cram.c
Go to the documentation of this file.
1 /***************************************************************************
2  * _ _ ____ _
3  * Project ___| | | | _ \| |
4  * / __| | | | |_) | |
5  * | (__| |_| | _ <| |___
6  * \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.haxx.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  * RFC2195 CRAM-MD5 authentication
22  *
23  ***************************************************************************/
24 
25 #include "curl_setup.h"
26 
27 #if !defined(CURL_DISABLE_CRYPTO_AUTH)
28 
29 #include <curl/curl.h>
30 #include "urldata.h"
31 
32 #include "vauth/vauth.h"
33 #include "curl_base64.h"
34 #include "curl_hmac.h"
35 #include "curl_md5.h"
36 #include "warnless.h"
37 #include "curl_printf.h"
38 
39 /* The last #include files should be: */
40 #include "curl_memory.h"
41 #include "memdebug.h"
42 
43 /*
44  * Curl_auth_decode_cram_md5_message()
45  *
46  * This is used to decode an already encoded CRAM-MD5 challenge message.
47  *
48  * Parameters:
49  *
50  * chlg64 [in] - The base64 encoded challenge message.
51  * outptr [in/out] - The address where a pointer to newly allocated memory
52  * holding the result will be stored upon completion.
53  * outlen [out] - The length of the output message.
54  *
55  * Returns CURLE_OK on success.
56  */
57 CURLcode Curl_auth_decode_cram_md5_message(const char *chlg64, char **outptr,
58  size_t *outlen)
59 {
60  CURLcode result = CURLE_OK;
61  size_t chlg64len = strlen(chlg64);
62 
63  *outptr = NULL;
64  *outlen = 0;
65 
66  /* Decode the challenge if necessary */
67  if(chlg64len && *chlg64 != '=')
68  result = Curl_base64_decode(chlg64, (unsigned char **) outptr, outlen);
69 
70  return result;
71 }
72 
73 /*
74  * Curl_auth_create_cram_md5_message()
75  *
76  * This is used to generate an already encoded CRAM-MD5 response message ready
77  * for sending to the recipient.
78  *
79  * Parameters:
80  *
81  * data [in] - The session handle.
82  * chlg [in] - The challenge.
83  * userp [in] - The user name.
84  * passdwp [in] - The user's password.
85  * outptr [in/out] - The address where a pointer to newly allocated memory
86  * holding the result will be stored upon completion.
87  * outlen [out] - The length of the output message.
88  *
89  * Returns CURLE_OK on success.
90  */
91 CURLcode Curl_auth_create_cram_md5_message(struct Curl_easy *data,
92  const char *chlg,
93  const char *userp,
94  const char *passwdp,
95  char **outptr, size_t *outlen)
96 {
97  CURLcode result = CURLE_OK;
98  size_t chlglen = 0;
99  HMAC_context *ctxt;
100  unsigned char digest[MD5_DIGEST_LEN];
101  char *response;
102 
103  if(chlg)
104  chlglen = strlen(chlg);
105 
106  /* Compute the digest using the password as the key */
107  ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
108  (const unsigned char *) passwdp,
109  curlx_uztoui(strlen(passwdp)));
110  if(!ctxt)
111  return CURLE_OUT_OF_MEMORY;
112 
113  /* Update the digest with the given challenge */
114  if(chlglen > 0)
115  Curl_HMAC_update(ctxt, (const unsigned char *) chlg,
116  curlx_uztoui(chlglen));
117 
118  /* Finalise the digest */
119  Curl_HMAC_final(ctxt, digest);
120 
121  /* Generate the response */
122  response = aprintf(
123  "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
124  userp, digest[0], digest[1], digest[2], digest[3], digest[4],
125  digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
126  digest[11], digest[12], digest[13], digest[14], digest[15]);
127  if(!response)
128  return CURLE_OUT_OF_MEMORY;
129 
130  /* Base64 encode the response */
131  result = Curl_base64_encode(data, response, 0, outptr, outlen);
132 
133  free(response);
134 
135  return result;
136 }
137 
138 #endif /* !CURL_DISABLE_CRYPTO_AUTH */
free
#define free(ptr)
Definition: curl_memory.h:130
Curl_base64_decode
CURLcode Curl_base64_decode(const char *src, unsigned char **outptr, size_t *outlen)
Definition: base64.c:100
curl_hmac.h
Curl_HMAC_MD5
const HMAC_params Curl_HMAC_MD5[1]
Definition: md5.c:487
Curl_auth_decode_cram_md5_message
CURLcode Curl_auth_decode_cram_md5_message(const char *chlg64, char **outptr, size_t *outlen)
Definition: cram.c:57
Curl_base64_encode
CURLcode Curl_base64_encode(struct Curl_easy *data, const char *inputbuff, size_t insize, char **outptr, size_t *outlen)
Definition: base64.c:291
CURLcode
CURLcode
Definition: curl.h:454
Curl_HMAC_final
int Curl_HMAC_final(HMAC_context *context, unsigned char *result)
Definition: hmac.c:113
Curl_auth_create_cram_md5_message
CURLcode Curl_auth_create_cram_md5_message(struct Curl_easy *data, const char *chlg, const char *userp, const char *passwdp, char **outptr, size_t *outlen)
Definition: cram.c:91
result
UNITTEST_START int result
Definition: unit1304.c:49
HMAC_context
Definition: curl_hmac.h:48
curl_printf.h
curl_md5.h
Curl_HMAC_update
int Curl_HMAC_update(HMAC_context *context, const unsigned char *data, unsigned int len)
Definition: hmac.c:103
curlx_uztoui
unsigned int curlx_uztoui(size_t uznum)
Definition: warnless.c:243
curl_memory.h
CURLE_OK
Definition: curl.h:455
curl_setup.h
aprintf
#define aprintf
Definition: curl_printf.h:46
Curl_easy
Definition: urldata.h:1732
Curl_HMAC_init
HMAC_context * Curl_HMAC_init(const HMAC_params *hashparams, const unsigned char *key, unsigned int keylen)
Definition: hmac.c:51
MD5_DIGEST_LEN
#define MD5_DIGEST_LEN
Definition: curl_md5.h:28
data
Definition: debug.c:29
curl_base64.h

rc_tagdetect_client
Author(s): Monika Florek-Jasinska , Raphael Schaller
autogenerated on Sat Feb 13 2021 03:42:08