diff options
| author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-05-02 12:29:38 +0300 |
|---|---|---|
| committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-05-04 15:47:36 +0300 |
| commit | 5658583a8811537a5a42d5c7a93d6b4d9c685327 (patch) | |
| tree | 4a1476f6661a2cd4c15af7a970bdf4f2248c5fd9 /src/microhttpd/digestauth.c | |
| parent | 6245c9a0a2d5dadbb87474b36f09a07ec0cf6d26 (diff) | |
| download | libmicrohttpd-5658583a8811537a5a42d5c7a93d6b4d9c685327.tar.gz libmicrohttpd-5658583a8811537a5a42d5c7a93d6b4d9c685327.zip | |
digestauth: increased timestamp to 48 bits
Diffstat (limited to 'src/microhttpd/digestauth.c')
| -rw-r--r-- | src/microhttpd/digestauth.c | 45 |
1 files changed, 30 insertions, 15 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index f009a6f2..250276d1 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
| @@ -42,9 +42,17 @@ | |||
| 42 | #endif /* MHD_W32_MUTEX_ */ | 42 | #endif /* MHD_W32_MUTEX_ */ |
| 43 | 43 | ||
| 44 | /** | 44 | /** |
| 45 | * 32 bit value is 4 bytes | 45 | * 48 bit value in bytes |
| 46 | */ | 46 | */ |
| 47 | #define TIMESTAMP_BIN_SIZE 4 | 47 | #define TIMESTAMP_BIN_SIZE (48 / 8) |
| 48 | |||
| 49 | |||
| 50 | /** | ||
| 51 | * Trim value to the TIMESTAMP_BIN_SIZE size | ||
| 52 | */ | ||
| 53 | #define TRIM_TO_TIMESTAMP(value) \ | ||
| 54 | ((value) & ((UINT64_C(1) << (TIMESTAMP_BIN_SIZE * 8)) - 1)) | ||
| 55 | |||
| 48 | 56 | ||
| 49 | /** | 57 | /** |
| 50 | * Standard server nonce length, not including terminating null, | 58 | * Standard server nonce length, not including terminating null, |
| @@ -718,7 +726,7 @@ MHD_digest_auth_get_username (struct MHD_Connection *connection) | |||
| 718 | * must provide NONCE_STD_LEN(da->digest_size)+1 bytes | 726 | * must provide NONCE_STD_LEN(da->digest_size)+1 bytes |
| 719 | */ | 727 | */ |
| 720 | static void | 728 | static void |
| 721 | calculate_nonce (uint32_t nonce_time, | 729 | calculate_nonce (uint64_t nonce_time, |
| 722 | const char *method, | 730 | const char *method, |
| 723 | const char *rnd, | 731 | const char *rnd, |
| 724 | size_t rnd_size, | 732 | size_t rnd_size, |
| @@ -727,7 +735,7 @@ calculate_nonce (uint32_t nonce_time, | |||
| 727 | struct DigestAlgorithm *da, | 735 | struct DigestAlgorithm *da, |
| 728 | char *nonce) | 736 | char *nonce) |
| 729 | { | 737 | { |
| 730 | unsigned char timestamp[TIMESTAMP_BIN_SIZE]; | 738 | uint8_t timestamp[TIMESTAMP_BIN_SIZE]; |
| 731 | const unsigned int digest_size = da->digest_size; | 739 | const unsigned int digest_size = da->digest_size; |
| 732 | char tmpnonce[VLA_ARRAY_LEN_DIGEST (digest_size)]; | 740 | char tmpnonce[VLA_ARRAY_LEN_DIGEST (digest_size)]; |
| 733 | 741 | ||
| @@ -735,10 +743,17 @@ calculate_nonce (uint32_t nonce_time, | |||
| 735 | mhd_assert (0 != digest_size); | 743 | mhd_assert (0 != digest_size); |
| 736 | VLA_CHECK_LEN_DIGEST (digest_size); | 744 | VLA_CHECK_LEN_DIGEST (digest_size); |
| 737 | da->init (da->ctx); | 745 | da->init (da->ctx); |
| 738 | timestamp[0] = (unsigned char) ((nonce_time & 0xff000000) >> 0x18); | 746 | /* If the nonce_time is milliseconds, then the same 48 bit value will repeat |
| 739 | timestamp[1] = (unsigned char) ((nonce_time & 0x00ff0000) >> 0x10); | 747 | * every 8 925 years, which is more than enough to mitigate a replay attack */ |
| 740 | timestamp[2] = (unsigned char) ((nonce_time & 0x0000ff00) >> 0x08); | 748 | #if TIMESTAMP_BIN_SIZE != 6 |
| 741 | timestamp[3] = (unsigned char) ((nonce_time & 0x000000ff)); | 749 | #error The code needs to be updated here |
| 750 | #endif | ||
| 751 | timestamp[0] = (uint8_t) (nonce_time >> (8 * (TIMESTAMP_BIN_SIZE - 1 - 0))); | ||
