LCOV - code coverage report
Current view: top level - lib/cram-md5 - challenge.c (source / functions) Hit Total Coverage
Test: GNU SASL Lines: 8 9 88.9 %
Date: 2012-05-28 Functions: 1 1 100.0 %
Legend: Lines: hit not hit | Branches: + taken - not taken # not executed Branches: 7 8 87.5 %

           Branch data     Line data    Source code
       1                 :            : /* challenge.c --- Generate a CRAM-MD5 challenge string.
       2                 :            :  * Copyright (C) 2002-2012 Simon Josefsson
       3                 :            :  *
       4                 :            :  * This file is part of GNU SASL Library.
       5                 :            :  *
       6                 :            :  * GNU SASL Library is free software; you can redistribute it and/or
       7                 :            :  * modify it under the terms of the GNU Lesser General Public License
       8                 :            :  * as published by the Free Software Foundation; either version 2.1 of
       9                 :            :  * the License, or (at your option) any later version.
      10                 :            :  *
      11                 :            :  * GNU SASL Library is distributed in the hope that it will be useful,
      12                 :            :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      13                 :            :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      14                 :            :  * Lesser General Public License for more details.
      15                 :            :  *
      16                 :            :  * You should have received a copy of the GNU Lesser General Public
      17                 :            :  * License along with GNU SASL Library; if not, write to the Free
      18                 :            :  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
      19                 :            :  * Boston, MA 02110-1301, USA.
      20                 :            :  *
      21                 :            :  */
      22                 :            : 
      23                 :            : #include <stdio.h>
      24                 :            : #include <string.h>
      25                 :            : #include <assert.h>
      26                 :            : 
      27                 :            : /* Get prototype. */
      28                 :            : #include "challenge.h"
      29                 :            : 
      30                 :            : /* Get gc_nonce. */
      31                 :            : #include <gc.h>
      32                 :            : 
      33                 :            : /*
      34                 :            :  * From draft-ietf-sasl-crammd5-02.txt:
      35                 :            :  *
      36                 :            :  *   The data encoded in the challenge contains a presumptively
      37                 :            :  *   arbitrary string of random digits, a time-stamp, and the
      38                 :            :  *   fully-qualified primary host name of the server.
      39                 :            :  * ...
      40                 :            :  *   challenge  = "<" 1*DIGIT "." 1*DIGIT "@" hostname ">"
      41                 :            :  *   hostname   = 1*(ALPHA / DIGIT) *("." / "-" / ALPHA / DIGIT)
      42                 :            :  *
      43                 :            :  * This implementation avoid the information leakage by always using 0
      44                 :            :  * as the time stamp and a fixed host name.  This should be
      45                 :            :  * unproblematic, as any client that try to validate the challenge
      46                 :            :  * string somehow, would violate the same specification:
      47                 :            :  *
      48                 :            :  *   The client MUST NOT interpret or attempt to validate the
      49                 :            :  *   contents of the challenge in any way.
      50                 :            :  *
      51                 :            :  */
      52                 :            : 
      53                 :            : /* The sequence of X in TEMPLATE must be twice as long as NONCELEN. */
      54                 :            : #define NONCELEN 10
      55                 :            : #define TEMPLATE "<XXXXXXXXXXXXXXXXXXXX.0@localhost>"
      56                 :            : 
      57                 :            : /* The probabilities for each digit are skewed (0-5 is more likely to
      58                 :            :    occur than 6-9), but it is just used as a nonce anyway. */
      59                 :            : #define DIGIT(c) (((c) & 0x0F) > 9 ?             \
      60                 :            :                     '0' + ((c) & 0x0F) - 10 :       \
      61                 :            :                     '0' + ((c) & 0x0F))
      62                 :            : 
      63                 :            : int
      64                 :         19 : cram_md5_challenge (char challenge[CRAM_MD5_CHALLENGE_LEN])
      65                 :            : {
      66                 :            :   char nonce[NONCELEN];
      67                 :            :   size_t i;
      68                 :            :   int rc;
      69                 :            : 
      70                 :            :   assert (strlen (TEMPLATE) == CRAM_MD5_CHALLENGE_LEN - 1);
      71                 :            : 
      72                 :         19 :   memcpy (challenge, TEMPLATE, CRAM_MD5_CHALLENGE_LEN);
      73                 :            : 
      74                 :         19 :   rc = gc_nonce (nonce, sizeof (nonce));
      75         [ -  + ]:         19 :   if (rc != GC_OK)
      76                 :          0 :     return -1;
      77                 :            : 
      78         [ +  + ]:        209 :   for (i = 0; i < sizeof (nonce); i++)
      79                 :            :     {
      80         [ +  + ]:        190 :       challenge[1 + i] = DIGIT (nonce[i]);
      81         [ +  + ]:        190 :       challenge[11 + i] = DIGIT (nonce[i] >> 4);
      82                 :            :     }
      83                 :            : 
      84                 :         19 :   return 0;
      85                 :            : }

Generated by: LCOV version 1.9