mmbuffer mmcooked mmexternal
mime-conf
sasl sasl-cram sasl-digest
+ md4 ntlm sasl-ntlm sasl-scram
smtp qmtp smtpmail))
(setq flim-version-specific-modules '(mailcap))
--- /dev/null
+;;; md4.el --- MD4 Message Digest Algorithm.
+
+;; Copyright (C) 2001 Taro Kawagishi
+;; Author: Taro Kawagishi <tarok@transpulse.org>
+;; Keywords: MD4
+;; Version: 1.00
+;; Created: February 2001
+
+;; This file is part of FLIM (Faithful Library about Internet Message).
+
+;; This program is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 2, or (at your option)
+;; any later version.
+;;
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; see the file COPYING. If not, write to the
+;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+;; Boston, MA 02111-1307, USA.
+
+;;; Code:
+
+;;;
+;;; MD4 hash calculation
+
+(defun print-int32 (int32)
+ "print 32 bits integer in 4 bytes string as little endian"
+ (let ((h (car int32)) (l (cdr int32)))
+ (list (logand l 255) (lsh l -8) (logand h 255) (lsh h -8))))
+
+(defun print-string-hexa (str)
+ "print a string in hexadecimal"
+ (let (out)
+ (mapcar (function (lambda (x) (concat out (format "%x" x)))) str)))
+
+(defvar md4-buffer (make-vector 4 '(0 . 0))
+ "work buffer of four 32-bit integers")
+
+(defun md4 (in n)
+ "Returns the MD4 hash string of 16 bytes long for a string IN of N
+bytes long. N is required to handle strings containing character 0."
+ (let (m
+ (b (cons 0 (* n 8)))
+ (i 0)
+ (buf (make-string 128 0)) c4)
+ ;; initial values
+ (aset md4-buffer 0 '(26437 . 8961)) ;0x67452301
+ (aset md4-buffer 1 '(61389 . 43913)) ;0xefcdab89
+ (aset md4-buffer 2 '(39098 . 56574)) ;0x98badcfe
+ (aset md4-buffer 3 '(4146 . 21622)) ;0x10325476
+
+ ;; process the string in 64 bits chunks
+ (while (> n 64)
+ (setq m (md4-copy64 (substring in 0 64)))
+ (md4-64 m)
+ (setq in (substring in 64))
+ (setq n (- n 64)))
+
+ ;; process the rest of the string (length is now n <= 64)
+ (setq i 0)
+ (while (< i n)
+ (aset buf i (aref in i))
+ (setq i (1+ i)))
+ (aset buf n 128) ;0x80
+ (if (<= n 55)
+ (progn
+ (setq c4 (md4-pack-int32 b))
+ (aset buf 56 (aref c4 0))
+ (aset buf 57 (aref c4 1))
+ (aset buf 58 (aref c4 2))
+ (aset buf 59 (aref c4 3))
+ (setq m (md4-copy64 buf))
+ (md4-64 m))
+ ;; else
+ (setq c4 (md4-pack-int32 b))
+ (aset buf 120 (aref c4 0))
+ (aset buf 121 (aref c4 1))
+ (aset buf 122 (aref c4 2))
+ (aset buf 123 (aref c4 3))
+ (setq m (md4-copy64 buf))
+ (md4-64 m)
+ (setq m (md4-copy64 (substring buf 64)))
+ (md4-64 m)))
+
+ (concat (md4-pack-int32 (aref md4-buffer 0))
+ (md4-pack-int32 (aref md4-buffer 1))
+ (md4-pack-int32 (aref md4-buffer 2))
+ (md4-pack-int32 (aref md4-buffer 3))))
+
+(defsubst md4-F (x y z) (logior (logand x y) (logand (lognot x) z)))
+(defsubst md4-G (x y z) (logior (logand x y) (logand x z) (logand y z)))
+(defsubst md4-H (x y z) (logxor x y z))
+
+(defmacro md4-make-step (name func)
+ (`
+ (defun (, name) (a b c d xk s ac)
+ (let*
+ ((h1 (+ (car a) ((, func) (car b) (car c) (car d)) (car xk) (car ac)))
+ (l1 (+ (cdr a) ((, func) (cdr b) (cdr c) (cdr d)) (cdr xk) (cdr ac)))
+ (h2 (logand 65535 (+ h1 (lsh l1 -16))))
+ (l2 (logand 65535 l1))
+ ;; cyclic shift of 32 bits integer
+ (h3 (logand 65535 (if (> s 15)
+ (+ (lsh h2 (- s 32)) (lsh l2 (- s 16)))
+ (+ (lsh h2 s) (lsh l2 (- s 16))))))
+ (l3 (logand 65535 (if (> s 15)
+ (+ (lsh l2 (- s 32)) (lsh h2 (- s 16)))
+ (+ (lsh l2 s) (lsh h2 (- s 16)))))))
+ (cons h3 l3)))))
+
+(md4-make-step md4-round1 md4-F)
+(md4-make-step md4-round2 md4-G)
+(md4-make-step md4-round3 md4-H)
+
+(defsubst md4-add (x y)
+ "Return 32-bit sum of 32-bit integers X and Y."
