1 ;;; sasl-digest.el --- DIGEST-MD5 module for the SASL client framework
3 ;; Copyright (C) 2000, 2007 Free Software Foundation, Inc.
5 ;; Author: Daiki Ueno <ueno@unixuser.org>
6 ;; Kenichi OKADA <okada@opaopa.org>
7 ;; Keywords: SASL, DIGEST-MD5
9 ;; This file is part of GNU Emacs.
11 ;; GNU Emacs is free software; you can redistribute it and/or modify
12 ;; it under the terms of the GNU General Public License as published by
13 ;; the Free Software Foundation; either version 3, or (at your option)
16 ;; GNU Emacs is distributed in the hope that it will be useful,
17 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
18 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 ;; GNU General Public License for more details.
21 ;; You should have received a copy of the GNU General Public License
22 ;; along with GNU Emacs; see the file COPYING. If not, write to the
23 ;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
24 ;; Boston, MA 02110-1301, USA.
28 ;; This program is implemented from draft-leach-digest-sasl-05.txt.
30 ;; It is caller's responsibility to base64-decode challenges and
31 ;; base64-encode responses in IMAP4 AUTHENTICATE command.
33 ;; Passphrase should be longer than 16 bytes. (See RFC 2195)
40 (defvar sasl-digest-md5-nonce-count
1)
41 (defvar sasl-digest-md5-unique-id-function
42 sasl-unique-id-function
)
44 (defvar sasl-digest-md5-syntax-table
45 (let ((table (make-syntax-table)))
46 (modify-syntax-entry ?
= "." table
)
47 (modify-syntax-entry ?
, "." table
)
49 "A syntax table for parsing digest-challenge attributes.")
51 (defconst sasl-digest-md5-steps
52 '(ignore ;no initial response
53 sasl-digest-md5-response
56 (defun sasl-digest-md5-parse-string (string)
57 "Parse STRING and return a property list.
58 The value is a cons cell of the form \(realm nonce qop-options stale maxbuf
59 charset algorithm cipher-opts auth-param)."
61 (set-syntax-table sasl-digest-md5-syntax-table
)
64 (goto-char (point-min))
66 (while (progn (forward-sexp) (not (eobp)))
70 (read (point-min-marker)))))
72 (defun sasl-digest-md5-digest-uri (serv-type host
&optional serv-name
)
73 (concat serv-type
"/" host
75 (not (string= host serv-name
)))
76 (concat "/" serv-name
))))
78 (defun sasl-digest-md5-cnonce ()
79 (let ((sasl-unique-id-function sasl-digest-md5-unique-id-function
))
82 (defun sasl-digest-md5-response-value (username
92 (format "DIGEST-MD5 passphrase for %s: "
99 (md5-binary (concat (md5-binary
100 (concat username
":" realm
":" passphrase
))
103 (concat ":" authzid
)))))
105 ":" (format "%08x" nonce-count
) ":" cnonce
":" qop
":"
108 (concat "AUTHENTICATE:" digest-uri
109 (if (member qop
'("auth-int" "auth-conf"))
110 ":00000000000000000000000000000000")))))))
111 (fillarray passphrase
0))))
113 (defun sasl-digest-md5-response (client step
)
115 (sasl-digest-md5-parse-string (sasl-step-data step
)))
117 (or (sasl-client-property client
'realm
)
118 (plist-get plist
'realm
))) ;need to check
120 (or (sasl-client-property client
'nonce-count
)
121 sasl-digest-md5-nonce-count
))
123 (or (sasl-client-property client
'qop
)
126 (sasl-digest-md5-digest-uri
127 (sasl-client-service client
)(sasl-client-server client
)))
129 (or (sasl-client-property client
'cnonce
)
130 (sasl-digest-md5-cnonce))))
131 (sasl-client-set-property client
'nonce-count
(1+ nonce-count
))
132 (unless (string= qop
"auth")
133 (sasl-error (format "Unsupported \"qop-value\": %s" qop
)))
135 "username=\"" (sasl-client-name client
) "\","
136 "realm=\"" realm
"\","
137 "nonce=\"" (plist-get plist
'nonce
) "\","
138 "cnonce=\"" cnonce
"\","
139 (format "nc=%08x," nonce-count
)
140 "digest-uri=\"" digest-uri
"\","
143 (sasl-digest-md5-response-value
144 (sasl-client-name client
)
146 (plist-get plist
'nonce
)
151 (plist-get plist
'authzid
)))))
153 (put 'sasl-digest
'sasl-mechanism
154 (sasl-make-mechanism "DIGEST-MD5" sasl-digest-md5-steps
))
156 (provide 'sasl-digest
)
158 ;;; arch-tag: 786e02ed-1bc4-4b3c-bf34-96c27e31084d
159 ;;; sasl-digest.el ends here