Skip to content

Commit af1e791

Browse files
committed
add sha256 support
Change-Id: I3885b2c616b2bcdeef4127e92747d9a87a6621eb
1 parent 48a2129 commit af1e791

File tree

2 files changed

+23
-5
lines changed

2 files changed

+23
-5
lines changed

common/auth/auth.go

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package auth
22

33
import (
44
"crypto/md5"
5+
"crypto/sha256"
56
"encoding/hex"
67
"fmt"
78

@@ -14,6 +15,7 @@ const Realm = "sing-box"
1415
type Challenge struct {
1516
Username string
1617
Nonce string
18+
Algorithm string
1719
CNonce string
1820
Nc string
1921
Response string
@@ -57,10 +59,17 @@ func (au *Authenticator) VerifyDigest(method string, uri string, s string) (stri
5759
passwordList, ok := au.userMap[c.Username]
5860
if ok {
5961
for _, password := range passwordList {
60-
ha1 := md5str(c.Username + ":" + Realm + ":" + password)
61-
ha2 := md5str(method + ":" + uri)
62-
resp := md5str(ha1 + ":" + c.Nonce + ":" + c.Nc + ":" + c.CNonce + ":auth:" + ha2)
63-
if resp == c.Response {
62+
resp := ""
63+
if c.Algorithm == "SHA-256" {
64+
ha1 := sha256str(c.Username + ":" + Realm + ":" + password)
65+
ha2 := sha256str(method + ":" + uri)
66+
resp = sha256str(ha1 + ":" + c.Nonce + ":" + c.Nc + ":" + c.CNonce + ":auth:" + ha2)
67+
} else {
68+
ha1 := md5str(c.Username + ":" + Realm + ":" + password)
69+
ha2 := md5str(method + ":" + uri)
70+
resp = md5str(ha1 + ":" + c.Nonce + ":" + c.Nc + ":" + c.CNonce + ":auth:" + ha2)
71+
}
72+
if resp != "" && resp == c.Response {
6473
return c.Username, true
6574
}
6675
}
@@ -81,6 +90,8 @@ func ParseChallenge(s string) (*Challenge, error) {
8190
c.Username = p.Value
8291
case "nonce":
8392
c.Nonce = p.Value
93+
case "algorithm":
94+
c.Algorithm = p.Value
8495
case "cnonce":
8596
c.CNonce = p.Value
8697
case "nc":
@@ -97,3 +108,9 @@ func md5str(str string) string {
97108
h.Write([]byte(str))
98109
return hex.EncodeToString(h.Sum(nil))
99110
}
111+
112+
func sha256str(str string) string {
113+
h := sha256.New()
114+
h.Write([]byte(str))
115+
return hex.EncodeToString(h.Sum(nil))
116+
}

protocol/http/handshake.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,8 @@ func HandleConnectionEx(
8585
"Proxy authentication required",
8686
"Content-Type", "text/plain; charset=utf-8",
8787
"Proxy-Authenticate", "Basic realm=\"" + auth.Realm + "\"",
88-
"Proxy-Authenticate", "Digest realm=\"" + auth.Realm + "\", nonce=\"" + nonce + "\", qop=\"auth\", stale=false",
88+
"Proxy-Authenticate", "Digest realm=\"" + auth.Realm + "\", nonce=\"" + nonce + "\", qop=\"auth\", algorithm=SHA-256, stale=false",
89+
"Proxy-Authenticate", "Digest realm=\"" + auth.Realm + "\", nonce=\"" + nonce + "\", qop=\"auth\", algorithm=MD5, stale=false",
8990
"Connection", "close",
9091
).Write(conn)
9192
}

0 commit comments

Comments
 (0)