Branch data Line data Source code
1 : : /* challenge.c --- Generate a CRAM-MD5 challenge string.
2 : : * Copyright (C) 2002-2012 Simon Josefsson
3 : : *
4 : : * This file is part of GNU SASL Library.
5 : : *
6 : : * GNU SASL Library is free software; you can redistribute it and/or
7 : : * modify it under the terms of the GNU Lesser General Public License
8 : : * as published by the Free Software Foundation; either version 2.1 of
9 : : * the License, or (at your option) any later version.
10 : : *
11 : : * GNU SASL Library is distributed in the hope that it will be useful,
12 : : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 : : * Lesser General Public License for more details.
15 : : *
16 : : * You should have received a copy of the GNU Lesser General Public
17 : : * License along with GNU SASL Library; if not, write to the Free
18 : : * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
19 : : * Boston, MA 02110-1301, USA.
20 : : *
21 : : */
22 : :
23 : : #include <stdio.h>
24 : : #include <string.h>
25 : : #include <assert.h>
26 : :
27 : : /* Get prototype. */
28 : : #include "challenge.h"
29 : :
30 : : /* Get gc_nonce. */
31 : : #include <gc.h>
32 : :
33 : : /*
34 : : * From draft-ietf-sasl-crammd5-02.txt:
35 : : *
36 : : * The data encoded in the challenge contains a presumptively
37 : : * arbitrary string of random digits, a time-stamp, and the
38 : : * fully-qualified primary host name of the server.
39 : : * ...
40 : : * challenge = "<" 1*DIGIT "." 1*DIGIT "@" hostname ">"
41 : : * hostname = 1*(ALPHA / DIGIT) *("." / "-" / ALPHA / DIGIT)
42 : : *
43 : : * This implementation avoid the information leakage by always using 0
44 : : * as the time stamp and a fixed host name. This should be
45 : : * unproblematic, as any client that try to validate the challenge
46 : : * string somehow, would violate the same specification:
47 : : *
48 : : * The client MUST NOT interpret or attempt to validate the
49 : : * contents of the challenge in any way.
50 : : *
51 : : */
52 : :
53 : : /* The sequence of X in TEMPLATE must be twice as long as NONCELEN. */
54 : : #define NONCELEN 10
55 : : #define TEMPLATE "<XXXXXXXXXXXXXXXXXXXX.0@localhost>"
56 : :
57 : : /* The probabilities for each digit are skewed (0-5 is more likely to
58 : : occur than 6-9), but it is just used as a nonce anyway. */
59 : : #define DIGIT(c) (((c) & 0x0F) > 9 ? \
60 : : '0' + ((c) & 0x0F) - 10 : \
61 : : '0' + ((c) & 0x0F))
62 : :
63 : : int
64 : 19 : cram_md5_challenge (char challenge[CRAM_MD5_CHALLENGE_LEN])
65 : : {
66 : : char nonce[NONCELEN];
67 : : size_t i;
68 : : int rc;
69 : :
70 : : assert (strlen (TEMPLATE) == CRAM_MD5_CHALLENGE_LEN - 1);
71 : :
72 : 19 : memcpy (challenge, TEMPLATE, CRAM_MD5_CHALLENGE_LEN);
73 : :
74 : 19 : rc = gc_nonce (nonce, sizeof (nonce));
75 [ - + ]: 19 : if (rc != GC_OK)
76 : 0 : return -1;
77 : :
78 [ + + ]: 209 : for (i = 0; i < sizeof (nonce); i++)
79 : : {
80 [ + + ]: 190 : challenge[1 + i] = DIGIT (nonce[i]);
81 [ + + ]: 190 : challenge[11 + i] = DIGIT (nonce[i] >> 4);
82 : : }
83 : :
84 : 19 : return 0;
85 : : }
|
