diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index d7360764b..17529a627 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -19,6 +19,7 @@ * KIND, either express or implied. * * RFC2195 CRAM-MD5 authentication + * RFC2831 DIGEST-MD5 authentication * RFC4616 PLAIN authentication * ***************************************************************************/ @@ -30,6 +31,7 @@ #include "curl_base64.h" #include "curl_md5.h" +#include "curl_rand.h" #include "curl_hmac.h" #include "curl_ntlm_msgs.h" #include "curl_sasl.h" @@ -41,6 +43,33 @@ /* The last #include file should be: */ #include "memdebug.h" +#ifndef CURL_DISABLE_CRYPTO_AUTH +/* Retrieves the value for a corresponding key from the challenge string + * returns TRUE if the key could be found, FALSE if it does not exists + */ +static bool sasl_digest_get_key_value(const unsigned char *chlg, + const char *key, + char *value, + size_t max_val_len, + char end_char) +{ + char *find_pos; + size_t i; + + find_pos = strstr((const char *) chlg, key); + if(!find_pos) + return FALSE; + + find_pos += strlen(key); + + for(i = 0; *find_pos && *find_pos != end_char && i < max_val_len - 1; ++i) + value[i] = *find_pos++; + value[i] = '\0'; + + return TRUE; +} +#endif + /* * Curl_sasl_create_plain_message() * @@ -198,6 +227,183 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data, /* Base64 encode the reply */ return Curl_base64_encode(data, reply, 0, outptr, outlen); } + +/* + * Curl_sasl_create_digest_md5_message() + * + * This is used to generate an already encoded DIGEST-MD5 response message + * ready for sending to the recipient. + * + * Parameters: + * + * data [in] - The session handle. + * chlg64 [in] - Pointer to the input buffer. + * userp [in] - The user name. + * passdwp [in] - The user's password. + * outptr [in/out] - The address where a pointer to newly allocated memory + * holding the result will be stored upon completion. + * outlen [out] - The length of the output message. + * + * Returns CURLE_OK on success. + */ +CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, + const char* chlg64, + const char* userp, + const char* passwdp, + char **outptr, size_t *outlen) +{ + static const char table16[] = "0123456789abcdef"; + + CURLcode result = CURLE_OK; + unsigned char *chlg = (unsigned char *) NULL; + size_t chlglen = 0; + size_t i; + MD5_context *ctxt; + unsigned char digest[MD5_DIGEST_LEN]; + char HA1_hex[2 * MD5_DIGEST_LEN + 1]; + char HA2_hex[2 * MD5_DIGEST_LEN + 1]; + char resp_hash_hex[2 * MD5_DIGEST_LEN + 1]; + + char nonce[64]; + char realm[128]; + char alg[64]; + char nonceCount[] = "00000001"; + char cnonce[] = "12345678"; /* will be changed */ + char method[] = "AUTHENTICATE"; + char qop[] = "auth"; + char uri[128] = "smtp/"; + char response[512]; + + result = Curl_base64_decode(chlg64, &chlg, &chlglen); + + if(result) + return result; + + /* Retrieve nonce string from the challenge */ + if(!sasl_digest_get_key_value(chlg, "nonce=\"", nonce, + sizeof(nonce), '\"')) { + Curl_safefree(chlg); + return CURLE_LOGIN_DENIED; + } + + /* Retrieve realm string from the challenge */ + if(!sasl_digest_get_key_value(chlg, "realm=\"", realm, + sizeof(realm), '\"')) { + /* Challenge does not have a realm, set empty string [RFC2831] page 6 */ + strcpy(realm, ""); + } + + /* Retrieve algorithm string from the challenge */ + if(!sasl_digest_get_key_value(chlg, "algorithm=", alg, sizeof(alg), ',')) { + Curl_safefree(chlg); + return CURLE_LOGIN_DENIED; + } + + Curl_safefree(chlg); + + /* We do not support other algorithms */ + if(strcmp(alg, "md5-sess") != 0) + return CURLE_LOGIN_DENIED; + + /* Generate 64 bits of random data */ + for(i = 0; i < 8; i++) + cnonce[i] = table16[Curl_rand()%16]; + + /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */ + ctxt = Curl_MD5_init(Curl_DIGEST_MD5); + if(!ctxt) + return CURLE_OUT_OF_MEMORY; + + Curl_MD5_update(ctxt, (const unsigned char *) userp, + curlx_uztoui(strlen(userp))); + Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + Curl_MD5_update(ctxt, (const unsigned char *) realm, + curlx_uztoui(strlen(realm))); + Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + Curl_MD5_update(ctxt, (const unsigned char *) passwdp, + curlx_uztoui(strlen(passwdp))); + Curl_MD5_final(ctxt, digest); + + ctxt = Curl_MD5_init(Curl_DIGEST_MD5); + if(!ctxt) + return CURLE_OUT_OF_MEMORY; + + Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN); + Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + Curl_MD5_update(ctxt, (const unsigned char *) nonce, + curlx_uztoui(strlen(nonce))); + Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + Curl_MD5_update(ctxt, (const unsigned char *) cnonce, + curlx_uztoui(strlen(cnonce))); + Curl_MD5_final(ctxt, digest); + + /* Convert calculated 16 octet hex into 32 bytes string */ + for(i = 0; i < MD5_DIGEST_LEN; i++) + snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]); + + /* Orepare URL string, append realm to the protocol */ + strcat(uri, realm); + + /* Calculate H(A2) */ + ctxt = Curl_MD5_init(Curl_DIGEST_MD5); + if(!ctxt) + return CURLE_OUT_OF_MEMORY; + + Curl_MD5_update(ctxt, (const unsigned char *) method, + curlx_uztoui(strlen(method))); + Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + Curl_MD5_update(ctxt, (const unsigned char *) uri, + curlx_uztoui(strlen(uri))); + Curl_MD5_final(ctxt, digest); + + for(i = 0; i < MD5_DIGEST_LEN; i++) + snprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]); + + /* Now calculate the response hash */ + ctxt = Curl_MD5_init(Curl_DIGEST_MD5); + if(!ctxt) + return CURLE_OUT_OF_MEMORY; + + Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN); + Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + Curl_MD5_update(ctxt, (const unsigned char *) nonce, + curlx_uztoui(strlen(nonce))); + Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + + Curl_MD5_update(ctxt, (const unsigned char *) nonceCount, + curlx_uztoui(strlen(nonceCount))); + Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + Curl_MD5_update(ctxt, (const unsigned char *) cnonce, + curlx_uztoui(strlen(cnonce))); + Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + Curl_MD5_update(ctxt, (const unsigned char *) qop, + curlx_uztoui(strlen(qop))); + Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + + Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN); + Curl_MD5_final(ctxt, digest); + + for(i = 0; i < MD5_DIGEST_LEN; i++) + snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]); + + strcpy(response, "username=\""); + strcat(response, userp); + strcat(response, "\",realm=\""); + strcat(response, realm); + strcat(response, "\",nonce=\""); + strcat(response, nonce); + strcat(response, "\",cnonce=\""); + strcat(response, cnonce); + strcat(response, "\",nc="); + strcat(response, nonceCount); + strcat(response, ",digest-uri=\""); + strcat(response, uri); + strcat(response, "\",response="); + strcat(response, resp_hash_hex); + + /* Base64 encode the reply */ + return Curl_base64_encode(data, response, 0, outptr, outlen); +} #endif #ifdef USE_NTLM diff --git a/lib/curl_sasl.h b/lib/curl_sasl.h index c9b605310..892da81ec 100644 --- a/lib/curl_sasl.h +++ b/lib/curl_sasl.h @@ -52,6 +52,13 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data, const char* user, const char* passwdp, char **outptr, size_t *outlen); + +/* This is used to generate a base64 encoded DIGEST-MD5 response message */ +CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, + const char* chlg64, + const char* user, + const char* passwdp, + char **outptr, size_t *outlen); #endif #ifdef USE_NTLM diff --git a/lib/smtp.c b/lib/smtp.c index ee3811881..fc952481b 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -82,9 +82,6 @@ #include "url.h" #include "rawstr.h" #include "strtoofft.h" -#include "curl_base64.h" -#include "curl_rand.h" -#include "curl_md5.h" #include "curl_gethostname.h" #include "curl_sasl.h" #include "warnless.h" @@ -279,33 +276,6 @@ static int smtp_endofresp(struct pingpong *pp, int *resp) return result; } -#ifndef CURL_DISABLE_CRYPTO_AUTH -/* Retrieves the value for a corresponding key from the challenge string - * returns TRUE if the key could be found, FALSE if it does not exists - */ -static bool smtp_digest_get_key_value(const unsigned char *chlg, - const char *key, - char *value, - size_t max_val_len, - char end_char) -{ - char *find_pos; - size_t i; - - find_pos = strstr((const char *) chlg, key); - if(!find_pos) - return FALSE; - - find_pos += strlen(key); - - for(i = 0; *find_pos && *find_pos != end_char && i < max_val_len - 1; ++i) - value[i] = *find_pos++; - value[i] = '\0'; - - return TRUE; -} -#endif - /* This is the ONLY way to change SMTP state! */ static void state(struct connectdata *conn, smtpstate newstate) { @@ -764,31 +734,11 @@ static CURLcode smtp_state_authdigest_resp(struct connectdata *conn, int smtpcode, smtpstate instate) { - static const char table16[] = "0123456789abcdef"; - CURLcode result = CURLE_OK; struct SessionHandle *data = conn->data; char *chlg64 = data->state.buffer; - unsigned char *chlg; - size_t