src/src/auths/cram_md5.c

   1 /* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.5 2006/02/23 12:41:22 ph10 Exp $ */
   2
   3 /*************************************************
   4 *     Exim - an Internet mail transport agent    *
   5 *************************************************/
   6
   7 /* Copyright (c) University of Cambridge 1995 - 2006 */
   8 /* See the file NOTICE for conditions of use and distribution. */
   9
  10
  11 /* The stand-alone version just tests the algorithm. We have to drag
  12 in the MD5 computation functions, without their own stand-alone main
  13 program. */
  14
  15 #ifdef STAND_ALONE
  16 #define CRAM_STAND_ALONE
  17 #include "md5.c"
  18
  19
  20 /* This is the normal, non-stand-alone case */
  21
  22 #else
  23 #include "../exim.h"
  24 #include "cram_md5.h"
  25
  26 /* Options specific to the cram_md5 authentication mechanism. */
  27
  28 optionlist auth_cram_md5_options[] = {
  29   { "client_name",        opt_stringptr,
  30       (void *)(offsetof(auth_cram_md5_options_block, client_name)) },
  31   { "client_secret",      opt_stringptr,
  32       (void *)(offsetof(auth_cram_md5_options_block, client_secret)) },
  33   { "server_secret",      opt_stringptr,
  34       (void *)(offsetof(auth_cram_md5_options_block, server_secret)) }
  35 };
  36
  37 /* Size of the options list. An extern variable has to be used so that its
  38 address can appear in the tables drtables.c. */
  39
  40 int auth_cram_md5_options_count =
  41   sizeof(auth_cram_md5_options)/sizeof(optionlist);
  42
  43 /* Default private options block for the contidion authentication method. */
  44
  45 auth_cram_md5_options_block auth_cram_md5_option_defaults = {
  46   NULL,             /* server_secret */
  47   NULL,             /* client_secret */
  48   NULL              /* client_name */
  49 };
  50
  51
  52 /*************************************************
  53 *          Initialization entry point            *
  54 *************************************************/
  55
  56 /* Called for each instance, after its options have been read, to
  57 enable consistency checks to be done, or anything else that needs
  58 to be set up. */
  59
  60 void
  61 auth_cram_md5_init(auth_instance *ablock)
  62 {
  63 auth_cram_md5_options_block *ob =
  64   (auth_cram_md5_options_block *)(ablock->options_block);
  65 if (ob->server_secret != NULL) ablock->server = TRUE;
  66 if (ob->client_secret != NULL)
  67   {
  68   ablock->client = TRUE;
  69   if (ob->client_name == NULL) ob->client_name = primary_hostname;
  70   }
  71 }
  72
  73 #endif  /* STAND_ALONE */
  74
  75
  76
  77 /*************************************************
  78 *      Peform the CRAM-MD5 algorithm             *
  79 *************************************************/
  80
  81 /* The CRAM-MD5 algorithm is described in RFC 2195. It computes
  82
  83   MD5((secret XOR opad), MD5((secret XOR ipad), challenge))
  84
  85 where secret is padded out to 64 characters (after being reduced to an MD5
  86 digest if longer than 64) and ipad and opad are 64-byte strings of 0x36 and
  87 0x5c respectively, and comma means concatenation.
