imapext-2007
view src/c-client/auth_md5.c @ 0:ada5e610ab86
imap-2007e
| author | yuuji@gentei.org |
|---|---|
| date | Mon, 14 Sep 2009 15:17:45 +0900 |
| parents | |
| children | 28a55bc1110c |
line source
1 /* ========================================================================
2 * Copyright 1988-2007 University of Washington
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 *
11 * ========================================================================
12 */
14 /*
15 * Program: CRAM-MD5 authenticator
16 *
17 * Author: Mark Crispin
18 * Networks and Distributed Computing
19 * Computing & Communications
20 * University of Washington
21 * Administration Building, AG-44
22 * Seattle, WA 98195
23 * Internet: MRC@CAC.Washington.EDU
24 *
25 * Date: 21 October 1998
26 * Last Edited: 30 January 2007
27 */
29 /* MD5 context */
31 #define MD5BLKLEN 64 /* MD5 block length */
32 #define MD5DIGLEN 16 /* MD5 digest length */
34 typedef struct {
35 unsigned long chigh; /* high 32bits of byte count */
36 unsigned long clow; /* low 32bits of byte count */
37 unsigned long state[4]; /* state (ABCD) */
38 unsigned char buf[MD5BLKLEN]; /* input buffer */
39 unsigned char *ptr; /* buffer position */
40 } MD5CONTEXT;
43 /* Prototypes */
45 long auth_md5_valid (void);
46 long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
47 char *service,NETMBX *mb,void *stream,
48 unsigned long *trial,char *user);
49 char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
50 char *auth_md5_pwd (char *user);
51 char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[]);
52 char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
53 void md5_init (MD5CONTEXT *ctx);
54 void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
55 void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
56 static void md5_transform (unsigned long *state,unsigned char *block);
57 static void md5_encode (unsigned char *dst,unsigned long *src,int len);
58 static void md5_decode (unsigned long *dst,unsigned char *src,int len);
61 /* Authenticator linkage */
63 AUTHENTICATOR auth_md5 = {
64 AU_SECURE, /* secure authenticator */
65 "CRAM-MD5", /* authenticator name */
66 auth_md5_valid, /* check if valid */
67 auth_md5_client, /* client method */
68 auth_md5_server, /* server method */
69 NIL /* next authenticator */
70 };
72 /* Check if CRAM-MD5 valid on this system
73 * Returns: T, always
74 */
76 long auth_md5_valid (void)
77 {
78 struct stat sbuf;
79 /* server forbids MD5 if no MD5 enable file */
80 if (stat (MD5ENABLE,&sbuf)) auth_md5.server = NIL;
81 return T; /* MD5 is otherwise valid */
82 }
85 /* Client authenticator
86 * Accepts: challenger function
87 * responder function
88 * SASL service name
89 * parsed network mailbox structure
90 * stream argument for functions
91 * pointer to current trial count
92 * returned user name
93 * Returns: T if success, NIL otherwise, number of trials incremented if retry
94 */
96 long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
97 char *service,NETMBX *mb,void *stream,
98 unsigned long *trial,char *user)
99 {
100 char pwd[MAILTMPLEN];
101 void *challenge;
102 unsigned long clen;
103 long ret = NIL;
104 /* get challenge */
105 if (challenge = (*challenger) (stream,&clen)) {
106 pwd[0] = NIL; /* prompt user */
107 mm_login (mb,user,pwd,*trial);
108 if (!pwd[0]) { /* user requested abort */
109 fs_give ((void **) &challenge);
110 (*responder) (stream,NIL,0);
111 *trial = 0; /* cancel subsequent attempts */
112 ret = LONGT; /* will get a BAD response back */
113 }
114 else { /* got password, build response */
115 sprintf (pwd,"%.65s %.33s",user,hmac_md5 (challenge,clen,
116 pwd,strlen (pwd)));
117 fs_give ((void **) &challenge);
118 /* send credentials, allow retry if OK */
119 if ((*responder) (stream,pwd,strlen (pwd))) {
120 if (challenge = (*challenger) (stream,&clen))
121 fs_give ((void **) &challenge);
122 else {
123 ++*trial; /* can try again if necessary */
124 ret = LONGT; /* check the authentication */
125 }
126 }
127 }
128 }
129 memset (pwd,0,MAILTMPLEN); /* erase password in case not overwritten */
130 if (!ret) *trial = 65535; /* don't retry if bad protocol */
131 return ret;
132 }
134 /* Server authenticator
135 * Accepts: responder function
136 * argument count
137 * argument vector
138 * Returns: authenticated user name or NIL
139 *
140 * This is much hairier than it needs to be due to the necessary of zapping
141 * the password data.
