add sha256 support

Change-Id: I3885b2c616b2bcdeef4127e92747d9a87a6621eb
SagerNet · Feb 12, 2025 · f6bfc05 · f6bfc05
1 parent 456ad80
commit f6bfc05
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 10 deletions.
diff --git a/common/auth/auth.go b/common/auth/auth.go
@@ -2,6 +2,7 @@ package auth
 
 import (
 	"crypto/md5"
+	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
 
@@ -12,11 +13,13 @@ import (
 const Realm = "sing-box"
 
 type Challenge struct {
-        Username  string
-        Nonce     string
-        CNonce    string
-        Nc        string
-        Response  string
+	Username  string
+	Nonce     string
+	Algorithm string
+	Uri       string
+	CNonce    string
+	Nc        string
+	Response  string
 }
 
 type User struct {
@@ -54,13 +57,23 @@ func (au *Authenticator) VerifyDigest(method string, uri string, s string) (stri
 	if c.Username == "" || c.Nonce == "" || c.Nc == "" || c.CNonce == "" || c.Response == "" {
 		return "", false
 	}
+	if c.Uri != "" {
+		uri = c.Uri
+	}
 	passwordList, ok := au.userMap[c.Username]
 	if ok {
 		for _, password := range passwordList {
-			ha1 := md5str(c.Username + ":" + Realm + ":" + password)
-			ha2 := md5str(method + ":" + uri)
-			resp := md5str(ha1 + ":" + c.Nonce + ":" + c.Nc + ":" + c.CNonce + ":auth:" + ha2)
-			if resp == c.Response {
+			resp := ""
+			if c.Algorithm == "SHA-256" {
+				ha1 := sha256str(c.Username + ":" + Realm + ":" + password)
+				ha2 := sha256str(method + ":" + uri)
+				resp = sha256str(ha1 + ":" + c.Nonce + ":" + c.Nc + ":" + c.CNonce + ":auth:" + ha2)
+			} else {
+				ha1 := md5str(c.Username + ":" + Realm + ":" + password)
+				ha2 := md5str(method + ":" + uri)
+				resp = md5str(ha1 + ":" + c.Nonce + ":" + c.Nc + ":" + c.CNonce + ":auth:" + ha2)
+			}
+			if resp != "" && resp == c.Response {
 				return c.Username, true
 			}
 		}
@@ -81,6 +94,10 @@ func ParseChallenge(s string) (*Challenge, error) {
 			c.Username = p.Value
 		case "nonce":
 			c.Nonce = p.Value
+		case "algorithm":
+			c.Algorithm = p.Value
+		case "uri":
+			c.Uri = p.Value
 		case "cnonce":
 			c.CNonce = p.Value
 		case "nc":
@@ -97,3 +114,9 @@ func md5str(str string) string  {
 	h.Write([]byte(str))
 	return hex.EncodeToString(h.Sum(nil))
 }
+
+func sha256str(str string) string  {
+	h := sha256.New()
+	h.Write([]byte(str))
+	return hex.EncodeToString(h.Sum(nil))
+}
diff --git a/protocol/http/handshake.go b/protocol/http/handshake.go
@@ -85,7 +85,8 @@ func HandleConnectionEx(
 						"Proxy authentication required",
 						"Content-Type", "text/plain; charset=utf-8",
 						"Proxy-Authenticate", "Basic realm=\"" + auth.Realm + "\"",
-						"Proxy-Authenticate", "Digest realm=\"" + auth.Realm + "\", nonce=\"" + nonce + "\", qop=\"auth\", stale=false",
+						"Proxy-Authenticate", "Digest realm=\"" + auth.Realm + "\", nonce=\"" + nonce + "\", qop=\"auth\", algorithm=SHA-256, stale=false",
+						"Proxy-Authenticate", "Digest realm=\"" + auth.Realm + "\", nonce=\"" + nonce + "\", qop=\"auth\", algorithm=MD5, stale=false",
 						"Connection", "close",
 					).Write(conn)
 				}