Commit | Line | Data |
---|---|---|
0756eb3c PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
f9ba5e22 | 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
1e1ddfac | 6 | /* Copyright (c) The Exim Maintainers 2020 */ |
0756eb3c PH |
7 | /* See the file NOTICE for conditions of use and distribution. */ |
8 | ||
9 | ||
10 | /* The stand-alone version just tests the algorithm. We have to drag | |
11 | in the MD5 computation functions, without their own stand-alone main | |
12 | program. */ | |
13 | ||
14 | #ifdef STAND_ALONE | |
15 | #define CRAM_STAND_ALONE | |
16 | #include "md5.c" | |
17 | ||
18 | ||
19 | /* This is the normal, non-stand-alone case */ | |
20 | ||
21 | #else | |
22 | #include "../exim.h" | |
23 | #include "cram_md5.h" | |
24 | ||
25 | /* Options specific to the cram_md5 authentication mechanism. */ | |
26 | ||
27 | optionlist auth_cram_md5_options[] = { | |
28 | { "client_name", opt_stringptr, | |
13a4b4c1 | 29 | OPT_OFF(auth_cram_md5_options_block, client_name) }, |
0756eb3c | 30 | { "client_secret", opt_stringptr, |
13a4b4c1 | 31 | OPT_OFF(auth_cram_md5_options_block, client_secret) }, |
0756eb3c | 32 | { "server_secret", opt_stringptr, |
13a4b4c1 | 33 | OPT_OFF(auth_cram_md5_options_block, server_secret) } |
0756eb3c PH |
34 | }; |
35 | ||
36 | /* Size of the options list. An extern variable has to be used so that its | |
37 | address can appear in the tables drtables.c. */ | |
38 | ||
39 | int auth_cram_md5_options_count = | |
40 | sizeof(auth_cram_md5_options)/sizeof(optionlist); | |
41 | ||
4c04137d | 42 | /* Default private options block for the condition authentication method. */ |
0756eb3c PH |
43 | |
44 | auth_cram_md5_options_block auth_cram_md5_option_defaults = { | |
45 | NULL, /* server_secret */ | |
46 | NULL, /* client_secret */ | |
47 | NULL /* client_name */ | |
48 | }; | |
49 | ||
50 | ||
d185889f JH |
51 | #ifdef MACRO_PREDEF |
52 | ||
53 | /* Dummy values */ | |
54 | void auth_cram_md5_init(auth_instance *ablock) {} | |
55 | int auth_cram_md5_server(auth_instance *ablock, uschar *data) {return 0;} | |
251b9eb4 JH |
56 | int auth_cram_md5_client(auth_instance *ablock, void *sx, int timeout, |
57 | uschar *buffer, int buffsize) {return 0;} | |
d185889f JH |
58 | |
59 | #else /*!MACRO_PREDEF*/ | |
60 | ||
61 | ||
0756eb3c PH |
62 | /************************************************* |
63 | * Initialization entry point * | |
64 | *************************************************/ | |
65 | ||
66 | /* Called for each instance, after its options have been read, to | |
67 | enable consistency checks to be done, or anything else that needs | |
68 | to be set up. */ | |
69 | ||
70 | void | |
71 | auth_cram_md5_init(auth_instance *ablock) | |
72 | { | |
73 | auth_cram_md5_options_block *ob = | |
74 | (auth_cram_md5_options_block *)(ablock->options_block); | |
75 | if (ob->server_secret != NULL) ablock->server = TRUE; | |
76 | if (ob->client_secret != NULL) | |
77 | { | |
78 | ablock->client = TRUE; | |
79 | if (ob->client_name == NULL) ob->client_name = primary_hostname; | |
80 | } | |
81 | } | |
82 | ||
d185889f | 83 | #endif /*!MACRO_PREDEF*/ |
0756eb3c PH |
84 | #endif /* STAND_ALONE */ |
85 | ||
86 | ||
87 | ||
d185889f | 88 | #ifndef MACRO_PREDEF |
0756eb3c | 89 | /************************************************* |
4c04137d | 90 | * Perform the CRAM-MD5 algorithm * |
0756eb3c PH |
91 | *************************************************/ |
