1 /*
2  * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 
7 #include <stdlib.h>
8 #include <string.h>
9 #include <stdio.h>
10 #include <stdarg.h>
11 
12 #include "esp_netif.h"
13 #include "lwip/sockets.h"
14 #include "esp_rom_md5.h"
15 #include "esp_tls_crypto.h"
16 
17 #include "esp_system.h"
18 #include "esp_log.h"
19 
20 #include "http_utils.h"
21 #include "http_auth.h"
22 
23 #define MD5_MAX_LEN (33)
24 #define HTTP_AUTH_BUF_LEN (1024)
25 
26 static const char *TAG = "HTTP_AUTH";
27 
28 /**
29  * @brief      This function hash a formatted string with MD5 and format the result as ascii characters
30  *
31  * @param      md         The buffer will hold the ascii result
32  * @param[in]  fmt        The format
33  *
34  * @return     Length of the result
35  */
md5_printf(char * md,const char * fmt,...)36 static int md5_printf(char *md, const char *fmt, ...)
37 {
38     unsigned char *buf;
39     unsigned char digest[MD5_MAX_LEN];
40     int len, i;
41     struct MD5Context md5_ctx;
42     va_list ap;
43     va_start(ap, fmt);
44     len = vasprintf((char **)&buf, fmt, ap);
45     if (buf == NULL) {
46         va_end(ap);
47         return ESP_FAIL;
48     }
49 
50     esp_rom_md5_init(&md5_ctx);
51     esp_rom_md5_update(&md5_ctx, buf, len);
52     esp_rom_md5_final(digest, &md5_ctx);
53 
54     for (i = 0; i < 16; ++i) {
55         sprintf(&md[i * 2], "%02x", (unsigned int)digest[i]);
56     }
57     va_end(ap);
58 
59     free(buf);
60     return MD5_MAX_LEN;
61 }
62 
http_auth_digest(const char * username,const char * password,esp_http_auth_data_t * auth_data)63 char *http_auth_digest(const char *username, const char *password, esp_http_auth_data_t *auth_data)
64 {
65     char *ha1, *ha2 = NULL;
66     char *digest = NULL;
67     char *auth_str = NULL;
68     char *temp_auth_str = NULL;
69 
70     if (username == NULL ||
71         password == NULL ||
72         auth_data->nonce == NULL ||
73         auth_data->uri == NULL ||
74         auth_data->realm == NULL) {
75         return NULL;
76     }
77 
78     ha1 = calloc(1, MD5_MAX_LEN);
79     HTTP_MEM_CHECK(TAG, ha1, goto _digest_exit);
80 
81     ha2 = calloc(1, MD5_MAX_LEN);
82     HTTP_MEM_CHECK(TAG, ha2, goto _digest_exit);
83 
84     digest = calloc(1, MD5_MAX_LEN);
85     HTTP_MEM_CHECK(TAG, digest, goto _digest_exit);
86 
87     if (md5_printf(ha1, "%s:%s:%s", username, auth_data->realm, password) <= 0) {
88         goto _digest_exit;
89     }
90 
91     ESP_LOGD(TAG, "%s %s %s %s\r\n", "Digest", username, auth_data->realm, password);
92     if (strcasecmp(auth_data->algorithm, "md5-sess") == 0) {
93         if (md5_printf(ha1, "%s:%s:%016llx", ha1, auth_data->nonce, auth_data->cnonce) <= 0) {
94             goto _digest_exit;
95         }
96     }
97     if (md5_printf(ha2, "%s:%s", auth_data->method, auth_data->uri) <= 0) {
98         goto _digest_exit;
99     }
100 
101     //support qop = auth
102     if (auth_data->qop && strcasecmp(auth_data->qop, "auth-int") == 0) {
103         if (md5_printf(ha2, "%s:%s", ha2, "entity") <= 0) {
104             goto _digest_exit;
105         }
106     }
107 
108     if (auth_data->qop) {
109         // response=MD5(HA1:nonce:nonceCount:cnonce:qop:HA2)
110         if (md5_printf(digest, "%s:%s:%08x:%016llx:%s:%s", ha1, auth_data->nonce, auth_data->nc, auth_data->cnonce, auth_data->qop, ha2) <= 0) {
111             goto _digest_exit;
112         }
113     } else {
114         // response=MD5(HA1:nonce:HA2)
115         if (md5_printf(digest, "%s:%s:%s", ha1, auth_data->nonce, ha2) <= 0) {
116             goto _digest_exit;
117         }
118     }
119     asprintf(&auth_str, "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", algorithm=\"MD5\", "
120              "response=\"%s\", qop=%s, nc=%08x, cnonce=\"%016llx\"",
121              username, auth_data->realm, auth_data->nonce, auth_data->uri, digest, auth_data->qop, auth_data->nc, auth_data->cnonce);
122     if (auth_data->opaque) {
123         asprintf(&temp_auth_str, "%s, opaque=\"%s\"", auth_str, auth_data->opaque);
124         free(auth_str);
125         auth_str = temp_auth_str;
126     }
127 _digest_exit:
128     free(ha1);
129     free(ha2);
130     free(digest);
131     return auth_str;
132 }
133 
http_auth_basic(const char * username,const char * password)134 char *http_auth_basic(const char *username, const char *password)
135 {
136     int out;
137     char *user_info = NULL;
138     char *digest = NULL;
139     size_t n = 0;
140     asprintf(&user_info, "%s:%s", username, password);
141     HTTP_MEM_CHECK(TAG, user_info, return NULL);
142     esp_crypto_base64_encode(NULL, 0, &n, (const unsigned char *)user_info, strlen(user_info));
143     digest = calloc(1, 6 + n + 1);
144     HTTP_MEM_CHECK(TAG, digest, goto _basic_exit);
145     strcpy(digest, "Basic ");
146     esp_crypto_base64_encode((unsigned char *)digest + 6, n, (size_t *)&out, (const unsigned char *)user_info, strlen(user_info));
147 _basic_exit:
148     free(user_info);
149     return digest;
150 }
151