mirror of
https://github.com/emsesp/EMS-ESP32.git
synced 2025-12-06 07:49:52 +03:00
236 lines
7.0 KiB
C++
236 lines
7.0 KiB
C++
/*
|
|
Asynchronous WebServer library for Espressif MCUs
|
|
|
|
Copyright (c) 2016 Hristo Gochkov. All rights reserved.
|
|
This file is part of the esp8266 core for Arduino environment.
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with this library; if not, write to the Free Software
|
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
#include "WebAuthentication.h"
|
|
#include <libb64/cencode.h>
|
|
#ifdef ESP32
|
|
#include "mbedtls/md5.h"
|
|
#else
|
|
#include "md5.h"
|
|
#endif
|
|
|
|
|
|
// Basic Auth hash = base64("username:password")
|
|
|
|
bool checkBasicAuthentication(const char * hash, const char * username, const char * password){
|
|
if(username == NULL || password == NULL || hash == NULL)
|
|
return false;
|
|
|
|
size_t toencodeLen = strlen(username)+strlen(password)+1;
|
|
size_t encodedLen = base64_encode_expected_len(toencodeLen);
|
|
if(strlen(hash) != encodedLen)
|
|
return false;
|
|
|
|
char *toencode = new char[toencodeLen+1];
|
|
if(toencode == NULL){
|
|
return false;
|
|
}
|
|
char *encoded = new char[base64_encode_expected_len(toencodeLen)+1];
|
|
if(encoded == NULL){
|
|
delete[] toencode;
|
|
return false;
|
|
}
|
|
sprintf_P(toencode, PSTR("%s:%s"), username, password);
|
|
if(base64_encode_chars(toencode, toencodeLen, encoded) > 0 && memcmp(hash, encoded, encodedLen) == 0){
|
|
delete[] toencode;
|
|
delete[] encoded;
|
|
return true;
|
|
}
|
|
delete[] toencode;
|
|
delete[] encoded;
|
|
return false;
|
|
}
|
|
|
|
static bool getMD5(uint8_t * data, uint16_t len, char * output){//33 bytes or more
|
|
#ifdef ESP32
|
|
mbedtls_md5_context _ctx;
|
|
#else
|
|
md5_context_t _ctx;
|
|
#endif
|
|
uint8_t i;
|
|
uint8_t * _buf = (uint8_t*)malloc(16);
|
|
if(_buf == NULL)
|
|
return false;
|
|
memset(_buf, 0x00, 16);
|
|
#ifdef ESP32
|
|
mbedtls_md5_init(&_ctx);
|
|
mbedtls_md5_update_ret (&_ctx,data,len);
|
|
mbedtls_md5_finish_ret(&_ctx,data);
|
|
mbedtls_internal_md5_process( &_ctx ,data);
|
|
#else
|
|
MD5Init(&_ctx);
|
|
MD5Update(&_ctx, data, len);
|
|
MD5Final(_buf, &_ctx);
|
|
#endif
|
|
for(i = 0; i < 16; i++) {
|
|
sprintf_P(output + (i * 2), PSTR("%02x"), _buf[i]);
|
|
}
|
|
free(_buf);
|
|
return true;
|
|
}
|
|
|
|
static String genRandomMD5(){
|
|
#ifdef ESP8266
|
|
uint32_t r = RANDOM_REG32;
|
|
#else
|
|
uint32_t r = rand();
|
|
#endif
|
|
char * out = (char*)malloc(33);
|
|
if(out == NULL || !getMD5((uint8_t*)(&r), 4, out))
|
|
return emptyString;
|
|
String res = String(out);
|
|
free(out);
|
|
return res;
|
|
}
|
|
|
|
static String stringMD5(const String& in){
|
|
char * out = (char*)malloc(33);
|
|
if(out == NULL || !getMD5((uint8_t*)(in.c_str()), in.length(), out))
|
|
return emptyString;
|
|
String res = String(out);
|
|
free(out);
|
|
return res;
|
|
}
|
|
|
|
String generateDigestHash(const char * username, const char * password, const char * realm){
|
|
if(username == NULL || password == NULL || realm == NULL){
|
|
return emptyString;
|
|
}
|
|
char * out = (char*)malloc(33);
|
|
String res = String(username);
|
|
res += ':';
|
|
res.concat(realm);
|
|
res += ':';
|
|
String in = res;
|
|
in.concat(password);
|
|
if(out == NULL || !getMD5((uint8_t*)(in.c_str()), in.length(), out))
|
|
return emptyString;
|
|
res.concat(out);