92 | ||
93 | /* The CRAM-MD5 algorithm is described in RFC 2195. It computes | |
94 | ||
95 | MD5((secret XOR opad), MD5((secret XOR ipad), challenge)) | |
96 | ||
97 | where secret is padded out to 64 characters (after being reduced to an MD5 | |
98 | digest if longer than 64) and ipad and opad are 64-byte strings of 0x36 and | |
99 | 0x5c respectively, and comma means concatenation. | |
100 | ||
101 | Arguments: | |
102 | secret the shared secret | |
103 | challenge the challenge text | |
104 | digest 16-byte slot to put the answer in | |
105 | ||
106 | Returns: nothing | |
107 | */ | |
108 | ||
109 | static void | |
110 | compute_cram_md5(uschar *secret, uschar *challenge, uschar *digestptr) | |
111 | { | |
112 | md5 base; | |
0756eb3c PH |
113 | int len = Ustrlen(secret); |
114 | uschar isecret[64]; | |
115 | uschar osecret[64]; | |
116 | uschar md5secret[16]; | |
117 | ||
118 | /* If the secret is longer than 64 characters, we compute its MD5 digest | |
119 | and use that. */ | |
120 | ||
121 | if (len > 64) | |
122 | { | |
123 | md5_start(&base); | |
5903c6ff JH |
124 | md5_end(&base, US secret, len, md5secret); |
125 | secret = US md5secret; | |
0756eb3c PH |
126 | len = 16; |
127 | } | |
128 | ||
129 | /* The key length is now known to be <= 64. Set up the padded and xor'ed | |
130 | versions. */ | |
131 | ||
132 | memcpy(isecret, secret, len); | |
133 | memset(isecret+len, 0, 64-len); | |
134 | memcpy(osecret, isecret, 64); | |
135 | ||
d7978c0f | 136 | for (int i = 0; i < 64; i++) |
0756eb3c PH |
137 | { |
138 | isecret[i] ^= 0x36; | |
139 | osecret[i] ^= 0x5c; | |
140 | } | |
141 | ||
142 | /* Compute the inner MD5 digest */ | |
143 | ||
144 | md5_start(&base); | |
145 | md5_mid(&base, isecret); | |
5903c6ff | 146 | md5_end(&base, US challenge, Ustrlen(challenge), md5secret); |
0756eb3c PH |
147 | |
148 | /* Compute the outer MD5 digest */ | |
149 | ||
150 | md5_start(&base); | |
151 | md5_mid(&base, osecret); | |
152 | md5_end(&base, md5secret, 16, digestptr); | |
153 | } | |
154 | ||
155 | ||
156 | #ifndef STAND_ALONE | |
157 | ||
158 | /************************************************* | |
159 | * Server entry point * | |
160 | *************************************************/ | |
161 | ||
162 | /* For interface, see auths/README */ | |
163 | ||
164 | int | |
165 | auth_cram_md5_server(auth_instance *ablock, uschar *data) | |
166 | { | |
167 | auth_cram_md5_options_block *ob = | |
168 | (auth_cram_md5_options_block *)(ablock->options_block); | |
438257ba PP |
169 | uschar *challenge = string_sprintf("<%d.%ld@%s>", getpid(), |
170 | (long int) time(NULL), primary_hostname); | |
0756eb3c PH |
171 | uschar *clear, *secret; |
172 | uschar digest[16]; | |
173 | int i, rc, len; | |
174 | ||
175 | /* If we are running in the test harness, always send the same challenge, | |
176 | an example string taken from the RFC. */ | |
177 | ||
8768d548 | 178 | if (f.running_in_test_harness) |
0756eb3c PH |
179 | challenge = US"<1896.697170952@postoffice.reston.mci.net>"; |
180 | ||
181 | /* No data should have been sent with the AUTH command */ | |
182 | ||
5c329a43 | 183 | if (*data) return UNEXPECTED; |
0756eb3c PH |
184 | |
185 | /* Send the challenge, read the return */ | |
186 | ||
187 | if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc; | |
f4d091fb | 188 | if ((len = b64decode(data, &clear)) < 0) return BAD64; |