142 */
144 static int md5try = MAXLOGINTRIALS;
146 char *auth_md5_server (authresponse_t responder,int argc,char *argv[])
147 {
148 char *ret = NIL;
149 char *p,*u,*user,*authuser,*hash,chal[MAILTMPLEN];
150 unsigned long cl,pl;
151 /* generate challenge */
152 sprintf (chal,"<%lu.%lu@%s>",(unsigned long) getpid (),
153 (unsigned long) time (0),mylocalhost ());
154 /* send challenge, get user and hash */
155 if (user = (*responder) (chal,cl = strlen (chal),NIL)) {
156 /* got user, locate hash */
157 if (hash = strrchr (user,' ')) {
158 *hash++ = '\0'; /* tie off user */
159 /* see if authentication user */
160 if (authuser = strchr (user,'*')) *authuser++ = '\0';
161 /* get password */
162 if (p = auth_md5_pwd ((authuser && *authuser) ? authuser : user)) {
163 pl = strlen (p);
164 u = (md5try && !strcmp (hash,hmac_md5 (chal,cl,p,pl))) ? user : NIL;
165 memset (p,0,pl); /* erase sensitive information */
166 fs_give ((void **) &p); /* flush erased password */
167 /* now log in for real */
168 if (u && authserver_login (u,authuser,argc,argv)) ret = myusername ();
169 else if (md5try) --md5try;
170 }
171 }
172 fs_give ((void **) &user);
173 }
174 if (!ret) sleep (3); /* slow down possible cracker */
175 return ret;
176 }
178 /* Return MD5 password for user
179 * Accepts: user name
180 * Returns: plaintext password if success, else NIL
181 *
182 * This is much hairier than it needs to be due to the necessary of zapping
183 * the password data. That's why we don't use stdio here.
184 */
186 char *auth_md5_pwd (char *user)
187 {
188 struct stat sbuf;
189 int fd = open (MD5ENABLE,O_RDONLY,NIL);
190 unsigned char *s,*t,*buf,*lusr,*lret;
191 char *r;
192 char *ret = NIL;
193 if (fd >= 0) { /* found the file? */
194 fstat (fd,&sbuf); /* yes, slurp it into memory */
195 read (fd,buf = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size);
196 /* see if any uppercase characters in user */
197 for (s = user; *s && ((*s < 'A') || (*s > 'Z')); s++);
198 /* yes, make lowercase copy */
199 lusr = *s ? lcase (cpystr (user)) : NIL;
200 for (s = strtok_r ((char *) buf,"\015\012",&r),lret = NIL; s;
201 s = ret ? NIL : strtok_r (NIL,"\015\012",&r))
202 /* must be valid entry line */
203 if (*s && (*s != '#') && (t = strchr (s,'\t')) && t[1]) {
204 *t++ = '\0'; /* found tab, tie off user, point to pwd */
205 if (!strcmp (s,user)) ret = cpystr (t);
206 else if (lusr && !lret) if (!strcmp (s,lusr)) lret = t;
207 }
208 /* accept case-independent name */
209 if (!ret && lret) ret = cpystr (lret);
210 /* don't need lowercase copy any more */
211 if (lusr) fs_give ((void **) &lusr);
212 /* erase sensitive information from buffer */
213 memset (buf,0,sbuf.st_size + 1);
214 fs_give ((void **) &buf); /* flush the buffer */
215 close (fd); /* don't need file any longer */
216 }
217 return ret; /* return password */
218 }
220 /* APOP server login
221 * Accepts: challenge
222 * desired user name
223 * purported MD5
224 * argument count
225 * argument vector
