diff --git a/src/zm_rtsp_auth.cpp b/src/zm_rtsp_auth.cpp index 39b498d81..388095071 100644 --- a/src/zm_rtsp_auth.cpp +++ b/src/zm_rtsp_auth.cpp @@ -18,9 +18,9 @@ #include "zm_rtsp_auth.h" +#include "zm_crypt.h" #include "zm_logger.h" #include "zm_utils.h" -#include #include #include @@ -119,74 +119,49 @@ std::string Authenticator::getAuthHeader(const std::string &method, const std::s } std::string Authenticator::computeDigestResponse(const std::string &method, const std::string &uri) { -#if HAVE_DECL_MD5 || HAVE_DECL_GNUTLS_FINGERPRINT // The "response" field is computed as: // md5(md5(::)::md5(:)) - constexpr size_t md5len = 16; - uint8 md5buf[md5len]; - char md5HexBuf[md5len * 2 + 1]; - + char md5HexBuf[zm::crypto::MD5::DIGEST_LENGTH * 2 + 1]; + // Step 1: md5(::) std::string ha1Data = username() + ":" + realm() + ":" + password(); - Debug( 2, "HA1 pre-md5: %s", ha1Data.c_str() ); -#if HAVE_DECL_MD5 - MD5((unsigned char*)ha1Data.c_str(), ha1Data.length(), md5buf); -#elif HAVE_DECL_GNUTLS_FINGERPRINT - gnutls_datum_t md5dataha1 = {(unsigned char *) ha1Data.c_str(), (unsigned int) ha1Data.length()}; - size_t md5_len_tmp = md5len; - gnutls_fingerprint(GNUTLS_DIG_MD5, &md5dataha1, md5buf, &md5_len_tmp); - assert(md5_len_tmp == md5len); -#endif - for ( unsigned int j = 0; j < md5len; j++ ) { - sprintf(&md5HexBuf[2*j], "%02x", md5buf[j] ); + Debug(2, "HA1 pre-md5: %s", ha1Data.c_str()); + + zm::crypto::MD5::Digest md5_digest = zm::crypto::MD5::GetDigestOf(ha1Data); + for (size_t j = 0; j < md5_digest.size(); j++) { + sprintf(&md5HexBuf[2 * j], "%02x", md5_digest[j]); } - md5HexBuf[md5len*2]='\0'; + md5HexBuf[md5_digest.size() * 2] = '\0'; std::string ha1Hash = md5HexBuf; - + // Step 2: md5(:) std::string ha2Data = method + ":" + uri; - Debug( 2, "HA2 pre-md5: %s", ha2Data.c_str() ); -#if HAVE_DECL_MD5 - MD5((unsigned char*)ha2Data.c_str(), ha2Data.length(), md5buf ); -#elif HAVE_DECL_GNUTLS_FINGERPRINT - gnutls_datum_t md5dataha2 = {(unsigned char *) ha2Data.c_str(), (unsigned int) ha2Data.length()}; - md5_len_tmp = md5len; - gnutls_fingerprint(GNUTLS_DIG_MD5, &md5dataha2, md5buf, &md5_len_tmp); - assert(md5_len_tmp == md5len); -#endif - for ( unsigned int j = 0; j < md5len; j++ ) { - sprintf( &md5HexBuf[2*j], "%02x", md5buf[j] ); + Debug(2, "HA2 pre-md5: %s", ha2Data.c_str()); + + md5_digest = zm::crypto::MD5::GetDigestOf(ha2Data); + for (size_t j = 0; j < md5_digest.size(); j++) { + sprintf(&md5HexBuf[2 * j], "%02x", md5_digest[j]); } - md5HexBuf[md5len*2]='\0'; + md5HexBuf[md5_digest.size() * 2] = '\0'; std::string ha2Hash = md5HexBuf; // Step 3: md5(ha1::ha2) std::string digestData = ha1Hash + ":" + nonce(); - if ( ! fQop.empty() ) { - digestData += ":" + stringtf("%08x", nc) + ":"+fCnonce + ":" + fQop; - nc ++; + if (!fQop.empty()) { + digestData += ":" + stringtf("%08x", nc) + ":" + fCnonce + ":" + fQop; + nc++; // if qop was specified, then we have to include t and a cnonce and an nccount } digestData += ":" + ha2Hash; - Debug( 2, "pre-md5: %s", digestData.c_str() ); -#if HAVE_DECL_MD5 - MD5((unsigned char*)digestData.c_str(), digestData.length(), md5buf); -#elif HAVE_DECL_GNUTLS_FINGERPRINT - gnutls_datum_t md5datadigest = {(unsigned char *) digestData.c_str(), (unsigned int) digestData.length()}; - md5_len_tmp = md5len; - gnutls_fingerprint(GNUTLS_DIG_MD5, &md5datadigest, md5buf, &md5_len_tmp); - assert(md5_len_tmp == md5len); -#endif - for ( unsigned int j = 0; j < md5len; j++ ) { - sprintf( &md5HexBuf[2*j], "%02x", md5buf[j] ); + Debug(2, "pre-md5: %s", digestData.c_str()); + + md5_digest = zm::crypto::MD5::GetDigestOf(digestData); + for (size_t j = 0; j < md5_digest.size(); j++) { + sprintf(&md5HexBuf[2 * j], "%02x", md5_digest[j]); } - md5HexBuf[md5len*2]='\0'; - + md5HexBuf[md5_digest.size() * 2] = '\0'; + return md5HexBuf; -#else // HAVE_DECL_MD5 - Error("You need to build with gnutls or openssl installed to use digest authentication"); - return 0; -#endif // HAVE_DECL_MD5 } void Authenticator::checkAuthResponse(const std::string &response) { diff --git a/src/zm_rtsp_auth.h b/src/zm_rtsp_auth.h index b5a4959f9..52d186d26 100644 --- a/src/zm_rtsp_auth.h +++ b/src/zm_rtsp_auth.h @@ -22,14 +22,6 @@ #include "zm_config.h" #include -#if HAVE_GNUTLS_GNUTLS_H -#include -#endif - -#if HAVE_LIBCRYPTO -#include -#endif // HAVE_LIBCRYPTO - namespace zm { enum AuthMethod { AUTH_UNDEFINED = 0, AUTH_BASIC = 1, AUTH_DIGEST = 2 };