cram.c
Go to the documentation of this file.
00001 /***************************************************************************
00002  *                                  _   _ ____  _
00003  *  Project                     ___| | | |  _ \| |
00004  *                             / __| | | | |_) | |
00005  *                            | (__| |_| |  _ <| |___
00006  *                             \___|\___/|_| \_\_____|
00007  *
00008  * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
00009  *
00010  * This software is licensed as described in the file COPYING, which
00011  * you should have received as part of this distribution. The terms
00012  * are also available at https://curl.haxx.se/docs/copyright.html.
00013  *
00014  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
00015  * copies of the Software, and permit persons to whom the Software is
00016  * furnished to do so, under the terms of the COPYING file.
00017  *
00018  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
00019  * KIND, either express or implied.
00020  *
00021  * RFC2195 CRAM-MD5 authentication
00022  *
00023  ***************************************************************************/
00024 
00025 #include "curl_setup.h"
00026 
00027 #if !defined(CURL_DISABLE_CRYPTO_AUTH)
00028 
00029 #include <curl/curl.h>
00030 #include "urldata.h"
00031 
00032 #include "vauth/vauth.h"
00033 #include "curl_base64.h"
00034 #include "curl_hmac.h"
00035 #include "curl_md5.h"
00036 #include "warnless.h"
00037 #include "curl_printf.h"
00038 
00039 /* The last #include files should be: */
00040 #include "curl_memory.h"
00041 #include "memdebug.h"
00042 
00043 /*
00044  * Curl_auth_decode_cram_md5_message()
00045  *
00046  * This is used to decode an already encoded CRAM-MD5 challenge message.
00047  *
00048  * Parameters:
00049  *
00050  * chlg64  [in]     - The base64 encoded challenge message.
00051  * outptr  [in/out] - The address where a pointer to newly allocated memory
00052  *                    holding the result will be stored upon completion.
00053  * outlen  [out]    - The length of the output message.
00054  *
00055  * Returns CURLE_OK on success.
00056  */
00057 CURLcode Curl_auth_decode_cram_md5_message(const char *chlg64, char **outptr,
00058                                            size_t *outlen)
00059 {
00060   CURLcode result = CURLE_OK;
00061   size_t chlg64len = strlen(chlg64);
00062 
00063   *outptr = NULL;
00064   *outlen = 0;
00065 
00066   /* Decode the challenge if necessary */
00067   if(chlg64len && *chlg64 != '=')
00068     result = Curl_base64_decode(chlg64, (unsigned char **) outptr, outlen);
00069 
00070   return result;
00071 }
00072 
00073 /*
00074  * Curl_auth_create_cram_md5_message()
00075  *
00076  * This is used to generate an already encoded CRAM-MD5 response message ready
00077  * for sending to the recipient.
00078  *
00079  * Parameters:
00080  *
00081  * data    [in]     - The session handle.
00082  * chlg    [in]     - The challenge.
00083  * userp   [in]     - The user name.
00084  * passdwp [in]     - The user's password.
00085  * outptr  [in/out] - The address where a pointer to newly allocated memory
00086  *                    holding the result will be stored upon completion.
00087  * outlen  [out]    - The length of the output message.
00088  *
00089  * Returns CURLE_OK on success.
00090  */
00091 CURLcode Curl_auth_create_cram_md5_message(struct Curl_easy *data,
00092                                            const char *chlg,
00093                                            const char *userp,
00094                                            const char *passwdp,
00095                                            char **outptr, size_t *outlen)
00096 {
00097   CURLcode result = CURLE_OK;
00098   size_t chlglen = 0;
00099   HMAC_context *ctxt;
00100   unsigned char digest[MD5_DIGEST_LEN];
00101   char *response;
00102 
00103   if(chlg)
00104     chlglen = strlen(chlg);
00105 
00106   /* Compute the digest using the password as the key */
00107   ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
00108                         (const unsigned char *) passwdp,
00109                         curlx_uztoui(strlen(passwdp)));
00110   if(!ctxt)
00111     return CURLE_OUT_OF_MEMORY;
00112 
00113   /* Update the digest with the given challenge */
00114   if(chlglen > 0)
00115     Curl_HMAC_update(ctxt, (const unsigned char *) chlg,
00116                      curlx_uztoui(chlglen));
00117 
00118   /* Finalise the digest */
00119   Curl_HMAC_final(ctxt, digest);
00120 
00121   /* Generate the response */
00122   response = aprintf(
00123     "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
00124     userp, digest[0], digest[1], digest[2], digest[3], digest[4],
00125     digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
00126     digest[11], digest[12], digest[13], digest[14], digest[15]);
00127   if(!response)
00128     return CURLE_OUT_OF_MEMORY;
00129 
00130   /* Base64 encode the response */
00131   result = Curl_base64_encode(data, response, 0, outptr, outlen);
00132 
00133   free(response);
00134 
00135   return result;
00136 }
00137 
00138 #endif /* !CURL_DISABLE_CRYPTO_AUTH */


rc_visard_driver
Author(s): Heiko Hirschmueller , Christian Emmerich , Felix Ruess
autogenerated on Thu Jun 6 2019 20:43:02