diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-09-11 18:39:46 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-09-11 18:42:18 +0300 |
commit | 8318f56ebc0085f1319f29862b74b65304894afe (patch) | |
tree | f33a4c735f372bc36234f13a12e6c80cc9349ec8 /src/include/microhttpd.h | |
parent | 9fa5a3b990f93b94557bc2f52aaff8db241702a7 (diff) | |
download | libmicrohttpd-8318f56ebc0085f1319f29862b74b65304894afe.tar.gz libmicrohttpd-8318f56ebc0085f1319f29862b74b65304894afe.zip |
digestauth: added support for SHA-512/256, made MD5 and SHA-256 optional
Give more flexibility for custom builds: MD5, SHA-256 and SHA-512/256
may be disabled individually.
Diffstat (limited to 'src/include/microhttpd.h')
-rw-r--r-- | src/include/microhttpd.h | 47 |
1 files changed, 28 insertions, 19 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 31d4c648..e5f0abac 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -96,7 +96,7 @@ extern "C" | |||
96 | * they are parsed as decimal numbers. | 96 | * they are parsed as decimal numbers. |
97 | * Example: 0x01093001 = 1.9.30-1. | 97 | * Example: 0x01093001 = 1.9.30-1. |
98 | */ | 98 | */ |
99 | #define MHD_VERSION 0x00097538 | 99 | #define MHD_VERSION 0x00097539 |
100 | 100 | ||
101 | /* If generic headers don't work on your platform, include headers | 101 | /* If generic headers don't work on your platform, include headers |
102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', | 102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', |
@@ -4430,7 +4430,8 @@ MHD_destroy_post_processor (struct MHD_PostProcessor *pp); | |||
4430 | 4430 | ||
4431 | /** | 4431 | /** |
4432 | * Length of the binary output of the SHA-512/256 hash function. | 4432 | * Length of the binary output of the SHA-512/256 hash function. |
4433 | * The value is the same as the #MHD_SHA256_DIGEST_SIZE. | 4433 | * @warning While this value is the same as the #MHD_SHA256_DIGEST_SIZE, |
4434 | * the calculated digests for SHA-256 and SHA-512/256 are different. | ||
4434 | * @sa #MHD_digest_get_hash_size() | 4435 | * @sa #MHD_digest_get_hash_size() |
4435 | * @note Available since #MHD_VERSION 0x00097538 | 4436 | * @note Available since #MHD_VERSION 0x00097538 |
4436 | * @ingroup authentication | 4437 | * @ingroup authentication |
@@ -4465,22 +4466,21 @@ enum MHD_DigestBaseAlgo | |||
4465 | 4466 | ||
4466 | /** | 4467 | /** |
4467 | * SHA-512/256 hash algorithm. | 4468 | * SHA-512/256 hash algorithm. |
4468 | * Not supported for calculations, only supported for parsing of | 4469 | * As specified by FIPS PUB 180-4 |
4469 | * client's authorisation headers. | ||
4470 | */ | 4470 | */ |
4471 | MHD_DIGEST_BASE_ALGO_SHA512_256 = (1 << 2) | 4471 | MHD_DIGEST_BASE_ALGO_SHA512_256 = (1 << 2) |
4472 | } _MHD_FIXED_FLAGS_ENUM; | 4472 | } _MHD_FIXED_FLAGS_ENUM; |
4473 | 4473 | ||
4474 | /** | 4474 | /** |
4475 | * The flag indicating digest calculation types, | 4475 | * The flag indicating non-session algorithm types, |
4476 | * like 'MD5' or 'SHA-256'. | 4476 | * like 'MD5', 'SHA-256' or 'SHA-512-256'. |
4477 | * @note Available since #MHD_VERSION 0x00097519 | 4477 | * @note Available since #MHD_VERSION 0x00097519 |
4478 | */ | 4478 | */ |
4479 | #define MHD_DIGEST_AUTH_ALGO3_NON_SESSION (1 << 6) | 4479 | #define MHD_DIGEST_AUTH_ALGO3_NON_SESSION (1 << 6) |
4480 | 4480 | ||
4481 | /** | 4481 | /** |
4482 | * The flag indicating session algorithm types, | 4482 | * The flag indicating session algorithm types, |
4483 | * like 'MD5-sess' or 'SHA-256-sess'. | 4483 | * like 'MD5-sess', 'SHA-256-sess' or 'SHA-512-256-sess'. |
4484 | * @note Available since #MHD_VERSION 0x00097519 | 4484 | * @note Available since #MHD_VERSION 0x00097519 |