+ (let ((h (+ (car x) (car y)))
+ (l (+ (cdr x) (cdr y))))
+ (cons (logand 65535 (+ h (lsh l -16))) (logand 65535 l))))
+
+(defsubst md4-and (x y)
+ (cons (logand (car x) (car y)) (logand (cdr x) (cdr y))))
+
+(defun md4-64 (m)
+ "Calculate md4 of 64 bytes chunk M which is represented as 16 pairs of
+32 bits integers. The resulting md4 value is placed in md4-buffer."
+ (let ((a (aref md4-buffer 0))
+ (b (aref md4-buffer 1))
+ (c (aref md4-buffer 2))
+ (d (aref md4-buffer 3)))
+ (setq a (md4-round1 a b c d (aref m 0) 3 '(0 . 0))
+ d (md4-round1 d a b c (aref m 1) 7 '(0 . 0))
+ c (md4-round1 c d a b (aref m 2) 11 '(0 . 0))
+ b (md4-round1 b c d a (aref m 3) 19 '(0 . 0))
+ a (md4-round1 a b c d (aref m 4) 3 '(0 . 0))
+ d (md4-round1 d a b c (aref m 5) 7 '(0 . 0))
+ c (md4-round1 c d a b (aref m 6) 11 '(0 . 0))
+ b (md4-round1 b c d a (aref m 7) 19 '(0 . 0))
+ a (md4-round1 a b c d (aref m 8) 3 '(0 . 0))
+ d (md4-round1 d a b c (aref m 9) 7 '(0 . 0))
+ c (md4-round1 c d a b (aref m 10) 11 '(0 . 0))
+ b (md4-round1 b c d a (aref m 11) 19 '(0 . 0))
+ a (md4-round1 a b c d (aref m 12) 3 '(0 . 0))
+ d (md4-round1 d a b c (aref m 13) 7 '(0 . 0))
+ c (md4-round1 c d a b (aref m 14) 11 '(0 . 0))
+ b (md4-round1 b c d a (aref m 15) 19 '(0 . 0))
+
+ a (md4-round2 a b c d (aref m 0) 3 '(23170 . 31129)) ;0x5A827999
+ d (md4-round2 d a b c (aref m 4) 5 '(23170 . 31129))
+ c (md4-round2 c d a b (aref m 8) 9 '(23170 . 31129))
+ b (md4-round2 b c d a (aref m 12) 13 '(23170 . 31129))
+ a (md4-round2 a b c d (aref m 1) 3 '(23170 . 31129))
+ d (md4-round2 d a b c (aref m 5) 5 '(23170 . 31129))
+ c (md4-round2 c d a b (aref m 9) 9 '(23170 . 31129))
+ b (md4-round2 b c d a (aref m 13) 13 '(23170 . 31129))
+ a (md4-round2 a b c d (aref m 2) 3 '(23170 . 31129))
+ d (md4-round2 d a b c (aref m 6) 5 '(23170 . 31129))
+ c (md4-round2 c d a b (aref m 10) 9 '(23170 . 31129))
+ b (md4-round2 b c d a (aref m 14) 13 '(23170 . 31129))
+ a (md4-round2 a b c d (aref m 3) 3 '(23170 . 31129))
+ d (md4-round2 d a b c (aref m 7) 5 '(23170 . 31129))
+ c (md4-round2 c d a b (aref m 11) 9 '(23170 . 31129))
+ b (md4-round2 b c d a (aref m 15) 13 '(23170 . 31129))
+
+ a (md4-round3 a b c d (aref m 0) 3 '(28377 . 60321)) ;0x6ED9EBA1
+ d (md4-round3 d a b c (aref m 8) 9 '(28377 . 60321))
+ c (md4-round3 c d a b (aref m 4) 11 '(28377 . 60321))
+ b (md4-round3 b c d a (aref m 12) 15 '(28377 . 60321))
+ a (md4-round3 a b c d (aref m 2) 3 '(28377 . 60321))
+ d (md4-round3 d a b c (aref m 10) 9 '(28377 . 60321))
+ c (md4-round3 c d a b (aref m 6) 11 '(28377 . 60321))
+ b (md4-round3 b c d a (aref m 14) 15 '(28377 . 60321))
+ a (md4-round3 a b c d (aref m 1) 3 '(28377 . 60321))
+ d (md4-round3 d a b c (aref m 9) 9 '(28377 . 60321))
+ c (md4-round3 c d a b (aref m 5) 11 '(28377 . 60321))
+ b (md4-round3 b c d a (aref m 13) 15 '(28377 . 60321))
+ a (md4-round3 a b c d (aref m 3) 3 '(28377 . 60321))
+ d (md4-round3 d a b c (aref m 11) 9 '(28377 . 60321))
+ c (md4-round3 c d a b (aref m 7) 11 '(28377 . 60321))
+ b (md4-round3 b c d a (aref m 15) 15 '(28377 . 60321)))
+
+ (aset md4-buffer 0 (md4-add a (aref md4-buffer 0)))
+ (aset md4-buffer 1 (md4-add b (aref md4-buffer 1)))
+ (aset md4-buffer 2 (md4-add c (aref md4-buffer 2)))
+ (aset md4-buffer 3 (md4-add d (aref md4-buffer 3)))
+ ))
+
+(defun md4-copy64 (seq)
+ "Unpack a 64 bytes string into 16 pairs of 32 bits integers."