chlglen; size_t len = 0; - size_t i; char *rplyb64 = NULL; - MD5_context *ctxt; - unsigned char digest[MD5_DIGEST_LEN]; - char HA1_hex[2 * MD5_DIGEST_LEN + 1]; - char HA2_hex[2 * MD5_DIGEST_LEN + 1]; - char resp_hash_hex[2 * MD5_DIGEST_LEN + 1]; - - char nonce[64]; - char realm[128]; - char alg[64]; - char nonceCount[] = "00000001"; - char cnonce[] = "12345678"; /* will be changed */ - char method[] = "AUTHENTICATE"; - char qop[] = "auth"; - char uri[128] = "smtp/"; - char response[512]; (void)instate; /* no use for this yet */ @@ -801,138 +751,8 @@ static CURLcode smtp_state_authdigest_resp(struct connectdata *conn, for(chlg64 += 4; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++) ; - chlg = (unsigned char *) NULL; - chlglen = 0; - - result = Curl_base64_decode(chlg64, &chlg, &chlglen); - - if(result) - return result; - - /* Retrieve nonce string from the challenge */ - if(!smtp_digest_get_key_value(chlg, "nonce=\"", nonce, - sizeof(nonce), '\"')) { - Curl_safefree(chlg); - return CURLE_LOGIN_DENIED; - } - - /* Retrieve realm string from the challenge */ - if(!smtp_digest_get_key_value(chlg, "realm=\"", realm, - sizeof(realm), '\"')) { - /* Challenge does not have a realm, set empty string [RFC2831] page 6 */ - strcpy(realm, ""); - } - - /* Retrieve algorithm string from the challenge */ - if(!smtp_digest_get_key_value(chlg, "algorithm=", alg, sizeof(alg), ',')) { - Curl_safefree(chlg); - return CURLE_LOGIN_DENIED; - } - - Curl_safefree(chlg); - - /* We do not support other algorithms */ - if(strcmp(alg, "md5-sess") != 0) - return CURLE_LOGIN_DENIED; - - /* Generate 64 bits of random data */ - for(i = 0; i < 8; i++) - cnonce[i] = table16[Curl_rand()%16]; - - /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */ - ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; - - Curl_MD5_update(ctxt, (const unsigned char *) conn->user, - curlx_uztoui(strlen(conn->user))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) realm, - curlx_uztoui(strlen(realm))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) conn->passwd, - curlx_uztoui(strlen(conn->passwd))); - Curl_MD5_final(ctxt, digest); - - ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; - - Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) nonce, - curlx_uztoui(strlen(nonce))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) cnonce, - curlx_uztoui(strlen(cnonce))); - Curl_MD5_final(ctxt, digest); - - /* Convert calculated 16 octet hex into 32 bytes string */ - for(i = 0; i < MD5_DIGEST_LEN; i++) - snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]); - - /* Orepare URL string, append realm to the protocol */ - strcat(uri, realm); - - /* Calculate H(A2) */ - ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; - - Curl_MD5_update(ctxt, (const unsigned char *) method, - curlx_uztoui(strlen(method))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) uri, - curlx_uztoui(strlen(uri))); - Curl_MD5_final(ctxt, digest); - - for(i = 0; i < MD5_DIGEST_LEN; i++) - snprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]); - - /* Now calculate the response hash */ - ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; - - Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) nonce, - curlx_uztoui(strlen(nonce))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - - Curl_MD5_update(ctxt, (const unsigned char *) nonceCount, - curlx_uztoui(strlen(nonceCount))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) cnonce, - curlx_uztoui(strlen(cnonce))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) qop, - curlx_uztoui(strlen(qop))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - - Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN); - Curl_MD5_final(ctxt, digest); - - for(i = 0; i < MD5_DIGEST_LEN; i++) - snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]); - - strcpy(response, "username=\""); - strcat(response, conn->user); - strcat(response, "\",realm=\""); - strcat(response, realm); - strcat(response, "\",nonce=\""); - strcat(response, nonce); - strcat(response, "\",cnonce=\""); - strcat(response, cnonce); - strcat(response, "\",nc="); - strcat(response, nonceCount); - strcat(response, ",digest-uri=\""); - strcat(response, uri); - strcat(response, "\",response="); - strcat(response, resp_hash_hex); - - /* Encode it to base64 and send it */ - result = Curl_base64_encode(data, response, 0, &rplyb64, &len); + result = Curl_sasl_create_digest_md5_message(data, chlg64, conn->user, + conn->passwd, &rplyb64, &len); if(!result) { if(rplyb64) {