RFC 7616 HTTP digest auth: Add support for SHA-256 and username hashing

Tested with lighttpd (configs: https://gist.github.com/rojer/f04fae5eeffe856ec4071a6c20873deb, password for user "test" is "test") Bug: 1160478 Change-Id: I0f5643663fe14b0676af7d2094f9e6d16bb7ff38 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4611879 Commit-Queue: Kenichi Ishibashi <bashi@chromium.org> Reviewed-by: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/main@{#1175895}
qweri0p · Jul 27, 2023 · 507fd35 · 507fd35
1 parent 57ef2d9
commit 507fd35
Show file tree

Hide file tree

Showing 11 changed files with 318 additions and 76 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -326,6 +326,7 @@ Deepak Sharma <deepak.sharma@amd.com>
 Deepak Singla <deepak.s@samsung.com>
 Deniz Eren Evrendilek <devrendilek@gmail.com>
 Deokjin Kim <deokjin81.kim@samsung.com>
+Deomid rojer Ryabkov <rojer9@gmail.com>
 Derek Halman <d.halman@gmail.com>
 Devlin Cronin <rdevlin.cronin@gmail.com>
 Dhi Aurrahman <dio@rockybars.com>

diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
@@ -10717,6 +10717,11 @@ const FeatureEntry kFeatureEntries[] = {
          password_manager::features::kFillingAcrossAffiliatedWebsitesAndroid)},
 #endif
 
+    {"digest-auth-enable-secure-algorithms",
+     flag_descriptions::kDigestAuthEnableSecureAlgorithmsName,
+     flag_descriptions::kDigestAuthEnableSecureAlgorithmsDescription, kOsAll,
+     FEATURE_VALUE_TYPE(net::features::kDigestAuthEnableSecureAlgorithms)},
+
     // NOTE: Adding a new flag requires adding a corresponding entry to enum
     // "LoginCustomFlags" in tools/metrics/histograms/enums.xml. See "Flag
     // Histograms" in tools/metrics/histograms/README.md (run the

diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json
@@ -1611,6 +1611,11 @@
     ],
     "expiry_milestone": 130
   },
+  {
+    "name": "digest-auth-enable-secure-algorithms",
+    "owners": [ "rojer@rojer.me" ],
+    "expiry_milestone": 120
+  },
   {
     "name": "disable-accelerated-2d-canvas",
     "owners": [ "fserb" ],

diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc
@@ -211,6 +211,12 @@ const char kDIPSDescription[] =
     "sites that appear to be performing cross-site tracking using the bounce "
     "tracking technique.";
 
+const char kDigestAuthEnableSecureAlgorithmsName[] =
+    "Enable Secure Algorithms for HTTP DIgest Auth";
+const char kDigestAuthEnableSecureAlgorithmsDescription[] =
+    "This flag controls whether HTTP Digest auth handler should respond to "
+    "challenges that use SHA-256. It also enables username hashing support.";
+
 const char kDocumentPictureInPictureApiName[] =
     "Document Picture-in-Picture API";
 const char kDocumentPictureInPictureApiDescription[] =

diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptions.h
@@ -133,6 +133,9 @@ extern const char kCustomizeChromeColorExtractionDescription[];
 extern const char kCustomizeChromeSidePanelName[];
 extern const char KCustomizeChromeSidePanelDescription[];
 
+extern const char kDigestAuthEnableSecureAlgorithmsName[];
+extern const char kDigestAuthEnableSecureAlgorithmsDescription[];
+
 extern const char kDIPSName[];
 extern const char kDIPSDescription[];
 

diff --git a/net/base/features.cc b/net/base/features.cc
@@ -419,4 +419,8 @@ BASE_FEATURE(kClearSiteDataWildcardSupport,
              "ClearSiteDataWildcardSupport",
              base::FEATURE_ENABLED_BY_DEFAULT);
 
+BASE_FEATURE(kDigestAuthEnableSecureAlgorithms,
+             "DigestAuthEnableSecureAlgorithms",
+             base::FEATURE_ENABLED_BY_DEFAULT);
+
 }  // namespace net::features
diff --git a/net/base/features.h b/net/base/features.h
@@ -422,6 +422,9 @@ NET_EXPORT BASE_DECLARE_FEATURE(kZstdContentEncoding);
 // targets as "*" rather than requiring all targets be listed out.
 NET_EXPORT BASE_DECLARE_FEATURE(kClearSiteDataWildcardSupport);
 
+// Enables SHA-256 and username hashing support for HTTP Digest auth.
+NET_EXPORT BASE_DECLARE_FEATURE(kDigestAuthEnableSecureAlgorithms);
+
 }  // namespace net::features
 
 #endif  // NET_BASE_FEATURES_H_