[exim.git] / src / src / auths / cram_md5.c

/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.5 2006/02/23 12:41:22 ph10 Exp $ */

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2006 */
/* See the file NOTICE for conditions of use and distribution. */


/* The stand-alone version just tests the algorithm. We have to drag
in the MD5 computation functions, without their own stand-alone main
program. */

#ifdef STAND_ALONE
#define CRAM_STAND_ALONE
#include "md5.c"


/* This is the normal, non-stand-alone case */

#else
#include "../exim.h"
#include "cram_md5.h"

/* Options specific to the cram_md5 authentication mechanism. */

optionlist auth_cram_md5_options[] = {
  { "client_name",        opt_stringptr,
      (void *)(offsetof(auth_cram_md5_options_block, client_name)) },
  { "client_secret",      opt_stringptr,
      (void *)(offsetof(auth_cram_md5_options_block, client_secret)) },
  { "server_secret",      opt_stringptr,
      (void *)(offsetof(auth_cram_md5_options_block, server_secret)) }
};

/* Size of the options list. An extern variable has to be used so that its
address can appear in the tables drtables.c. */

int auth_cram_md5_options_count =
  sizeof(auth_cram_md5_options)/sizeof(optionlist);

/* Default private options block for the contidion authentication method. */

auth_cram_md5_options_block auth_cram_md5_option_defaults = {
  NULL,             /* server_secret */
  NULL,             /* client_secret */
  NULL              /* client_name */
};


/*************************************************
*          Initialization entry point            *
*************************************************/

/* Called for each instance, after its options have been read, to
enable consistency checks to be done, or anything else that needs
to be set up. */

void
auth_cram_md5_init(auth_instance *ablock)
{
auth_cram_md5_options_block *ob =
  (auth_cram_md5_options_block *)(ablock->options_block);
if (ob->server_secret != NULL) ablock->server = TRUE;
if (ob->client_secret != NULL)
  {
  ablock->client = TRUE;
  if (ob->client_name == NULL) ob->client_name = primary_hostname;
  }
}

#endif  /* STAND_ALONE */


/*************************************************
*      Peform the CRAM-MD5 algorithm             *
*************************************************/

/* The CRAM-MD5 algorithm is described in RFC 2195. It computes

  MD5((secret XOR opad), MD5((secret XOR ipad), challenge))

where secret is padded out to 64 characters (after being reduced to an MD5
digest if longer than 64) and ipad and opad are 64-byte strings of 0x36 and
0x5c respectively, and comma means concatenation.

Arguments:
  secret         the shared secret
  challenge      the challenge text
  digest         16-byte slot to put the answer in

Returns:         nothing
*/

static void
compute_cram_md5(uschar *secret, uschar *challenge, uschar *digestptr)
{
md5 base;
int i;
int len = Ustrlen(secret);
uschar isecret[64];
uschar osecret[64];
uschar md5secret[16];

/* If the secret is longer than 64 characters, we compute its MD5 digest
and use that. */

if (len > 64)
  {
  md5_start(&base);
  md5_end(&base, (uschar *)secret, len, md5secret);
  secret = (uschar *)md5secret;
  len = 16;
  }

/* The key length is now known to be <= 64. Set up the padded and xor'ed
versions. */

memcpy(isecret, secret, len);
memset(isecret+len, 0, 64-len);
memcpy(osecret, isecret, 64);

for (i = 0; i < 64; i++)
  {
  isecret[i] ^= 0x36;
  osecret[i] ^= 0x5c;
  }

/* Compute the inner MD5 digest */

md5_start(&base);
md5_mid(&base, isecret);
md5_end(&base, (uschar *)challenge, Ustrlen(challenge), md5secret);

/* Compute the outer MD5 digest */

md5_start(&base);
md5_mid(&base, osecret);
md5_end(&base, md5secret, 16, digestptr);
}


#ifndef STAND_ALONE

/*************************************************
*             Server entry point                 *
*************************************************/

/* For interface, see auths/README */

int
auth_cram_md5_server(auth_instance *ablock, uschar *data)
{
auth_cram_md5_options_block *ob =
  (auth_cram_md5_options_block *)(ablock->options_block);
uschar *challenge = string_sprintf("<%d.%d@%s>", getpid(), time(NULL),
  primary_hostname);
uschar *clear, *secret;
uschar digest[16];
int i, rc, len;

