Skip to content

Commit f6bfc05

Browse files
twu2twu2
committed
add sha256 support
Change-Id: I3885b2c616b2bcdeef4127e92747d9a87a6621eb
1 parent 456ad80 commit f6bfc05

File tree

2 files changed

+34
-10
lines changed

2 files changed

+34
-10
lines changed

common/auth/auth.go

Lines changed: 32 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package auth
22

33
import (
44
"crypto/md5"
5+
"crypto/sha256"
56
"encoding/hex"
67
"fmt"
78

@@ -12,11 +13,13 @@ import (
1213
const Realm = "sing-box"
1314

1415
type Challenge struct {
15-
Username string
16-
Nonce string
17-
CNonce string
18-
Nc string
19-
Response string
16+
Username string
17+
Nonce string
18+
Algorithm string
19+
Uri string
20+
CNonce string
21+
Nc string
22+
Response string
2023
}
2124

2225
type User struct {
@@ -54,13 +57,23 @@ func (au *Authenticator) VerifyDigest(method string, uri string, s string) (stri
5457
if c.Username == "" || c.Nonce == "" || c.Nc == "" || c.CNonce == "" || c.Response == "" {
5558
return "", false
5659
}
60+
if c.Uri != "" {
61+
uri = c.Uri
62+
}
5763
passwordList, ok := au.userMap[c.Username]
5864
if ok {
5965
for _, password := range passwordList {
60-
ha1 := md5str(c.Username + ":" + Realm + ":" + password)
61-
ha2 := md5str(method + ":" + uri)
62-
resp := md5str(ha1 + ":" + c.Nonce + ":" + c.Nc + ":" + c.CNonce + ":auth:" + ha2)
63-
if resp == c.Response {
66+
resp := ""
67+
if c.Algorithm == "SHA-256" {
68+
ha1 := sha256str(c.Username + ":" + Realm + ":" + password)
69+
ha2 := sha256str(method + ":" + uri)
70+
resp = sha256str(ha1 + ":" + c.Nonce + ":" + c.Nc + ":" + c.CNonce + ":auth:" + ha2)
71+
} else {
72+
ha1 := md5str(c.Username + ":" + Realm + ":" + password)
73+
ha2 := md5str(method + ":" + uri)
74+
resp = md5str(ha1 + ":" + c.Nonce + ":" + c.Nc + ":" + c.CNonce + ":auth:" + ha2)
75+
}
76+
if resp != "" && resp == c.Response {
6477
return c.Username, true
6578
}
6679
}
@@ -81,6 +94,10 @@ func ParseChallenge(s string) (*Challenge, error) {
8194
c.Username = p.Value
8295
case "nonce":
8396
c.Nonce = p.Value
97+
case "algorithm":
98+
c.Algorithm = p.Value
99+
case "uri":
100+
c.Uri = p.Value
84101
case "cnonce":
85102
c.CNonce = p.Value
86103
case "nc":
@@ -97,3 +114,9 @@ func md5str(str string) string {
97114
h.Write([]byte(str))
98115
return hex.EncodeToString(h.Sum(nil))
99116
}
117+
118+
func sha256str(str string) string {
119+
h := sha256.New()
120+
h.Write([]byte(str))
121+
return hex.EncodeToString(h.Sum(nil))
122+
}

protocol/http/handshake.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,8 @@ func HandleConnectionEx(
8585
"Proxy authentication required",
8686
"Content-Type", "text/plain; charset=utf-8",
8787
"Proxy-Authenticate", "Basic realm=\"" + auth.Realm + "\"",
88-
"Proxy-Authenticate", "Digest realm=\"" + auth.Realm + "\", nonce=\"" + nonce + "\", qop=\"auth\", stale=false",
88+
"Proxy-Authenticate", "Digest realm=\"" + auth.Realm + "\", nonce=\"" + nonce + "\", qop=\"auth\", algorithm=SHA-256, stale=false",
89+
"Proxy-Authenticate", "Digest realm=\"" + auth.Realm + "\", nonce=\"" + nonce + "\", qop=\"auth\", algorithm=MD5, stale=false",
8990
"Connection", "close",
9091
).Write(conn)
9192
}

0 commit comments

Comments
 (0)