+ (let ((int32s (make-vector 16 0)) (i 0) j)
+ (while (< i 16)
+ (setq j (* i 4))
+ (aset int32s i (cons (+ (aref seq (+ j 2)) (lsh (aref seq (+ j 3)) 8))
+ (+ (aref seq j) (lsh (aref seq (1+ j)) 8))))
+ (setq i (1+ i)))
+ int32s))
+
+;;;
+;;; sub functions
+
+(defun md4-pack-int16 (int16)
+ "Pack 16 bits integer in 2 bytes string as little endian."
+ (let ((str (make-string 2 0)))
+ (aset str 0 (logand int16 255))
+ (aset str 1 (lsh int16 -8))
+ str))
+
+(defun md4-pack-int32 (int32)
+ "Pack 32 bits integer in a 4 bytes string as little endian. A 32 bits
+integer is represented as a pair of two 16 bits integers (cons high low)."
+ (let ((str (make-string 4 0))
+ (h (car int32)) (l (cdr int32)))
+ (aset str 0 (logand l 255))
+ (aset str 1 (lsh l -8))
+ (aset str 2 (logand h 255))
+ (aset str 3 (lsh h -8))
+ str))
+
+(defun md4-unpack-int16 (str)
+ (if (eq 2 (length str))
+ (+ (lsh (aref str 1) 8) (aref str 0))
+ (error "%s is not 2 bytes long" str)))
+
+(defun md4-unpack-int32 (str)
+ (if (eq 4 (length str))
+ (cons (+ (lsh (aref str 3) 8) (aref str 2))
+ (+ (lsh (aref str 1) 8) (aref str 0)))
+ (error "%s is not 4 bytes long" str)))
+
+(provide 'md4)
+
+;;; md4.el ends here
--- /dev/null
+;;; ntlm.el --- NTLM (NT LanManager) authentication support
+
+;; Copyright (C) 2001 Taro Kawagishi
+;; Author: Taro Kawagishi <tarok@transpulse.org>
+;; Keywords: NTLM, SASL
+;; Version: 1.00
+;; Created: February 2001
+
+;; This program is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 2, or (at your option)
+;; any later version.
+;;
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; see the file COPYING. If not, write to the
+;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+;; Boston, MA 02111-1307, USA.
+
+;;; Commentary:
+
+;; This library is a direct translation of the Samba release 2.2.0
+;; implementation of Windows NT and LanManager compatible password
+;; encryption.
+;;
+;; Interface functions:
+;;
+;; ntlm-build-auth-request
+;; This will return a binary string, which should be used in the
+;; base64 encoded form and it is the caller's responsibility to encode
+;; the returned string with base64.
+;;
+;; ntlm-build-auth-response
+;; It is the caller's responsibility to pass a base64 decoded string
+;; (which will be a binary string) as the first argument and to
+;; encode the returned string with base64. The second argument user
+;; should be given in user@domain format.
+;;
+;; ntlm-get-password-hashes
+;;
+;;
+;; NTLM authentication procedure example:
+;;
+;; 1. Open a network connection to the Exchange server at the IMAP port (143)
+;; 2. Receive an opening message such as:
+;; "* OK Microsoft Exchange IMAP4rev1 server version 5.5.2653.7 (XXXX) ready"
+;; 3. Ask for IMAP server capability by sending "NNN capability"
+;; 4. Receive a capability message such as:
+;; "* CAPABILITY IMAP4 IMAP4rev1 IDLE LITERAL+ LOGIN-REFERRALS MAILBOX-REFERRALS NAMESPACE AUTH=NTLM"
+;; 5. Ask for NTLM authentication by sending a string
+;; "NNN authenticate ntlm"
+;; 6. Receive continuation acknowledgment "+"
+;; 7. Send NTLM authentication request generated by 'ntlm-build-auth-request
+;; 8. Receive NTLM challenge string following acknowledgment "+"
+;; 9. Generate response to challenge by 'ntlm-build-auth-response
+;; (here two hash function values of the user password are encrypted)
+;; 10. Receive authentication completion message such as
+;; "NNN OK AUTHENTICATE NTLM completed."
