test_auth_digest.c

this is simple sip stack.

      "<presentity uri=\"sip:3000@194.2.188.133\"/>\n"
      "<atom atomid=\"BQpTalFpkMyF9hOlR8olWQ==\">\n"
      "<address uri=\"sip:3000@194.2.188.133\" priority=\" 0\">\n"
      "<status status=\"open\"/>\n"
      "<class class=\"business\"/>\n"
      "<duplex duplex=\"full\"/>\n"
      "<feature feature=\"voicemail\"/>\n"
      "<mobility mobility=\"fixed\"/>\n"
      "<note>\n"
      "</note>\n"
      "</address>\n"
      "</atom>\n"
      "</presence>\n";

    memset(ac, 0, sizeof(ac)); ac->ac_size = sizeof(ac);
    memset(ar, 0, sizeof(ar)); ar->ar_size = sizeof(ar);
    
    TEST0(pa = sip_proxy_authenticate_make(home, challenge));
    TEST(auth_digest_challenge_get(home, ac, pa->au_params), 8);

    TEST0(pz = sip_proxy_authorization_make(home, credentials));
    TEST(auth_digest_response_get(home, ar, pz->au_params), 12);
    
    ar->ar_md5 = ac->ac_md5 || ac->ac_algorithm == NULL;

    TEST0(!auth_digest_sessionkey(ar, sessionkey, "test"));
    TEST0(!auth_digest_response(ar, hresponse, sessionkey, "REGISTER", 
				data, strlen(data)));
    TEST_S(hresponse, "26e8b9aaacfca2d68770fab1ec04e2c7");
  }

  su_home_deinit(home);
  
  END();
}

#include <sofia-sip/msg_addr.h>

msg_t *read_message(int flags, char const buffer[])
{
  int n, m;
  msg_t *msg;
  msg_iovec_t iovec[2];

  n = strlen(buffer);
  if (n == 0) 
    return NULL;

  msg = msg_create(sip_default_mclass(), flags);
  if (msg_recv_iovec(msg, iovec, 2, n, 1) < 0) {
    perror("msg_recv_iovec");
  }
  memcpy(iovec->mv_base, buffer, n);
  msg_recv_commit(msg, n, 1);

  m = msg_extract(msg);
  if (m < 0) {
    fprintf(stderr, "test_auth_digest: parsing error\n");
    return NULL;
  }

  return msg;
}

#define AUTH_MAGIC_T su_root_t

#include <sofia-sip/auth_module.h>

static
void test_callback(su_root_t *root, auth_status_t *as)
{
  su_root_break(root);
}

static 
void init_as(auth_status_t *as)
{
  memset(as, 0, sizeof *as); 
  as->as_home->suh_size = (sizeof *as);
  su_home_init(as->as_home);
  as->as_method = "REGISTER";
  as->as_status = 500;
  as->as_phrase = "Infernal Error";
}

static 
void deinit_as(auth_status_t *as)
{
  su_home_deinit(as->as_home);
  memset(as, 0, sizeof *as);
}

static 
void reinit_as(auth_status_t *as)
{
  deinit_as(as); init_as(as);
}

/* Test digest authentication client and server */
int test_digest_client()
{
  BEGIN();
  
  {
    char challenge[] = 
      PROTOCOL " 401 Unauthorized\r\n"
      "Call-ID:0e3dc2b2-dcc6-1226-26ac-258b5ce429ab\r\n"
      "CSeq:32439043 REGISTER\r\n"
      "From:surf3.ims3.so.noklab.net <sip:surf3@ims3.so.noklab.net>;tag=I8hFdg0H3OK\r\n"
      "To:<sip:surf3@ims3.so.noklab.net>\r\n"
      "Via:SIP/2.0/UDP 10.21.36.70:23800;branch=z9hG4bKJjKGu9vIHqf;received=10.21.36.70;rport\r\n"
      "WWW-Authenticate:Digest algorithm=MD5,nonce=\"h7wIpP+atU+/+Zau5UwLMA==\",realm=\"ims3.so.noklab.net\"\r\n"
      "Content-Length:0\r\n"
      "Security-Server:digest\r\n"
      "r\n";
      
    char request[] = 
      "REGISTER sip:ims3.so.noklab.net " PROTOCOL "\r\n"
      "Via: SIP/2.0/UDP 10.21.36.70:23800;rport;branch=z9hG4bKRE18GFwa3AS\r\n"
      "Max-Forwards: 80\r\n"
      "From: surf3.ims3.so.noklab.net <sip:surf3@ims3.so.noklab.net>;tag=I8hFdg0H3OK\r\n"
      "To: <sip:surf3@ims3.so.noklab.net>\r\n"
      "Call-ID: 0e3dc2b2-dcc6-1226-26ac-258b5ce429ab\r\n"
      "CSeq: 32439044 REGISTER\r\n"
      "Contact: <sip:10.21.36.70:23800>\r\n"
      "Expires: 3600\r\n"
      "Supported: timer, 100rel\r\n"
      "Security-Client: digest\r\n"
      "Security-Verify: digest;d-ver=\"1234\"\r\n"
      "Content-Length: 0\r\n"
      "r\n";

