Mercurial > dovecot > core-2.2
changeset 2383:959136e08a70 HEAD
Merged CRAM-MD5 and NTLM hmac-md5 code. Patch by Joshua Goodall
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 30 Jul 2004 04:57:04 +0300 |
parents | 34d4c7a7b485 |
children | 0cc72087752f |
files | src/auth/mech-cram-md5.c src/auth/password-scheme-cram-md5.c src/lib-ntlm/Makefile.am src/lib-ntlm/hmac-md5.c src/lib-ntlm/hmac-md5.h src/lib/Makefile.am src/lib/hmac-md5.c src/lib/hmac-md5.h |
diffstat | 8 files changed, 143 insertions(+), 144 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/mech-cram-md5.c Fri Jul 30 04:47:45 2004 +0300 +++ b/src/auth/mech-cram-md5.c Fri Jul 30 04:57:04 2004 +0300 @@ -7,7 +7,7 @@ #include "ioloop.h" #include "buffer.h" #include "hex-binary.h" -#include "md5.h" +#include "hmac-md5.h" #include "randgen.h" #include "mech.h" #include "passdb.h" @@ -50,8 +50,8 @@ const char *credentials) { - unsigned char digest[16], context_digest[32], *cdp; - struct md5_context ctxo, ctxi; + unsigned char digest[16], context_digest[32]; + struct hmac_md5_context ctx; buffer_t *context_digest_buf; const char *response_hex; @@ -65,30 +65,10 @@ if (hex_to_binary(credentials, context_digest_buf) <= 0) return FALSE; -#define CDGET(p, c) STMT_START { \ - (c) = (*p++); \ - (c) += (*p++ << 8); \ - (c) += (*p++ << 16); \ - (c) += (*p++ << 24); \ -} STMT_END + hmac_md5_set_cram_context(&ctx, context_digest); + md5_update(&ctx.ctx, auth->challenge, strlen(auth->challenge)); + hmac_md5_final(&ctx, digest); - cdp = context_digest; - CDGET(cdp, ctxo.a); - CDGET(cdp, ctxo.b); - CDGET(cdp, ctxo.c); - CDGET(cdp, ctxo.d); - CDGET(cdp, ctxi.a); - CDGET(cdp, ctxi.b); - CDGET(cdp, ctxi.c); - CDGET(cdp, ctxi.d); - - ctxo.lo = ctxi.lo = 64; - ctxo.hi = ctxi.hi = 0; - - md5_update(&ctxi, auth->challenge, strlen(auth->challenge)); - md5_final(&ctxi, digest); - md5_update(&ctxo, digest, 16); - md5_final(&ctxo, digest); response_hex = binary_to_hex(digest, 16); if (memcmp(response_hex, auth->response, 32) != 0) {
--- a/src/auth/password-scheme-cram-md5.c Fri Jul 30 04:47:45 2004 +0300 +++ b/src/auth/password-scheme-cram-md5.c Fri Jul 30 04:57:04 2004 +0300 @@ -1,58 +1,16 @@ /* Copyright (C) 2003 Timo Sirainen / Joshua Goodall */ #include "lib.h" -#include "md5.h" +#include "hmac-md5.h" #include "hex-binary.h" #include "password-scheme.h" const char *password_generate_cram_md5(const char *plaintext) { - unsigned char digest[16], ipad[64], opad[64], context_digest[32], *cdp; - struct md5_context ctxo, ctxi; - size_t len; - int i; - - memset(ipad, 0, sizeof(ipad)); - memset(opad, 0, sizeof(opad)); - - /* Hash excessively long passwords */ - len = strlen(plaintext); - if (len > 64) { - md5_get_digest(plaintext, len, digest); - memcpy(ipad, digest, 16); - memcpy(opad, digest, 16); - } else { - memcpy(ipad, plaintext, len); - memcpy(opad, plaintext, len); - } + struct hmac_md5_context ctx; + unsigned char context_digest[32]; - /* ipad/opad operation */ - for (i = 0; i < 64; i++) { - ipad[i] ^= 0x36; - opad[i] ^= 0x5c; - } - - md5_init(&ctxi); - md5_init(&ctxo); - md5_update(&ctxi, ipad, 64); - md5_update(&ctxo, opad, 64); - - /* Make HMAC-MD5 hex digest */ -#define CDPUT(p, c) STMT_START { \ - *(p)++ = (c) & 0xff; \ - *(p)++ = (c) >> 8 & 0xff; \ - *(p)++ = (c) >> 16 & 0xff; \ - *(p)++ = (c) >> 24 & 0xff; \ -} STMT_END - cdp = context_digest; - CDPUT(cdp, ctxo.a); - CDPUT(cdp, ctxo.b); - CDPUT(cdp, ctxo.c); - CDPUT(cdp, ctxo.d); - CDPUT(cdp, ctxi.a); - CDPUT(cdp, ctxi.b); - CDPUT(cdp, ctxi.c); - CDPUT(cdp, ctxi.d); - + hmac_md5_init(&ctx, plaintext, strlen(plaintext)); + hmac_md5_get_cram_context(&ctx, context_digest); return binary_to_hex(context_digest, sizeof(context_digest)); }
--- a/src/lib-ntlm/Makefile.am Fri Jul 30 04:47:45 2004 +0300 +++ b/src/lib-ntlm/Makefile.am Fri Jul 30 04:57:04 2004 +0300 @@ -4,13 +4,11 @@ -I$(top_srcdir)/src/lib libntlm_a_SOURCES = \ - hmac-md5.c \ ntlm-des.c \ ntlm-encrypt.c \ ntlm-message.c noinst_HEADERS = \ - hmac-md5.h \ ntlm.h \ ntlm-types.h \ ntlm-flags.h \
--- a/src/lib-ntlm/hmac-md5.c Fri Jul 30 04:47:45 2004 +0300 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,48 +0,0 @@ -/* - * HMAC-MD5 (RFC-2104) implementation. - * - * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru> - * - * This library is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published - * by the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - */ - -#include "lib.h" -#include "hmac-md5.h" - -void hmac_md5_init(struct hmac_md5_context *ctx, - const unsigned char * key, size_t key_len) -{ - int i; - unsigned char md5key[16]; - - if (key_len > 64) { - md5_get_digest(key, key_len, md5key); - key = md5key; - key_len = 16; - } - - memcpy(ctx->k_ipad, key, key_len); - memset(ctx->k_ipad + key_len, 0, 64 - key_len); - memcpy(ctx->k_opad, ctx->k_ipad, 64); - - for (i = 0; i < 64; i++) { - ctx->k_ipad[i] ^= 0x36; - ctx->k_opad[i] ^= 0x5c; - } - - md5_init(&ctx->ctx); - md5_update(&ctx->ctx, ctx->k_ipad, 64); -} - -void hmac_md5_final(struct hmac_md5_context *ctx, unsigned char *digest) -{ - md5_final(&ctx->ctx, digest); - - md5_init(&ctx->ctx); - md5_update(&ctx->ctx, ctx->k_opad, 64); - md5_update(&ctx->ctx, digest, 16); - md5_final(&ctx->ctx, digest); -}
--- a/src/lib-ntlm/hmac-md5.h Fri Jul 30 04:47:45 2004 +0300 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,21 +0,0 @@ -#ifndef __HMAC_MD5_H__ -#define __HMAC_MD5_H__ - -#include "md5.h" - -struct hmac_md5_context { - struct md5_context ctx; - unsigned char k_ipad[64]; - unsigned char k_opad[64]; -}; - -void hmac_md5_init(struct hmac_md5_context *ctx, const unsigned char* key, size_t key_len); -void hmac_md5_final(struct hmac_md5_context *ctx, unsigned char *digest); - -static inline void -hmac_md5_update(struct hmac_md5_context *ctx, const void * data, size_t size) -{ - md5_update(&ctx->ctx, data, size); -} - -#endif /* __HMAC_MD5_H__ */
--- a/src/lib/Makefile.am Fri Jul 30 04:47:45 2004 +0300 +++ b/src/lib/Makefile.am Fri Jul 30 04:57:04 2004 +0300 @@ -16,6 +16,7 @@ file-set-size.c \ hash.c \ hex-binary.c \ + hmac-md5.c \ home-expand.c \ hostpid.c \ imem.c \ @@ -82,6 +83,7 @@ file-set-size.h \ hash.h \ hex-binary.h \ + hmac-md5.h \ home-expand.h \ hostpid.h \ imem.h \
