cram.c 3.1 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. * RFC2195 CRAM-MD5 authentication
  24. *
  25. ***************************************************************************/
  26. #include "curl_setup.h"
  27. #if !defined(CURL_DISABLE_CRYPTO_AUTH)
  28. #include <curl/curl.h>
  29. #include "urldata.h"
  30. #include "vauth/vauth.h"
  31. #include "curl_hmac.h"
  32. #include "curl_md5.h"
  33. #include "warnless.h"
  34. #include "curl_printf.h"
  35. /* The last #include files should be: */
  36. #include "curl_memory.h"
  37. #include "memdebug.h"
  38. /*
  39. * Curl_auth_create_cram_md5_message()
  40. *
  41. * This is used to generate a CRAM-MD5 response message ready for sending to
  42. * the recipient.
  43. *
  44. * Parameters:
  45. *
  46. * chlg [in] - The challenge.
  47. * userp [in] - The user name.
  48. * passwdp [in] - The user's password.
  49. * out [out] - The result storage.
  50. *
  51. * Returns CURLE_OK on success.
  52. */
  53. CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg,
  54. const char *userp,
  55. const char *passwdp,
  56. struct bufref *out)
  57. {
  58. struct HMAC_context *ctxt;
  59. unsigned char digest[MD5_DIGEST_LEN];
  60. char *response;
  61. /* Compute the digest using the password as the key */
  62. ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
  63. (const unsigned char *) passwdp,
  64. curlx_uztoui(strlen(passwdp)));
  65. if(!ctxt)
  66. return CURLE_OUT_OF_MEMORY;
  67. /* Update the digest with the given challenge */
  68. if(Curl_bufref_len(chlg))
  69. Curl_HMAC_update(ctxt, Curl_bufref_ptr(chlg),
  70. curlx_uztoui(Curl_bufref_len(chlg)));
  71. /* Finalise the digest */
  72. Curl_HMAC_final(ctxt, digest);
  73. /* Generate the response */
  74. response = aprintf(
  75. "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
  76. userp, digest[0], digest[1], digest[2], digest[3], digest[4],
  77. digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
  78. digest[11], digest[12], digest[13], digest[14], digest[15]);
  79. if(!response)
  80. return CURLE_OUT_OF_MEMORY;
  81. Curl_bufref_set(out, response, strlen(response), curl_free);
  82. return CURLE_OK;
  83. }
  84. #endif /* !CURL_DISABLE_CRYPTO_AUTH */