Coverage Report

Created: 2023-06-07 07:02

/src/curl/lib/vauth/cram.c
Line
Count
Source (jump to first uncovered line)
1
/***************************************************************************
2
 *                                  _   _ ____  _
3
 *  Project                     ___| | | |  _ \| |
4
 *                             / __| | | | |_) | |
5
 *                            | (__| |_| |  _ <| |___
6
 *                             \___|\___/|_| \_\_____|
7
 *
8
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9
 *
10
 * This software is licensed as described in the file COPYING, which
11
 * you should have received as part of this distribution. The terms
12
 * are also available at https://curl.se/docs/copyright.html.
13
 *
14
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15
 * copies of the Software, and permit persons to whom the Software is
16
 * furnished to do so, under the terms of the COPYING file.
17
 *
18
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19
 * KIND, either express or implied.
20
 *
21
 * SPDX-License-Identifier: curl
22
 *
23
 * RFC2195 CRAM-MD5 authentication
24
 *
25
 ***************************************************************************/
26
27
#include "curl_setup.h"
28
29
#if !defined(CURL_DISABLE_CRYPTO_AUTH)
30
31
#include <curl/curl.h>
32
#include "urldata.h"
33
34
#include "vauth/vauth.h"
35
#include "curl_hmac.h"
36
#include "curl_md5.h"
37
#include "warnless.h"
38
#include "curl_printf.h"
39
40
/* The last #include files should be: */
41
#include "curl_memory.h"
42
#include "memdebug.h"
43
44
45
/*
46
 * Curl_auth_create_cram_md5_message()
47
 *
48
 * This is used to generate a CRAM-MD5 response message ready for sending to
49
 * the recipient.
50
 *
51
 * Parameters:
52
 *
53
 * chlg    [in]     - The challenge.
54
 * userp   [in]     - The user name.
55
 * passwdp [in]     - The user's password.
56
 * out     [out]    - The result storage.
57
 *
58
 * Returns CURLE_OK on success.
59
 */
60
CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg,
61
                                           const char *userp,
62
                                           const char *passwdp,
63
                                           struct bufref *out)
64
0
{
65
0
  struct HMAC_context *ctxt;
66
0
  unsigned char digest[MD5_DIGEST_LEN];
67
0
  char *response;
68
69
  /* Compute the digest using the password as the key */
70
0
  ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
71
0
                        (const unsigned char *) passwdp,
72
0
                        curlx_uztoui(strlen(passwdp)));
73
0
  if(!ctxt)
74
0
    return CURLE_OUT_OF_MEMORY;
75
76
  /* Update the digest with the given challenge */
77
0
  if(Curl_bufref_len(chlg))
78
0
    Curl_HMAC_update(ctxt, Curl_bufref_ptr(chlg),
79
0
                     curlx_uztoui(Curl_bufref_len(chlg)));
80
81
  /* Finalise the digest */
82
0
  Curl_HMAC_final(ctxt, digest);
83
84
  /* Generate the response */
85
0
  response = aprintf(
86
0
    "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
87
0
    userp, digest[0], digest[1], digest[2], digest[3], digest[4],
88
0
    digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
89
0
    digest[11], digest[12], digest[13], digest[14], digest[15]);
90
0
  if(!response)
91
0
    return CURLE_OUT_OF_MEMORY;
92
93
0
  Curl_bufref_set(out, response, strlen(response), curl_free);
94
0
  return CURLE_OK;
95
0
}
96
97
#endif /* !CURL_DISABLE_CRYPTO_AUTH */