4485 | */ | 4485 | */ |
4486 | #define MHD_DIGEST_AUTH_ALGO3_SESSION (1 << 7) | 4486 | #define MHD_DIGEST_AUTH_ALGO3_SESSION (1 << 7) |
@@ -4528,7 +4528,6 @@ enum MHD_DigestAuthAlgo3 | |||
4528 | 4528 | ||
4529 | /** | 4529 | /** |
4530 | * The 'SHA-512-256' (SHA-512/256) algorithm. | 4530 | * The 'SHA-512-256' (SHA-512/256) algorithm. |
4531 | * Not supported by MHD for authentication. | ||
4532 | */ | 4531 | */ |
4533 | MHD_DIGEST_AUTH_ALGO3_SHA512_256 = | 4532 | MHD_DIGEST_AUTH_ALGO3_SHA512_256 = |
4534 | MHD_DIGEST_BASE_ALGO_SHA512_256 | MHD_DIGEST_AUTH_ALGO3_NON_SESSION, | 4533 | MHD_DIGEST_BASE_ALGO_SHA512_256 | MHD_DIGEST_AUTH_ALGO3_NON_SESSION, |
@@ -4549,8 +4548,8 @@ enum MHD_DigestAuthAlgo3 | |||
4549 | * and other parameters which size depends on used hash algorithm. | 4548 | * and other parameters which size depends on used hash algorithm. |
4550 | * @param algo3 the algorithm to check | 4549 | * @param algo3 the algorithm to check |
4551 | * @return the size of the digest (either #MHD_MD5_DIGEST_SIZE or | 4550 | * @return the size of the digest (either #MHD_MD5_DIGEST_SIZE or |
4552 | * #MHD_SHA256_DIGEST_SIZE) or zero if the input value is not | 4551 | * #MHD_SHA256_DIGEST_SIZE/MHD_SHA512_256_DIGEST_SIZE) |
4553 | * recognised/valid | 4552 | * or zero if the input value is not supported or not valid |
4554 | * @sa #MHD_digest_auth_calc_userdigest() | 4553 | * @sa #MHD_digest_auth_calc_userdigest() |
4555 | * @sa #MHD_digest_auth_calc_userhash(), #MHD_digest_auth_calc_userhash_hex() | 4554 | * @sa #MHD_digest_auth_calc_userhash(), #MHD_digest_auth_calc_userhash_hex() |
4556 | * @note Available since #MHD_VERSION 0x00097526 | 4555 | * @note Available since #MHD_VERSION 0x00097526 |
@@ -4601,8 +4600,6 @@ enum MHD_DigestAuthMultiAlgo3 | |||
4601 | 4600 | ||
4602 | /** | 4601 | /** |
4603 | * The 'SHA-512-256' (SHA-512/256) algorithm. | 4602 | * The 'SHA-512-256' (SHA-512/256) algorithm. |
4604 | * Not supported by MHD for authentication. | ||
4605 | * Reserved value. | ||
4606 | */ | 4603 | */ |
4607 | MHD_DIGEST_AUTH_MULT_ALGO3_SHA512_256 = MHD_DIGEST_AUTH_ALGO3_SHA512_256, | 4604 | MHD_DIGEST_AUTH_MULT_ALGO3_SHA512_256 = MHD_DIGEST_AUTH_ALGO3_SHA512_256, |
4608 | 4605 | ||
@@ -4646,6 +4643,15 @@ enum MHD_DigestAuthMultiAlgo3 | |||
4646 | | MHD_DIGEST_AUTH_MULT_ALGO3_SHA256_SESSION, | 4643 | | MHD_DIGEST_AUTH_MULT_ALGO3_SHA256_SESSION, |
4647 | 4644 | ||
4648 | /** | 4645 | /** |
4646 | * The 'SHA-512/256' algorithm, session or non-session. | ||
4647 | * Not supported by MHD. | ||
4648 | * Reserved value. | ||
4649 | */ | ||
4650 | MHD_DIGEST_AUTH_MULT_ALGO3_SHA512_256_ANY = | ||
4651 | MHD_DIGEST_AUTH_MULT_ALGO3_SHA512_256 | ||
4652 | | MHD_DIGEST_AUTH_MULT_ALGO3_SHA512_256_SESSION, | ||
4653 | |||
4654 | /** | ||
4649 | * Any algorithm, MHD will choose. | 4655 | * Any algorithm, MHD will choose. |
4650 | */ | 4656 | */ |
4651 | MHD_DIGEST_AUTH_MULT_ALGO3_ANY = | 4657 | MHD_DIGEST_AUTH_MULT_ALGO3_ANY = |
@@ -5317,7 +5323,8 @@ MHD_digest_auth_calc_userdigest (enum MHD_DigestAuthAlgo3 algo3, | |||
5317 | * see #MHD_digest_auth_calc_userdigest() | 5323 | * see #MHD_digest_auth_calc_userdigest() |
5318 | * @param userdigest_size the size of the @a userdigest in bytes, must match the | 5324 | * @param userdigest_size the size of the @a userdigest in bytes, must match the |
5319 | * hashing algorithm (see #MHD_MD5_DIGEST_SIZE, | 5325 | * hashing algorithm (see #MHD_MD5_DIGEST_SIZE, |
5320 | * #MHD_SHA256_DIGEST_SIZE, #MHD_digest_get_hash_size()) | 5326 | * #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE, |
5327 | * #MHD_digest_get_hash_size()) | ||