    msg_t *m1, *m2;
    sip_t *sip;
    auth_client_t *aucs = NULL;
    sip_request_t *rq;
    su_home_t *home;
    su_root_t *root;
    char *srcdir, *s, *testpasswd;
    auth_mod_t *am;
    auth_status_t as[1];
    sip_www_authenticate_t *au;
    auth_challenger_t ach[1] = 
      {{ 401, "Authorization required", 
	 sip_www_authenticate_class,
	 sip_authentication_info_class
	}};

    TEST_1(home = su_home_new(sizeof(*home)));

    TEST_1(m1 = read_message(MSG_DO_EXTRACT_COPY, challenge));
    TEST_1(sip = sip_object(m1));
    
    TEST(auc_challenge(&aucs, home, sip->sip_www_authenticate, 
		       sip_authorization_class), 1);
    msg_destroy(m1);
    
    TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", 
			     "surf3.private@ims3.so.noklab.net", "1234"), 1);

    TEST_1(m2 = read_message(MSG_DO_EXTRACT_COPY, request));
    TEST_1(sip = sip_object(m2));
    TEST(sip->sip_authorization, NULL);
    TEST_1(rq = sip->sip_request);
    TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, 
			   rq->rq_url, sip->sip_payload), 1);
    TEST_1(sip->sip_authorization);
    TEST_S(msg_params_find(sip->sip_authorization->au_params,
			   "response="),
	   "\"860f5ecc9990772e16937750ced9594d\"");

    TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, 
			   (url_t *)"sip:surf3@ims3.so.noklab.net", 
			   sip->sip_payload), 1);
    TEST_1(sip->sip_authorization);
    TEST_S(msg_params_find(sip->sip_authorization->au_params,
			   "response="),
	   "\"9ce0d6a5869b4e09832d5b705453cbfc\"");

    srcdir = getenv("srcdir");
    if (srcdir == NULL) {
      srcdir = su_strdup(home, argv0);
      if ((s = strrchr(srcdir, '/')))
	*s = '\0';
      else
	srcdir = ".";
    }
    TEST_1(testpasswd = su_sprintf(home, "%s/testpasswd", srcdir));

    TEST_1(root = su_root_create(NULL));

    TEST_1(am = auth_mod_create(NULL, 
				AUTHTAG_METHOD("Digest"),
				AUTHTAG_REALM("ims3.so.noklab.net"),
				AUTHTAG_DB(testpasswd),
				AUTHTAG_OPAQUE("+GNywA=="),
				TAG_END()));

    init_as(as);
    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 401);

    TEST_1(au = sip_authorization_make(home, 
				       "Digest username=\"user1\", "
				       "nonce=\"3wWGOvaWn3n+hFv8PK2ABQ==\", "
				       "opaque=\"+GNywA==\", "
				       "uri=\"sip:3000@194.2.188.133\", "
				       "response=\"26e8b9aaacfca2d6"
				       "8770fab1ec04e2c7\", "
				       "realm=\"ims3.so.noklab.net\""));

    reinit_as(as);
    auth_mod_check_client(am, as, au, ach);
    TEST(as->as_status, 401);

    {
      char const *username = au->au_params[0];
      char const *nonce = au->au_params[1];
      char const *opaque = au->au_params[2];
      char const *uri = au->au_params[3];
      char const *response = au->au_params[4];
      char const *realm = au->au_params[5];
      
      TEST_S(username, "username=\"user1\"");
      TEST_S(nonce, "nonce=\"3wWGOvaWn3n+hFv8PK2ABQ==\"");
      TEST_S(opaque, "opaque=\"+GNywA==\"");
      TEST_S(uri, "uri=\"sip:3000@194.2.188.133\"");
      TEST_S(response, "response=\"26e8b9aaacfca2d68770fab1ec04e2c7\"");

      TEST(msg_params_remove((msg_param_t *)au->au_params, "username"), 1);
      reinit_as(as);
      auth_mod_check_client(am, as, au, ach);
      TEST(as->as_status, 400);
      msg_params_add(home, (msg_param_t **)&au->au_params, username);