| 752 | timestamp[1] = (uint8_t) (nonce_time >> (8 * (TIMESTAMP_BIN_SIZE - 1 - 1))); | ||
| 753 | timestamp[2] = (uint8_t) (nonce_time >> (8 * (TIMESTAMP_BIN_SIZE - 1 - 2))); | ||
| 754 | timestamp[3] = (uint8_t) (nonce_time >> (8 * (TIMESTAMP_BIN_SIZE - 1 - 3))); | ||
| 755 | timestamp[4] = (uint8_t) (nonce_time >> (8 * (TIMESTAMP_BIN_SIZE - 1 - 4))); | ||
| 756 | timestamp[5] = (uint8_t) (nonce_time >> (8 * (TIMESTAMP_BIN_SIZE - 1 - 5))); | ||
| 742 | da->update (da->ctx, | 757 | da->update (da->ctx, |
| 743 | timestamp, | 758 | timestamp, |
| 744 | sizeof (timestamp)); | 759 | sizeof (timestamp)); |
| @@ -923,8 +938,8 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
| 923 | char response[MAX_AUTH_RESPONSE_LENGTH]; | 938 | char response[MAX_AUTH_RESPONSE_LENGTH]; |
| 924 | const char *hentity = NULL; /* "auth-int" is not supported */ | 939 | const char *hentity = NULL; /* "auth-int" is not supported */ |
| 925 | char noncehashexp[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (digest_size)) + 1]; | 940 | char noncehashexp[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (digest_size)) + 1]; |
| 926 | uint32_t nonce_time; | 941 | uint64_t nonce_time; |
| 927 | uint32_t t; | 942 | uint64_t t; |
| 928 | size_t left; /* number of characters left in 'header' for 'uri' */ | 943 | size_t left; /* number of characters left in 'header' for 'uri' */ |
| 929 | uint64_t nci; | 944 | uint64_t nci; |
| 930 | char *qmark; | 945 | char *qmark; |
| @@ -992,7 +1007,7 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
| 992 | return MHD_NO; | 1007 | return MHD_NO; |
| 993 | } | 1008 | } |
| 994 | if (TIMESTAMP_BIN_SIZE * 2 != | 1009 | if (TIMESTAMP_BIN_SIZE * 2 != |
| 995 | MHD_strx_to_uint32_n_ (nonce + len - TIMESTAMP_BIN_SIZE * 2, | 1010 | MHD_strx_to_uint64_n_ (nonce + len - TIMESTAMP_BIN_SIZE * 2, |
| 996 | TIMESTAMP_BIN_SIZE * 2, | 1011 | TIMESTAMP_BIN_SIZE * 2, |
| 997 | &nonce_time)) | 1012 | &nonce_time)) |
| 998 | { | 1013 | { |
| @@ -1002,14 +1017,14 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
| 1002 | #endif | 1017 | #endif |
| 1003 | return MHD_NO; | 1018 | return MHD_NO; |
| 1004 | } | 1019 | } |
| 1005 | t = (uint32_t) MHD_monotonic_sec_counter (); | 1020 | |
| 1021 | t = (uint64_t) MHD_monotonic_sec_counter (); | ||
| 1006 | /* | 1022 | /* |
| 1007 | * First level vetting for the nonce validity: if the timestamp | 1023 | * First level vetting for the nonce validity: if the timestamp |
| 1008 | * attached to the nonce exceeds `nonce_timeout', then the nonce is | 1024 | * attached to the nonce exceeds `nonce_timeout', then the nonce is |
| 1009 | * invalid. | 1025 | * invalid. |
| 1010 | */ | 1026 | */ |
| 1011 | if ( (t > nonce_time + nonce_timeout) || | 1027 | if (TRIM_TO_TIMESTAMP (t - nonce_time) > nonce_timeout) |
| 1012 | (nonce_time + nonce_timeout < nonce_time) ) | ||
| 1013 | { | 1028 | { |
| 1014 | /* too old */ | 1029 | /* too old */ |
| 1015 | return MHD_INVALID_NONCE; | 1030 | return MHD_INVALID_NONCE; |
| @@ -1432,7 +1447,7 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection, | |||
| 1432 | 1447 | ||
| 1433 | VLA_CHECK_LEN_DIGEST (da.digest_size); | 1448 | VLA_CHECK_LEN_DIGEST (da.digest_size); |
| 1434 | /* Generating the server nonce */ | 1449 | /* Generating the server nonce */ |
| 1435 | calculate_nonce ((uint32_t) MHD_monotonic_sec_counter (), | 1450 | calculate_nonce ((uint64_t) MHD_monotonic_sec_counter (), |
| 1436 | connection->method, | 1451 | connection->method, |
| 1437 | connection->daemon->digest_auth_random, | 1452 | connection->daemon->digest_auth_random, |
| 1438 | connection->daemon->digest_auth_rand_size, | 1453 | connection->daemon->digest_auth_rand_size, |