[exim.git] / src / src / auths / cram_md5.c

/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.2 2005/01/04 10:00:43 ph10 Exp $ */

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2005 */
/* See the file NOTICE for conditions of use and distribution. */


/* The stand-alone version just tests the algorithm. We have to drag
in the MD5 computation functions, without their own stand-alone main
program. */

#ifdef STAND_ALONE
#define CRAM_STAND_ALONE
#include "md5.c"


/* This is the normal, non-stand-alone case */

#else
#include "../exim.h"
#include "cram_md5.h"

/* Options specific to the cram_md5 authentication mechanism. */

optionlist auth_cram_md5_options[] = {
  { "client_name",        opt_stringptr,
      (void *)(offsetof(auth_cram_md5_options_block, client_name)) },
  { "client_secret",      opt_stringptr,
      (void *)(offsetof(auth_cram_md5_options_block, client_secret)) },
  { "server_secret",      opt_stringptr,
      (void *)(offsetof(auth_cram_md5_options_block, server_secret)) }
};

/* Size of the options list. An extern variable has to be used so that its
address can appear in the tables drtables.c. */

int auth_cram_md5_options_count =
  sizeof(auth_cram_md5_options)/sizeof(optionlist);

/* Default private options block for the contidion authentication method. */

auth_cram_md5_options_block auth_cram_md5_option_defaults = {
  NULL,             /* server_secret */
  NULL,             /* client_secret */
  NULL              /* client_name */
};


/*************************************************
*          Initialization entry point            *
*************************************************/

/* Called for each instance, after its options have been read, to
enable consistency checks to be done, or anything else that needs
to be set up. */

void
auth_cram_md5_init(auth_instance *ablock)
{
auth_cram_md5_options_block *ob =
  (auth_cram_md5_options_block *)(ablock->options_block);
if (ob->server_secret != NULL) ablock->server = TRUE;
if (ob->client_secret != NULL)
  {
  ablock->client = TRUE;
  if (ob->client_name == NULL) ob->client_name = primary_hostname;
  }
}

#endif  /* STAND_ALONE */


/*************************************************
*      Peform the CRAM-MD5 algorithm             *
*************************************************/

/* The CRAM-MD5 algorithm is described in RFC 2195. It computes

  MD5((secret XOR opad), MD5((secret XOR ipad), challenge))

where secret is padded out to 64 characters (after being reduced to an MD5
digest if longer than 64) and ipad and opad are 64-byte strings of 0x36 and
0x5c respectively, and comma means concatenation.

Arguments:
  secret         the shared secret
  challenge      the challenge text
  digest         16-byte slot to put the answer in

Returns:         nothing
*/

static void
compute_cram_md5(uschar *secret, uschar *challenge, uschar *digestptr)
{
md5 base;
int i;
int len = Ustrlen(secret);
uschar isecret[64];
uschar osecret[64];
uschar md5secret[16];

/* If the secret is longer than 64 characters, we compute its MD5 digest
and use that. */

if (len > 64)
  {
  md5_start(&base);
  md5_end(&base, (uschar *)secret, len, md5secret);
  secret = (uschar *)md5secret;
  len = 16;
  }

/* The key length is now known to be <= 64. Set up the padded and xor'ed
versions. */

memcpy(isecret, secret, len);
memset(isecret+len, 0, 64-len);
memcpy(osecret, isecret, 64);

for (i = 0; i < 64; i++)
  {
  isecret[i] ^= 0x36;
  osecret[i] ^= 0x5c;
  }

/* Compute the inner MD5 digest */

md5_start(&base);
md5_mid(&base, isecret);
md5_end(&base, (uschar *)challenge, Ustrlen(challenge), md5secret);

/* Compute the outer MD5 digest */

md5_start(&base);
md5_mid(&base, osecret);
md5_end(&base, md5secret, 16, digestptr);
}


#ifndef STAND_ALONE

/*************************************************
*             Server entry point                 *
*************************************************/

/* For interface, see auths/README */

int
auth_cram_md5_server(auth_instance *ablock, uschar *data)
{
auth_cram_md5_options_block *ob =
  (auth_cram_md5_options_block *)(ablock->options_block);
uschar *challenge = string_sprintf("<%d.%d@%s>", getpid(), time(NULL),
  primary_hostname);
uschar *clear, *secret;
uschar digest[16];
int i, rc, len;