      TEST(msg_params_remove((msg_param_t *)au->au_params, "nonce"), 1);
      reinit_as(as);
      auth_mod_check_client(am, as, au, ach);
      TEST(as->as_status, 400);
      msg_params_add(home, (msg_param_t **) &au->au_params, nonce);

      TEST(msg_params_remove((msg_param_t *)au->au_params, "opaque"), 1);
      reinit_as(as);
      auth_mod_check_client(am, as, au, ach);
      TEST(as->as_status, 401);	/* We use opaque to match authorization */
      msg_params_add(home, (msg_param_t **) &au->au_params, opaque);

      TEST(msg_params_remove((msg_param_t *)au->au_params, "uri"), 1);
      reinit_as(as);
      auth_mod_check_client(am, as, au, ach);
      TEST(as->as_status, 400);
      msg_params_add(home, (msg_param_t **) &au->au_params, uri);

      TEST(msg_params_remove((msg_param_t *)au->au_params, "response"), 1);
      reinit_as(as);
      auth_mod_check_client(am, as, au, ach);
      TEST(as->as_status, 400);
      msg_params_add(home, (msg_param_t **)&au->au_params, response);

      TEST(msg_params_remove((msg_param_t *)au->au_params, "realm"), 1);
      reinit_as(as);
      auth_mod_check_client(am, as, au, ach);
      TEST(as->as_status, 401);	/* au is ignored by auth_module */
      msg_params_add(home, (msg_param_t **)&au->au_params, realm);

      reinit_as(as);
      auth_mod_check_client(am, as, au, ach);
      TEST(as->as_status, 401);
    }

    aucs = NULL;

    reinit_as(as);
    auth_mod_check_client(am, as, NULL, ach);
    TEST(as->as_status, 401);
    TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response, 
		       sip_authorization_class), 1);
    reinit_as(as);
    
    TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", 
			     "user1", "secret"), 1);

    msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);

    TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, 
			   (url_t *)"sip:surf3@ims3.so.noklab.net", 
			   sip->sip_payload), 1);
    TEST_1(sip->sip_authorization);

    TEST_1(msg_params_find(sip->sip_authorization->au_params, "cnonce=") == 0);
    TEST_1(msg_params_find(sip->sip_authorization->au_params, "nc=") == 0);

    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 0);
    TEST_1(as->as_info);	/* challenge for next round */
    auth_mod_destroy(am);
    aucs = NULL;

    TEST_1(am = auth_mod_create(NULL, 
				AUTHTAG_METHOD("Digest"),
				AUTHTAG_REALM("ims3.so.noklab.net"),
				AUTHTAG_DB(testpasswd),
				AUTHTAG_ALGORITHM("MD5-sess"),
				AUTHTAG_QOP("auth"),
				AUTHTAG_OPAQUE("opaque=="),
				TAG_END()));

    reinit_as(as);
    auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401);

    {
      msg_auth_t *au = (msg_auth_t *)as->as_response;
      int i;
      char *equal;

      if (au->au_params)
	for (i = 0; au->au_params[i]; i++) {
	  if (strncasecmp(au->au_params[i], "realm=", 6) == 0)
	    continue;
	  equal = strchr(au->au_params[i], '=');
	  if (equal)
	    msg_unquote(equal + 1, equal + 1);
	}

      TEST(auc_challenge(&aucs, home, au, sip_authorization_class), 1);
      reinit_as(as);
    }

    TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", 
			     "user1", "secret"), 1);
    msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);
    TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, 
			   (url_t *)"sip:surf3@ims3.so.noklab.net", 
			   sip->sip_payload), 1);
    TEST_1(sip->sip_authorization);

    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 0);
    TEST_1(as->as_info == NULL);	/* No challenge for next round */

    /* Test with changed payload */

    reinit_as(as);
    as->as_body = "foo"; as->as_bodylen = 3;
    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 0);

    reinit_as(as); aucs = NULL;

    /* Test without opaque */
    {
      msg_auth_t *au;
      char const *opaque;

      auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401);

      au = (void *)msg_header_dup(home, as->as_response); TEST_1(au);

      TEST_1(msg_params_find_slot((msg_param_t *)au->au_params, "opaque"));

      opaque = *msg_params_find_slot((msg_param_t *)au->au_params, "opaque");

      TEST(msg_params_remove((msg_param_t *)au->au_params, "opaque"), 1);

      TEST(auc_challenge(&aucs, home, au, sip_authorization_class), 1);
      TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", 
			       "user1", "secret"), 1);
      msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);

      TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, 
			     (url_t *)"sip:surf3@ims3.so.noklab.net", 
			     sip->sip_payload), 1);

      TEST_1(sip->sip_authorization);
      msg_params_add(home,
		     (msg_param_t **)&sip->sip_authorization->au_params,
		     opaque);