lib/cram-md5.c

   1 /* cram-md5.c   implementation of SASL mechanism CRAM-MD5 from RFC 2195
   2  * Copyright (C) 2002  Simon Josefsson
   3  *
   4  * This file is part of libgsasl.
   5  *
   6  * Libgsasl is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2.1 of the License, or (at your option) any later version.
  10  *
  11  * Libgsasl is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with libgsasl; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19  *
  20  */
  21
  22 #include "internal.h"
  23
  24 #ifdef USE_CRAM_MD5
  25
  26 #include <gcrypt.h>
  27
  28 int
  29 _gsasl_cram_md5_client_init (Gsasl_ctx *ctx)
  30 {
  31   int res;
  32
  33   if (gcry_check_version(GCRYPT_VERSION) == NULL)
  34     return GSASL_GCRYPT_ERROR;
  35
  36   res = gcry_control (GCRYCTL_INIT_SECMEM, 512, 0);
  37   if (res != GCRYERR_SUCCESS)
  38     return GSASL_GCRYPT_ERROR;
  39
  40   return GSASL_OK;
  41 }
  42
  43 void
  44 _gsasl_cram_md5_client_done (Gsasl_ctx *ctx)
  45 {
  46   return;
  47 }
  48
  49 int
  50 _gsasl_cram_md5_client_start (Gsasl_session_ctx *cctx,
  51                               void **mech_data)
  52 {
  53   Gsasl_ctx *ctx;
  54   int *done;
  55
  56   ctx = gsasl_client_ctx_get (cctx);
  57   if (ctx == NULL)
  58     return GSASL_CANNOT_GET_CTX;
  59
  60   if (gsasl_client_callback_authentication_id_get (ctx) == NULL)
  61     return GSASL_NEED_CLIENT_AUTHENTICATION_ID_CALLBACK;
  62
  63   if (gsasl_client_callback_password_get (ctx) == NULL)
  64     return GSASL_NEED_CLIENT_PASSWORD_CALLBACK;
  65
  66   done = (int*) malloc(sizeof(*done));
  67   if (done == NULL)
  68     return GSASL_MALLOC_ERROR;
  69
  70   *done = 0;
  71
  72   *mech_data = done;
  73
  74   return GSASL_OK;
  75 }
  76
  77 int
  78 _gsasl_cram_md5_client_step  (Gsasl_session_ctx *cctx,
  79                               void *mech_data,
  80                               const char *input,
  81                               size_t input_len,
  82                               char *output,
  83                               size_t *output_len)
  84 {
  85   int *step = mech_data;
  86   Gsasl_ctx *ctx;
  87   Gsasl_client_callback_authentication_id cb_authentication_id;
  88   Gsasl_client_callback_password cb_password;
  89   GCRY_MD_HD md5h;
  90   char *hash;
  91   int hash_len = gcry_md_get_algo_dlen (GCRY_MD_MD5);
  92   size_t len;
  93   char *tmp;
  94   int i;
  95   int res;
  96
  97   if (*step > 0)
  98     return GSASL_OK;
  99
 100   if (input_len == 0)
 101     {
 102       *output_len = 0;
 103       return GSASL_NEEDS_MORE;
 104     }
 105
 106   ctx = gsasl_client_ctx_get (cctx);
 107   if (ctx == NULL)
 108     return GSASL_CANNOT_GET_CTX;
 109
 110   cb_authentication_id = gsasl_client_callback_authentication_id_get (ctx);
 111   if (cb_authentication_id == NULL)
 112     return GSASL_NEED_CLIENT_AUTHENTICATION_ID_CALLBACK;
 113
 114   cb_password = gsasl_client_callback_password_get (ctx);
 115   if (cb_password == NULL)
 116     return GSASL_NEED_CLIENT_PASSWORD_CALLBACK;
 117
 118   md5h = gcry_md_open (GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
 119   if (md5h == NULL)
 120     return GSASL_GCRYPT_ERROR;
 121
 122   /* XXX? password stored in callee's output buffer */
 123   len = *output_len;
 124   res = cb_password (cctx, output, &len);
 125   if (res != GSASL_OK)
 126     return res;
 127   tmp = gsasl_utf8_nfkc_normalize (output, len);
 128   if (tmp == NULL)
 129     return GSASL_UNICODE_NORMALIZATION_ERROR;
 130   res = gcry_md_setkey (md5h, tmp, strlen(tmp));
 131   free(tmp);
 132   if (res != GCRYERR_SUCCESS)