/* If we are running in the test harness, always send the same challenge,
an example string taken from the RFC. */

if (running_in_test_harness)
  challenge = US"<1896.697170952@postoffice.reston.mci.net>";

/* No data should have been sent with the AUTH command */

if (*data != 0) return UNEXPECTED;

/* Send the challenge, read the return */

if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc;
if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;

/* The return consists of a user name, space-separated from the CRAM-MD5
digest, expressed in hex. Extract the user name and put it in $1. Then check
that the remaining length is 32. */

expand_nstring[1] = clear;
while (*clear != 0 && !isspace(*clear)) clear++;
if (!isspace(*clear)) return FAIL;
*clear++ = 0;

expand_nlength[1] = clear - expand_nstring[1] - 1;
if (len - expand_nlength[1] - 1 != 32) return FAIL;
expand_nmax = 1;

/* Expand the server_secret string so that it can compute a value dependent on
the user name if necessary. */

debug_print_string(ablock->server_debug_string);    /* customized debugging */
secret = expand_string(ob->server_secret);

/* A forced fail implies failure of authentication - i.e. we have no secret for
the given name. */

if (secret == NULL)
  {
  if (expand_string_forcedfail) return FAIL;
  auth_defer_msg = expand_string_message;
  return DEFER;
  }

/* Compute the CRAM-MD5 digest that we should have received from the client. */

compute_cram_md5(secret, challenge, digest);

HDEBUG(D_auth)
  {
  uschar buff[64];
  debug_printf("CRAM-MD5: user name = %s\n", expand_nstring[1]);
  debug_printf("          challenge = %s\n", challenge);
  debug_printf("          received  = %s\n", clear);
  Ustrcpy(buff,"          digest    = ");
  for (i = 0; i < 16; i++) sprintf(CS buff+22+2*i, "%02x", digest[i]);
  debug_printf("%.54s\n", buff);
  }

/* We now have to compare the digest, which is 16 bytes in binary, with the
data received, which is expressed in lower case hex. We checked above that
there were 32 characters of data left. */

for (i = 0; i < 16; i++)
  {
  int a = *clear++;
  int b = *clear++;
  if (((((a >= 'a')? a - 'a' + 10 : a - '0') << 4) +
        ((b >= 'a')? b - 'a' + 10 : b - '0')) != digest[i]) return FAIL;
  }

return OK;
}


/*************************************************
*              Client entry point                *
*************************************************/

/* For interface, see auths/README */

int
auth_cram_md5_client(
  auth_instance *ablock,                 /* authenticator block */
  smtp_inblock *inblock,                 /* input connection */
  smtp_outblock *outblock,               /* output connection */
  int timeout,                           /* command timeout */
  uschar *buffer,                          /* for reading response */
  int buffsize)                          /* size of buffer */
{
auth_cram_md5_options_block *ob =
  (auth_cram_md5_options_block *)(ablock->options_block);
uschar *secret = expand_string(ob->client_secret);
uschar *name = expand_string(ob->client_name);
uschar *challenge, *p;
int i;
uschar digest[16];

/* If expansion of either the secret or the user name failed, return CANCELLED
or ERROR, as approriate. */

if (secret == NULL || name == NULL)
  {
  if (expand_string_forcedfail) return CANCELLED;
  string_format(buffer, buffsize, "expansion of \"%s\" failed in "
    "%s authenticator: %s",
    (secret == NULL)? ob->client_secret : ob->client_name,
    ablock->name, expand_string_message);
  return ERROR;
  }

/* Initiate the authentication exchange and read the challenge, which arrives
in base 64. */

if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", ablock->public_name) < 0)
  return FAIL_SEND;
if (smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout) < 0)
  return FAIL;

if (auth_b64decode(buffer + 4, &challenge) < 0)
  {
  string_format(buffer, buffsize, "bad base 64 string in challenge: %s",
    big_buffer + 4);
  return ERROR;
  }

/* Run the CRAM-MD5 algorithm on the secret and the challenge */

compute_cram_md5(secret, challenge, digest);

