[Dovecot] [PATCH 0/10] NTLM patchset submission

Joshua Goodall joshua at roughtrade.net
Wed Jul 28 15:57:30 EEST 2004 

On Wed, Jul 28, 2004 at 12:36:30AM +0300, Timo Sirainen wrote:
> HMAC-MD5 code looks quite similiar to 
> src/auth/password-scheme-cram-md5.c. Could they be merged somehow?

The use of HMAC in CRAM-MD5 is different to that in NTLM; although
both start with the construction of the inner and outer pads,
the stored form in CRAM-MD5 is the internal structures of the md5
contexts midway through the HMAC computation.  As a result,
the CRAM-MD5 generator reaches inside the md5_context struct itself
and directly touches a,b,c & d.

There is one other possible issue with Andrey's code, in that it
leaves the key in memory (XOR'd) in between hmac_md5_init and final,
in the ipad and opad.  The MD5 algorithm only leaves bits of the
bits of the input if it wasn't a multiple of 512 bits, which is one
reason I think CRAM-MD5 is deliberately using that block size.  We
can remove the issue, and make the struct smaller, by initializing
the outer MD5 context first.

The attached files are a draft merge of the two, and the two new
functions would be used by password-scheme-cram-md5.c and mech-cram-md5.c
(and also wipe the ipad/opad after use).  WARNING: Since Andrey's
code isn't committed yet, I haven't tried to compile them, but this
is how they should look, notwithstanding possible typos or
missed #includes.

Joshua.
-------------- next part --------------
/*
 * HMAC-MD5 (RFC-2104) implementation.
 *
 * Copyright (c) 2004 Andrey Panin <pazke at donpac.ru>
 *
 * CRAM-MD5 (RFC 2195) compatibility code
 * Copyright (c) 2003 Joshua Goodall <joshua at roughtrade.net>
 *
 * This library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published 
 * by the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 */

#include "lib.h"
#include "hmac-md5.h"
#include "safe-memset.h"

void hmac_md5_init(struct hmac_md5_context *ctx,
		   const unsigned char * key, size_t key_len)
{
	int i;
	unsigned char md5key[16];
	unsigned char k_ipad[64];
	unsigned char k_opad[64];

	if (key_len > 64) {
		md5_get_digest(key, key_len, md5key);
		key = md5key;
		key_len = 16;
	}

	memcpy(k_ipad, key, key_len);
	memset(k_ipad + key_len, 0, 64 - key_len);
	memcpy(k_opad, k_ipad, 64);

	for (i = 0; i < 64; i++) {
		k_ipad[i] ^= 0x36;
		k_opad[i] ^= 0x5c;
	}

	md5_init(&ctx->ctx);
	md5_update(&ctx->ctx, k_ipad, 64);  
	md5_init(&ctx->ctxo);
	md5_update(&ctx->ctxo, k_opad, 64);   

	safe_memset(k_ipad, 0, 64);
	safe_memset(k_opad, 0, 64);
}

void hmac_md5_final(struct hmac_md5_context *ctx, unsigned char *digest)
{
	md5_final(&ctx->ctx, digest);

	md5_update(&ctx->ctxo, digest, 16); 
	md5_final(&ctx->ctxo, digest);
}

void hmac_md5_get_cram_context(struct hmac_md5_context *ctx, unsigned char *context_digest)
{
	unsigned char *cdp;

#define CDPUT(p, c) STMT_START {   \
	*(p)++ = (c) & 0xff;       \
	*(p)++ = (c) >> 8 & 0xff;  \
	*(p)++ = (c) >> 16 & 0xff; \
	*(p)++ = (c) >> 24 & 0xff; \
} STMT_END
	cdp = context_digest;
	CDPUT(cdp, ctx->ctxo.a);
	CDPUT(cdp, ctx->ctxo.b);
	CDPUT(cdp, ctx->ctxo.c);
	CDPUT(cdp, ctx->ctxo.d);
	CDPUT(cdp, ctx->ctx.a);
	CDPUT(cdp, ctx->ctx.b);
	CDPUT(cdp, ctx->ctx.c);
	CDPUT(cdp, ctx->ctx.d);
}

void hmac_md5_set_cram_context(struct hmac_md5_context *ctx, unsigned char *context_digest)
{
	unsigned char *cdp;

#define CDGET(p, c) STMT_START { \
	(c)  = (*p++);           \
	(c) += (*p++ << 8);      \
	(c) += (*p++ << 16);     \
	(c) += (*p++ << 24);     \
} STMT_END
	cdp = context_digest;
	CDGET(cdp, ctx->ctxo.a);
	CDGET(cdp, ctx->ctxo.b);
	CDGET(cdp, ctx->ctxo.c);
	CDGET(cdp, ctx->ctxo.d);
	CDGET(cdp, ctx->ctx.a);
	CDGET(cdp, ctx->ctx.b);
	CDGET(cdp, ctx->ctx.c);
	CDGET(cdp, ctx->ctx.d);

	ctx->ctxo.lo = ctx->ctx.lo = 64;
	ctx->ctxo.hi = ctx->ctx.hi = 0;
}
-------------- next part --------------
#ifndef __HMAC_MD5_H__
#define __HMAC_MD5_H__

#include "md5.h"

struct hmac_md5_context {
	struct md5_context ctx, ctxo;
};

void hmac_md5_init(struct hmac_md5_context *ctx, const unsigned char* key, size_t key_len);
void hmac_md5_final(struct hmac_md5_context *ctx, unsigned char *digest);
void hmac_md5_get_cram_context(struct hmac_md5_context *ctx, unsigned char *context_digest);
void hmac_md5_set_cram_context(struct hmac_md5_context *ctx, unsigned char *context_digest);


static inline void
hmac_md5_update(struct hmac_md5_context *ctx, const void * data, size_t size)
{
	md5_update(&ctx->ctx, data, size);
}

#endif /* __HMAC_MD5_H__ */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040728/22199e8f/attachment-0001.bin>

More information about the dovecot mailing list