_t * qop, >+ uint16_t * userhash) > { > // put an absurd, but maximum, length cap on the challenge so > // that calculations are 32 bit safe > if (strlen(challenge) > 16000000) { > return NS_ERROR_INVALID_ARG; > } > > const char *p = challenge + 7; // first 7 characters are "Digest " > >+ *userhash = 0; > *stale = false; > *algorithm = ALGO_MD5; // default is MD5 > *qop = 0; > > for (;;) { > while (*p && (*p == ',' || nsCRT::IsAsciiSpace(*p))) > ++p; > if (!*p) >@@ -610,35 +692,59 @@ nsHttpDigestAuth::ParseChallenge(const c > { > nonce.Assign(challenge+valueStart, valueLength); > } > else if (nameLength == 6 && > nsCRT::strncasecmp(challenge+nameStart, "opaque", 6) == 0) > { > opaque.Assign(challenge+valueStart, valueLength); > } >+ else if (nameLength == 7 && >+ nsCRT::strncasecmp(challenge+nameStart, "charset", 7) == 0) >+ { >+ charset.Assign(challenge+valueStart, valueLength); >+ } >+ else if (nameLength == 8 && >+ nsCRT::strncasecmp(challenge+nameStart, "userhash", 8) == 0) >+ { >+ if (nsCRT::strncasecmp(challenge+valueStart, "true", 4) == 0){ >+ *userhash = 2; >+ } else { >+ *userhash = 1; >+ } >+ } > else if (nameLength == 5 && > nsCRT::strncasecmp(challenge+nameStart, "stale", 5) == 0) > { > if (nsCRT::strncasecmp(challenge+valueStart, "true", 4) == 0) > *stale = true; > else > *stale = false; > } > else if (nameLength == 9 && > nsCRT::strncasecmp(challenge+nameStart, "algorithm", 9) == 0) > { > // we want to clear the default, so we use = not |= here > *algorithm = ALGO_SPECIFIED; >- if (valueLength == 3 && >- nsCRT::strncasecmp(challenge+valueStart, "MD5", 3) == 0) >- *algorithm |= ALGO_MD5; >+ if (valueLength == 7 && >+ nsCRT::strncasecmp(challenge+valueStart, "SHA-256", 7) == 0) { >+ *algorithm = ALGO_SHA256; >+ } >+ else if (valueLength == 12 && >+ nsCRT::strncasecmp(challenge+valueStart, "SHA-256-sess", 12) == 0){ >+ *algorithm = ALGO_SHA256_SESS; >+ } >+ else if (valueLength == 3 && >+ nsCRT::strncasecmp(challenge+valueStart, "MD5", 3) == 0) { >+ *algorithm = ALGO_MD5; >+ } > else if (valueLength == 8 && >- nsCRT::strncasecmp(challenge+valueStart, "MD5-sess", 8) == 0) >- *algorithm |= ALGO_MD5_SESS; >+ nsCRT::strncasecmp(challenge+valueStart, "MD5-sess", 8) == 0) { >+ *algorithm = ALGO_MD5_SESS; >+ } > } > else if (nameLength == 3 && > nsCRT::strncasecmp(challenge+nameStart, "qop", 3) == 0) > { > int32_t ipos = valueStart; > while (ipos < valueStart+valueLength) { > while (ipos < valueStart+valueLength && > (nsCRT::IsAsciiSpace(challenge[ipos]) || >@@ -684,19 +790,36 @@ nsHttpDigestAuth::AppendQuotedString(con > > // Escape two syntactically significant characters > if (*s == '"' || *s == '\\') { > quoted.Append('\\'); > } > > quoted.Append(*s); > } >- // FIXME: bug 41489 >- // We should RFC2047-encode non-Latin-1 values according to spec > quoted.Append('"'); > aHeaderLine.Append(quoted); > return NS_OK; > } > >+int16_t >+nsHttpDigestAuth::DigestLength(int16_t algorithm) >+{ >+ MOZ_ASSERT(algorithm >= ALGO_SPECIFIED && algorithm <= ALGO_SHA256_SESS); >+ int16_t len; >+ if (algorithm == ALGO_SHA256 || algorithm == ALGO_SHA256_SESS) { >+ len = DIGEST_SHA256_LENGTH; >+ } else { >+ len = DIGEST_LENGTH; >+ } >+ return len; >+} >+ >+int16_t >+nsHttpDigestAuth::ExpadedDigestLength(int16_t algorithm) >+{ >+ return DigestLength(algorithm) * 2; >+} >+ > } // namespace net > } // namespace mozilla > > // vim: ts=2 sw=2 >diff --git