+
+;;; Code:
+
+(require 'poem)
+(require 'md4)
+
+;;;
+;;; NTLM authentication interface functions
+
+(defun ntlm-build-auth-request (user &optional domain)
+ "Return the NTLM authentication request string for USER and DOMAIN.
+USER is a string representing a user name to be authenticated and
+DOMAIN is a NT domain. USER can include a NT domain part as in
+user@domain where the string after @ is used as the domain if DOMAIN
+is not given."
+ (interactive)
+ (let ((request-ident (concat "NTLMSSP" (make-string 1 0)))
+ (request-msgType (concat (make-string 1 1) (make-string 3 0)))
+ ;0x01 0x00 0x00 0x00
+ (request-flags (concat (make-string 1 7) (make-string 1 178)
+ (make-string 2 0)))
+ ;0x07 0xb2 0x00 0x00
+ lu ld off-d off-u)
+ (when (string-match "@" user)
+ (unless domain
+ (setq domain (substring user (1+ (match-beginning 0)))))
+ (setq user (substring user 0 (match-beginning 0))))
+ ;; set fields offsets within the request struct
+ (setq lu (length user))
+ (setq ld (length domain))
+ (setq off-u 32) ;offset to the string 'user
+ (setq off-d (+ 32 lu)) ;offset to the string 'domain
+ ;; pack the request struct in a string
+ (concat request-ident ;8 bytes
+ request-msgType ;4 bytes
+ request-flags ;4 bytes
+ (md4-pack-int16 lu) ;user field, count field
+ (md4-pack-int16 lu) ;user field, max count field
+ (md4-pack-int32 (cons 0 off-u)) ;user field, offset field
+ (md4-pack-int16 ld) ;domain field, count field
+ (md4-pack-int16 ld) ;domain field, max count field
+ (md4-pack-int32 (cons 0 off-d)) ;domain field, offset field
+ user ;bufer field
+ domain ;bufer field
+ )))
+
+(defun ntlm-build-auth-response (challenge user password-hashes)
+ "Return the response string to a challenge string CHALLENGE given by
+the NTLM based server for the user USER and the password hash list
+PASSWORD-HASHES. NTLM uses two hash values which are represented
+by PASSWORD-HASHES. PASSWORD-HASHES should be a return value of
+ (list (smb-passwd-hash password) (ntlm-md4hash password))"
+ (let* ((rchallenge (string-as-unibyte challenge))
+ ;; get fields within challenge struct
+ ;;(ident (substring rchallenge 0 8)) ;ident, 8 bytes
+ ;;(msgType (substring rchallenge 8 12)) ;msgType, 4 bytes
+ (uDomain (substring rchallenge 12 20)) ;uDomain, 8 bytes
+ (flags (substring rchallenge 20 24)) ;flags, 4 bytes
+ (challengeData (substring rchallenge 24 32)) ;challengeData, 8 bytes
+ uDomain-len uDomain-offs
+ ;; response struct and its fields
+ lmRespData ;lmRespData, 24 bytes
+ ntRespData ;ntRespData, 24 bytes
+ domain ;ascii domain string
+ lu ld off-lm off-nt off-d off-u off-w off-s)
+ ;; extract domain string from challenge string
+ (setq uDomain-len (md4-unpack-int16 (substring uDomain 0 2)))
+ (setq uDomain-offs (md4-unpack-int32 (substring uDomain 4 8)))
+ (setq domain
+ (ntlm-unicode2ascii (substring challenge
+ (cdr uDomain-offs)
+ (+ (cdr uDomain-offs) uDomain-len))
+ (/ uDomain-len 2)))
+ ;; overwrite domain in case user is given in <user>@<domain> format
+ (when (string-match "@" user)
+ (setq domain (substring user (1+ (match-beginning 0))))
+ (setq user (substring user 0 (match-beginning 0))))
+
+ ;; generate response data
+ (setq lmRespData
+ (smb-owf-encrypt (car password-hashes) challengeData))
+ (setq ntRespData
+ (smb-owf-encrypt (cadr password-hashes) challengeData))
