Commit | Line | Data |
---|---|---|
4730f942 | 1 | /* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.5 2006/02/23 12:41:22 ph10 Exp $ */ |
0756eb3c PH |
2 | |
3 | /************************************************* | |
4 | * Exim - an Internet mail transport agent * | |
5 | *************************************************/ | |
6 | ||
d7d7b7b9 | 7 | /* Copyright (c) University of Cambridge 1995 - 2006 */ |
0756eb3c PH |
8 | /* See the file NOTICE for conditions of use and distribution. */ |
9 | ||
10 | ||
11 | /* The stand-alone version just tests the algorithm. We have to drag | |
12 | in the MD5 computation functions, without their own stand-alone main | |
13 | program. */ | |
14 | ||
15 | #ifdef STAND_ALONE | |
16 | #define CRAM_STAND_ALONE | |
17 | #include "md5.c" | |
18 | ||
19 | ||
20 | /* This is the normal, non-stand-alone case */ | |
21 | ||
22 | #else | |
23 | #include "../exim.h" | |
24 | #include "cram_md5.h" | |
25 | ||
26 | /* Options specific to the cram_md5 authentication mechanism. */ | |
27 | ||
28 | optionlist auth_cram_md5_options[] = { | |
29 | { "client_name", opt_stringptr, | |
30 | (void *)(offsetof(auth_cram_md5_options_block, client_name)) }, | |
31 | { "client_secret", opt_stringptr, | |
32 | (void *)(offsetof(auth_cram_md5_options_block, client_secret)) }, | |
33 | { "server_secret", opt_stringptr, | |
34 | (void *)(offsetof(auth_cram_md5_options_block, server_secret)) } | |
35 | }; | |
36 | ||
37 | /* Size of the options list. An extern variable has to be used so that its | |
38 | address can appear in the tables drtables.c. */ | |
39 | ||
40 | int auth_cram_md5_options_count = | |
41 | sizeof(auth_cram_md5_options)/sizeof(optionlist); | |
42 | ||
43 | /* Default private options block for the contidion authentication method. */ | |
44 | ||
45 | auth_cram_md5_options_block auth_cram_md5_option_defaults = { | |
46 | NULL, /* server_secret */ | |
47 | NULL, /* client_secret */ | |
48 | NULL /* client_name */ | |
49 | }; | |
50 | ||
51 | ||
52 | /************************************************* | |
53 | * Initialization entry point * | |
54 | *************************************************/ | |
55 | ||
56 | /* Called for each instance, after its options have been read, to | |
57 | enable consistency checks to be done, or anything else that needs | |
58 | to be set up. */ | |
59 | ||
60 | void | |
61 | auth_cram_md5_init(auth_instance *ablock) | |
62 | { | |
63 | auth_cram_md5_options_block *ob = | |
64 | (auth_cram_md5_options_block *)(ablock->options_block); | |
65 | if (ob->server_secret != NULL) ablock->server = TRUE; | |
66 | if (ob->client_secret != NULL) | |
67 | { | |
68 | ablock->client = TRUE; | |
69 | if (ob->client_name == NULL) ob->client_name = primary_hostname; | |
70 | } | |
71 | } | |
72 | ||
73 | #endif /* STAND_ALONE */ | |
74 | ||
75 | ||
76 | ||
77 | /************************************************* | |
78 | * Peform the CRAM-MD5 algorithm * | |
79 | *************************************************/ | |
80 | ||
81 | /* The CRAM-MD5 algorithm is described in RFC 2195. It computes | |
82 | ||
83 | MD5((secret XOR opad), MD5((secret XOR ipad), challenge)) | |
84 | ||
85 | where secret is padded out to 64 characters (after being reduced to an MD5 | |
86 | digest if longer than 64) and ipad and opad are 64-byte strings of 0x36 and | |
87 | 0x5c respectively, and comma means concatenation. | |
88 | ||
89 | Arguments: | |
90 | secret the shared secret | |
91 | challenge the challenge text | |
92 | digest 16-byte slot to put the answer in | |
93 | ||
94 | Returns: nothing | |
95 | */ | |
96 | ||
97 | static void | |
98 | compute_cram_md5(uschar *secret, uschar *challenge, uschar *digestptr) | |
99 | { | |
100 | md5 base; | |
101 | int i; | |
102 | int len = Ustrlen(secret); | |
103 | uschar isecret[64]; | |
104 | uschar osecret[64]; | |
105 | uschar md5secret[16]; | |
106 | ||
107 | /* If the secret is longer than 64 characters, we compute its MD5 digest | |
108 | and use that. */ | |
109 | ||
110 | if (len > 64) | |
111 | { | |
112 | md5_start(&base); | |
113 | md5_end(&base, (uschar *)secret, len, md5secret); | |
114 | secret = (uschar *)md5secret; | |
115 | len = 16; | |
116 | } | |
117 | ||