 133     return GSASL_GCRYPT_ERROR;
 134
 135   gcry_md_write (md5h, input, input_len);
 136
 137   hash = gcry_md_read (md5h, GCRY_MD_MD5);
 138   if (hash == NULL)
 139     return GSASL_GCRYPT_ERROR;
 140
 141   len = *output_len;
 142   res = cb_authentication_id (cctx, output, &len);
 143   if (res != GSASL_OK)
 144     return res;
 145   tmp = gsasl_utf8_nfkc_normalize (output, len);
 146   if (tmp == NULL)
 147     return GSASL_UNICODE_NORMALIZATION_ERROR;
 148   if (strlen(tmp) + strlen(" ") + 2*hash_len >= *output_len)
 149     {
 150       free(tmp);
 151       return GSASL_TOO_SMALL_BUFFER;
 152     }
 153   len = strlen(tmp);
 154   memcpy(output, tmp, len);
 155   free(tmp);
 156   output[len++] = ' ';
 157
 158   for (i = 0; i < hash_len; i++)
 159     {
 160       output[len + 2*i + 1] = HEXCHAR(hash[i]);
 161       output[len + 2*i + 0] = HEXCHAR(hash[i] >> 4);
 162     }
 163   *output_len = len + 2*hash_len;
 164
 165   gcry_md_close(md5h);
 166
 167   (*step)++;
 168
 169   return GSASL_NEEDS_MORE;
 170 }
 171
 172 int
 173 _gsasl_cram_md5_client_finish (Gsasl_session_ctx *cctx,
 174                             void *mech_data)
 175 {
 176   int *step = mech_data;
 177
 178   free(step);
 179
 180   return GSASL_OK;
 181 }
 182
 183 /* Server */
 184
 185 int
 186 _gsasl_cram_md5_server_init (Gsasl_ctx *ctx)
 187 {
 188   if (gcry_check_version(GCRYPT_VERSION) == NULL)
 189     return GSASL_GCRYPT_ERROR;
 190
 191   return GSASL_OK;
 192 }
 193
 194 void
 195 _gsasl_cram_md5_server_done (Gsasl_ctx *ctx)
 196 {
 197   return;
 198 }
 199
 200 int
 201 _gsasl_cram_md5_server_start (Gsasl_session_ctx *sctx,
 202                               void **mech_data)
 203 {
 204   Gsasl_ctx *ctx;
 205   char *challenge;
 206   int i;
 207
 208   ctx = gsasl_server_ctx_get (sctx);
 209   if (ctx == NULL)
 210     return GSASL_CANNOT_GET_CTX;
 211
 212   if (gsasl_server_callback_cram_md5_get (ctx) == NULL &&
 213       gsasl_server_callback_retrieve_get (ctx) == NULL)
 214     return GSASL_NEED_SERVER_CRAM_MD5_CALLBACK;
 215
 216   /* XXX this is ad-hoc and uses "localhost" instead of FQDN */
 217
 218 #define START_OF_XS 1
 219 #define NUMBER_OF_XS 16
 220 #define CHALLENGE_FORMAT "<XXXXXXXXXXXXXXXX.libgsasl@localhost>"
 221
 222   challenge = (char*) malloc(strlen(CHALLENGE_FORMAT) + 1);
 223   if (challenge == NULL)
 224     return GSASL_MALLOC_ERROR;
 225
 226   strcpy(challenge, CHALLENGE_FORMAT);
 227
 228   gcry_randomize (challenge + 1, NUMBER_OF_XS, GCRY_WEAK_RANDOM);
 229
 230   for (i = 0; i < NUMBER_OF_XS/2; i++)
 231     {
 232       challenge[START_OF_XS + NUMBER_OF_XS/2 + i] =
 233         HEXCHAR(challenge[START_OF_XS + i]);
 234       challenge[START_OF_XS + i] =
 235         HEXCHAR(challenge[START_OF_XS + i] >> 4);
 236     }
 237
 238   *mech_data = challenge;
 239
 240   return GSASL_OK;
 241 }
 242
 243 int
 244 _gsasl_cram_md5_server_step (Gsasl_session_ctx *sctx,
 245                              void *mech_data,
 246                              const char *input,
 247                              size_t input_len,
 248                              char *output,
 249                              size_t *output_len)
 250 {
 251   char *challenge = mech_data;
 252   Gsasl_server_callback_cram_md5 cb_cram_md5;
 253   Gsasl_server_callback_retrieve cb_retrieve;
 254   int hash_len = gcry_md_get_algo_dlen (GCRY_MD_MD5);
 255   char *username = NULL;
 256   Gsasl_ctx *ctx;
 257   int res;
 258
 259   if (input_len == 0)
 260     {
 261       if (*output_len < strlen(challenge))
 262         return GSASL_TOO_SMALL_BUFFER;
 263
 264       *output_len = strlen(challenge);