0756eb3c PH |
189 | |
190 | /* The return consists of a user name, space-separated from the CRAM-MD5 | |
f78eb7c6 PH |
191 | digest, expressed in hex. Extract the user name and put it in $auth1 and $1. |
192 | The former is now the preferred variable; the latter is the original one. Then | |
193 | check that the remaining length is 32. */ | |
0756eb3c | 194 | |
f78eb7c6 | 195 | auth_vars[0] = expand_nstring[1] = clear; |
5c329a43 | 196 | while (*clear && !isspace(*clear)) clear++; |
0756eb3c PH |
197 | if (!isspace(*clear)) return FAIL; |
198 | *clear++ = 0; | |
199 | ||
200 | expand_nlength[1] = clear - expand_nstring[1] - 1; | |
201 | if (len - expand_nlength[1] - 1 != 32) return FAIL; | |
202 | expand_nmax = 1; | |
203 | ||
204 | /* Expand the server_secret string so that it can compute a value dependent on | |
205 | the user name if necessary. */ | |
206 | ||
207 | debug_print_string(ablock->server_debug_string); /* customized debugging */ | |
208 | secret = expand_string(ob->server_secret); | |
209 | ||
210 | /* A forced fail implies failure of authentication - i.e. we have no secret for | |
211 | the given name. */ | |
212 | ||
213 | if (secret == NULL) | |
214 | { | |
8768d548 | 215 | if (f.expand_string_forcedfail) return FAIL; |
0756eb3c PH |
216 | auth_defer_msg = expand_string_message; |
217 | return DEFER; | |
218 | } | |
219 | ||
220 | /* Compute the CRAM-MD5 digest that we should have received from the client. */ | |
221 | ||
222 | compute_cram_md5(secret, challenge, digest); | |
223 | ||
224 | HDEBUG(D_auth) | |
225 | { | |
226 | uschar buff[64]; | |
f78eb7c6 | 227 | debug_printf("CRAM-MD5: user name = %s\n", auth_vars[0]); |
0756eb3c PH |
228 | debug_printf(" challenge = %s\n", challenge); |
229 | debug_printf(" received = %s\n", clear); | |
f3ebb786 | 230 | Ustrcpy(buff, US" digest = "); |
0756eb3c PH |
231 | for (i = 0; i < 16; i++) sprintf(CS buff+22+2*i, "%02x", digest[i]); |
232 | debug_printf("%.54s\n", buff); | |
233 | } | |
234 | ||
235 | /* We now have to compare the digest, which is 16 bytes in binary, with the | |
236 | data received, which is expressed in lower case hex. We checked above that | |
237 | there were 32 characters of data left. */ | |
238 | ||
239 | for (i = 0; i < 16; i++) | |
240 | { | |
241 | int a = *clear++; | |
242 | int b = *clear++; | |
243 | if (((((a >= 'a')? a - 'a' + 10 : a - '0') << 4) + | |
244 | ((b >= 'a')? b - 'a' + 10 : b - '0')) != digest[i]) return FAIL; | |
245 | } | |
246 | ||
16ff981e PH |
247 | /* Expand server_condition as an authorization check */ |
248 | return auth_check_serv_cond(ablock); | |
0756eb3c PH |
249 | } |
250 | ||
251 | ||
252 | ||
253 | /************************************************* | |
254 | * Client entry point * | |
255 | *************************************************/ | |
256 | ||
257 | /* For interface, see auths/README */ | |
258 | ||
259 | int | |
260 | auth_cram_md5_client( | |
261 | auth_instance *ablock, /* authenticator block */ | |
251b9eb4 | 262 | void * sx, /* smtp connextion */ |
0756eb3c | 263 | int timeout, /* command timeout */ |
4730f942 | 264 | uschar *buffer, /* for reading response */ |
0756eb3c PH |
265 | int buffsize) /* size of buffer */ |
266 | { | |
267 | auth_cram_md5_options_block *ob = | |
268 | (auth_cram_md5_options_block *)(ablock->options_block); | |
269 | uschar *secret = expand_string(ob->client_secret); | |