/* If we are running in the test harness, always send the same challenge,
an example string taken from the RFC. */

if (running_in_test_harness)
  challenge = US"<1896.697170952@postoffice.reston.mci.net>";

/* No data should have been sent with the AUTH command */

if (*data != 0) return UNEXPECTED;

/* Send the challenge, read the return */

if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc;
if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;

/* The return consists of a user name, space-separated from the CRAM-MD5
digest, expressed in hex. Extract the user name and put it in $auth1 and $1.
The former is now the preferred variable; the latter is the original one. Then
check that the remaining length is 32. */

auth_vars[0] = expand_nstring[1] = clear;
while (*clear != 0 && !isspace(*clear)) clear++;
if (!isspace(*clear)) return FAIL;
*clear++ = 0;

expand_nlength[1] = clear - expand_nstring[1] - 1;
if (len - expand_nlength[1] - 1 != 32) return FAIL;
expand_nmax = 1;

/* Expand the server_secret string so that it can compute a value dependent on
the user name if necessary. */

debug_print_string(ablock->server_debug_string);    /* customized debugging */
secret = expand_string(ob->server_secret);

/* A forced fail implies failure of authentication - i.e. we have no secret for
the given name. */

if (secret == NULL)
  {
  if (expand_string_forcedfail) return FAIL;
  auth_defer_msg = expand_string_message;
  return DEFER;
  }

/* Compute the CRAM-MD5 digest that we should have received from the client. */

compute_cram_md5(secret, challenge, digest);

HDEBUG(D_auth)
  {
  uschar buff[64];
  debug_printf("CRAM-MD5: user name = %s\n", auth_vars[0]);
  debug_printf("          challenge = %s\n", challenge);
  debug_printf("          received  = %s\n", clear);
  Ustrcpy(buff,"          digest    = ");
  for (i = 0; i < 16; i++) sprintf(CS buff+22+2*i, "%02x", digest[i]);
  debug_printf("%.54s\n", buff);
  }

/* We now have to compare the digest, which is 16 bytes in binary, with the
data received, which is expressed in lower case hex. We checked above that
there were 32 characters of data left. */

for (i = 0; i < 16; i++)
  {
  int a = *clear++;
  int b = *clear++;
  if (((((a >= 'a')? a - 'a' + 10 : a - '0') << 4) +
        ((b >= 'a')? b - 'a' + 10 : b - '0')) != digest[i]) return FAIL;
  }

return OK;
}


/*************************************************
*              Client entry point                *
*************************************************/

/* For interface, see auths/README */

int
auth_cram_md5_client(
  auth_instance *ablock,                 /* authenticator block */
  smtp_inblock *inblock,                 /* input connection */
  smtp_outblock *outblock,               /* output connection */
  int timeout,                           /* command timeout */
  uschar *buffer,                        /* for reading response */
  int buffsize)                          /* size of buffer */
{
auth_cram_md5_options_block *ob =
  (auth_cram_md5_options_block *)(ablock->options_block);
uschar *secret = expand_string(ob->client_secret);
uschar *name = expand_string(ob->client_name);
uschar *challenge, *p;
int i;
uschar digest[16];

/* If expansion of either the secret or the user name failed, return CANCELLED
or ERROR, as approriate. */

if (secret == NULL || name == NULL)
  {
  if (expand_string_forcedfail)
    {
    *buffer = 0;           /* No message */
    return CANCELLED;
    }
  string_format(buffer, buffsize, "expansion of \"%s\" failed in "
    "%s authenticator: %s",
    (secret == NULL)? ob->client_secret : ob->client_name,
    ablock->name, expand_string_message);
  return ERROR;
  }

/* Initiate the authentication exchange and read the challenge, which arrives
in base 64. */

if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", ablock->public_name) < 0)
  return FAIL_SEND;
if (smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout) < 0)
  return FAIL;

if (auth_b64decode(buffer + 4, &challenge) < 0)
  {
  string_format(buffer, buffsize, "bad base 64 string in challenge: %s",
    big_buffer + 4);
  return ERROR;
  }

/* Run the CRAM-MD5 algorithm on the secret and the challenge */

compute_cram_md5(secret, challenge, digest);