|
|
free(out);
|
|
return res;
|
|
}
|
|
|
|
String requestDigestAuthentication(const char * realm){
|
|
String header = F("realm=\"");
|
|
if(realm == NULL)
|
|
header.concat(F("asyncesp"));
|
|
else
|
|
header.concat(realm);
|
|
header.concat(F("\", qop=\"auth\", nonce=\""));
|
|
header.concat(genRandomMD5());
|
|
header.concat(F("\", opaque=\""));
|
|
header.concat(genRandomMD5());
|
|
header += '"';
|
|
return header;
|
|
}
|
|
|
|
bool checkDigestAuthentication(const char * header, const char *method, const char * username, const char * password, const char * realm, bool passwordIsHash, const char * nonce, const char * opaque, const char * uri){
|
|
if(username == NULL || password == NULL || header == NULL || method == NULL){
|
|
//os_printf("AUTH FAIL: missing requred fields\n");
|
|
return false;
|
|
}
|
|
|
|
String myHeader = String(header);
|
|
int nextBreak = myHeader.indexOf(',');
|
|
if(nextBreak < 0){
|
|
//os_printf("AUTH FAIL: no variables\n");
|
|
return false;
|
|
}
|
|
|
|
String myUsername = String();
|
|
String myRealm = String();
|
|
String myNonce = String();
|
|
String myUri = String();
|
|
String myResponse = String();
|
|
String myQop = String();
|
|
String myNc = String();
|
|
String myCnonce = String();
|
|
|
|
myHeader += F(", ");
|
|
do {
|
|
String avLine = myHeader.substring(0, nextBreak);
|
|
avLine.trim();
|
|
myHeader = myHeader.substring(nextBreak+1);
|
|
nextBreak = myHeader.indexOf(',');
|
|
|
|
int eqSign = avLine.indexOf('=');
|
|
if(eqSign < 0){
|
|
//os_printf("AUTH FAIL: no = sign\n");
|
|
return false;
|
|
}
|
|
String varName = avLine.substring(0, eqSign);
|
|
avLine = avLine.substring(eqSign + 1);
|
|
if(avLine.startsWith(String('"'))){
|
|
avLine = avLine.substring(1, avLine.length() - 1);
|
|
}
|
|
|
|
if(varName.equals(F("username"))){
|
|
if(!avLine.equals(username)){
|
|
//os_printf("AUTH FAIL: username\n");
|
|
return false;
|
|
}
|
|
myUsername = avLine;
|
|
} else if(varName.equals(F("realm"))){
|
|
if(realm != NULL && !avLine.equals(realm)){
|
|
//os_printf("AUTH FAIL: realm\n");
|
|
return false;
|
|
}
|
|
myRealm = avLine;
|
|
} else if(varName.equals(F("nonce"))){
|
|
if(nonce != NULL && !avLine.equals(nonce)){
|
|
//os_printf("AUTH FAIL: nonce\n");
|
|
return false;
|
|
}
|
|
myNonce = avLine;
|
|
} else if(varName.equals(F("opaque"))){
|
|
if(opaque != NULL && !avLine.equals(opaque)){
|
|
//os_printf("AUTH FAIL: opaque\n");
|
|
return false;
|
|
}
|
|
} else if(varName.equals(F("uri"))){
|
|
if(uri != NULL && !avLine.equals(uri)){
|
|
//os_printf("AUTH FAIL: uri\n");
|
|
return false;
|
|
}
|
|
myUri = avLine;
|
|
} else if(varName.equals(F("response"))){
|
|
myResponse = avLine;
|
|
} else if(varName.equals(F("qop"))){
|
|
myQop = avLine;
|
|
} else if(varName.equals(F("nc"))){
|
|
myNc = avLine;
|
|
} else if(varName.equals(F("cnonce"))){
|
|
myCnonce = avLine;
|
|
}
|
|
} while(nextBreak > 0);
|
|
|
|
String ha1 = (passwordIsHash) ? String(password) : stringMD5(myUsername + ':' + myRealm + ':' + String(password));
|
|
String ha2 = String(method) + ':' + myUri;
|
|
String response = ha1 + ':' + myNonce + ':' + myNc + ':' + myCnonce + ':' + myQop + ':' + stringMD5(ha2);
|
|
|
|
if(myResponse.equals(stringMD5(response))){
|
|
//os_printf("AUTH SUCCESS\n");
|
|
return true;
|
|
}
|
|
|
|
//os_printf("AUTH FAIL: password\n");
|
|
return false;
|
|
}
|