270 | uschar *name = expand_string(ob->client_name); | |
271 | uschar *challenge, *p; | |
272 | int i; | |
273 | uschar digest[16]; | |
274 | ||
275 | /* If expansion of either the secret or the user name failed, return CANCELLED | |
4c04137d | 276 | or ERROR, as appropriate. */ |
0756eb3c | 277 | |
d129bdf7 | 278 | if (!secret || !name) |
0756eb3c | 279 | { |
8768d548 | 280 | if (f.expand_string_forcedfail) |
4730f942 PH |
281 | { |
282 | *buffer = 0; /* No message */ | |
283 | return CANCELLED; | |
284 | } | |
0756eb3c PH |
285 | string_format(buffer, buffsize, "expansion of \"%s\" failed in " |
286 | "%s authenticator: %s", | |
d129bdf7 | 287 | !secret ? ob->client_secret : ob->client_name, |
0756eb3c PH |
288 | ablock->name, expand_string_message); |
289 | return ERROR; | |
290 | } | |
291 | ||
292 | /* Initiate the authentication exchange and read the challenge, which arrives | |
293 | in base 64. */ | |
294 | ||
251b9eb4 | 295 | if (smtp_write_command(sx, SCMD_FLUSH, "AUTH %s\r\n", ablock->public_name) < 0) |
0756eb3c | 296 | return FAIL_SEND; |
251b9eb4 | 297 | if (!smtp_read_response(sx, buffer, buffsize, '3', timeout)) |
0756eb3c PH |
298 | return FAIL; |
299 | ||
f4d091fb | 300 | if (b64decode(buffer + 4, &challenge) < 0) |
0756eb3c PH |
301 | { |
302 | string_format(buffer, buffsize, "bad base 64 string in challenge: %s", | |
303 | big_buffer + 4); | |
304 | return ERROR; | |
305 | } | |
306 | ||
307 | /* Run the CRAM-MD5 algorithm on the secret and the challenge */ | |
308 | ||
309 | compute_cram_md5(secret, challenge, digest); | |
310 | ||
311 | /* Create the response from the user name plus the CRAM-MD5 digest */ | |
312 | ||
313 | string_format(big_buffer, big_buffer_size - 36, "%s", name); | |
d129bdf7 | 314 | for (p = big_buffer; *p; ) p++; |
0756eb3c PH |
315 | *p++ = ' '; |
316 | ||
317 | for (i = 0; i < 16; i++) | |
5976eb99 | 318 | p += sprintf(CS p, "%02x", digest[i]); |
0756eb3c PH |
319 | |
320 | /* Send the response, in base 64, and check the result. The response is | |
f4d091fb | 321 | in big_buffer, but b64encode() returns its result in working store, |
0756eb3c PH |
322 | so calling smtp_write_command(), which uses big_buffer, is OK. */ |
323 | ||
324 | buffer[0] = 0; | |
1f20760b | 325 | if (smtp_write_command(sx, SCMD_FLUSH, "%s\r\n", b64encode(CUS big_buffer, |
0756eb3c PH |
326 | p - big_buffer)) < 0) return FAIL_SEND; |
327 | ||
251b9eb4 | 328 | return smtp_read_response(sx, US buffer, buffsize, '2', timeout) |
d129bdf7 | 329 | ? OK : FAIL; |
0756eb3c PH |
330 | } |
331 | #endif /* STAND_ALONE */ | |
332 | ||
333 | ||
334 | /************************************************* | |
335 | ************************************************** | |
336 | * Stand-alone test program * | |
337 | ************************************************** | |
338 | *************************************************/ | |
339 | ||
340 | #ifdef STAND_ALONE | |
341 | ||
342 | int main(int argc, char **argv) | |
343 | { | |
344 | int i; | |
345 | uschar *secret = US argv[1]; | |
346 | uschar *challenge = US argv[2]; | |
347 | uschar digest[16]; | |
348 | ||
349 | compute_cram_md5(secret, challenge, digest); | |
350 | ||
351 | for (i = 0; i < 16; i++) printf("%02x", digest[i]); | |
352 | printf("\n"); | |
353 | ||
354 | return 0; | |
355 | } | |
356 | ||
357 | #endif | |
358 | ||
d185889f | 359 | #endif /*!MACRO_PREDEF*/ |
0756eb3c | 360 | /* End of cram_md5.c */ |