118 | /* The key length is now known to be <= 64. Set up the padded and xor'ed | |
119 | versions. */ | |
120 | ||
121 | memcpy(isecret, secret, len); | |
122 | memset(isecret+len, 0, 64-len); | |
123 | memcpy(osecret, isecret, 64); | |
124 | ||
125 | for (i = 0; i < 64; i++) | |
126 | { | |
127 | isecret[i] ^= 0x36; | |
128 | osecret[i] ^= 0x5c; | |
129 | } | |
130 | ||
131 | /* Compute the inner MD5 digest */ | |
132 | ||
133 | md5_start(&base); | |
134 | md5_mid(&base, isecret); | |
135 | md5_end(&base, (uschar *)challenge, Ustrlen(challenge), md5secret); | |
136 | ||
137 | /* Compute the outer MD5 digest */ | |
138 | ||
139 | md5_start(&base); | |
140 | md5_mid(&base, osecret); | |
141 | md5_end(&base, md5secret, 16, digestptr); | |
142 | } | |
143 | ||
144 | ||
145 | #ifndef STAND_ALONE | |
146 | ||
147 | /************************************************* | |
148 | * Server entry point * | |
149 | *************************************************/ | |
150 | ||
151 | /* For interface, see auths/README */ | |
152 | ||
153 | int | |
154 | auth_cram_md5_server(auth_instance *ablock, uschar *data) | |
155 | { | |
156 | auth_cram_md5_options_block *ob = | |
157 | (auth_cram_md5_options_block *)(ablock->options_block); | |
158 | uschar *challenge = string_sprintf("<%d.%d@%s>", getpid(), time(NULL), | |
159 | primary_hostname); | |
160 | uschar *clear, *secret; | |
161 | uschar digest[16]; | |
162 | int i, rc, len; | |
163 | ||
164 | /* If we are running in the test harness, always send the same challenge, | |
165 | an example string taken from the RFC. */ | |
166 | ||
167 | if (running_in_test_harness) | |
168 | challenge = US"<1896.697170952@postoffice.reston.mci.net>"; | |
169 | ||
170 | /* No data should have been sent with the AUTH command */ | |
171 | ||
172 | if (*data != 0) return UNEXPECTED; | |
173 | ||
174 | /* Send the challenge, read the return */ | |
175 | ||
176 | if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc; | |
177 | if ((len = auth_b64decode(data, &clear)) < 0) return BAD64; | |
178 | ||
179 | /* The return consists of a user name, space-separated from the CRAM-MD5 | |
f78eb7c6 PH |
180 | digest, expressed in hex. Extract the user name and put it in $auth1 and $1. |
181 | The former is now the preferred variable; the latter is the original one. Then | |
182 | check that the remaining length is 32. */ | |
0756eb3c | 183 | |
f78eb7c6 | 184 | auth_vars[0] = expand_nstring[1] = clear; |
0756eb3c PH |
185 | while (*clear != 0 && !isspace(*clear)) clear++; |
186 | if (!isspace(*clear)) return FAIL; | |
187 | *clear++ = 0; | |
188 | ||
189 | expand_nlength[1] = clear - expand_nstring[1] - 1; | |
190 | if (len - expand_nlength[1] - 1 != 32) return FAIL; | |
191 | expand_nmax = 1; | |
192 | ||
193 | /* Expand the server_secret string so that it can compute a value dependent on | |
194 | the user name if necessary. */ | |
195 | ||
196 | debug_print_string(ablock->server_debug_string); /* customized debugging */ | |
197 | secret = expand_string(ob->server_secret); | |
198 | ||
199 | /* A forced fail implies failure of authentication - i.e. we have no secret for | |
200 | the given name. */ | |
201 | ||
202 | if (secret == NULL) | |
203 | { | |
204 | if (expand_string_forcedfail) return FAIL; | |
205 | auth_defer_msg = expand_string_message; | |
206 | return DEFER; | |
207 | } | |
208 | ||
209 | /* Compute the CRAM-MD5 digest that we should have received from the client. */ | |
210 | ||
211 | compute_cram_md5(secret, challenge, digest); | |
212 | ||
213 | HDEBUG(D_auth) | |
214 | { | |
215 | uschar buff[64]; | |
f78eb7c6 | 216 | debug_printf("CRAM-MD5: user name = %s\n", auth_vars[0]); |
0756eb3c PH |
217 | debug_printf(" challenge = %s\n", challenge); |
218 | debug_printf(" received = %s\n", clear); | |
219 | Ustrcpy(buff," digest = "); | |
220 | for (i = 0; i < 16; i++) sprintf(CS buff+22+2*i, "%02x", digest[i]); | |
221 | debug_printf("%.54s\n", buff); | |
222 | } | |
223 | ||
224 | /* We now have to compare the digest, which is 16 bytes in binary, with the | |
225 | data received, which is expressed in lower case hex. We checked above that | |
226 | there were 32 characters of data left. */ | |
227 | ||
228 | for (i = 0; i < 16; i++) | |
229 | { | |
230 | int a = *clear++; | |
