test_auth_digest.c

this is simple sip stack.

/*
 * This file is part of the Sofia-SIP package
 *
 * Copyright (C) 2005 Nokia Corporation.
 *
 * Contact: Pekka Pessi <pekka.pessi@nokia.com>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA
 *
 */

/**@CFILE test_auth_digest.c
 *
 * @brief Test authentication functions for "Digest" scheme.
 *
 * @author Pekka Pessi <Pekka.Pessi@nokia.com>
 *
 * @date Created: Thu Feb 22 12:10:37 2001 ppessi
 */

#include "config.h"

#include <stddef.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

#if HAVE_SOFIA_SIP
#define PROTOCOL "SIP/2.0"
#include <sofia-sip/sip.h>
#include <sofia-sip/sip_header.h>
#include <sofia-sip/sip_hclasses.h>
#else
#define PROTOCOL "HTTP/1.1"
#include <sofia-sip/http.h>
#include <sofia-sip/http_header.h>
#define sip_authentication_info_class   http_authentication_info_class
#define sip_authorization               http_authorization
#define sip_authorization_class	        http_authorization_class
#define sip_authorization_make	        http_authorization_make
#define sip_authorization_t	        http_authorization_t
#define sip_default_mclass	        http_default_mclass
#define sip_object		        http_object
#define sip_payload		        http_payload
#define sip_proxy_authenticate_make     http_proxy_authenticate_make
#define sip_proxy_authenticate_t        http_proxy_authenticate_t
#define sip_proxy_authorization_make    http_proxy_authorization_make
#define sip_proxy_authorization_t       http_proxy_authorization_t
#define sip_request		        http_request
#define sip_request_t		        http_request_t
#define sip_t			        http_t
#define sip_www_authenticate	        http_www_authenticate
#define sip_www_authenticate_class      http_www_authenticate_class
#define sip_www_authenticate            http_www_authenticate
#define sip_www_authenticate_make       http_www_authenticate_make
#define sip_www_authenticate_t	        http_www_authenticate_t
#endif

#include <sofia-sip/auth_digest.h>
#include <sofia-sip/auth_client.h>
#include <sofia-sip/msg_header.h>
#include <sofia-sip/su_wait.h>

int tstflags;
char *argv0;

#define TSTFLAGS tstflags 

#include <sofia-sip/tstdef.h>

#if defined(_WIN32)
#include <fcntl.h>
#endif

char const name[] = "test_auth_digest";

/* Fake su_time() implementation */
#include <time.h>

unsigned offset;

void su_time(su_time_t *tv)
{
  tv->tv_sec = time(NULL) + offset + 
    /* Seconds from 1.1.1900 to 1.1.1970 */ 2208988800UL ;
  tv->tv_usec = 555555;
}

int test_digest()
{
  char challenge[] = "Digest "
    "realm=\"garage.sr.ntc.nokia.com\", "
    "nonce=\"MjAwMS0wMS0yMSAxNTowODo1OA==\", "
    "algorithm=MD5, "
    "qop=\"auth\"";

  char response[] = 
    "DIGEST USERNAME=\"digest\", "
    "REALM=\"garage.sr.ntc.nokia.com\", "
    "NONCE=\"MjAwMS0wMS0yMSAxNTowODo1OA==\", "
    "RESPONSE=\"d9d7f1ae99a013cb05f319f0f678251d\", "
    "URI=\"sip:garage.sr.ntc.nokia.com\"";

  char rfc2617[] = 
    "Digest username=\"Mufasa\", "
    "realm=\"testrealm@host.com\", "
    "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", "
    "cnonce=\"0a4f113b\", "
    "nc=\"00000001\", "
    "qop=\"auth\", "
    "algorithm=\"md5\", "
    "uri=\"/dir/index.html\"";

  char indigo[] = 
    "Digest username=\"user1\", "
    "realm=\"nokia-proxy\", "
    "nonce=\"0YXwH29PCT4lEz8+YJipQg==\", "
    "uri=\"sip:nokia@62.254.248.33\", "
    "response=\"dd22a698b1a9510c4237c52e0e2cbfac\", "
    "algorithm=MD5, "
    "cnonce=\"V2VkIEF1ZyAxNSAxNzozNDowNyBHTVQrMDE6MDAgMjAwMVtCQDI0YmZhYQ==\", "
    "opaque=\"WiMlvw==\", "
    "qop=auth, "
    "nc=000000002";

