cproxy.c 5.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
  1. /*
  2. * Routines to do cryptographic interaction with proxies in PuTTY.
  3. * This is in a separate module from proxy.c, so that it can be
  4. * conveniently removed in PuTTYtel by replacing this module with
  5. * the stub version nocproxy.c.
  6. */
  7. #include <assert.h>
  8. #include <ctype.h>
  9. #include <string.h>
  10. #include "putty.h"
  11. #include "ssh.h" /* For MD5 support */
  12. #include "network.h"
  13. #include "proxy.h"
  14. #include "marshal.h"
  15. const bool socks5_chap_available = true;
  16. const bool http_digest_available = true;
  17. strbuf *chap_response(ptrlen challenge, ptrlen password)
  18. {
  19. strbuf *sb = strbuf_new_nm();
  20. const ssh2_macalg *alg = &ssh_hmac_md5;
  21. mac_simple(alg, password, challenge, strbuf_append(sb, alg->len));
  22. return sb;
  23. }
  24. static void BinarySink_put_hex_data(BinarySink *bs, const void *vptr,
  25. size_t len)
  26. {
  27. const unsigned char *p = (const unsigned char *)vptr;
  28. const char *hexdigits = "0123456789abcdef";
  29. while (len-- > 0) {
  30. unsigned c = *p++;
  31. put_byte(bs, hexdigits[0xF & (c >> 4)]);
  32. put_byte(bs, hexdigits[0xF & (c )]);
  33. }
  34. }
  35. #define put_hex_data(bs, p, len) \
  36. BinarySink_put_hex_data(BinarySink_UPCAST(bs), p, len)
  37. const char *const httphashnames[] = {
  38. #define DECL_ARRAY(id, str, alg, bits, accepted) str,
  39. HTTP_DIGEST_HASHES(DECL_ARRAY)
  40. #undef DECL_ARRAY
  41. };
  42. const bool httphashaccepted[] = {
  43. #define DECL_ARRAY(id, str, alg, bits, accepted) accepted,
  44. HTTP_DIGEST_HASHES(DECL_ARRAY)
  45. #undef DECL_ARRAY
  46. };
  47. static const ssh_hashalg *const httphashalgs[] = {
  48. #define DECL_ARRAY(id, str, alg, bits, accepted) alg,
  49. HTTP_DIGEST_HASHES(DECL_ARRAY)
  50. #undef DECL_ARRAY
  51. };
  52. static const size_t httphashlengths[] = {
  53. #define DECL_ARRAY(id, str, alg, bits, accepted) bits/8,
  54. HTTP_DIGEST_HASHES(DECL_ARRAY)
  55. #undef DECL_ARRAY
  56. };
  57. void http_digest_response(BinarySink *bs, ptrlen username, ptrlen password,
  58. ptrlen realm, ptrlen method, ptrlen uri, ptrlen qop,
  59. ptrlen nonce, ptrlen opaque, uint32_t nonce_count,
  60. HttpDigestHash hash, bool hash_username)
  61. {
  62. unsigned char a1hash[MAX_HASH_LEN];
  63. unsigned char a2hash[MAX_HASH_LEN];
  64. unsigned char rsphash[MAX_HASH_LEN];
  65. const ssh_hashalg *alg = httphashalgs[hash];
  66. size_t hashlen = httphashlengths[hash];
  67. unsigned char ncbuf[4];
  68. PUT_32BIT_MSB_FIRST(ncbuf, nonce_count);
  69. unsigned char client_nonce_raw[33];
  70. random_read(client_nonce_raw, lenof(client_nonce_raw));
  71. char client_nonce_base64[lenof(client_nonce_raw) / 3 * 4];
  72. for (unsigned i = 0; i < lenof(client_nonce_raw)/3; i++)
  73. base64_encode_atom(client_nonce_raw + 3*i, 3,
  74. client_nonce_base64 + 4*i);
  75. /*
  76. * RFC 7616 section 3.4.2: the hash "A1" is a hash of
  77. * username:realm:password (in the absence of hash names like
  78. * "MD5-sess" which as far as I know don't sensibly apply to
  79. * proxies and HTTP CONNECT).