 265       memcpy(output, challenge, *output_len);
 266
 267       return GSASL_NEEDS_MORE;
 268     }
 269
 270   if (input_len <= hash_len * 2)
 271     return GSASL_MECHANISM_PARSE_ERROR;
 272
 273   if (input[input_len - hash_len * 2 - 1] != ' ')
 274     return GSASL_MECHANISM_PARSE_ERROR;
 275
 276   ctx = gsasl_server_ctx_get (sctx);
 277   if (ctx == NULL)
 278     return GSASL_CANNOT_GET_CTX;
 279
 280   cb_cram_md5 = gsasl_server_callback_cram_md5_get (ctx);
 281   cb_retrieve = gsasl_server_callback_retrieve_get (ctx);
 282   if (cb_cram_md5 == NULL && cb_retrieve == NULL)
 283     return GSASL_NEED_SERVER_CRAM_MD5_CALLBACK;
 284
 285   username = (char*) malloc(input_len);
 286   if (username == NULL)
 287     return GSASL_MALLOC_ERROR;
 288
 289   memcpy(username, input, input_len - hash_len * 2);
 290   username[input_len - hash_len * 2 - 1] = '\0';
 291
 292   if (cb_cram_md5)
 293     {
 294       char *response;
 295
 296       response = (char*) malloc(hash_len * 2 + 1);
 297       if (response == NULL)
 298         {
 299           free(username);
 300           return GSASL_MALLOC_ERROR;
 301         }
 302
 303       memcpy(response, input + input_len - hash_len * 2, hash_len * 2);
 304       response[hash_len * 2 + 1] = '\0';
 305
 306       res = cb_cram_md5 (sctx, username, challenge, response);
 307
 308       free(response);
 309     }
 310   else if (cb_retrieve)
 311     {
 312       GCRY_MD_HD md5h;
 313       char *hash;
 314       size_t len;
 315       size_t keylen;
 316       char *key;
 317       char *normkey;
 318       int i;
 319
 320       md5h = gcry_md_open (GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
 321       if (md5h == NULL)
 322         {
 323           free(username);
 324           return GSASL_GCRYPT_ERROR;
 325         }
 326
 327       res = cb_retrieve(sctx, username, NULL, NULL, NULL, &keylen);
 328       if (res != GSASL_OK)
 329         return res;
 330       key = malloc(keylen);
 331       if (key == NULL)
 332         return GSASL_MALLOC_ERROR;
 333       res = cb_retrieve(sctx, username, NULL, NULL, key, &keylen);
 334       if (res != GSASL_OK)
 335         {
 336           free(username);
 337           free(key);
 338           return res;
 339         }
 340       normkey = gsasl_utf8_nfkc_normalize (key, keylen);
 341       free(key);
 342       if (normkey == NULL)
 343         {
 344           free(username);
 345           return GSASL_UNICODE_NORMALIZATION_ERROR;
 346         }
 347
 348       res = gcry_md_setkey (md5h, normkey, strlen(normkey));
 349       free(normkey);
 350       if (res != GCRYERR_SUCCESS)
 351         {
 352           free(username);
 353           return GSASL_GCRYPT_ERROR;
 354         }
 355
 356       gcry_md_write (md5h, challenge, strlen(challenge));
 357
 358       hash = gcry_md_read (md5h, GCRY_MD_MD5);
 359       if (hash == NULL)
 360         {
 361           free(username);
 362           return GSASL_GCRYPT_ERROR;
 363         }
 364
 365       res = GSASL_OK;
 366       for (i = 0; i < hash_len; i++)
 367         if ((input[input_len - hash_len*2 + 2*i + 1] != HEXCHAR(hash[i])) ||
 368             (input[input_len - hash_len*2 + 2*i + 0] != HEXCHAR(hash[i] >> 4)))
 369           res = GSASL_AUTHENTICATION_ERROR;
 370     }
 371
 372   free(username);
 373
 374   return res;
 375 }
 376
 377 int
 378 _gsasl_cram_md5_server_finish (Gsasl_session_ctx *sctx,
 379                                void *mech_data)
 380 {
 381   char *challenge = mech_data;
 382
 383   free(challenge);
 384
 385   return GSASL_OK;
 386 }
 387
 388 #endif /* USE_CRAM_MD5 */