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/lib/hmac-md5.c Fri Jul 30 04:57:04 2004 +0300 @@ -0,0 +1,104 @@ +/* + * HMAC-MD5 (RFC-2104) implementation. + * + * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru> + * + * CRAM-MD5 (RFC 2195) compatibility code + * Copyright (c) 2003 Joshua Goodall <joshua@roughtrade.net> + * + * This library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published + * by the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include "lib.h" +#include "hmac-md5.h" +#include "safe-memset.h" + +void hmac_md5_init(struct hmac_md5_context *ctx, + const unsigned char *key, size_t key_len) +{ + int i; + unsigned char md5key[16]; + unsigned char k_ipad[64]; + unsigned char k_opad[64]; + + if (key_len > 64) { + md5_get_digest(key, key_len, md5key); + key = md5key; + key_len = 16; + } + + memcpy(k_ipad, key, key_len); + memset(k_ipad + key_len, 0, 64 - key_len); + memcpy(k_opad, k_ipad, 64); + + for (i = 0; i < 64; i++) { + k_ipad[i] ^= 0x36; + k_opad[i] ^= 0x5c; + } + + md5_init(&ctx->ctx); + md5_update(&ctx->ctx, k_ipad, 64); + md5_init(&ctx->ctxo); + md5_update(&ctx->ctxo, k_opad, 64); + + safe_memset(k_ipad, 0, 64); + safe_memset(k_opad, 0, 64); +} + +void hmac_md5_final(struct hmac_md5_context *ctx, unsigned char *digest) +{ + md5_final(&ctx->ctx, digest); + + md5_update(&ctx->ctxo, digest, 16); + md5_final(&ctx->ctxo, digest); +} + +void hmac_md5_get_cram_context(struct hmac_md5_context *ctx, + unsigned char *context_digest) +{ + unsigned char *cdp; + +#define CDPUT(p, c) STMT_START { \ + *(p)++ = (c) & 0xff; \ + *(p)++ = (c) >> 8 & 0xff; \ + *(p)++ = (c) >> 16 & 0xff; \ + *(p)++ = (c) >> 24 & 0xff; \ +} STMT_END + cdp = context_digest; + CDPUT(cdp, ctx->ctxo.a); + CDPUT(cdp, ctx->ctxo.b); + CDPUT(cdp, ctx->ctxo.c); + CDPUT(cdp, ctx->ctxo.d); + CDPUT(cdp, ctx->ctx.a); + CDPUT(cdp, ctx->ctx.b); + CDPUT(cdp, ctx->ctx.c); + CDPUT(cdp, ctx->ctx.d); +} + +void hmac_md5_set_cram_context(struct hmac_md5_context *ctx, + unsigned char *context_digest) +{ + unsigned char *cdp; + +#define CDGET(p, c) STMT_START { \ + (c) = (*p++); \ + (c) += (*p++ << 8); \ + (c) += (*p++ << 16); \ + (c) += (*p++ << 24); \ +} STMT_END + cdp = context_digest; + CDGET(cdp, ctx->ctxo.a); + CDGET(cdp, ctx->ctxo.b); + CDGET(cdp, ctx->ctxo.c); + CDGET(cdp, ctx->ctxo.d); + CDGET(cdp, ctx->ctx.a); + CDGET(cdp, ctx->ctx.b); + CDGET(cdp, ctx->ctx.c); + CDGET(cdp, ctx->ctx.d); + + ctx->ctxo.lo = ctx->ctx.lo = 64; + ctx->ctxo.hi = ctx->ctx.hi = 0; +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/lib/hmac-md5.h Fri Jul 30 04:57:04 2004 +0300 @@ -0,0 +1,26 @@ +#ifndef __HMAC_MD5_H__ +#define __HMAC_MD5_H__ + +#include "md5.h" + +struct hmac_md5_context { + struct md5_context ctx, ctxo; +}; + +void hmac_md5_init(struct hmac_md5_context *ctx, + const unsigned char *key, size_t key_len); +void hmac_md5_final(struct hmac_md5_context *ctx, unsigned char *digest); + +void hmac_md5_get_cram_context(struct hmac_md5_context *ctx, + unsigned char *context_digest); +void hmac_md5_set_cram_context(struct hmac_md5_context *ctx, + unsigned char *context_digest); + + +static inline void +hmac_md5_update(struct hmac_md5_context *ctx, const void *data, size_t size) +{ + md5_update(&ctx->ctx, data, size); +} + +#endif /* __HMAC_MD5_H__ */