/* Create the response from the user name plus the CRAM-MD5 digest */

string_format(big_buffer, big_buffer_size - 36, "%s", name);
p = big_buffer;
while (*p != 0) p++;
*p++ = ' ';

for (i = 0; i < 16; i++)
  {
  sprintf(CS p, "%02x", digest[i]);
  p += 2;
  }

/* Send the response, in base 64, and check the result. The response is
in big_buffer, but auth_b64encode() returns its result in working store,
so calling smtp_write_command(), which uses big_buffer, is OK. */

buffer[0] = 0;
if (smtp_write_command(outblock, FALSE, "%s\r\n", auth_b64encode(big_buffer,
  p - big_buffer)) < 0) return FAIL_SEND;

return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)?
  OK : FAIL;
}
#endif  /* STAND_ALONE */


/*************************************************
**************************************************
*             Stand-alone test program           *
**************************************************
*************************************************/

#ifdef STAND_ALONE

int main(int argc, char **argv)
{
int i;
uschar *secret = US argv[1];
uschar *challenge = US argv[2];
uschar digest[16];

compute_cram_md5(secret, challenge, digest);

for (i = 0; i < 16; i++) printf("%02x", digest[i]);
printf("\n");

return 0;
}

#endif

/* End of cram_md5.c */
Commit	Line	Data
4730f942	1	/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.5 2006/02/23 12:41:22 ph10 Exp $ */
0756eb3c PH	2
	3	/*************************************************
	4	* Exim - an Internet mail transport agent *
	5	*************************************************/
	6
d7d7b7b9	7	/* Copyright (c) University of Cambridge 1995 - 2006 */
0756eb3c PH	8	/* See the file NOTICE for conditions of use and distribution. */
	9
	10
	11	/* The stand-alone version just tests the algorithm. We have to drag
	12	in the MD5 computation functions, without their own stand-alone main
	13	program. */
	14
	15	#ifdef STAND_ALONE
	16	#define CRAM_STAND_ALONE
	17	#include "md5.c"
	18
	19
	20	/* This is the normal, non-stand-alone case */
	21
	22	#else
	23	#include "../exim.h"
	24	#include "cram_md5.h"
	25
	26	/* Options specific to the cram_md5 authentication mechanism. */
	27
	28	optionlist auth_cram_md5_options[] = {
	29	{ "client_name", opt_stringptr,
	30	(void *)(offsetof(auth_cram_md5_options_block, client_name)) },
	31	{ "client_secret", opt_stringptr,
	32	(void *)(offsetof(auth_cram_md5_options_block, client_secret)) },
	33	{ "server_secret", opt_stringptr,
	34	(void *)(offsetof(auth_cram_md5_options_block, server_secret)) }
	35	};
	36
	37	/* Size of the options list. An extern variable has to be used so that its
	38	address can appear in the tables drtables.c. */
	39
	40	int auth_cram_md5_options_count =
	41	sizeof(auth_cram_md5_options)/sizeof(optionlist);
	42
	43	/* Default private options block for the contidion authentication method. */
	44
	45	auth_cram_md5_options_block auth_cram_md5_option_defaults = {
	46	NULL, /* server_secret */
	47	NULL, /* client_secret */
	48	NULL /* client_name */
	49	};
	50
	51
	52	/*************************************************
	53	* Initialization entry point *
	54	*************************************************/
	55
	56	/* Called for each instance, after its options have been read, to
	57	enable consistency checks to be done, or anything else that needs
	58	to be set up. */
	59
	60	void
	61	auth_cram_md5_init(auth_instance *ablock)
	62	{
	63	auth_cram_md5_options_block *ob =
	64	(auth_cram_md5_options_block *)(ablock->options_block);
	65	if (ob->server_secret != NULL) ablock->server = TRUE;
	66	if (ob->client_secret != NULL)
	67	{
	68	ablock->client = TRUE;
	69	if (ob->client_name == NULL) ob->client_name = primary_hostname;
	70	}
	71	}
72
73	#endif /* STAND_ALONE */
74
75
76
77	/*************************************************
78	* Peform the CRAM-MD5 algorithm *
79	*************************************************/
80
81	/* The CRAM-MD5 algorithm is described in RFC 2195. It computes
82
83	MD5((secret XOR opad), MD5((secret XOR ipad), challenge))
84
85	where secret is padded out to 64 characters (after being reduced to an MD5
