#!/usr/bin/env perl
##
## Author......: See docs/credits.txt
## License.....: MIT
##
use strict;
use warnings;
use Digest::MD5 qw (md5_hex);
sub module_constraints { [[0, 24], [1, 15], [0, 24], [1, 15], [-1, -1]] }
sub module_generate_hash
{
my $word = shift;
my $nonce = shift;
my $user = shift // random_string (random_number (1, 12 + 1));
my $realm = shift;
my $nonce_count = shift;
my $nonce_client = shift;
my $qop = shift;
my $method = shift // random_string (random_number (1, 24 + 1));
my $URI_prefix = shift // random_string (random_number (1, 10 + 1));
my $URI_resource = shift // random_string (random_number (1, 32 + 1));
my $URI_suffix = shift // random_string (random_number (1, 32 + 1));
my $directive = shift // "MD5";
# not needed information
my $URI_server = shift // random_string (random_number (1, 32 + 1));
my $URI_client = $URI_resource;
return unless ($directive eq "MD5"); # only MD5 directive currently supported
unless (defined $realm)
{
# special limit: (user_len + 1 + realm_len + 1 + word_len) < 56
my $realm_max_len = 55 - length ($user) - 1 - length ($word) - 1;
if ($realm_max_len < 1) # should never happen
{
$realm_max_len = 1;
}
$realm_max_len = min (20, $realm_max_len);
$realm = random_string (random_number (1, $realm_max_len + 1));
}
unless ((defined $nonce_count) && (defined $nonce_client) && (defined $qop))
{
if (random_number (0, 1 + 1) == 1)
{
$qop = "auth";
$nonce_count = random_string (random_number (1, 10 + 1));
$nonce_client = random_string (random_number (1, 12 + 1));
}
else
{
$qop = "";
$nonce_count = "";
$nonce_client = "";
}
}
# start
my $URI = "";
if (length ($URI_prefix) > 0)
{
$URI = $URI_prefix . ":";
}
$URI .= $URI_resource;
if (length ($URI_suffix) > 0)
{
$URI .= ":" . $URI_suffix;
}
my $HA2 = md5_hex ($method . ":" . $URI);
my $HA1 = md5_hex ($user . ":" . $realm . ":" . $word);
my $tmp;
if (($qop eq "auth") || ($qop eq "auth-int"))
{
$tmp = $nonce . ":" . $nonce_count . ":" . $nonce_client . ":" . $qop;
}
else
{
$tmp = $nonce;
}
my $digest = md5_hex ($HA1 . ":" . $tmp . ":" . $HA2);
my $hash = sprintf ("\$sip\$*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s*%s", $URI_server, $URI_resource, $user, $realm, $method, $URI_prefix, $URI_resource, $URI_suffix, $nonce, $nonce_client, $nonce_count, $qop, $directive, $digest);
return $hash;
}
sub module_verify_hash
{
my $line = shift;
my ($digest, $word) = split (/:/, $line);
return unless defined $digest;
return unless defined $word;
my @data = split ('\*', $digest);
return unless scalar @data == 15;
my $signature = shift @data;
my $URI_server = shift @data;
my $URI_client = shift @data;
my $user = shift @data;
my $realm = shift @data;
my $method = shift @data;
my $URI_prefix = shift @data;
my $URI_resource = shift @data;
my $URI_suffix = shift @data;
my $nonce = shift @data;
my $nonce_client = shift @data;
my $nonce_count = shift @data;
my $qop = shift @data;
my $directive = shift @data;
my $hash = shift @data;
return unless ($signature eq '$sip$');
my $word_packed = pack_if_HEX_notation ($word);
my $new_hash = module_generate_hash (
$word_packed,
$nonce,
$user,
$realm,
$nonce_count,
$nonce_client,
$qop,
$method,
$URI_prefix,
$URI_resource,
$URI_suffix,
$directive,
$URI_server);
return ($new_hash, $word);
}
sub min
{
$_[$_[0] > $_[1]];
}
1;