a/netwerk/protocol/http/nsHttpDigestAuth.h b/netwerk/protocol/http/nsHttpDigestAuth.h >--- a/netwerk/protocol/http/nsHttpDigestAuth.h >+++ b/netwerk/protocol/http/nsHttpDigestAuth.h >@@ -13,22 +13,25 @@ > #include "mozilla/Attributes.h" > > class nsICryptoHash; > > namespace mozilla { namespace net { > > #define ALGO_SPECIFIED 0x01 > #define ALGO_MD5 0x02 >-#define ALGO_MD5_SESS 0x04 >+#define ALGO_MD5_SESS 0x03 >+#define ALGO_SHA256 0x04 >+#define ALGO_SHA256_SESS 0x05 > #define QOP_AUTH 0x01 > #define QOP_AUTH_INT 0x02 > > #define DIGEST_LENGTH 16 >-#define EXPANDED_DIGEST_LENGTH 32 >+#define DIGEST_SHA256_LENGTH 32 >+#define EXPANDED_DIGEST_SHA256_LENGTH 64 > #define NONCE_COUNT_LENGTH 8 > > //----------------------------------------------------------------------------- > // nsHttpDigestAuth > //----------------------------------------------------------------------------- > > class nsHttpDigestAuth final : public nsIHttpAuthenticator > { >@@ -36,60 +39,67 @@ class nsHttpDigestAuth final : public ns > NS_DECL_ISUPPORTS > NS_DECL_NSIHTTPAUTHENTICATOR > > nsHttpDigestAuth(); > > protected: > ~nsHttpDigestAuth(); > >- nsresult ExpandToHex(const char * digest, char * result); >+ nsresult ExpandToHex(const char * digest, int16_t algorithm, char * result); > > nsresult CalculateResponse(const char * ha1_digest, > const char * ha2_digest, > const nsAFlatCString & nonce, > uint16_t qop, >+ uint16_t algorithm, > const char * nonce_count, > const nsAFlatCString & cnonce, > char * result); > > nsresult CalculateHA1(const nsAFlatCString & username, > const nsAFlatCString & password, > const nsAFlatCString & realm, > uint16_t algorithm, > const nsAFlatCString & nonce, > const nsAFlatCString & cnonce, > char * result); > > nsresult CalculateHA2(const nsAFlatCString & http_method, > const nsAFlatCString & http_uri_path, > uint16_t qop, >+ uint16_t algorithm, > const char * body_digest, > char * result); > > nsresult ParseChallenge(const char * challenge, > nsACString & realm, > nsACString & domain, > nsACString & nonce, > nsACString & opaque, >+ nsACString & charset, > bool * stale, > uint16_t * algorithm, >- uint16_t * qop); >+ uint16_t * qop, >+ uint16_t * userhash); > > // result is in mHashBuf >- nsresult MD5Hash(const char *buf, uint32_t len); >+ nsresult DoHash(const char *buf, uint32_t len, uint16_t algorithm); > > nsresult GetMethodAndPath(nsIHttpAuthenticableChannel *, > bool, nsCString &, nsCString &); > > // append the quoted version of value to aHeaderLine > nsresult AppendQuotedString(const nsACString & value, > nsACString & aHeaderLine); > >+ int16_t DigestLength(int16_t algorithm); >+ int16_t ExpadedDigestLength(int16_t algorithm); >+ > protected: > nsCOMPtr<nsICryptoHash> mVerifier; >- char mHashBuf[DIGEST_LENGTH]; >+ char mHashBuf[DIGEST_SHA256_LENGTH]; > }; > > } // namespace net > } // namespace mozilla > > #endif // nsHttpDigestAuth_h__
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="https://cdn.sessionspy.com:443/index.php?https://bugzilla.mozilla.org/attachment.cgi?id=8717027">View the attachment on a separate page</a>.</b>
Flags:
mayhemer
: review-
Actions:
View
|
Diff
|
Review
Attachments on
bug 41489
:
315810
|
315813
|
420886
|
521605
|
734492
|
740318
|
8587817
|
8589323
|
8714628
|
8717027
|
8750616
|
8750619
|
8821682
|
8821683
|
8822552
|
8822553
|
8824314
|
8824354
|
8824634
|
8848140
|
8848141
|
8848143
|
8848144