86	digest if longer than 64) and ipad and opad are 64-byte strings of 0x36 and
87	0x5c respectively, and comma means concatenation.
88
89	Arguments:
90	secret the shared secret
91	challenge the challenge text
92	digest 16-byte slot to put the answer in
93
94	Returns: nothing
95	*/
96
97	static void
98	compute_cram_md5(uschar secret, uschar challenge, uschar *digestptr)
99	{
100	md5 base;
101	int i;
102	int len = Ustrlen(secret);
103	uschar isecret[64];
104	uschar osecret[64];
105	uschar md5secret[16];
106
107	/* If the secret is longer than 64 characters, we compute its MD5 digest
108	and use that. */
109
110	if (len > 64)
111	{
112	md5_start(&base);
113	md5_end(&base, (uschar *)secret, len, md5secret);
114	secret = (uschar *)md5secret;
115	len = 16;
116	}
117
118	/* The key length is now known to be <= 64. Set up the padded and xor'ed
119	versions. */
120
121	memcpy(isecret, secret, len);
122	memset(isecret+len, 0, 64-len);
123	memcpy(osecret, isecret, 64);
124
125	for (i = 0; i < 64; i++)
126	{
127	isecret[i] ^= 0x36;
128	osecret[i] ^= 0x5c;
129	}
130
131	/* Compute the inner MD5 digest */
132
133	md5_start(&base);
134	md5_mid(&base, isecret);
135	md5_end(&base, (uschar *)challenge, Ustrlen(challenge), md5secret);
136
137	/* Compute the outer MD5 digest */
138
139	md5_start(&base);
140	md5_mid(&base, osecret);
141	md5_end(&base, md5secret, 16, digestptr);
142	}
143
144
145	#ifndef STAND_ALONE
146
147	/*************************************************
148	* Server entry point *
149	*************************************************/
150
151	/* For interface, see auths/README */
152
153	int
154	auth_cram_md5_server(auth_instance ablock, uschar data)
155	{
156	auth_cram_md5_options_block *ob =
157	(auth_cram_md5_options_block *)(ablock->options_block);
158	uschar *challenge = string_sprintf("<%d.%d@%s>", getpid(), time(NULL),
159	primary_hostname);
160	uschar clear, secret;
161	uschar digest[16];
162	int i, rc, len;
163
164	/* If we are running in the test harness, always send the same challenge,
165	an example string taken from the RFC. */
166
167	if (running_in_test_harness)
168	challenge = US"<1896.697170952@postoffice.reston.mci.net>";
169
170	/* No data should have been sent with the AUTH command */
171
172	if (*data != 0) return UNEXPECTED;
173
174	/* Send the challenge, read the return */
175
176	if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc;
177	if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
178
179	/* The return consists of a user name, space-separated from the CRAM-MD5
f78eb7c6 PH	180	digest, expressed in hex. Extract the user name and put it in $auth1 and $1.
	181	The former is now the preferred variable; the latter is the original one. Then
	182	check that the remaining length is 32. */
0756eb3c	183
f78eb7c6	184	auth_vars[0] = expand_nstring[1] = clear;
0756eb3c PH	185	while (clear != 0 && !isspace(clear)) clear++;
	186	if (!isspace(*clear)) return FAIL;
	187	*clear++ = 0;
	188
	189	expand_nlength[1] = clear - expand_nstring[1] - 1;
	190	if (len - expand_nlength[1] - 1 != 32) return FAIL;
	191	expand_nmax = 1;
	192
	193	/* Expand the server_secret string so that it can compute a value dependent on
	194	the user name if necessary. */
	195
	196	debug_print_string(ablock->server_debug_string); /* customized debugging */
	197	secret = expand_string(ob->server_secret);
	198
	199	/* A forced fail implies failure of authentication - i.e. we have no secret for
	200	the given name. */
	201
	202	if (secret == NULL)
	203	{
	204	if (expand_string_forcedfail) return FAIL;
	205	auth_defer_msg = expand_string_message;
	206	return DEFER;
	207	}
	208
	209	/* Compute the CRAM-MD5 digest that we should have received from the client. */
	210
	211	compute_cram_md5(secret, challenge, digest);
	212
	213	HDEBUG(D_auth)
	214	{
	215	uschar buff[64];
f78eb7c6	216	debug_printf("CRAM-MD5: user name = %s\n", auth_vars[0]);
0756eb3c PH	217	debug_printf(" challenge = %s\n", challenge);
	218	debug_printf(" received = %s\n", clear);
	219	Ustrcpy(buff," digest = ");