  char proxy_authenticate[] = 
    "Digest realm=\"IndigoSw\", "
    "domain=\"indigosw.com aol.com\", "
    "nonce=\"V2VkIEF1ZyAxNSAxNzoxNzozNyBCU1QgMjAwMVtCQDE3OWU4Yg==\", "
    "opaque=\"Nzg5MWU3YjZiNDQ0YzI2Zg==\", "
    "stale=false, "
    "algorithm=md5, "
    "qop=\"auth, auth-int\"";

  sip_www_authenticate_t *wa;
  sip_authorization_t *au;
  sip_proxy_authenticate_t *pa;
  sip_proxy_authorization_t *pz;

  auth_challenge_t ac[1] = {{ sizeof(ac) }};
  auth_response_t  ar[1] = {{ sizeof(ar) }};
  su_home_t home[1] = {{ sizeof(home) }};

  auth_hexmd5_t sessionkey, hresponse;

  BEGIN();

  TEST0(wa = sip_www_authenticate_make(home, challenge));
  TEST(auth_digest_challenge_get(home, ac, wa->au_params), 6);
  TEST_S(ac->ac_realm, "garage.sr.ntc.nokia.com");
  TEST_S(ac->ac_nonce, "MjAwMS0wMS0yMSAxNTowODo1OA==");
  TEST_S(ac->ac_algorithm, "MD5");
  TEST_1(ac->ac_md5); TEST_1(!ac->ac_md5sess); TEST_1(!ac->ac_sha1);
  TEST_S(ac->ac_qop, "auth");
  TEST_1(ac->ac_auth); TEST_1(!ac->ac_auth_int);

  TEST0(au = sip_authorization_make(home, response));
  TEST(auth_digest_response_get(home, ar, au->au_params), 5);

  TEST0(au = sip_authorization_make(home, rfc2617));
  TEST(auth_digest_response_get(home, ar, au->au_params), 10);

  TEST0(auth_digest_sessionkey(ar, sessionkey, "Circle Of Life") == 0);
  if (tstflags & tst_verbatim) 
    printf("%s: sessionkey=\"%s\"\n", name, sessionkey);
  TEST0(strcmp(sessionkey, "939e7578ed9e3c518a452acee763bce9") == 0);

  TEST0(auth_digest_response(ar, hresponse, sessionkey, "GET", NULL, 0) == 0);
  if (tstflags & tst_verbatim) 
    printf("%s: hresponse=\"%s\"\n", name, hresponse);
  TEST0(strcmp(hresponse, "6629fae49393a05397450978507c4ef1") == 0);

  TEST0(au = sip_authorization_make(home, indigo));
  TEST(auth_digest_response_get(home, ar, au->au_params), 12);
  TEST0(auth_digest_sessionkey(ar, sessionkey, "secret") == 0);
  TEST0(auth_digest_response(ar, hresponse, sessionkey, "BYE", NULL, 0) == 0);
  TEST0(strcmp(hresponse, "dd22a698b1a9510c4237c52e0e2cbfac") == 0);

  TEST0(pa = sip_proxy_authenticate_make(home, proxy_authenticate));
  TEST(auth_digest_challenge_get(home, ac, pa->au_params), 9);

  TEST_S(ac->ac_realm, "IndigoSw");
  TEST_1(ac->ac_auth);
  TEST_1(ac->ac_auth_int);

  {
    char challenge[] = 
      "Digest realm=\"opera.ntc.nokia.com\", "
      "nonce=\"InyiWI+qIdvDKkO2jFK7mg==\"";

    char credentials[] = 
      "Digest username=\"samuel.privat.saturday@opera.ntc.nokia.com\", "
      "realm=\"opera.ntc.nokia.com\", nonce=\"InyiWI+qIdvDKkO2jFK7mg==\", "
      "algorithm=MD5, uri=\"sip:opera.ntc.nokia.com\", "
      "response=\"4b4edab897dafce8d9af4b37abcdc086\"";

    memset(ac, 0, sizeof(ac)); ac->ac_size = sizeof(ac);
    memset(ar, 0, sizeof(ar)); ar->ar_size = sizeof(ar);