  80. */
  81. ssh_hash *h = ssh_hash_new(alg);
  82. put_datapl(h, username);
  83. put_byte(h, ':');
  84. put_datapl(h, realm);
  85. put_byte(h, ':');
  86. put_datapl(h, password);
  87. ssh_hash_digest_nondestructive(h, a1hash);
  88. /*
  89. * RFC 7616 section 3.4.3: the hash "A2" is a hash of method:uri
  90. * (in the absence of more interesting quality-of-protection
  91. * schemes than plain "auth" - e.g. "auth-int" hashes the entire
  92. * document as well - which again I don't think make sense in the
  93. * context of proxies and CONNECT).
  94. */
  95. ssh_hash_reset(h);
  96. put_datapl(h, method);
  97. put_byte(h, ':');
  98. put_datapl(h, uri);
  99. ssh_hash_digest_nondestructive(h, a2hash);
  100. /*
  101. * RFC 7616 section 3.4.1: the overall output hash in the
  102. * "response" parameter of the authorization header is a hash of
  103. * A1:nonce:nonce-count:client-nonce:qop:A2, where A1 and A2 are
  104. * the hashes computed above.
  105. */
  106. ssh_hash_reset(h);
  107. put_hex_data(h, a1hash, hashlen);
  108. put_byte(h, ':');
  109. put_datapl(h, nonce);
  110. put_byte(h, ':');
  111. put_hex_data(h, ncbuf, 4);
  112. put_byte(h, ':');
  113. put_data(h, client_nonce_base64, lenof(client_nonce_base64));
  114. put_byte(h, ':');
  115. put_datapl(h, qop);
  116. put_byte(h, ':');
  117. put_hex_data(h, a2hash, hashlen);
  118. ssh_hash_final(h, rsphash);
  119. /*
  120. * Now construct the output header (everything after the initial
  121. * "Proxy-Authorization: Digest ") and write it to the provided
  122. * BinarySink.
  123. */
  124. put_datalit(bs, "username=\"");
  125. if (hash_username) {
  126. /*
  127. * RFC 7616 section 3.4.4: if we're hashing the username, we
  128. * actually hash username:realm (like a truncated version of
  129. * A1 above).
  130. */
  131. ssh_hash *h = ssh_hash_new(alg);
  132. put_datapl(h, username);
  133. put_byte(h, ':');
  134. put_datapl(h, realm);
  135. ssh_hash_final(h, a1hash);
  136. put_hex_data(bs, a1hash, hashlen);
  137. } else {
  138. put_datapl(bs, username);
  139. }
  140. put_datalit(bs, "\", realm=\"");
  141. put_datapl(bs, realm);
  142. put_datalit(bs, "\", uri=\"");
  143. put_datapl(bs, uri);
  144. put_datalit(bs, "\", algorithm=");
  145. put_dataz(bs, httphashnames[hash]);
  146. put_datalit(bs, ", nonce=\"");
  147. put_datapl(bs, nonce);
  148. put_datalit(bs, "\", nc=");
  149. put_hex_data(bs, ncbuf, 4);
  150. put_datalit(bs, ", cnonce=\"");
  151. put_data(bs, client_nonce_base64, lenof(client_nonce_base64));
  152. put_datalit(bs, "\", qop=");
  153. put_datapl(bs, qop);
  154. put_datalit(bs, ", response=\"");
  155. put_hex_data(bs, rsphash, hashlen);
  156. put_datalit(bs, "\"");
  157. if (opaque.ptr) {
  158. put_datalit(bs, ", opaque=\"");
  159. put_datapl(bs, opaque);
  160. put_datalit(bs, "\"");
  161. }
  162. if (hash_username) {
  163. put_datalit(bs, ", userhash=true");
  164. }
  165. smemclr(a1hash, lenof(a1hash));
  166. smemclr(a2hash, lenof(a2hash));
  167. smemclr(rsphash, lenof(rsphash));
  168. smemclr(client_nonce_raw, lenof(client_nonce_raw));
  169. smemclr(client_nonce_base64, lenof(client_nonce_base64));
  170. }