/* Create the response from the user name plus the CRAM-MD5 digest */

string_format(big_buffer, big_buffer_size - 36, "%s", name);
p = big_buffer;
while (*p != 0) p++;
*p++ = ' ';

for (i = 0; i < 16; i++)
  {
  sprintf(CS p, "%02x", digest[i]);
  p += 2;
  }

/* Send the response, in base 64, and check the result. The response is
in big_buffer, but auth_b64encode() returns its result in working store,
so calling smtp_write_command(), which uses big_buffer, is OK. */

buffer[0] = 0;
if (smtp_write_command(outblock, FALSE, "%s\r\n", auth_b64encode(big_buffer,
  p - big_buffer)) < 0) return FAIL_SEND;

return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)?
  OK : FAIL;
}
#endif  /* STAND_ALONE */


/*************************************************
**************************************************
*             Stand-alone test program           *
**************************************************
*************************************************/

#ifdef STAND_ALONE

int main(int argc, char **argv)
{
int i;
uschar *secret = US argv[1];
uschar *challenge = US argv[2];
uschar digest[16];

compute_cram_md5(secret, challenge, digest);

for (i = 0; i < 16; i++) printf("%02x", digest[i]);
printf("\n");

return 0;
}

#endif

/* End of cram_md5.c */
Commit	Line	Data
c988f1f4	1	/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.2 2005/01/04 10:00:43 ph10 Exp $ */
0756eb3c PH	2
	3	/*************************************************
	4	* Exim - an Internet mail transport agent *
	5	*************************************************/
	6
c988f1f4	7	/* Copyright (c) University of Cambridge 1995 - 2005 */
0756eb3c PH	8	/* See the file NOTICE for conditions of use and distribution. */
	9
	10
	11	/* The stand-alone version just tests the algorithm. We have to drag
	12	in the MD5 computation functions, without their own stand-alone main
	13	program. */
	14
	15	#ifdef STAND_ALONE
	16	#define CRAM_STAND_ALONE
	17	#include "md5.c"
	18
	19
	20	/* This is the normal, non-stand-alone case */
	21
	22	#else
	23	#include "../exim.h"
	24	#include "cram_md5.h"
	25
	26	/* Options specific to the cram_md5 authentication mechanism. */
	27
	28	optionlist auth_cram_md5_options[] = {
	29	{ "client_name", opt_stringptr,
	30	(void *)(offsetof(auth_cram_md5_options_block, client_name)) },
	31	{ "client_secret", opt_stringptr,
	32	(void *)(offsetof(auth_cram_md5_options_block, client_secret)) },
	33	{ "server_secret", opt_stringptr,
	34	(void *)(offsetof(auth_cram_md5_options_block, server_secret)) }
	35	};
	36
	37	/* Size of the options list. An extern variable has to be used so that its
	38	address can appear in the tables drtables.c. */
	39
	40	int auth_cram_md5_options_count =
	41	sizeof(auth_cram_md5_options)/sizeof(optionlist);
	42
	43	/* Default private options block for the contidion authentication method. */
	44
	45	auth_cram_md5_options_block auth_cram_md5_option_defaults = {
	46	NULL, /* server_secret */
	47	NULL, /* client_secret */
	48	NULL /* client_name */
	49	};
	50
	51
	52	/*************************************************
	53	* Initialization entry point *
	54	*************************************************/
	55
	56	/* Called for each instance, after its options have been read, to
	57	enable consistency checks to be done, or anything else that needs
	58	to be set up. */
	59
	60	void
	61	auth_cram_md5_init(auth_instance *ablock)
	62	{
	63	auth_cram_md5_options_block *ob =
	64	(auth_cram_md5_options_block *)(ablock->options_block);
	65	if (ob->server_secret != NULL) ablock->server = TRUE;
	66	if (ob->client_secret != NULL)
	67	{
	68	ablock->client = TRUE;
	69	if (ob->client_name == NULL) ob->client_name = primary_hostname;
	70	}
	71	}
72
73	#endif /* STAND_ALONE */
74
75
76
77	/*************************************************
78	* Peform the CRAM-MD5 algorithm *
79	*************************************************/
80
81	/* The CRAM-MD5 algorithm is described in RFC 2195. It computes