226 * Returns: authenticated user name or NIL
227 */
229 char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[])
230 {
231 int i,j;
232 char *ret = NIL;
233 char *s,*authuser,tmp[MAILTMPLEN];
234 unsigned char digest[MD5DIGLEN];
235 MD5CONTEXT ctx;
236 char *hex = "0123456789abcdef";
237 /* see if authentication user */
238 if (authuser = strchr (user,'*')) *authuser++ = '\0';
239 /* get password */
240 if (s = auth_md5_pwd ((authuser && *authuser) ? authuser : user)) {
241 md5_init (&ctx); /* initialize MD5 context */
242 /* build string to get MD5 digest */
243 sprintf (tmp,"%.128s%.128s",chal,s);
244 memset (s,0,strlen (s)); /* erase sensitive information */
245 fs_give ((void **) &s); /* flush erased password */
246 md5_update (&ctx,(unsigned char *) tmp,strlen (tmp));
247 memset (tmp,0,MAILTMPLEN); /* erase sensitive information */
248 md5_final (digest,&ctx);
249 /* convert to printable hex */
250 for (i = 0, s = tmp; i < MD5DIGLEN; i++) {
251 *s++ = hex[(j = digest[i]) >> 4];
252 *s++ = hex[j & 0xf];
253 }
254 *s = '\0'; /* tie off hash text */
255 memset (digest,0,MD5DIGLEN);/* erase sensitive information */
256 if (md5try && !strcmp (md5,tmp) &&
257 authserver_login (user,authuser,argc,argv))
258 ret = cpystr (myusername ());
259 else if (md5try) --md5try;
260 memset (tmp,0,MAILTMPLEN); /* erase sensitive information */
261 }
262 if (!ret) sleep (3); /* slow down possible cracker */
263 return ret;
264 }
266 /*
267 * RFC 2104 HMAC hashing
268 * Accepts: text to hash
269 * text length
270 * key
271 * key length
272 * Returns: hash as text, always
273 */
275 char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl)
276 {
277 int i,j;
278 static char hshbuf[2*MD5DIGLEN + 1];
279 char *s;
280 MD5CONTEXT ctx;
281 char *hex = "0123456789abcdef";
282 unsigned char digest[MD5DIGLEN],k_ipad[MD5BLKLEN+1],k_opad[MD5BLKLEN+1];
283 if (kl > MD5BLKLEN) { /* key longer than pad length? */
284 md5_init (&ctx); /* yes, set key as MD5(key) */
285 md5_update (&ctx,(unsigned char *) key,kl);
286 md5_final (digest,&ctx);
287 key = (char *) digest;
288 kl = MD5DIGLEN;
289 }
290 memcpy (k_ipad,key,kl); /* store key in pads */
291 memset (k_ipad+kl,0,(MD5BLKLEN+1)-kl);
292 memcpy (k_opad,k_ipad,MD5BLKLEN+1);
293 /* XOR key with ipad and opad values */
294 for (i = 0; i < MD5BLKLEN; i++) {
295 k_ipad[i] ^= 0x36;
296 k_opad[i] ^= 0x5c;
297 }
298 md5_init (&ctx); /* inner MD5: hash ipad and text */
299 md5_update (&ctx,k_ipad,MD5BLKLEN);
300 md5_update (&ctx,(unsigned char *) text,tl);
301 md5_final (digest,&ctx);
302 md5_init (&ctx); /* outer MD5: hash opad and inner results */
303 md5_update (&ctx,k_opad,MD5BLKLEN);
304 md5_update (&ctx,digest,MD5DIGLEN);
305 md5_final (digest,&ctx);
306 /* convert to printable hex */
307 for (i = 0, s = hshbuf; i < MD5DIGLEN; i++) {
308 *s++ = hex[(j = digest[i]) >> 4];
309 *s++ = hex[j & 0xf];
310 }
311 *s = '\0'; /* tie off hash text */
312 return hshbuf;
313 }
315 /* Everything after this point is derived from the RSA Data Security, Inc.