    TEST0(pa = sip_www_authenticate_make(home, challenge));
    TEST(auth_digest_challenge_get(home, ac, pa->au_params), 2);

    TEST0(pz = sip_proxy_authorization_make(home, credentials));
    TEST(auth_digest_response_get(home, ar, pz->au_params), 7);

    ar->ar_md5 = ac->ac_md5 || ac->ac_algorithm == NULL;

    TEST0(!auth_digest_sessionkey(ar, sessionkey, "1123456789ABCDEF"));
    TEST0(!auth_digest_response(ar, hresponse, sessionkey, "REGISTER", NULL, 0));
    TEST_S(hresponse, "4b4edab897dafce8d9af4b37abcdc086");
  }

  if (0) {
    /*
      RFC 2069:
      that the username for this document is "Mufasa", and the password is
      "CircleOfLife".

      The first time the client requests the document, no Authorization
      header is sent, so the server responds with:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest    realm="testrealm@host.com",
                            nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
                            opaque="5ccc069c403ebaf9f0171e9517f40e41"

  The client may prompt the user for the username and password, after
  which it will respond with a new request, including the following
  Authorization header:

Authorization: Digest       username="Mufasa",
                            realm="testrealm@host.com",
                            nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
                            uri="/dir/index.html",
                            response="e966c932a9242554e42c8ee200cec7f6",
                            opaque="5ccc069c403ebaf9f0171e9517f40e41"
    */

    char challenge[] = 
      "Digest realm=\"testrealm@host.com\", "
      "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", "
      "opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"";

    char rfc2069_cred[] = 
      "Digest username=\"Mufasa\", "
      "realm=\"testrealm@host.com\", "
      "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", "
      "uri=\"/dir/index.html\", "
      "response=\"e966c932a9242554e42c8ee200cec7f6\", "
      "opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"";

    memset(ac, 0, sizeof(ac)); ac->ac_size = sizeof(ac);
    memset(ar, 0, sizeof(ar)); ar->ar_size = sizeof(ar);

    TEST0(pa = sip_www_authenticate_make(home, challenge));
    TEST(auth_digest_challenge_get(home, ac, pa->au_params), 3);

    TEST0(pz = sip_proxy_authorization_make(home, rfc2069_cred));
    TEST(auth_digest_response_get(home, ar, pz->au_params), 6);

    ar->ar_md5 = ac->ac_md5 || ac->ac_algorithm == NULL;

    TEST_S(ar->ar_username, "Mufasa");
    TEST0(!auth_digest_sessionkey(ar, sessionkey, "CircleOfLife"));
    TEST0(!auth_digest_response(ar, hresponse, sessionkey, "GET", NULL, 0));
    TEST_S(hresponse, "e966c932a9242554e42c8ee200cec7f6");
  }

  {
    char worldcom_chal[] = 
      "Digest realm=\"WCOM\", nonce=\"ce2292f3f748fbe239bda9e852e8b986\"";

    char worldcom_cred[] = 
      "Digest realm=\"WCOM\", username=\"jari\", "
      "nonce=\"ce2292f3f748fbe239bda9e852e8b986\", "
      "response=\"ea692d202019d41a75c70df4b2401e2f\", "
      "uri=\"sip:1234@209.132.126.82\"";

    memset(ac, 0, sizeof(ac)); ac->ac_size = sizeof(ac);
    memset(ar, 0, sizeof(ar)); ar->ar_size = sizeof(ar);

    TEST0(pa = sip_proxy_authenticate_make(home, worldcom_chal));
    TEST(auth_digest_challenge_get(home, ac, pa->au_params), 2);

    TEST0(pz = sip_proxy_authorization_make(home, worldcom_cred));
    TEST(auth_digest_response_get(home, ar, pz->au_params), 5);

    ar->ar_md5 = ac->ac_md5 || ac->ac_algorithm == NULL;

    TEST0(!auth_digest_sessionkey(ar, sessionkey, "pass"));
    TEST0(!auth_digest_response(ar, hresponse, sessionkey, "REGISTER", NULL, 0));
    TEST_S(hresponse, "ea692d202019d41a75c70df4b2401e2f");
  }

