/src/curl/lib/vauth/cram.c

Source
/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * SPDX-License-Identifier: curl
 *
 * RFC2195 CRAM-MD5 authentication
 *
 ***************************************************************************/
#include "curl_setup.h"

#ifndef CURL_DISABLE_DIGEST_AUTH

#include "vauth/vauth.h"
#include "curl_hmac.h"
#include "curl_md5.h"

/*
 * Curl_auth_create_cram_md5_message()
 *
 * This is used to generate a CRAM-MD5 response message ready for sending to
 * the recipient.
 *
 * Parameters:
 *
 * chlg    [in]     - The challenge.
 * userp   [in]     - The username.
 * passwdp [in]     - The user's password.
 * out     [out]    - The result storage.
 *
 * Returns CURLE_OK on success.
 */
CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg,
                                           const char *userp,
                                           const char *passwdp,
                                           struct bufref *out)
{
  struct HMAC_context *ctxt;
  unsigned char digest[MD5_DIGEST_LEN];
  char *response;

  /* Compute the digest using the password as the key */
  ctxt = Curl_HMAC_init(&Curl_HMAC_MD5,
                        (const unsigned char *)passwdp,
                        curlx_uztoui(strlen(passwdp)));
  if(!ctxt)
    return CURLE_OUT_OF_MEMORY;

  /* Update the digest with the given challenge */
  if(Curl_bufref_len(chlg))
    Curl_HMAC_update(ctxt, Curl_bufref_uptr(chlg),
                     curlx_uztoui(Curl_bufref_len(chlg)));

  /* Finalise the digest */
  Curl_HMAC_final(ctxt, digest);

  /* Generate the response */
  response = curl_maprintf(
    "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
    userp, digest[0], digest[1], digest[2], digest[3], digest[4],
    digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
    digest[11], digest[12], digest[13], digest[14], digest[15]);
  if(!response)
    return CURLE_OUT_OF_MEMORY;

  Curl_bufref_set(out, response, strlen(response), curl_free);
  return CURLE_OK;
}

#endif /* !CURL_DISABLE_DIGEST_AUTH */

Coverage Report

Created: 2026-02-26 06:33

Line	Count	Source
1		/***************************************************************************
2		* _ _ ____ _
3		* Project ___\| \| \| \| _ \\| \|
4		* / __\| \| \| \| \|_) \| \|
5		* \| (__\| \|_\| \| _ <\| \|___
6		* \___\|\___/\|_\| \_\_____\|
7		*
8		* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9		*
10		* This software is licensed as described in the file COPYING, which
11		* you should have received as part of this distribution. The terms
12		* are also available at https://curl.se/docs/copyright.html.
13		*
14		* You may opt to use, copy, modify, merge, publish, distribute and/or sell
15		* copies of the Software, and permit persons to whom the Software is
16		* furnished to do so, under the terms of the COPYING file.
17		*
18		* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19		* KIND, either express or implied.
20		*
21		* SPDX-License-Identifier: curl
22		*
23		* RFC2195 CRAM-MD5 authentication
24		*
25		***************************************************************************/
26		#include "curl_setup.h"
27
28		#ifndef CURL_DISABLE_DIGEST_AUTH
29
30		#include "vauth/vauth.h"
31		#include "curl_hmac.h"
32		#include "curl_md5.h"
33
34		/*
35		* Curl_auth_create_cram_md5_message()
36		*
37		* This is used to generate a CRAM-MD5 response message ready for sending to
38		* the recipient.
39		*
40		* Parameters:
41		*
42		* chlg [in] - The challenge.
43		* userp [in] - The username.
44		* passwdp [in] - The user's password.
45		* out [out] - The result storage.
46		*
47		* Returns CURLE_OK on success.
48		*/
49		CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg,
50		const char *userp,
51		const char *passwdp,
52		struct bufref *out)
53	0	{
54	0	struct HMAC_context *ctxt;
55	0	unsigned char digest[MD5_DIGEST_LEN];
56	0	char *response;
57
58		/* Compute the digest using the password as the key */
59	0	ctxt = Curl_HMAC_init(&Curl_HMAC_MD5,
60	0	(const unsigned char *)passwdp,
61	0	curlx_uztoui(strlen(passwdp)));
62	0	if(!ctxt)
63	0	return CURLE_OUT_OF_MEMORY;
64
65		/* Update the digest with the given challenge */
66	0	if(Curl_bufref_len(chlg))
67	0	Curl_HMAC_update(ctxt, Curl_bufref_uptr(chlg),
68	0	curlx_uztoui(Curl_bufref_len(chlg)));
69
70		/* Finalise the digest */
71	0	Curl_HMAC_final(ctxt, digest);
72
73		/* Generate the response */
74	0	response = curl_maprintf(
75	0	"%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
76	0	userp, digest[0], digest[1], digest[2], digest[3], digest[4],
77	0	digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
78	0	digest[11], digest[12], digest[13], digest[14], digest[15]);
79	0	if(!response)
80	0	return CURLE_OUT_OF_MEMORY;
81
82	0	Curl_bufref_set(out, response, strlen(response), curl_free);
83	0	return CURLE_OK;
84	0	}
85
86		#endif /* !CURL_DISABLE_DIGEST_AUTH */