316 * MD5 Message-Digest Algorithm
317 */
319 /* You may wonder why these strange "a &= 0xffffffff;" statements are here.
320 * This is to ensure correct results on machines with a unsigned long size of
321 * larger than 32 bits.
322 */
324 #define RND1(a,b,c,d,x,s,ac) \
325 a += ((b & c) | (d & ~b)) + x + (unsigned long) ac; \
326 a &= 0xffffffff; \
327 a = b + ((a << s) | (a >> (32 - s)));
329 #define RND2(a,b,c,d,x,s,ac) \
330 a += ((b & d) | (c & ~d)) + x + (unsigned long) ac; \
331 a &= 0xffffffff; \
332 a = b + ((a << s) | (a >> (32 - s)));
334 #define RND3(a,b,c,d,x,s,ac) \
335 a += (b ^ c ^ d) + x + (unsigned long) ac; \
336 a &= 0xffffffff; \
337 a = b + ((a << s) | (a >> (32 - s)));
339 #define RND4(a,b,c,d,x,s,ac) \
340 a += (c ^ (b | ~d)) + x + (unsigned long) ac; \
341 a &= 0xffffffff; \
342 a = b + ((a << s) | (a >> (32 - s)));
344 /* Initialize MD5 context
345 * Accepts: context to initialize
346 */
348 void md5_init (MD5CONTEXT *ctx)
349 {
350 ctx->clow = ctx->chigh = 0; /* initialize byte count to zero */
351 /* initialization constants */
352 ctx->state[0] = 0x67452301; ctx->state[1] = 0xefcdab89;
353 ctx->state[2] = 0x98badcfe; ctx->state[3] = 0x10325476;
354 ctx->ptr = ctx->buf; /* reset buffer pointer */
355 }
358 /* MD5 add data to context
359 * Accepts: context
360 * input data
361 * length of data
362 */
364 void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len)
365 {
366 unsigned long i = (ctx->buf + MD5BLKLEN) - ctx->ptr;
367 /* update double precision number of bytes */
368 if ((ctx->clow += len) < len) ctx->chigh++;
369 while (i <= len) { /* copy/transform data, 64 bytes at a time */
370 memcpy (ctx->ptr,data,i); /* fill up 64 byte chunk */
371 md5_transform (ctx->state,ctx->ptr = ctx->buf);
372 data += i,len -= i,i = MD5BLKLEN;
373 }
374 memcpy (ctx->ptr,data,len); /* copy final bit of data in buffer */
375 ctx->ptr += len; /* update buffer pointer */
376 }
378 /* MD5 Finalization
379 * Accepts: destination digest
380 * context
381 */
383 void md5_final (unsigned char *digest,MD5CONTEXT *ctx)
384 {
385 unsigned long i,bits[2];
386 bits[0] = ctx->clow << 3; /* calculate length in bits (before padding) */
387 bits[1] = (ctx->chigh << 3) + (ctx->clow >> 29);
388 *ctx->ptr++ = 0x80; /* padding byte */
389 if ((i = (ctx->buf + MD5BLKLEN) - ctx->ptr) < 8) {
390 memset (ctx->ptr,0,i); /* pad out buffer with zeros */
