summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/lib/ntlm/apop.c
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/lib/ntlm/apop.c')
-rw-r--r--third_party/heimdal/lib/ntlm/apop.c263
1 files changed, 263 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/ntlm/apop.c b/third_party/heimdal/lib/ntlm/apop.c
new file mode 100644
index 0000000..b363239
--- /dev/null
+++ b/third_party/heimdal/lib/ntlm/apop.c
@@ -0,0 +1,263 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <CommonCrypto/CommonDigest.h>
+#include <CommonCrypto/CommonHMAC.h>
+#include <roken.h>
+#include <hex.h>
+#include "heim-auth.h"
+#include "ntlm_err.h"
+
+char *
+heim_generate_challenge(const char *hostname)
+{
+ char host[MAXHOSTNAMELEN], *str = NULL;
+ uint32_t num, t;
+
+ if (hostname == NULL) {
+ if (gethostname(host, sizeof(host)))
+ return NULL;
+ hostname = host;
+ }
+
+ t = (uint32_t)time(NULL);
+ num = rk_random();
+
+ asprintf(&str, "<%lu%lu@%s>", (unsigned long)t,
+ (unsigned long)num, hostname);
+
+ return str;
+}
+
+char *
+heim_apop_create(const char *challenge, const char *password)
+{
+ char *str = NULL;
+ uint8_t hash[CC_MD5_DIGEST_LENGTH];
+ CC_MD5_CTX ctx;
+
+ CC_MD5_Init(&ctx);
+ CC_MD5_Update(&ctx, challenge, (CC_LONG)strlen(challenge));
+ CC_MD5_Update(&ctx, password, (CC_LONG)strlen(password));
+
+ CC_MD5_Final(hash, &ctx);
+
+ hex_encode(hash, sizeof(hash), &str);
+ if (str)
+ strlwr(str);
+
+ return str;
+}
+
+int
+heim_apop_verify(const char *challenge, const char *password, const char *response)
+{
+ char *str;
+ int res;
+
+ str = heim_apop_create(challenge, password);
+ if (str == NULL)
+ return ENOMEM;
+
+ res = (strcasecmp(str, response) != 0);
+ free(str);
+
+ if (res)
+ return HNTLM_ERR_INVALID_APOP;
+ return 0;
+}
+
+struct heim_cram_md5_data {
+ CC_MD5_CTX ipad;
+ CC_MD5_CTX opad;
+};
+
+
+void
+heim_cram_md5_export(const char *password, heim_CRAM_MD5_STATE *state)
+{
+ size_t keylen = strlen(password);
+ uint8_t key[CC_MD5_BLOCK_BYTES];
+ uint8_t pad[CC_MD5_BLOCK_BYTES];
+ struct heim_cram_md5_data ctx;
+ size_t n;
+
+ memset(&ctx, 0, sizeof(ctx));
+
+ if (keylen > CC_MD5_BLOCK_BYTES) {
+ CC_MD5(password, (CC_LONG)keylen, key);
+ keylen = sizeof(keylen);
+ } else {
+ memcpy(key, password, keylen);
+ }
+
+ memset(pad, 0x36, sizeof(pad));
+ for (n = 0; n < keylen; n++)
+ pad[n] ^= key[n];
+
+ CC_MD5_Init(&ctx.ipad);
+ CC_MD5_Init(&ctx.opad);
+
+ CC_MD5_Update(&ctx.ipad, pad, sizeof(pad));
+
+ memset(pad, 0x5c, sizeof(pad));
+ for (n = 0; n < keylen; n++)
+ pad[n] ^= key[n];
+
+ CC_MD5_Update(&ctx.opad, pad, sizeof(pad));
+
+ memset(pad, 0, sizeof(pad));
+ memset(key, 0, sizeof(key));
+
+ state->istate[0] = htonl(ctx.ipad.A);
+ state->istate[1] = htonl(ctx.ipad.B);
+ state->istate[2] = htonl(ctx.ipad.C);
+ state->istate[3] = htonl(ctx.ipad.D);
+
+ state->ostate[0] = htonl(ctx.opad.A);
+ state->ostate[1] = htonl(ctx.opad.B);
+ state->ostate[2] = htonl(ctx.opad.C);
+ state->ostate[3] = htonl(ctx.opad.D);
+
+ memset(&ctx, 0, sizeof(ctx));
+}
+
+
+heim_cram_md5
+heim_cram_md5_import(void *data, size_t len)
+{
+ heim_CRAM_MD5_STATE state;
+ heim_cram_md5 ctx;
+
+ if (len != sizeof(state))
+ return NULL;
+
+ ctx = calloc(1, sizeof(*ctx));
+ if (ctx == NULL)
+ return NULL;
+
+ memcpy(&state, data, sizeof(state));
+
+ ctx->ipad.A = ntohl(state.istate[0]);
+ ctx->ipad.B = ntohl(state.istate[1]);
+ ctx->ipad.C = ntohl(state.istate[2]);
+ ctx->ipad.D = ntohl(state.istate[3]);
+
+ ctx->opad.A = ntohl(state.ostate[0]);
+ ctx->opad.B = ntohl(state.ostate[1]);
+ ctx->opad.C = ntohl(state.ostate[2]);
+ ctx->opad.D = ntohl(state.ostate[3]);
+
+ ctx->ipad.Nl = ctx->opad.Nl = 512;
+ ctx->ipad.Nh = ctx->opad.Nh = 0;
+ ctx->ipad.num = ctx->opad.num = 0;
+
+ return ctx;
+}
+
+int
+heim_cram_md5_verify_ctx(heim_cram_md5 ctx, const char *challenge, const char *response)
+{
+ uint8_t hash[CC_MD5_DIGEST_LENGTH];
+ char *str = NULL;
+ int res;
+
+ CC_MD5_Update(&ctx->ipad, challenge, (CC_LONG)strlen(challenge));
+ CC_MD5_Final(hash, &ctx->ipad);
+
+ CC_MD5_Update(&ctx->opad, hash, sizeof(hash));
+ CC_MD5_Final(hash, &ctx->opad);
+
+ hex_encode(hash, sizeof(hash), &str);
+ if (str == NULL)
+ return ENOMEM;
+
+ res = (strcasecmp(str, response) != 0);
+ free(str);
+
+ if (res)
+ return HNTLM_ERR_INVALID_CRAM_MD5;
+ return 0;
+}
+
+void
+heim_cram_md5_free(heim_cram_md5 ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+ free(ctx);
+}
+
+
+char *
+heim_cram_md5_create(const char *challenge, const char *password)
+{
+ CCHmacContext ctx;
+ uint8_t hash[CC_MD5_DIGEST_LENGTH];
+ char *str = NULL;
+
+ CCHmacInit(&ctx, kCCHmacAlgMD5, password, strlen(password));
+ CCHmacUpdate(&ctx, challenge, strlen(challenge));
+ CCHmacFinal(&ctx, hash);
+
+ memset(&ctx, 0, sizeof(ctx));
+
+ hex_encode(hash, sizeof(hash), &str);
+ if (str)
+ strlwr(str);
+
+ return str;
+}
+
+ int
+heim_cram_md5_verify(const char *challenge, const char *password, const char *response)
+{
+ char *str;
+ int res;
+
+ str = heim_cram_md5_create(challenge, password);
+ if (str == NULL)
+ return ENOMEM;
+
+ res = (strcasecmp(str, response) != 0);
+ free(str);
+
+ if (res)
+ return HNTLM_ERR_INVALID_CRAM_MD5;
+ return 0;
+}
+