113498266Sopenharmony_ci/***************************************************************************
213498266Sopenharmony_ci *                                  _   _ ____  _
313498266Sopenharmony_ci *  Project                     ___| | | |  _ \| |
413498266Sopenharmony_ci *                             / __| | | | |_) | |
513498266Sopenharmony_ci *                            | (__| |_| |  _ <| |___
613498266Sopenharmony_ci *                             \___|\___/|_| \_\_____|
713498266Sopenharmony_ci *
813498266Sopenharmony_ci * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
913498266Sopenharmony_ci *
1013498266Sopenharmony_ci * This software is licensed as described in the file COPYING, which
1113498266Sopenharmony_ci * you should have received as part of this distribution. The terms
1213498266Sopenharmony_ci * are also available at https://curl.se/docs/copyright.html.
1313498266Sopenharmony_ci *
1413498266Sopenharmony_ci * You may opt to use, copy, modify, merge, publish, distribute and/or sell
1513498266Sopenharmony_ci * copies of the Software, and permit persons to whom the Software is
1613498266Sopenharmony_ci * furnished to do so, under the terms of the COPYING file.
1713498266Sopenharmony_ci *
1813498266Sopenharmony_ci * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
1913498266Sopenharmony_ci * KIND, either express or implied.
2013498266Sopenharmony_ci *
2113498266Sopenharmony_ci * SPDX-License-Identifier: curl
2213498266Sopenharmony_ci *
2313498266Sopenharmony_ci * RFC2195 CRAM-MD5 authentication
2413498266Sopenharmony_ci *
2513498266Sopenharmony_ci ***************************************************************************/
2613498266Sopenharmony_ci
2713498266Sopenharmony_ci#include "curl_setup.h"
2813498266Sopenharmony_ci
2913498266Sopenharmony_ci#ifndef CURL_DISABLE_DIGEST_AUTH
3013498266Sopenharmony_ci
3113498266Sopenharmony_ci#include <curl/curl.h>
3213498266Sopenharmony_ci#include "urldata.h"
3313498266Sopenharmony_ci
3413498266Sopenharmony_ci#include "vauth/vauth.h"
3513498266Sopenharmony_ci#include "curl_hmac.h"
3613498266Sopenharmony_ci#include "curl_md5.h"
3713498266Sopenharmony_ci#include "warnless.h"
3813498266Sopenharmony_ci#include "curl_printf.h"
3913498266Sopenharmony_ci
4013498266Sopenharmony_ci/* The last #include files should be: */
4113498266Sopenharmony_ci#include "curl_memory.h"
4213498266Sopenharmony_ci#include "memdebug.h"
4313498266Sopenharmony_ci
4413498266Sopenharmony_ci
4513498266Sopenharmony_ci/*
4613498266Sopenharmony_ci * Curl_auth_create_cram_md5_message()
4713498266Sopenharmony_ci *
4813498266Sopenharmony_ci * This is used to generate a CRAM-MD5 response message ready for sending to
4913498266Sopenharmony_ci * the recipient.
5013498266Sopenharmony_ci *
5113498266Sopenharmony_ci * Parameters:
5213498266Sopenharmony_ci *
5313498266Sopenharmony_ci * chlg    [in]     - The challenge.
5413498266Sopenharmony_ci * userp   [in]     - The user name.
5513498266Sopenharmony_ci * passwdp [in]     - The user's password.
5613498266Sopenharmony_ci * out     [out]    - The result storage.
5713498266Sopenharmony_ci *
5813498266Sopenharmony_ci * Returns CURLE_OK on success.
5913498266Sopenharmony_ci */
6013498266Sopenharmony_ciCURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg,
6113498266Sopenharmony_ci                                           const char *userp,
6213498266Sopenharmony_ci                                           const char *passwdp,
6313498266Sopenharmony_ci                                           struct bufref *out)
6413498266Sopenharmony_ci{
6513498266Sopenharmony_ci  struct HMAC_context *ctxt;
6613498266Sopenharmony_ci  unsigned char digest[MD5_DIGEST_LEN];
6713498266Sopenharmony_ci  char *response;
6813498266Sopenharmony_ci
6913498266Sopenharmony_ci  /* Compute the digest using the password as the key */
7013498266Sopenharmony_ci  ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
7113498266Sopenharmony_ci                        (const unsigned char *) passwdp,
7213498266Sopenharmony_ci                        curlx_uztoui(strlen(passwdp)));
7313498266Sopenharmony_ci  if(!ctxt)
7413498266Sopenharmony_ci    return CURLE_OUT_OF_MEMORY;
7513498266Sopenharmony_ci
7613498266Sopenharmony_ci  /* Update the digest with the given challenge */
7713498266Sopenharmony_ci  if(Curl_bufref_len(chlg))
7813498266Sopenharmony_ci    Curl_HMAC_update(ctxt, Curl_bufref_ptr(chlg),
7913498266Sopenharmony_ci                     curlx_uztoui(Curl_bufref_len(chlg)));
8013498266Sopenharmony_ci
8113498266Sopenharmony_ci  /* Finalise the digest */
8213498266Sopenharmony_ci  Curl_HMAC_final(ctxt, digest);
8313498266Sopenharmony_ci
8413498266Sopenharmony_ci  /* Generate the response */
8513498266Sopenharmony_ci  response = aprintf(
8613498266Sopenharmony_ci    "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
8713498266Sopenharmony_ci    userp, digest[0], digest[1], digest[2], digest[3], digest[4],
8813498266Sopenharmony_ci    digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
8913498266Sopenharmony_ci    digest[11], digest[12], digest[13], digest[14], digest[15]);
9013498266Sopenharmony_ci  if(!response)
9113498266Sopenharmony_ci    return CURLE_OUT_OF_MEMORY;
9213498266Sopenharmony_ci
9313498266Sopenharmony_ci  Curl_bufref_set(out, response, strlen(response), curl_free);
9413498266Sopenharmony_ci  return CURLE_OK;
9513498266Sopenharmony_ci}
9613498266Sopenharmony_ci
9713498266Sopenharmony_ci#endif /* !CURL_DISABLE_DIGEST_AUTH */
98