lib/ntlm/apop.c

   1 /*
   2  * Copyright (c) 2010 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in the
  17  *    documentation and/or other materials provided with the distribution.
  18  *
  19  * 3. Neither the name of the Institute nor the names of its contributors
  20  *    may be used to endorse or promote products derived from this software
  21  *    without specific prior written permission.
  22  *
  23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  33  * SUCH DAMAGE.
  34  */
  35
  36 #include <sys/types.h>
  37 #include <stdio.h>
  38 #include <unistd.h>
  39 #include <CommonCrypto/CommonDigest.h>
  40 #include <CommonCrypto/CommonHMAC.h>
  41 #include <roken.h>
  42 #include <hex.h>
  43 #include "heim-auth.h"
  44 #include "ntlm_err.h"
  45
  46 char *
  47 heim_generate_challenge(const char *hostname)
  48 {
  49     char host[MAXHOSTNAMELEN], *str = NULL;
  50     uint32_t num, t;
  51
  52     if (hostname == NULL) {
  53         if (gethostname(host, sizeof(host)))
  54             return NULL;
  55         hostname = host;
  56     }
  57
  58     t = time(NULL);
  59     num = rk_random();
  60
  61     asprintf(&str, "<%lu%lu@%s>", (unsigned long)t,
  62              (unsigned long)num, hostname);
  63
  64     return str;
  65 }
  66
  67 char *
  68 heim_apop_create(const char *challenge, const char *password)
  69 {
  70     char *str = NULL;
  71     uint8_t hash[CC_MD5_DIGEST_LENGTH];
  72     CC_MD5_CTX ctx;
  73
  74     CC_MD5_Init(&ctx);
  75     CC_MD5_Update(&ctx, challenge, strlen(challenge));
  76     CC_MD5_Update(&ctx, password, strlen(password));
  77
  78     CC_MD5_Final(hash, &ctx);
  79
  80     hex_encode(hash, sizeof(hash), &str);
  81     if (str)
  82       strlwr(str);
  83
  84     return str;
  85 }
  86
  87 int
  88 heim_apop_verify(const char *challenge, const char *password, const char *response)
  89 {
  90     char *str;
  91     int res;
  92
  93     str = heim_apop_create(challenge, password);
  94     if (str == NULL)
  95         return ENOMEM;
  96
  97     res = (strcasecmp(str, response) != 0);
  98     free(str);
  99
 100     if (res)
 101         return HNTLM_ERR_INVALID_APOP;
 102     return 0;
 103 }
 104
 105 struct heim_cram_md5 {
 106     CC_MD5_CTX ipad;
 107     CC_MD5_CTX opad;
 108 };
 109
 110
 111 void
 112 heim_cram_md5_export(const char *password, heim_CRAM_MD5_STATE *state)
 113 {
 114     size_t keylen = strlen(password);
 115     uint8_t key[CC_MD5_BLOCK_BYTES];
 116     uint8_t pad[CC_MD5_BLOCK_BYTES];
 117     struct heim_cram_md5 ctx;
 118     size_t n;
 119
 120     memset(&ctx, 0, sizeof(ctx));
 121
 122     if (keylen > CC_MD5_BLOCK_BYTES) {
 123         CC_MD5(password, keylen, key);
 124         keylen = sizeof(keylen);
 125     } else {
 126         memcpy(key, password, keylen);
 127     }
 128
 129     memset(pad, 0x36, sizeof(pad));
 130     for (n = 0; n < keylen; n++)
 131         pad[n] ^= key[n];
 132
 133     CC_MD5_Init(&ctx.ipad);
 134     CC_MD5_Init(&ctx.opad);
 135
 136     CC_MD5_Update(&ctx.ipad, pad, sizeof(pad));
 137
 138     memset(pad, 0x5c, sizeof(pad));
 139     for (n = 0; n < keylen; n++)
 140         pad[n] ^= key[n];
 141
 142     CC_MD5_Update(&ctx.opad, pad, sizeof(pad));