	220	for (i = 0; i < 16; i++) sprintf(CS buff+22+2*i, "%02x", digest[i]);
	221	debug_printf("%.54s\n", buff);
	222	}
	223
	224	/* We now have to compare the digest, which is 16 bytes in binary, with the
	225	data received, which is expressed in lower case hex. We checked above that
	226	there were 32 characters of data left. */
	227
	228	for (i = 0; i < 16; i++)
	229	{
	230	int a = *clear++;
	231	int b = *clear++;
	232	if (((((a >= 'a')? a - 'a' + 10 : a - '0') << 4) +
	233	((b >= 'a')? b - 'a' + 10 : b - '0')) != digest[i]) return FAIL;
	234	}
	235
	236	return OK;
	237	}
	238
	239
	240
	241	/*************************************************
	242	* Client entry point *
	243	*************************************************/
	244
	245	/* For interface, see auths/README */
	246
	247	int
	248	auth_cram_md5_client(
	249	auth_instance ablock, / authenticator block */
	250	smtp_inblock inblock, / input connection */
	251	smtp_outblock outblock, / output connection */
	252	int timeout, /* command timeout */
4730f942	253	uschar buffer, / for reading response */
0756eb3c PH	254	int buffsize) /* size of buffer */
	255	{
	256	auth_cram_md5_options_block *ob =
	257	(auth_cram_md5_options_block *)(ablock->options_block);
	258	uschar *secret = expand_string(ob->client_secret);
	259	uschar *name = expand_string(ob->client_name);
	260	uschar challenge, p;
	261	int i;
	262	uschar digest[16];
	263
	264	/* If expansion of either the secret or the user name failed, return CANCELLED
	265	or ERROR, as approriate. */
	266
	267	if (secret == NULL \|\| name == NULL)
	268	{
4730f942 PH	269	if (expand_string_forcedfail)
	270	{
	271	buffer = 0; / No message */
	272	return CANCELLED;
	273	}
0756eb3c PH	274	string_format(buffer, buffsize, "expansion of \"%s\" failed in "
	275	"%s authenticator: %s",
	276	(secret == NULL)? ob->client_secret : ob->client_name,
	277	ablock->name, expand_string_message);
	278	return ERROR;
	279	}
	280
	281	/* Initiate the authentication exchange and read the challenge, which arrives
	282	in base 64. */
	283
	284	if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", ablock->public_name) < 0)
	285	return FAIL_SEND;
	286	if (smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout) < 0)
	287	return FAIL;
	288
	289	if (auth_b64decode(buffer + 4, &challenge) < 0)
	290	{
	291	string_format(buffer, buffsize, "bad base 64 string in challenge: %s",
	292	big_buffer + 4);
	293	return ERROR;
	294	}
	295
	296	/* Run the CRAM-MD5 algorithm on the secret and the challenge */
	297
	298	compute_cram_md5(secret, challenge, digest);
	299
	300	/* Create the response from the user name plus the CRAM-MD5 digest */
	301
	302	string_format(big_buffer, big_buffer_size - 36, "%s", name);
	303	p = big_buffer;
	304	while (*p != 0) p++;
	305	*p++ = ' ';
	306
	307	for (i = 0; i < 16; i++)
	308	{
	309	sprintf(CS p, "%02x", digest[i]);
	310	p += 2;
	311	}
	312
	313	/* Send the response, in base 64, and check the result. The response is
	314	in big_buffer, but auth_b64encode() returns its result in working store,
	315	so calling smtp_write_command(), which uses big_buffer, is OK. */
	316
	317	buffer[0] = 0;
	318	if (smtp_write_command(outblock, FALSE, "%s\r\n", auth_b64encode(big_buffer,
	319	p - big_buffer)) < 0) return FAIL_SEND;
	320
	321	return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)?
	322	OK : FAIL;
	323	}
	324	#endif /* STAND_ALONE */
	325
	326
	327	/*************************************************
	328	**************************************************
	329	* Stand-alone test program *
	330	**************************************************
	331	*************************************************/
	332
	333	#ifdef STAND_ALONE
	334
	335	int main(int argc, char **argv)
	336	{
	337	int i;
338	uschar *secret = US argv[1];
339	uschar *challenge = US argv[2];
340	uschar digest[16];
341
342	compute_cram_md5(secret, challenge, digest);
343
344	for (i = 0; i < 16; i++) printf("%02x", digest[i]);
345	printf("\n");
346
347	return 0;
348	}
349
350	#endif
351
352	/* End of cram_md5.c */