  88
  89 Arguments:
  90   secret         the shared secret
  91   challenge      the challenge text
  92   digest         16-byte slot to put the answer in
  93
  94 Returns:         nothing
  95 */
  96
  97 static void
  98 compute_cram_md5(uschar *secret, uschar *challenge, uschar *digestptr)
  99 {
 100 md5 base;
 101 int i;
 102 int len = Ustrlen(secret);
 103 uschar isecret[64];
 104 uschar osecret[64];
 105 uschar md5secret[16];
 106
 107 /* If the secret is longer than 64 characters, we compute its MD5 digest
 108 and use that. */
 109
 110 if (len > 64)
 111   {
 112   md5_start(&base);
 113   md5_end(&base, (uschar *)secret, len, md5secret);
 114   secret = (uschar *)md5secret;
 115   len = 16;
 116   }
 117
 118 /* The key length is now known to be <= 64. Set up the padded and xor'ed
 119 versions. */
 120
 121 memcpy(isecret, secret, len);
 122 memset(isecret+len, 0, 64-len);
 123 memcpy(osecret, isecret, 64);
 124
 125 for (i = 0; i < 64; i++)
 126   {
 127   isecret[i] ^= 0x36;
 128   osecret[i] ^= 0x5c;
 129   }
 130
 131 /* Compute the inner MD5 digest */
 132
 133 md5_start(&base);
 134 md5_mid(&base, isecret);
 135 md5_end(&base, (uschar *)challenge, Ustrlen(challenge), md5secret);
 136
 137 /* Compute the outer MD5 digest */
 138
 139 md5_start(&base);
 140 md5_mid(&base, osecret);
 141 md5_end(&base, md5secret, 16, digestptr);
 142 }
 143
 144
 145 #ifndef STAND_ALONE
 146
 147 /*************************************************
 148 *             Server entry point                 *
 149 *************************************************/
 150
 151 /* For interface, see auths/README */
 152
 153 int
 154 auth_cram_md5_server(auth_instance *ablock, uschar *data)
 155 {
 156 auth_cram_md5_options_block *ob =
 157   (auth_cram_md5_options_block *)(ablock->options_block);
 158 uschar *challenge = string_sprintf("<%d.%d@%s>", getpid(), time(NULL),
 159   primary_hostname);
 160 uschar *clear, *secret;
 161 uschar digest[16];
 162 int i, rc, len;
 163
 164 /* If we are running in the test harness, always send the same challenge,
 165 an example string taken from the RFC. */
 166
 167 if (running_in_test_harness)
 168   challenge = US"<1896.697170952@postoffice.reston.mci.net>";
 169
 170 /* No data should have been sent with the AUTH command */
 171
 172 if (*data != 0) return UNEXPECTED;
 173
 174 /* Send the challenge, read the return */
 175
 176 if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc;
 177 if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
 178
 179 /* The return consists of a user name, space-separated from the CRAM-MD5
 180 digest, expressed in hex. Extract the user name and put it in $auth1 and $1.
 181 The former is now the preferred variable; the latter is the original one. Then
 182 check that the remaining length is 32. */
 183
 184 auth_vars[0] = expand_nstring[1] = clear;
 185 while (*clear != 0 && !isspace(*clear)) clear++;
 186 if (!isspace(*clear)) return FAIL;
 187 *clear++ = 0;
 188
 189 expand_nlength[1] = clear - expand_nstring[1] - 1;
 190 if (len - expand_nlength[1] - 1 != 32) return FAIL;
 191 expand_nmax = 1;
 192
 193 /* Expand the server_secret string so that it can compute a value dependent on
 194 the user name if necessary. */
 195
 196 debug_print_string(ablock->server_debug_string);    /* customized debugging */
 197 secret = expand_string(ob->server_secret);
 198
 199 /* A forced fail implies failure of authentication - i.e. we have no secret for
 200 the given name. */
 201
 202 if (secret == NULL)
 203   {
 204   if (expand_string_forcedfail) return FAIL;
 205   auth_defer_msg = expand_string_message;
 206   return DEFER;
 207   }
 208
 209 /* Compute the CRAM-MD5 digest that we should have received from the client. */
 210
 211 compute_cram_md5(secret, challenge, digest);
 212
 213 HDEBUG(D_auth)
 214   {
 215   uschar buff[64];
 216   debug_printf("CRAM-MD5: user name = %s\n", auth_vars[0]);
 217   debug_printf("          challenge = %s\n", challenge);
 218   debug_printf("          received  = %s\n", clear);
 219   Ustrcpy(buff,"          digest    = ");
 220   for (i = 0; i < 16; i++) sprintf(CS buff+22+2*i, "%02x", digest[i]);
 221   debug_printf("%.54s\n", buff);