5321 | * @param nonce_timeout the period of seconds since nonce generation, when | 5328 | * @param nonce_timeout the period of seconds since nonce generation, when |
5322 | * the nonce is recognised as valid and not stale. | 5329 | * the nonce is recognised as valid and not stale. |
5323 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc | 5330 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc |
@@ -5327,9 +5334,9 @@ MHD_digest_auth_calc_userdigest (enum MHD_DigestAuthAlgo3 algo3, | |||
5327 | * @param mqop the QOP to use | 5334 | * @param mqop the QOP to use |
5328 | * @param malgo3 digest algorithms allowed to use, fail if algorithm used | 5335 | * @param malgo3 digest algorithms allowed to use, fail if algorithm used |
5329 | * by the client is not allowed by this parameter; | 5336 | * by the client is not allowed by this parameter; |
5330 | * both MD5-based and SHA-256-based algorithms cannot be used at | 5337 | * more than one base algorithms (MD5, SHA-256, SHA-512/256) |
5331 | * the same time for this function as @a userdigest_size must | 5338 | * cannot be used at the same time for this function |
5332 | * match specified algorithm | 5339 | * as @a userdigest must match specified algorithm |
5333 | * @return #MHD_DAUTH_OK if authenticated, | 5340 | * @return #MHD_DAUTH_OK if authenticated, |
5334 | * the error code otherwise | 5341 | * the error code otherwise |
5335 | * @sa #MHD_digest_auth_calc_userdigest() | 5342 | * @sa #MHD_digest_auth_calc_userdigest() |
@@ -6085,7 +6092,8 @@ enum MHD_FEATURE | |||
6085 | /** | 6092 | /** |
6086 | * Get whether the MD5-based hashing algorithms are supported for Digest | 6093 | * Get whether the MD5-based hashing algorithms are supported for Digest |
6087 | * Authorization. | 6094 | * Authorization. |
6088 | * Currently it is always supported if Digest Auth module is built. | 6095 | * Currently it is always supported if Digest Auth module is built |
6096 | * unless manually disabled in a custom build. | ||
6089 | * @note Available since #MHD_VERSION 0x00097527 | 6097 | * @note Available since #MHD_VERSION 0x00097527 |
6090 | */ | 6098 | */ |
6091 | MHD_FEATURE_DIGEST_AUTH_MD5 = 26, | 6099 | MHD_FEATURE_DIGEST_AUTH_MD5 = 26, |
@@ -6094,7 +6102,7 @@ enum MHD_FEATURE | |||
6094 | * Get whether the SHA-256-based hashing algorithms are supported for Digest | 6102 | * Get whether the SHA-256-based hashing algorithms are supported for Digest |
6095 | * Authorization. | 6103 | * Authorization. |
6096 | * It it always supported since #MHD_VERSION 0x00096200 if Digest Auth | 6104 | * It it always supported since #MHD_VERSION 0x00096200 if Digest Auth |
6097 | * module is built. | 6105 | * module is built unless manually disabled in a custom build. |
6098 | * @note Available since #MHD_VERSION 0x00097527 | 6106 | * @note Available since #MHD_VERSION 0x00097527 |
6099 | */ | 6107 | */ |
6100 | MHD_FEATURE_DIGEST_AUTH_SHA256 = 27, | 6108 | MHD_FEATURE_DIGEST_AUTH_SHA256 = 27, |
@@ -6102,7 +6110,8 @@ enum MHD_FEATURE | |||
6102 | /** | 6110 | /** |
6103 | * Get whether the SHA-512/256-based hashing algorithms are supported | 6111 | * Get whether the SHA-512/256-based hashing algorithms are supported |
6104 | * for Digest Authorization. | 6112 | * for Digest Authorization. |
6105 | * Currently it is always not supported. | 6113 | * It it always supported since #MHD_VERSION 0x00097539 if Digest Auth |
6114 | * module is built unless manually disabled in a custom build. | ||
6106 | * @note Available since #MHD_VERSION 0x00097536 | 6115 | * @note Available since #MHD_VERSION 0x00097536 |
6107 | */ | 6116 | */ |
6108 | MHD_FEATURE_DIGEST_AUTH_SHA512_256 = 28, | 6117 | MHD_FEATURE_DIGEST_AUTH_SHA512_256 = 28, |