2 * Copyright notice from original mutt:
3 * Copyright (C) 1999-2000 Brendan Cully <brendan@kublai.com>
5 * This file is part of mutt-ng, see http://www.muttng.org/.
6 * It's licensed under the GNU General Public License,
7 * please see the file GPL in the top level source directory.
10 /* IMAP login/authentication code */
17 #include "imap_private.h"
21 #define MD5_BLOCK_LEN 64
22 #define MD5_DIGEST_LEN 16
24 /* forward declarations */
25 static void hmac_md5 (const char *password, char *challenge,
26 unsigned char *response);
28 /* imap_auth_cram_md5: AUTH=CRAM-MD5 support. */
29 imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA * idata, const char *method)
31 char ibuf[LONG_STRING * 2], obuf[LONG_STRING];
32 unsigned char hmac_response[MD5_DIGEST_LEN];
36 if (!mutt_bit_isset (idata->capabilities, ACRAM_MD5))
37 return IMAP_AUTH_UNAVAIL;
39 mutt_message _("Authenticating (CRAM-MD5)...");
42 if (mutt_account_getuser (&idata->conn->account))
43 return IMAP_AUTH_FAILURE;
44 if (mutt_account_getpass (&idata->conn->account))
45 return IMAP_AUTH_FAILURE;
47 imap_cmd_start (idata, "AUTHENTICATE CRAM-MD5");
50 * The data encoded in the first ready response contains a presumptively
51 * arbitrary string of random digits, a timestamp, and the fully-qualified
52 * primary host name of the server. The syntax of the unencoded form must
53 * correspond to that of an RFC 822 'msg-id' [RFC822] as described in [POP3].
56 rc = imap_cmd_step (idata);
57 while (rc == IMAP_CMD_CONTINUE);
59 if (rc != IMAP_CMD_RESPOND) {
60 dprint (1, (debugfile, "Invalid response from server: %s\n", ibuf));
64 if ((len = mutt_from_base64 (obuf, idata->cmd.buf + 2)) == -1) {
65 dprint (1, (debugfile, "Error decoding base64 response.\n"));
70 dprint (2, (debugfile, "CRAM challenge: %s\n", obuf));
72 /* The client makes note of the data and then responds with a string
73 * consisting of the user name, a space, and a 'digest'. The latter is
74 * computed by applying the keyed MD5 algorithm from [KEYED-MD5] where the
75 * key is a shared secret and the digested text is the timestamp (including
78 * Note: The user name shouldn't be quoted. Since the digest can't contain
79 * spaces, there is no ambiguity. Some servers get this wrong, we'll work
80 * around them when the bug report comes in. Until then, we'll remain
81 * blissfully RFC-compliant.
83 hmac_md5 (idata->conn->account.pass, obuf, hmac_response);
84 /* dubious optimisation I saw elsewhere: make the whole string in one call */
85 snprintf (obuf, sizeof (obuf),
86 "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
87 idata->conn->account.user,
88 hmac_response[0], hmac_response[1], hmac_response[2],
89 hmac_response[3], hmac_response[4], hmac_response[5],
90 hmac_response[6], hmac_response[7], hmac_response[8],
91 hmac_response[9], hmac_response[10], hmac_response[11],
92 hmac_response[12], hmac_response[13], hmac_response[14],
94 dprint (2, (debugfile, "CRAM response: %s\n", obuf));
96 /* XXX - ibuf must be long enough to store the base64 encoding of obuf,
97 * plus the additional debris
100 mutt_to_base64 ((unsigned char *) ibuf, (unsigned char *) obuf,
101 mutt_strlen (obuf), sizeof (ibuf) - 2);
102 safe_strcat (ibuf, sizeof (ibuf), "\r\n");
103 mutt_socket_write (idata->conn, ibuf);
106 rc = imap_cmd_step (idata);
107 while (rc == IMAP_CMD_CONTINUE);
109 if (rc != IMAP_CMD_OK) {
110 dprint (1, (debugfile, "Error receiving server response.\n"));
114 if (imap_code (idata->cmd.buf))
115 return IMAP_AUTH_SUCCESS;
118 mutt_error _("CRAM-MD5 authentication failed.");
120 return IMAP_AUTH_FAILURE;
123 /* hmac_md5: produce CRAM-MD5 challenge response. */
124 static void hmac_md5 (const char *password, char *challenge,
125 unsigned char *response)
128 unsigned char ipad[MD5_BLOCK_LEN], opad[MD5_BLOCK_LEN];
129 unsigned char secret[MD5_BLOCK_LEN + 1];
130 unsigned char hash_passwd[MD5_DIGEST_LEN];
131 unsigned int secret_len, chal_len;
134 secret_len = mutt_strlen (password);
135 chal_len = mutt_strlen (challenge);
137 /* passwords longer than MD5_BLOCK_LEN bytes are substituted with their MD5
139 if (secret_len > MD5_BLOCK_LEN) {
141 MD5Update (&ctx, (unsigned char *) password, secret_len);
142 MD5Final (hash_passwd, &ctx);
143 strfcpy ((char *) secret, (char *) hash_passwd, MD5_DIGEST_LEN);
144 secret_len = MD5_DIGEST_LEN;
147 strfcpy ((char *) secret, password, sizeof (secret));
149 memset (ipad, 0, sizeof (ipad));
150 memset (opad, 0, sizeof (opad));
151 memcpy (ipad, secret, secret_len);
152 memcpy (opad, secret, secret_len);
154 for (i = 0; i < MD5_BLOCK_LEN; i++) {
159 /* inner hash: challenge and ipadded secret */
161 MD5Update (&ctx, ipad, MD5_BLOCK_LEN);
162 MD5Update (&ctx, (unsigned char *) challenge, chal_len);
163 MD5Final (response, &ctx);
165 /* outer hash: inner hash and opadded secret */
167 MD5Update (&ctx, opad, MD5_BLOCK_LEN);
168 MD5Update (&ctx, response, MD5_DIGEST_LEN);
169 MD5Final (response, &ctx);