  {
    char etri_chal[] = 
      "Digest realm=\"nokia-proxy\", domain=\"sip:194.2.188.133\", "
      "nonce=\"wB7JBwIb/XhtgfGp1VuPoQ==\", opaque=\"wkJxwA==\", "
      ", algorithm=MD5, qop=\"auth\"";

    char etri_cred[] = 
      "Digest username=\"myhuh\", realm=\"nokia-proxy\", "
      "nonce=\"wB7JBwIb/XhtgfGp1VuPoQ==\", uri=\"sip:194.2.188.133\", "
      "response=\"32960a62bdc202171ca5a294dc229a6d\", "
      "opaque=\"wkJxwA==\"" /* , qop=\"auth\"" */;

    memset(ac, 0, sizeof(ac)); ac->ac_size = sizeof(ac);
    memset(ar, 0, sizeof(ar)); ar->ar_size = sizeof(ar);
    
    TEST0(pa = sip_proxy_authenticate_make(home, etri_chal));
    TEST(auth_digest_challenge_get(home, ac, pa->au_params), 8);

    TEST0(pz = sip_proxy_authorization_make(home, etri_cred));
    TEST(auth_digest_response_get(home, ar, pz->au_params), 6 /* 8 */);
    
    ar->ar_md5 = ac->ac_md5 || ac->ac_algorithm == NULL;

    TEST(auth_digest_sessionkey(ar, sessionkey, "myhuh"), 0);
    TEST(auth_digest_response(ar, hresponse, sessionkey, "REGISTER", NULL, 0), 0);
    TEST_S(hresponse, "32960a62bdc202171ca5a294dc229a6d");
  }

  {
    char chal[] = 
      "Digest realm=\"nokia-proxy\", domain=\"sip:10.21.32.63\", "
      "nonce=\"GjbLsrozHC6Lx95C57vGlw==\", opaque=\"HN22wQ==\", algorithm=MD5";

    char cred[] =
      "digest username=\"test1\",realm=\"nokia-proxy\","
      "nonce=\"GjbLsrozHC6Lx95C57vGlw==\",opaque=\"HN22wQ==\","
      "uri=\"sip:10.21.32.63\",response=\"e86db25d96713482e35378504caaba6b\","
      "algorithm=\"MD5\"";

    memset(ac, 0, sizeof(ac)); ac->ac_size = sizeof(ac);
    memset(ar, 0, sizeof(ar)); ar->ar_size = sizeof(ar);
    
    TEST0(pa = sip_proxy_authenticate_make(home, chal));
    TEST(auth_digest_challenge_get(home, ac, pa->au_params), 6);

    TEST0(pz = sip_proxy_authorization_make(home, cred));
    TEST(auth_digest_response_get(home, ar, pz->au_params), 8);
    
    ar->ar_md5 = ac->ac_md5 || ac->ac_algorithm == NULL;

    TEST(auth_digest_sessionkey(ar, sessionkey, "test1"), 0);
    TEST(auth_digest_response(ar, hresponse, sessionkey, "REGISTER", NULL, 0), 0);
    TEST_S(hresponse, "db41913e8964dde69a1519739f35a302");
  }

  {
    char challenge[] = 
      "Digest realm=\"nokia-proxy\", domain=\"sip:194.2.188.133\", "
      "nonce=\"3wWGOvaWn3n+hFv8PK2ABQ==\", opaque=\"+GNywA==\", "
      "algorithm=MD5, qop=\"auth-int\"";
    char credentials[] = 
      "Digest username=\"test\", realm=\"nokia-proxy\", "
      "nonce=\"3wWGOvaWn3n+hFv8PK2ABQ==\", "
      "cnonce=\"11RkhFg9EdaIRD36w0EMVA==\", opaque=\"+GNywA==\", "
      "uri=\"sip:3000@194.2.188.133\", algorithm=MD5, "
      "response=\"26e8b9aaacfca2d68770fab1ec04e2c7\", "
      "qop=auth-int, nc=00000001";
    char data[] = 
      "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n"
      "<presence>\n"