+
+ ;; get offsets to fields to pack the response struct in a string
+ (setq lu (length user))
+ (setq ld (length domain))
+ (setq off-lm 64) ;offset to string 'lmResponse
+ (setq off-nt (+ 64 24)) ;offset to string 'ntResponse
+ (setq off-d (+ 64 48)) ;offset to string 'uDomain
+ (setq off-u (+ 64 48 (* 2 ld))) ;offset to string 'uUser
+ (setq off-w (+ 64 48 (* 2 (+ ld lu)))) ;offset to string 'uWks
+ (setq off-s (+ 64 48 (* 2 (+ ld lu lu)))) ;offset to string 'sessionKey
+ ;; pack the response struct in a string
+ (concat "NTLMSSP\0" ;response ident field, 8 bytes
+ (md4-pack-int32 '(0 . 3)) ;response msgType field, 4 bytes
+
+ ;; lmResponse field, 8 bytes
+ ;;AddBytes(response,lmResponse,lmRespData,24);
+ (md4-pack-int16 24) ;len field
+ (md4-pack-int16 24) ;maxlen field
+ (md4-pack-int32 (cons 0 off-lm)) ;field offset
+
+ ;; ntResponse field, 8 bytes
+ ;;AddBytes(response,ntResponse,ntRespData,24);
+ (md4-pack-int16 24) ;len field
+ (md4-pack-int16 24) ;maxlen field
+ (md4-pack-int32 (cons 0 off-nt)) ;field offset
+
+ ;; uDomain field, 8 bytes
+ ;;AddUnicodeString(response,uDomain,domain);
+ ;;AddBytes(response, uDomain, udomain, 2*ld);
+ (md4-pack-int16 (* 2 ld)) ;len field
+ (md4-pack-int16 (* 2 ld)) ;maxlen field
+ (md4-pack-int32 (cons 0 off-d)) ;field offset
+
+ ;; uUser field, 8 bytes
+ ;;AddUnicodeString(response,uUser,u);
+ ;;AddBytes(response, uUser, uuser, 2*lu);
+ (md4-pack-int16 (* 2 lu)) ;len field
+ (md4-pack-int16 (* 2 lu)) ;maxlen field
+ (md4-pack-int32 (cons 0 off-u)) ;field offset
+
+ ;; uWks field, 8 bytes
+ ;;AddUnicodeString(response,uWks,u);
+ (md4-pack-int16 (* 2 lu)) ;len field
+ (md4-pack-int16 (* 2 lu)) ;maxlen field
+ (md4-pack-int32 (cons 0 off-w)) ;field offset
+
+ ;; sessionKey field, 8 bytes
+ ;;AddString(response,sessionKey,NULL);
+ (md4-pack-int16 0) ;len field
+ (md4-pack-int16 0) ;maxlen field
+ (md4-pack-int32 (cons 0 (- off-s off-lm))) ;field offset
+
+ ;; flags field, 4 bytes
+ flags ;
+
+ ;; buffer field
+ lmRespData ;lmResponse, 24 bytes
+ ntRespData ;ntResponse, 24 bytes
+ (ntlm-ascii2unicode domain ;unicode domain string, 2*ld bytes
+ (length domain)) ;
+ (ntlm-ascii2unicode user ;unicode user string, 2*lu bytes
+ (length user)) ;
+ (ntlm-ascii2unicode user ;unicode user string, 2*lu bytes
+ (length user)) ;
+ )))
+
+(defun ntlm-get-password-hashes (password)
+ "Return a pair of SMB hash and NT MD4 hash of the given password PASSWORD"
+ (list (smb-passwd-hash password)
+ (ntlm-md4hash password)))
+
+(defun ntlm-ascii2unicode (str len)
+ "Convert an ASCII string into a NT Unicode string, which is
+little-endian utf16."
+ (let ((utf (make-string (* 2 len) 0)) (i 0) val)
+ (while (and (< i len)
+ (not (zerop (setq val (aref str i)))))
+ (aset utf (* 2 i) val)
+ (aset utf (1+ (* 2 i)) 0)
+ (setq i (1+ i)))
+ utf))
+
+(defun ntlm-unicode2ascii (str len)
+ "Extract 7 bits ASCII part of a little endian utf16 string STR of length LEN."
+ (let ((buf (make-string len 0)) (i 0) (j 0))
+ (while (< i len)
+ (aset buf i (logand (aref str j) 127)) ;(string-to-number "7f" 16)
+ (setq i (1+ i)
+ j (+ 2 j)))
+ buf))
+
+(defun smb-passwd-hash (passwd)
+ "Return the SMB password hash string of 16 bytes long for the given password
+string PASSWD. PASSWD is truncated to 14 bytes if longer."