 143
 144     memset(pad, 0, sizeof(pad));
 145     memset(key, 0, sizeof(key));
 146
 147     state->istate[0] = htonl(ctx.ipad.A);
 148     state->istate[1] = htonl(ctx.ipad.B);
 149     state->istate[2] = htonl(ctx.ipad.C);
 150     state->istate[3] = htonl(ctx.ipad.D);
 151
 152     state->ostate[0] = htonl(ctx.opad.A);
 153     state->ostate[1] = htonl(ctx.opad.B);
 154     state->ostate[2] = htonl(ctx.opad.C);
 155     state->ostate[3] = htonl(ctx.opad.D);
 156
 157     memset(&ctx, 0, sizeof(ctx));
 158 }
 159
 160
 161 heim_cram_md5
 162 heim_cram_md5_import(void *data, size_t len)
 163 {
 164     heim_CRAM_MD5_STATE state;
 165     heim_cram_md5 ctx;
 166     unsigned n;
 167
 168     if (len != sizeof(state))
 169         return NULL;
 170
 171     ctx = calloc(1, sizeof(*ctx));
 172     if (ctx == NULL)
 173         return NULL;
 174
 175     memcpy(&state, data, sizeof(state));
 176
 177     ctx->ipad.A = ntohl(state.istate[0]);
 178     ctx->ipad.B = ntohl(state.istate[1]);
 179     ctx->ipad.C = ntohl(state.istate[2]);
 180     ctx->ipad.D = ntohl(state.istate[3]);
 181
 182     ctx->opad.A = ntohl(state.ostate[0]);
 183     ctx->opad.B = ntohl(state.ostate[1]);
 184     ctx->opad.C = ntohl(state.ostate[2]);
 185     ctx->opad.D = ntohl(state.ostate[3]);
 186
 187     ctx->ipad.Nl = ctx->opad.Nl = 512;
 188     ctx->ipad.Nh = ctx->opad.Nh = 0;
 189     ctx->ipad.num = ctx->opad.num = 0;
 190
 191     return ctx;
 192 }
 193
 194 int
 195 heim_cram_md5_verify_ctx(heim_cram_md5 ctx, const char *challenge, const char *response)
 196 {
 197     uint8_t hash[CC_MD5_DIGEST_LENGTH];
 198     char *str = NULL;
 199     int res;
 200
 201     CC_MD5_Update(&ctx->ipad, challenge, strlen(challenge));
 202     CC_MD5_Final(hash, &ctx->ipad);
 203
 204     CC_MD5_Update(&ctx->opad, hash, sizeof(hash));
 205     CC_MD5_Final(hash, &ctx->opad);
 206
 207     hex_encode(hash, sizeof(hash), &str);
 208     if (str == NULL)
 209         return ENOMEM;
 210
 211     res = (strcasecmp(str, response) != 0);
 212     free(str);
 213
 214     if (res)
 215         return HNTLM_ERR_INVALID_CRAM_MD5;
 216     return 0;
 217 }
 218
 219 void
 220 heim_cram_md5_free(heim_cram_md5 ctx)
 221 {
 222     memset(ctx, 0, sizeof(*ctx));
 223     free(ctx);
 224 }
 225
 226
 227 char *
 228 heim_cram_md5_create(const char *challenge, const char *password)
 229 {
 230     CCHmacContext ctx;
 231     uint8_t hash[CC_MD5_DIGEST_LENGTH];
 232     char *str = NULL;
 233
 234     CCHmacInit(&ctx, kCCHmacAlgMD5, password, strlen(password));
 235     CCHmacUpdate(&ctx, challenge, strlen(challenge));
 236     CCHmacFinal(&ctx, hash);
 237
 238     memset(&ctx, 0, sizeof(ctx));
 239
 240     hex_encode(hash, sizeof(hash), &str);
 241     if (str)
 242       strlwr(str);
 243
 244     return str;
 245 }
 246
 247  int
 248 heim_cram_md5_verify(const char *challenge, const char *password, const char *response)
 249 {
 250     char *str;
 251     int res;
 252
 253     str = heim_cram_md5_create(challenge, password);
 254     if (str == NULL)
 255         return ENOMEM;
 256
 257     res = (strcasecmp(str, response) != 0);
 258     free(str);
 259
 260     if (res)
 261         return HNTLM_ERR_INVALID_CRAM_MD5;
 262     return 0;
 263 }
 264