[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS gsasl/lib/digest-md5
From: |
gsasl-commit |
Subject: |
CVS gsasl/lib/digest-md5 |
Date: |
Sun, 19 Dec 2004 03:51:48 +0100 |
Update of /home/cvs/gsasl/lib/digest-md5
In directory dopio:/tmp/cvs-serv31285
Modified Files:
parser.c
Log Message:
Handle qop/cipher in challenge.
--- /home/cvs/gsasl/lib/digest-md5/parser.c 2004/12/19 02:10:30 1.5
+++ /home/cvs/gsasl/lib/digest-md5/parser.c 2004/12/19 02:51:48 1.6
@@ -62,10 +62,55 @@
NULL
};
+/* qop-value = "auth" | "auth-int" | "auth-conf" | qop-token */
+
+enum
+ {
+ /* the order must match the following struct */
+ QOP_AUTH = 0,
+ QOP_AUTH_INT,
+ QOP_AUTH_CONF
+ };
+
+/* cipher-value = "3des" | "des" | "rc4-40" | "rc4" |
+ * "rc4-56" | "aes-cbc" | cipher-token
+ * ;; "des" and "3des" ciphers are obsolete.
+ */
+static const char *const qop_opts[] = {
+ /* the order must match the previous enum */
+ "auth",
+ "auth-int",
+ "auth-conf",
+ NULL
+};
+
+enum
+ {
+ /* the order must match the following struct */
+ CIPHER_DES = 0,
+ CIPHER_3DES,
+ CIPHER_RC4,
+ CIPHER_RC4_40,
+ CIPHER_RC4_56,
+ CIPHER_AES_CBC
+ };
+
+static const char *const cipher_opts[] = {
+ /* the order must match the previous enum */
+ "des",
+ "3des",
+ "rc4",
+ "rc4-40",
+ "rc4-56",
+ "aes-cbc",
+ NULL
+};
+
static int
parse_challenge (char *challenge, digest_md5_challenge *out)
{
- int done_algorithm;
+ int done_algorithm = 0;
+ int disable_qop_auth_conf = 0;
char *value;
memset (out, 0, sizeof (*out));
@@ -103,14 +148,40 @@
break;
case CHALLENGE_QOP:
- /* The client MUST ignore unrecognized options; if the client
- recognizes no option, it MUST abort the authentication
- exchange. */
- if (out->qop)
+ if (out->qops)
return -1;
- /* FIXME: sub-parse. */
- out->qop = strdup (value);
- if (!out->qop)
+ {
+ char *subsubopts;
+ char *val;
+
+ subsubopts = value;
+ while (*subsubopts != '\0')
+ switch (digest_md5_getsubopt (&subsubopts, qop_opts, &val))
+ {
+ case QOP_AUTH:
+ out->qops |= DIGEST_MD5_QOP_AUTH;
+ break;
+
+ case QOP_AUTH_INT:
+ out->qops |= DIGEST_MD5_QOP_AUTH_INT;
+ break;
+
+ case QOP_AUTH_CONF:
+ out->qops |= DIGEST_MD5_QOP_AUTH_CONF;
+ break;
+
+ default:
+ /* The client MUST ignore unrecognized options */
+ break;
+ }
+ }
+ /* if the client recognizes no cipher, it MUST behave as if
+ "auth-conf" qop option wasn't provided by the server. */
+ if (disable_qop_auth_conf)
+ out->qops &= ~DIGEST_MD5_QOP_AUTH_CONF;
+ /* if the client recognizes no option, it MUST abort the
+ authentication exchange. */
+ if (!out->qops)
return -1;
break;
@@ -160,13 +231,51 @@
done_algorithm = 1;
break;
+
case CHALLENGE_CIPHER:
if (out->ciphers)
return -1;
- /* FIXME: sub-parse. */
- out->ciphers = strdup (value);
+ {
+ char *subsubopts;
+ char *val;
+
+ subsubopts = value;
+ while (*subsubopts != '\0')
+ switch (digest_md5_getsubopt (&subsubopts, cipher_opts, &val))
+ {
+ case CIPHER_DES:
+ out->ciphers |= DIGEST_MD5_CIPHER_DES;
+ break;
+
+ case CIPHER_3DES:
+ out->ciphers |= DIGEST_MD5_CIPHER_3DES;
+ break;
+
+ case CIPHER_RC4:
+ out->ciphers |= DIGEST_MD5_CIPHER_RC4;
+ break;
+
+ case CIPHER_RC4_40:
+ out->ciphers |= DIGEST_MD5_CIPHER_RC4_40;
+ break;
+
+ case CIPHER_RC4_56:
+ out->ciphers |= DIGEST_MD5_CIPHER_RC4_56;
+ break;
+
+ case CIPHER_AES_CBC:
+ out->ciphers |= DIGEST_MD5_CIPHER_AES_CBC;
+ break;
+
+ default:
+ /* The client MUST ignore unrecognized ciphers */
+ break;
+ }
+ }
+ /* if the client recognizes no cipher, it MUST behave as if
+ "auth-conf" qop option wasn't provided by the server. */
if (!out->ciphers)
- return -1;
+ disable_qop_auth_conf = 1;
break;
default:
@@ -188,6 +297,13 @@
if (!done_algorithm)
return -1;
+ /* This directive must be present exactly once if "auth-conf" is
+ offered in the "qop-options" directive */
+ if (out->ciphers && !(out->qops & DIGEST_MD5_QOP_AUTH_CONF))
+ return -1;
+ if (!out->ciphers && (out->qops & DIGEST_MD5_QOP_AUTH_CONF))
+ return -1;
+
return 0;
}
- CVS gsasl/lib/digest-md5, (continued)
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5,
gsasl-commit <=
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18