+ (let ((len (min (length passwd) 14)))
+ (smbdes-e-p16
+ (concat (substring (upcase passwd) 0 len) ;fill top 14 bytes with passwd
+ (make-string (- 15 len) 0)))))
+
+(defun smb-owf-encrypt (passwd c8)
+ "Return the response string of 24 bytes long for the given password
+string PASSWD based on the DES encryption. PASSWD is of at most 14
+bytes long and the challenge string C8 of 8 bytes long."
+ (let ((len (min (length passwd) 16)) p22)
+ (setq p22 (concat (substring passwd 0 len) ;fill top 16 bytes with passwd
+ (make-string (- 22 len) 0)))
+ (smbdes-e-p24 p22 c8)))
+
+(defun smbdes-e-p24 (p22 c8)
+ "Return a 24 bytes hashed string for a 21 bytes string P22 and a 8 bytes
+string C8."
+ (concat (smbhash c8 p22 t) ;hash first 8 bytes of p22
+ (smbhash c8 (substring p22 7) t)
+ (smbhash c8 (substring p22 14) t)))
+
+(defconst smb-sp8 [75 71 83 33 64 35 36 37])
+
+(defun smbdes-e-p16 (p15)
+ "Return a 16 bytes hashed string for a 15 bytes string P15."
+ (concat (smbhash smb-sp8 p15 t) ;hash of first 8 bytes of p15
+ (smbhash smb-sp8 (substring p15 7) t) ;hash of last 8 bytes of p15
+ ))
+
+(defun smbhash (in key forw)
+ "Return the hash string of length 8 for a string IN of length 8 and
+a string KEY of length 8. FORW is t or nil."
+ (let ((out (make-string 8 0))
+ outb ;string of length 64
+ (inb (make-string 64 0))
+ (keyb (make-string 64 0))
+ (key2 (smb-str-to-key key))
+ (i 0) aa)
+ (while (< i 64)
+ (unless (zerop (logand (aref in (/ i 8)) (lsh 1 (- 7 (% i 8)))))
+ (aset inb i 1))
+ (unless (zerop (logand (aref key2 (/ i 8)) (lsh 1 (- 7 (% i 8)))))
+ (aset keyb i 1))
+ (setq i (1+ i)))
+ (setq outb (smb-dohash inb keyb forw))
+ (setq i 0)
+ (while (< i 64)
+ (unless (zerop (aref outb i))
+ (setq aa (aref out (/ i 8)))
+ (aset out (/ i 8)
+ (logior aa (lsh 1 (- 7 (% i 8))))))
+ (setq i (1+ i)))
+ out))
+
+(defun smb-str-to-key (str)
+ "Return a string of length 8 for the given string STR of length 7."
+ (let ((key (make-string 8 0))
+ (i 7))
+ (aset key 0 (lsh (aref str 0) -1))
+ (aset key 1 (logior
+ (lsh (logand (aref str 0) 1) 6)
+ (lsh (aref str 1) -2)))
+ (aset key 2 (logior
+ (lsh (logand (aref str 1) 3) 5)
+ (lsh (aref str 2) -3)))
+ (aset key 3 (logior
+ (lsh (logand (aref str 2) 7) 4)
+ (lsh (aref str 3) -4)))
+ (aset key 4 (logior
+ (lsh (logand (aref str 3) 15) 3)
+ (lsh (aref str 4) -5)))
+ (aset key 5 (logior
+ (lsh (logand (aref str 4) 31) 2)
+ (lsh (aref str 5) -6)))
+ (aset key 6 (logior
+ (lsh (logand (aref str 5) 63) 1)
+ (lsh (aref str 6) -7)))
+ (aset key 7 (logand (aref str 6) 127))
+ (while (>= i 0)
+ (aset key i (lsh (aref key i) 1))
+ (setq i (1- i)))
+ key))
+
+(defconst smb-perm1 [57 49 41 33 25 17 9
+ 1 58 50 42 34 26 18
+ 10 2 59 51 43 35 27
+ 19 11 3 60 52 44 36
+ 63 55 47 39 31 23 15
+ 7 62 54 46 38 30 22
+ 14 6 61 53 45 37 29
+ 21 13 5 28 20 12 4])
+
+(defconst smb-perm2 [14 17 11 24 1 5
+ 3 28 15 6 21 10
+ 23 19 12 4 26 8
+ 16 7 27 20 13 2
+ 41 52 31 37 47 55
+ 30 40 51 45 33 48
+ 44 49 39 56 34 53
+ 46 42 50 36 29 32])
+
+(defconst smb-perm3 [58 50 42 34 26 18 10 2
+ 60 52 44 36 28 20 12 4
+ 62 54 46 38 30 22 14 6
+ 64 56 48 40 32 24 16 8
+ 57 49 41 33 25 17 9 1
+ 59 51 43 35 27 19 11 3
+ 61 53 45 37 29 21 13 5
+ 63 55 47 39 31 23 15 7])
+
+(defconst smb-perm4 [32 1 2 3 4 5
+ 4 5 6 7 8 9
+ 8 9 10 11 12 13
+ 12 13 14 15 16 17
+ 16 17 18 19 20 21
+ 20 21 22 23 24 25
+ 24 25 26 27 28 29
+ 28 29 30 31 32 1])
+
+(defconst smb-perm5 [16 7 20 21
+ 29 12 28 17
+ 1 15 23 26
+ 5 18 31 10
+ 2 8 24 14
+ 32 27 3 9
+ 19 13 30 6
+ 22 11 4 25])
+
+(defconst smb-perm6 [40 8 48 16 56 24 64 32
+ 39 7 47 15 55 23 63 31
+ 38 6 46 14 54 22 62 30
+ 37 5 45 13 53 21 61 29
+ 36 4 44 12 52 20 60 28
+ 35 3 43 11 51 19 59 27
+ 34 2 42 10 50 18 58 26
+ 33 1 41 9 49 17 57 25])
+
+(defconst smb-sc [1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1])
+
+(defconst smb-sbox [[[14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7]
+ [ 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8]
+ [ 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0]
+ [15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13]]
+ [[15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10]
+ [ 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5]
+ [ 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15]
+ [13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9]]
+ [[10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8]