 222   }
 223
 224 /* We now have to compare the digest, which is 16 bytes in binary, with the
 225 data received, which is expressed in lower case hex. We checked above that
 226 there were 32 characters of data left. */
 227
 228 for (i = 0; i < 16; i++)
 229   {
 230   int a = *clear++;
 231   int b = *clear++;
 232   if (((((a >= 'a')? a - 'a' + 10 : a - '0') << 4) +
 233         ((b >= 'a')? b - 'a' + 10 : b - '0')) != digest[i]) return FAIL;
 234   }
 235
 236 return OK;
 237 }
 238
 239
 240
 241 /*************************************************
 242 *              Client entry point                *
 243 *************************************************/
 244
 245 /* For interface, see auths/README */
 246
 247 int
 248 auth_cram_md5_client(
 249   auth_instance *ablock,                 /* authenticator block */
 250   smtp_inblock *inblock,                 /* input connection */
 251   smtp_outblock *outblock,               /* output connection */
 252   int timeout,                           /* command timeout */
 253   uschar *buffer,                        /* for reading response */
 254   int buffsize)                          /* size of buffer */
 255 {
 256 auth_cram_md5_options_block *ob =
 257   (auth_cram_md5_options_block *)(ablock->options_block);
 258 uschar *secret = expand_string(ob->client_secret);
 259 uschar *name = expand_string(ob->client_name);
 260 uschar *challenge, *p;
 261 int i;
 262 uschar digest[16];
 263
 264 /* If expansion of either the secret or the user name failed, return CANCELLED
 265 or ERROR, as approriate. */
 266
 267 if (secret == NULL || name == NULL)
 268   {
 269   if (expand_string_forcedfail)
 270     {
 271     *buffer = 0;           /* No message */
 272     return CANCELLED;
 273     }
 274   string_format(buffer, buffsize, "expansion of \"%s\" failed in "
 275     "%s authenticator: %s",
 276     (secret == NULL)? ob->client_secret : ob->client_name,
 277     ablock->name, expand_string_message);
 278   return ERROR;
 279   }
 280
 281 /* Initiate the authentication exchange and read the challenge, which arrives
 282 in base 64. */
 283
 284 if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", ablock->public_name) < 0)
 285   return FAIL_SEND;
 286 if (smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout) < 0)
 287   return FAIL;
 288
 289 if (auth_b64decode(buffer + 4, &challenge) < 0)
 290   {
 291   string_format(buffer, buffsize, "bad base 64 string in challenge: %s",
 292     big_buffer + 4);
 293   return ERROR;
 294   }
 295
 296 /* Run the CRAM-MD5 algorithm on the secret and the challenge */
 297
 298 compute_cram_md5(secret, challenge, digest);
 299
 300 /* Create the response from the user name plus the CRAM-MD5 digest */
 301
 302 string_format(big_buffer, big_buffer_size - 36, "%s", name);
 303 p = big_buffer;
 304 while (*p != 0) p++;
 305 *p++ = ' ';
 306
 307 for (i = 0; i < 16; i++)
 308   {
 309   sprintf(CS p, "%02x", digest[i]);
 310   p += 2;
 311   }
 312
 313 /* Send the response, in base 64, and check the result. The response is
 314 in big_buffer, but auth_b64encode() returns its result in working store,
 315 so calling smtp_write_command(), which uses big_buffer, is OK. */
 316
 317 buffer[0] = 0;
 318 if (smtp_write_command(outblock, FALSE, "%s\r\n", auth_b64encode(big_buffer,
 319   p - big_buffer)) < 0) return FAIL_SEND;
 320
 321 return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)?
 322   OK : FAIL;
 323 }
 324 #endif  /* STAND_ALONE */
 325
 326
 327 /*************************************************
 328 **************************************************
 329 *             Stand-alone test program           *
 330 **************************************************
 331 *************************************************/
 332
 333 #ifdef STAND_ALONE
 334
 335 int main(int argc, char **argv)
 336 {
 337 int i;
 338 uschar *secret = US argv[1];
 339 uschar *challenge = US argv[2];
 340 uschar digest[16];
 341
 342 compute_cram_md5(secret, challenge, digest);
 343
 344 for (i = 0; i < 16; i++) printf("%02x", digest[i]);
 345 printf("\n");
 346
 347 return 0;
 348 }
 349
 350 #endif
 351
 352 /* End of cram_md5.c */