391 md5_transform (ctx->state,ctx->buf);
392 /* pad out with zeros, leaving 8 bytes */
393 memset (ctx->buf,0,MD5BLKLEN - 8);
394 ctx->ptr = ctx->buf + MD5BLKLEN - 8;
395 }
396 else if (i -= 8) { /* need to pad this buffer? */
397 memset (ctx->ptr,0,i); /* yes, pad out with zeros, leaving 8 bytes */
398 ctx->ptr += i;
399 }
400 md5_encode (ctx->ptr,bits,2); /* make LSB-first length */
401 md5_transform (ctx->state,ctx->buf);
402 /* store state in digest */
403 md5_encode (digest,ctx->state,4);
404 /* erase context */
405 memset (ctx,0,sizeof (MD5CONTEXT));
406 }
408 /* MD5 basic transformation
409 * Accepts: state vector
410 * current 64-byte block
411 */
413 static void md5_transform (unsigned long *state,unsigned char *block)
414 {
415 unsigned long a = state[0],b = state[1],c = state[2],d = state[3],x[16];
416 md5_decode (x,block,16); /* decode into 16 longs */
417 /* round 1 */
418 RND1 (a,b,c,d,x[ 0], 7,0xd76aa478); RND1 (d,a,b,c,x[ 1],12,0xe8c7b756);
419 RND1 (c,d,a,b,x[ 2],17,0x242070db); RND1 (b,c,d,a,x[ 3],22,0xc1bdceee);
420 RND1 (a,b,c,d,x[ 4], 7,0xf57c0faf); RND1 (d,a,b,c,x[ 5],12,0x4787c62a);
421 RND1 (c,d,a,b,x[ 6],17,0xa8304613); RND1 (b,c,d,a,x[ 7],22,0xfd469501);
422 RND1 (a,b,c,d,x[ 8], 7,0x698098d8); RND1 (d,a,b,c,x[ 9],12,0x8b44f7af);
423 RND1 (c,d,a,b,x[10],17,0xffff5bb1); RND1 (b,c,d,a,x[11],22,0x895cd7be);
424 RND1 (a,b,c,d,x[12], 7,0x6b901122); RND1 (d,a,b,c,x[13],12,0xfd987193);
425 RND1 (c,d,a,b,x[14],17,0xa679438e); RND1 (b,c,d,a,x[15],22,0x49b40821);
426 /* round 2 */
427 RND2 (a,b,c,d,x[ 1], 5,0xf61e2562); RND2 (d,a,b,c,x[ 6], 9,0xc040b340);
428 RND2 (c,d,a,b,x[11],14,0x265e5a51); RND2 (b,c,d,a,x[ 0],20,0xe9b6c7aa);
429 RND2 (a,b,c,d,x[ 5], 5,0xd62f105d); RND2 (d,a,b,c,x[10], 9, 0x2441453);
430 RND2 (c,d,a,b,x[15],14,0xd8a1e681); RND2 (b,c,d,a,x[ 4],20,0xe7d3fbc8);
431 RND2 (a,b,c,d,x[ 9], 5,0x21e1cde6); RND2 (d,a,b,c,x[14], 9,0xc33707d6);
432 RND2 (c,d,a,b,x[ 3],14,0xf4d50d87); RND2 (b,c,d,a,x[ 8],20,0x455a14ed);
433 RND2 (a,b,c,d,x[13], 5,0xa9e3e905); RND2 (d,a,b,c,x[ 2], 9,0xfcefa3f8);
434 RND2 (c,d,a,b,x[ 7],14,0x676f02d9); RND2 (b,c,d,a,x[12],20,0x8d2a4c8a);
435 /* round 3 */
436 RND3 (a,b,c,d,x[ 5], 4,0xfffa3942); RND3 (d,a,b,c,x[ 8],11,0x8771f681);
437 RND3 (c,d,a,b,x[11],16,0x6d9d6122); RND3 (b,c,d,a,x[14],23,0xfde5380c);
438 RND3 (a,b,c,d,x[ 1], 4,0xa4beea44); RND3 (d,a,b,c,x[ 4],11,0x4bdecfa9);