82
83	MD5((secret XOR opad), MD5((secret XOR ipad), challenge))
84
85	where secret is padded out to 64 characters (after being reduced to an MD5
86	digest if longer than 64) and ipad and opad are 64-byte strings of 0x36 and
87	0x5c respectively, and comma means concatenation.
88
89	Arguments:
90	secret the shared secret
91	challenge the challenge text
92	digest 16-byte slot to put the answer in
93
94	Returns: nothing
95	*/
96
97	static void
98	compute_cram_md5(uschar secret, uschar challenge, uschar *digestptr)
99	{
100	md5 base;
101	int i;
102	int len = Ustrlen(secret);
103	uschar isecret[64];
104	uschar osecret[64];
105	uschar md5secret[16];
106
107	/* If the secret is longer than 64 characters, we compute its MD5 digest
108	and use that. */
109
110	if (len > 64)
111	{
112	md5_start(&base);
113	md5_end(&base, (uschar *)secret, len, md5secret);
114	secret = (uschar *)md5secret;
115	len = 16;
116	}
117
118	/* The key length is now known to be <= 64. Set up the padded and xor'ed
119	versions. */
120
121	memcpy(isecret, secret, len);
122	memset(isecret+len, 0, 64-len);
123	memcpy(osecret, isecret, 64);
124
125	for (i = 0; i < 64; i++)
126	{
127	isecret[i] ^= 0x36;
128	osecret[i] ^= 0x5c;
129	}
130
131	/* Compute the inner MD5 digest */
132
133	md5_start(&base);
134	md5_mid(&base, isecret);
135	md5_end(&base, (uschar *)challenge, Ustrlen(challenge), md5secret);
136
137	/* Compute the outer MD5 digest */
138
139	md5_start(&base);
140	md5_mid(&base, osecret);
141	md5_end(&base, md5secret, 16, digestptr);
142	}
143
144
145	#ifndef STAND_ALONE
146
147	/*************************************************
148	* Server entry point *
149	*************************************************/
150
151	/* For interface, see auths/README */
152
153	int
154	auth_cram_md5_server(auth_instance ablock, uschar data)
155	{
156	auth_cram_md5_options_block *ob =
157	(auth_cram_md5_options_block *)(ablock->options_block);
158	uschar *challenge = string_sprintf("<%d.%d@%s>", getpid(), time(NULL),
159	primary_hostname);
160	uschar clear, secret;
161	uschar digest[16];
162	int i, rc, len;
163
164	/* If we are running in the test harness, always send the same challenge,
165	an example string taken from the RFC. */
166
167	if (running_in_test_harness)
168	challenge = US"<1896.697170952@postoffice.reston.mci.net>";
169
170	/* No data should have been sent with the AUTH command */
171
172	if (*data != 0) return UNEXPECTED;
173
174	/* Send the challenge, read the return */
175
176	if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc;
177	if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
178
179	/* The return consists of a user name, space-separated from the CRAM-MD5
180	digest, expressed in hex. Extract the user name and put it in $1. Then check
181	that the remaining length is 32. */
182
183	expand_nstring[1] = clear;
184	while (clear != 0 && !isspace(clear)) clear++;
185	if (!isspace(*clear)) return FAIL;
186	*clear++ = 0;
187
188	expand_nlength[1] = clear - expand_nstring[1] - 1;
189	if (len - expand_nlength[1] - 1 != 32) return FAIL;
190	expand_nmax = 1;
191
192	/* Expand the server_secret string so that it can compute a value dependent on
193	the user name if necessary. */
194
195	debug_print_string(ablock->server_debug_string); /* customized debugging */
196	secret = expand_string(ob->server_secret);
197
198	/* A forced fail implies failure of authentication - i.e. we have no secret for
199	the given name. */
200
201	if (secret == NULL)
202	{
203	if (expand_string_forcedfail) return FAIL;
204	auth_defer_msg = expand_string_message;
205	return DEFER;
206	}
207
208	/* Compute the CRAM-MD5 digest that we should have received from the client. */
209
210	compute_cram_md5(secret, challenge, digest);
211
212	HDEBUG(D_auth)
213	{
214	uschar buff[64];
215	debug_printf("CRAM-MD5: user name = %s\n", expand_nstring[1]);
216	debug_printf(" challenge = %s\n", challenge);