+ [13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1]
+ [13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7]
+ [ 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12]]
+ [[ 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15]
+ [13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9]
+ [10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4]
+ [ 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14]]
+ [[ 2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9]
+ [14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6]
+ [ 4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14]
+ [11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3]]
+ [[12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11]
+ [10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8]
+ [ 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6]
+ [ 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13]]
+ [[ 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1]
+ [13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6]
+ [ 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2]
+ [ 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12]]
+ [[13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7]
+ [ 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2]
+ [ 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8]
+ [ 2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11]]])
+
+(defsubst string-permute (in perm n)
+ "Return a string of length N for a string IN and a permutation vector
+PERM of size N. The length of IN should be height of PERM."
+ (let ((i 0) (out (make-string n 0)))
+ (while (< i n)
+ (aset out i (aref in (- (aref perm i) 1)))
+ (setq i (1+ i)))
+ out))
+
+(defsubst string-lshift (str count len)
+ "Return a string by circularly shifting a string STR by COUNT to the left.
+length of STR is LEN."
+ (let ((c (% count len)))
+ (concat (substring str c len) (substring str 0 c))))
+
+(defsubst string-xor (in1 in2 n)
+ "Return exclusive-or of sequences in1 and in2"
+ (let ((w (make-string n 0)) (i 0))
+ (while (< i n)
+ (aset w i (logxor (aref in1 i) (aref in2 i)))
+ (setq i (1+ i)))
+ w))
+
+(defun smb-dohash (in key forw)
+ "Return the hash value for a string IN and a string KEY.
+Length of IN and KEY are 64. FORW non nill means forward, nil means
+backward."
+ (let (pk1 ;string of length 56
+ c ;string of length 28
+ d ;string of length 28
+ cd ;string of length 56
+ (ki (make-vector 16 0)) ;vector of string of length 48
+ pd1 ;string of length 64
+ l ;string of length 32
+ r ;string of length 32
+ rl ;string of length 64
+ (i 0) (j 0) (k 0))
+ (setq pk1 (string-permute key smb-perm1 56))
+ (setq c (substring pk1 0 28))
+ (setq d (substring pk1 28 56))
+
+ (setq i 0)
+ (while (< i 16)
+ (setq c (string-lshift c (aref smb-sc i) 28))
+ (setq d (string-lshift d (aref smb-sc i) 28))
+ (setq cd (concat (substring c 0 28) (substring d 0 28)))
+ (aset ki i (string-permute cd smb-perm2 48))
+ (setq i (1+ i)))
+
+ (setq pd1 (string-permute in smb-perm3 64))
+
+ (setq l (substring pd1 0 32))
+ (setq r (substring pd1 32 64))
+
+ (setq i 0)
+ (let (er ;string of length 48
+ erk ;string of length 48
+ (b (make-vector 8 0)) ;vector of strings of length 6
+ cb ;string of length 32
+ pcb ;string of length 32
+ r2 ;string of length 32
+ jj m n bj sbox-jmn)
+ (while (< i 16)
+ (setq er (string-permute r smb-perm4 48))
+ (setq erk (string-xor er
+ (aref ki (if forw i (- 15 i)))
+ 48))
+ (setq j 0)
+ (while (< j 8)
+ (setq jj (* 6 j))
+ (aset b j (substring erk jj (+ jj 6)))
+ (setq j (1+ j)))
+ (setq j 0)
+ (while (< j 8)
+ (setq bj (aref b j))
+ (setq m (logior (lsh (aref bj 0) 1) (aref bj 5)))
+ (setq n (logior (lsh (aref bj 1) 3)
+ (lsh (aref bj 2) 2)
+ (lsh (aref bj 3) 1)
+ (aref bj 4)))
+ (setq k 0)
+ (setq sbox-jmn (aref (aref (aref smb-sbox j) m) n))
+ (while (< k 4)
+ (aset bj k
+ (if (zerop (logand sbox-jmn (lsh 1 (- 3 k))))
+ 0 1))
+ (setq k (1+ k)))
+ (setq j (1+ j)))
+
+ (setq j 0)
+ (setq cb nil)
+ (while (< j 8)
+ (setq cb (concat cb (substring (aref b j) 0 4)))
+ (setq j (1+ j)))
+
+ (setq pcb (string-permute cb smb-perm5 32))
+ (setq r2 (string-xor l pcb 32))
+ (setq l r)
+ (setq r r2)
+ (setq i (1+ i))))
+ (setq rl (concat r l))
+ (string-permute rl smb-perm6 64)))
+
+(defun ntlm-md4hash (passwd)
+ "Return the 16 bytes MD4 hash of a string PASSWD after converting it
+into a Unicode string. PASSWD is truncated to 128 bytes if longer."