439 RND3 (c,d,a,b,x[ 7],16,0xf6bb4b60); RND3 (b,c,d,a,x[10],23,0xbebfbc70);
440 RND3 (a,b,c,d,x[13], 4,0x289b7ec6); RND3 (d,a,b,c,x[ 0],11,0xeaa127fa);
441 RND3 (c,d,a,b,x[ 3],16,0xd4ef3085); RND3 (b,c,d,a,x[ 6],23, 0x4881d05);
442 RND3 (a,b,c,d,x[ 9], 4,0xd9d4d039); RND3 (d,a,b,c,x[12],11,0xe6db99e5);
443 RND3 (c,d,a,b,x[15],16,0x1fa27cf8); RND3 (b,c,d,a,x[ 2],23,0xc4ac5665);
444 /* round 4 */
445 RND4 (a,b,c,d,x[ 0], 6,0xf4292244); RND4 (d,a,b,c,x[ 7],10,0x432aff97);
446 RND4 (c,d,a,b,x[14],15,0xab9423a7); RND4 (b,c,d,a,x[ 5],21,0xfc93a039);
447 RND4 (a,b,c,d,x[12], 6,0x655b59c3); RND4 (d,a,b,c,x[ 3],10,0x8f0ccc92);
448 RND4 (c,d,a,b,x[10],15,0xffeff47d); RND4 (b,c,d,a,x[ 1],21,0x85845dd1);
449 RND4 (a,b,c,d,x[ 8], 6,0x6fa87e4f); RND4 (d,a,b,c,x[15],10,0xfe2ce6e0);
450 RND4 (c,d,a,b,x[ 6],15,0xa3014314); RND4 (b,c,d,a,x[13],21,0x4e0811a1);
451 RND4 (a,b,c,d,x[ 4], 6,0xf7537e82); RND4 (d,a,b,c,x[11],10,0xbd3af235);
452 RND4 (c,d,a,b,x[ 2],15,0x2ad7d2bb); RND4 (b,c,d,a,x[ 9],21,0xeb86d391);
453 /* update state */
454 state[0] += a; state[1] += b; state[2] += c; state[3] += d;
455 memset (x,0,sizeof (x)); /* erase sensitive data */
456 }
458 /* You may wonder why these strange "& 0xff" maskings are here. This is to
459 * ensure correct results on machines with a char size of larger than 8 bits.
460 * For example, the KCC compiler on the PDP-10 uses 9-bit chars.
461 */
463 /* MD5 encode unsigned long into LSB-first bytes
464 * Accepts: destination pointer
465 * source
466 * length of source
467 */
469 static void md5_encode (unsigned char *dst,unsigned long *src,int len)
470 {
471 int i;
472 for (i = 0; i < len; i++) {
473 *dst++ = (unsigned char) (src[i] & 0xff);
474 *dst++ = (unsigned char) ((src[i] >> 8) & 0xff);
475 *dst++ = (unsigned char) ((src[i] >> 16) & 0xff);
476 *dst++ = (unsigned char) ((src[i] >> 24) & 0xff);
477 }
478 }
481 /* MD5 decode LSB-first bytes into unsigned long
482 * Accepts: destination pointer
483 * source
484 * length of destination
485 */
487 static void md5_decode (unsigned long *dst,unsigned char *src,int len)
488 {
489 int i, j;
490 for (i = 0, j = 0; i < len; i++, j += 4)
491 dst[i] = ((unsigned long) (src[j] & 0xff)) |
492 (((unsigned long) (src[j+1] & 0xff)) << 8) |
493 (((unsigned long) (src[j+2] & 0xff)) << 16) |
494 (((unsigned long) (src[j+3] & 0xff)) << 24);
495 }