231 | int b = *clear++; | |
232 | if (((((a >= 'a')? a - 'a' + 10 : a - '0') << 4) + | |
233 | ((b >= 'a')? b - 'a' + 10 : b - '0')) != digest[i]) return FAIL; | |
234 | } | |
235 | ||
236 | return OK; | |
237 | } | |
238 | ||
239 | ||
240 | ||
241 | /************************************************* | |
242 | * Client entry point * | |
243 | *************************************************/ | |
244 | ||
245 | /* For interface, see auths/README */ | |
246 | ||
247 | int | |
248 | auth_cram_md5_client( | |
249 | auth_instance *ablock, /* authenticator block */ | |
250 | smtp_inblock *inblock, /* input connection */ | |
251 | smtp_outblock *outblock, /* output connection */ | |
252 | int timeout, /* command timeout */ | |
4730f942 | 253 | uschar *buffer, /* for reading response */ |
0756eb3c PH |
254 | int buffsize) /* size of buffer */ |
255 | { | |
256 | auth_cram_md5_options_block *ob = | |
257 | (auth_cram_md5_options_block *)(ablock->options_block); | |
258 | uschar *secret = expand_string(ob->client_secret); | |
259 | uschar *name = expand_string(ob->client_name); | |
260 | uschar *challenge, *p; | |
261 | int i; | |
262 | uschar digest[16]; | |
263 | ||
264 | /* If expansion of either the secret or the user name failed, return CANCELLED | |
265 | or ERROR, as approriate. */ | |
266 | ||
267 | if (secret == NULL || name == NULL) | |
268 | { | |
4730f942 PH |
269 | if (expand_string_forcedfail) |
270 | { | |
271 | *buffer = 0; /* No message */ | |
272 | return CANCELLED; | |
273 | } | |
0756eb3c PH |
274 | string_format(buffer, buffsize, "expansion of \"%s\" failed in " |
275 | "%s authenticator: %s", | |
276 | (secret == NULL)? ob->client_secret : ob->client_name, | |
277 | ablock->name, expand_string_message); | |
278 | return ERROR; | |
279 | } | |
280 | ||
281 | /* Initiate the authentication exchange and read the challenge, which arrives | |
282 | in base 64. */ | |
283 | ||
284 | if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", ablock->public_name) < 0) | |
285 | return FAIL_SEND; | |
286 | if (smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout) < 0) | |
287 | return FAIL; | |
288 | ||
289 | if (auth_b64decode(buffer + 4, &challenge) < 0) | |
290 | { | |
291 | string_format(buffer, buffsize, "bad base 64 string in challenge: %s", | |
292 | big_buffer + 4); | |
293 | return ERROR; | |
294 | } | |
295 | ||
296 | /* Run the CRAM-MD5 algorithm on the secret and the challenge */ | |
297 | ||
298 | compute_cram_md5(secret, challenge, digest); | |
299 | ||
300 | /* Create the response from the user name plus the CRAM-MD5 digest */ | |
301 | ||
302 | string_format(big_buffer, big_buffer_size - 36, "%s", name); | |
303 | p = big_buffer; | |
304 | while (*p != 0) p++; | |
305 | *p++ = ' '; | |
306 | ||
307 | for (i = 0; i < 16; i++) | |
308 | { | |
309 | sprintf(CS p, "%02x", digest[i]); | |
310 | p += 2; | |
311 | } | |
312 | ||
313 | /* Send the response, in base 64, and check the result. The response is | |
314 | in big_buffer, but auth_b64encode() returns its result in working store, | |
315 | so calling smtp_write_command(), which uses big_buffer, is OK. */ | |
316 | ||
317 | buffer[0] = 0; | |
318 | if (smtp_write_command(outblock, FALSE, "%s\r\n", auth_b64encode(big_buffer, | |
319 | p - big_buffer)) < 0) return FAIL_SEND; | |
320 | ||
321 | return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)? | |
322 | OK : FAIL; | |
323 | } | |
324 | #endif /* STAND_ALONE */ | |
325 | ||
326 | ||
327 | /************************************************* | |
328 | ************************************************** | |
329 | * Stand-alone test program * | |
330 | ************************************************** | |
331 | *************************************************/ | |
332 | ||
333 | #ifdef STAND_ALONE | |
334 | ||
335 | int main(int argc, char **argv) | |
336 | { | |
337 | int i; | |
338 | uschar *secret = US argv[1]; | |
339 | uschar *challenge = US argv[2]; | |
340 | uschar digest[16]; | |
341 | ||
342 | compute_cram_md5(secret, challenge, digest); | |
343 | ||
344 | for (i = 0; i < 16; i++) printf("%02x", digest[i]); | |
345 | printf("\n"); | |
346 | ||
347 | return 0; | |
348 | } | |
349 | ||
350 | #endif | |
351 | ||
352 | /* End of cram_md5.c */ |