217	debug_printf(" received = %s\n", clear);
218	Ustrcpy(buff," digest = ");
219	for (i = 0; i < 16; i++) sprintf(CS buff+22+2*i, "%02x", digest[i]);
220	debug_printf("%.54s\n", buff);
221	}
222
223	/* We now have to compare the digest, which is 16 bytes in binary, with the
224	data received, which is expressed in lower case hex. We checked above that
225	there were 32 characters of data left. */
226
227	for (i = 0; i < 16; i++)
228	{
229	int a = *clear++;
230	int b = *clear++;
231	if (((((a >= 'a')? a - 'a' + 10 : a - '0') << 4) +
232	((b >= 'a')? b - 'a' + 10 : b - '0')) != digest[i]) return FAIL;
233	}
234
235	return OK;
236	}
237
238
239
240	/*************************************************
241	* Client entry point *
242	*************************************************/
243
244	/* For interface, see auths/README */
245
246	int
247	auth_cram_md5_client(
248	auth_instance ablock, / authenticator block */
249	smtp_inblock inblock, / input connection */
250	smtp_outblock outblock, / output connection */
251	int timeout, /* command timeout */
252	uschar buffer, / for reading response */
253	int buffsize) /* size of buffer */
254	{
255	auth_cram_md5_options_block *ob =
256	(auth_cram_md5_options_block *)(ablock->options_block);
257	uschar *secret = expand_string(ob->client_secret);
258	uschar *name = expand_string(ob->client_name);
259	uschar challenge, p;
260	int i;
261	uschar digest[16];
262
263	/* If expansion of either the secret or the user name failed, return CANCELLED
264	or ERROR, as approriate. */
265
266	if (secret == NULL \|\| name == NULL)
267	{
268	if (expand_string_forcedfail) return CANCELLED;
269	string_format(buffer, buffsize, "expansion of \"%s\" failed in "
270	"%s authenticator: %s",
271	(secret == NULL)? ob->client_secret : ob->client_name,
272	ablock->name, expand_string_message);
273	return ERROR;
274	}
275
276	/* Initiate the authentication exchange and read the challenge, which arrives
277	in base 64. */
278
279	if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", ablock->public_name) < 0)
280	return FAIL_SEND;
281	if (smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout) < 0)
282	return FAIL;
283
284	if (auth_b64decode(buffer + 4, &challenge) < 0)
285	{
286	string_format(buffer, buffsize, "bad base 64 string in challenge: %s",
287	big_buffer + 4);
288	return ERROR;
289	}
290
291	/* Run the CRAM-MD5 algorithm on the secret and the challenge */
292
293	compute_cram_md5(secret, challenge, digest);
294
295	/* Create the response from the user name plus the CRAM-MD5 digest */
296
297	string_format(big_buffer, big_buffer_size - 36, "%s", name);
298	p = big_buffer;
299	while (*p != 0) p++;
300	*p++ = ' ';
301
302	for (i = 0; i < 16; i++)
303	{
304	sprintf(CS p, "%02x", digest[i]);
305	p += 2;
306	}
307
308	/* Send the response, in base 64, and check the result. The response is
309	in big_buffer, but auth_b64encode() returns its result in working store,
310	so calling smtp_write_command(), which uses big_buffer, is OK. */
311
312	buffer[0] = 0;
313	if (smtp_write_command(outblock, FALSE, "%s\r\n", auth_b64encode(big_buffer,
314	p - big_buffer)) < 0) return FAIL_SEND;
315
316	return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)?
317	OK : FAIL;
318	}
319	#endif /* STAND_ALONE */
320
321
322	/*************************************************
323	**************************************************
324	* Stand-alone test program *
325	**************************************************
326	*************************************************/
327
328	#ifdef STAND_ALONE
329
330	int main(int argc, char **argv)
331	{
332	int i;
333	uschar *secret = US argv[1];
334	uschar *challenge = US argv[2];
335	uschar digest[16];
336
337	compute_cram_md5(secret, challenge, digest);
338
339	for (i = 0; i < 16; i++) printf("%02x", digest[i]);
340	printf("\n");
341
342	return 0;
343	}
344
345	#endif
346
347	/* End of cram_md5.c */