| 1 | /***************************************************************************
|
|---|
| 2 | * _ _ ____ _
|
|---|
| 3 | * Project ___| | | | _ \| |
|
|---|
| 4 | * / __| | | | |_) | |
|
|---|
| 5 | * | (__| |_| | _ <| |___
|
|---|
| 6 | * \___|\___/|_| \_\_____|
|
|---|
| 7 | *
|
|---|
| 8 | * Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al.
|
|---|
| 9 | *
|
|---|
| 10 | * This software is licensed as described in the file COPYING, which
|
|---|
| 11 | * you should have received as part of this distribution. The terms
|
|---|
| 12 | * are also available at https://curl.se/docs/copyright.html.
|
|---|
| 13 | *
|
|---|
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|---|
| 15 | * copies of the Software, and permit persons to whom the Software is
|
|---|
| 16 | * furnished to do so, under the terms of the COPYING file.
|
|---|
| 17 | *
|
|---|
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|---|
| 19 | * KIND, either express or implied.
|
|---|
| 20 | *
|
|---|
| 21 | * SPDX-License-Identifier: curl
|
|---|
| 22 | *
|
|---|
| 23 | * RFC2195 CRAM-MD5 authentication
|
|---|
| 24 | *
|
|---|
| 25 | ***************************************************************************/
|
|---|
| 26 |
|
|---|
| 27 | #include "curl_setup.h"
|
|---|
| 28 |
|
|---|
| 29 | #if !defined(CURL_DISABLE_CRYPTO_AUTH)
|
|---|
| 30 |
|
|---|
| 31 | #include <curl/curl.h>
|
|---|
| 32 | #include "urldata.h"
|
|---|
| 33 |
|
|---|
| 34 | #include "vauth/vauth.h"
|
|---|
| 35 | #include "curl_hmac.h"
|
|---|
| 36 | #include "curl_md5.h"
|
|---|
| 37 | #include "warnless.h"
|
|---|
| 38 | #include "curl_printf.h"
|
|---|
| 39 |
|
|---|
| 40 | /* The last #include files should be: */
|
|---|
| 41 | #include "curl_memory.h"
|
|---|
| 42 | #include "memdebug.h"
|
|---|
| 43 |
|
|---|
| 44 |
|
|---|
| 45 | /*
|
|---|
| 46 | * Curl_auth_create_cram_md5_message()
|
|---|
| 47 | *
|
|---|
| 48 | * This is used to generate a CRAM-MD5 response message ready for sending to
|
|---|
| 49 | * the recipient.
|
|---|
| 50 | *
|
|---|
| 51 | * Parameters:
|
|---|
| 52 | *
|
|---|
| 53 | * chlg [in] - The challenge.
|
|---|
| 54 | * userp [in] - The user name.
|
|---|
| 55 | * passwdp [in] - The user's password.
|
|---|
| 56 | * out [out] - The result storage.
|
|---|
| 57 | *
|
|---|
| 58 | * Returns CURLE_OK on success.
|
|---|
| 59 | */
|
|---|
| 60 | CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg,
|
|---|
| 61 | const char *userp,
|
|---|
| 62 | const char *passwdp,
|
|---|
| 63 | struct bufref *out)
|
|---|
| 64 | {
|
|---|
| 65 | struct HMAC_context *ctxt;
|
|---|
| 66 | unsigned char digest[MD5_DIGEST_LEN];
|
|---|
| 67 | char *response;
|
|---|
| 68 |
|
|---|
| 69 | /* Compute the digest using the password as the key */
|
|---|
| 70 | ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
|
|---|
| 71 | (const unsigned char *) passwdp,
|
|---|
| 72 | curlx_uztoui(strlen(passwdp)));
|
|---|
| 73 | if(!ctxt)
|
|---|
| 74 | return CURLE_OUT_OF_MEMORY;
|
|---|
| 75 |
|
|---|
| 76 | /* Update the digest with the given challenge */
|
|---|
| 77 | if(Curl_bufref_len(chlg))
|
|---|
| 78 | Curl_HMAC_update(ctxt, Curl_bufref_ptr(chlg),
|
|---|
| 79 | curlx_uztoui(Curl_bufref_len(chlg)));
|
|---|
| 80 |
|
|---|
| 81 | /* Finalise the digest */
|
|---|
| 82 | Curl_HMAC_final(ctxt, digest);
|
|---|
| 83 |
|
|---|
| 84 | /* Generate the response */
|
|---|
| 85 | response = aprintf(
|
|---|
| 86 | "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
|---|
| 87 | userp, digest[0], digest[1], digest[2], digest[3], digest[4],
|
|---|
| 88 | digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
|
|---|
| 89 | digest[11], digest[12], digest[13], digest[14], digest[15]);
|
|---|
| 90 | if(!response)
|
|---|
| 91 | return CURLE_OUT_OF_MEMORY;
|
|---|
| 92 |
|
|---|
| 93 | Curl_bufref_set(out, response, strlen(response), curl_free);
|
|---|
| 94 | return CURLE_OK;
|
|---|
| 95 | }
|
|---|
| 96 |
|
|---|
| 97 | #endif /* !CURL_DISABLE_CRYPTO_AUTH */
|
|---|