+ (let (len wpwd)
+ ;; Password cannot be longer than 128 characters
+ (setq len (length passwd))
+ (if (> len 128)
+ (setq len 128))
+ ;; Password must be converted to NT unicode
+ (setq wpwd (ntlm-ascii2unicode passwd len))
+ ;; Calculate length in bytes
+ (setq len (* len 2))
+ (md4 wpwd len)))
+
+(provide 'ntlm)
+
+;;; ntlm.el ends here
--- /dev/null
+;;; sasl-ntlm.el --- NTLM (NT Lan Manager) module for the SASL client framework
+
+;; Copyright (C) 2000 Free Software Foundation, Inc.
+
+;; Author: Taro Kawagishi <tarok@transpulse.org>
+;; Keywords: SASL, NTLM
+;; Version: 1.00
+;; Created: February 2001
+
+;; This program is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 2, or (at your option)
+;; any later version.
+;;
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; see the file COPYING. If not, write to the
+;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+;; Boston, MA 02111-1307, USA.
+
+;;; Commentary:
+
+;; This is a SASL interface layer for NTLM authentication message
+;; generation by ntlm.el
+
+;;; Code:
+
+(require 'sasl)
+(require 'ntlm)
+
+(defconst sasl-ntlm-steps
+ '(ignore ;nothing to do before making
+ sasl-ntlm-request ;authentication request
+ sasl-ntlm-response) ;response to challenge
+ "A list of functions to be called in sequnece for the NTLM
+authentication steps. Ther are called by 'sasl-next-step.")
+
+(defun sasl-ntlm-request (client step)
+ "SASL step function to generate a NTLM authentication request to the server.
+Called from 'sasl-next-step.
+CLIENT is a vector [mechanism user service server sasl-client-properties]
+STEP is a vector [<previous step function> <result of previous step function>]"
+ (let ((user (sasl-client-name client)))
+ (ntlm-build-auth-request user)))
+
+(defun sasl-ntlm-response (client step)
+ "SASL step function to generate a NTLM response against the server
+challenge stored in the 2nd element of STEP. Called from 'sasl-next-step."
+ (let* ((user (sasl-client-name client))
+ (passphrase
+ (sasl-read-passphrase (format "NTLM passphrase for %s: " user)))
+ (challenge (sasl-step-data step)))
+ (ntlm-build-auth-response challenge user
+ (ntlm-get-password-hashes passphrase))))
+
+(put 'sasl-ntlm 'sasl-mechanism
+ (sasl-make-mechanism "NTLM" sasl-ntlm-steps))
+
+(provide 'sasl-ntlm)
+
+;;; sasl-ntlm.el ends here
--- /dev/null
+;;; sasl-scram.el --- Compute SCRAM-MD5.
+
+;; Copyright (C) 1999 Shuhei KOBAYASHI
+
+;; Author: Shuhei KOBAYASHI <shuhei@aqua.ocn.ne.jp>
+;; Kenichi OKADA <okada@opaopa.org>
+;; Keywords: SCRAM-MD5, HMAC-MD5, SASL, IMAP, POP, ACAP
+
+;; This file is part of FLIM (Faithful Library about Internet Message).
+
+;; This program is free software; you can redistribute it and/or
+;; modify it under the terms of the GNU General Public License as
+;; published by the Free Software Foundation; either version 2, or
+;; (at your option) any later version.
+
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with this program; see the file COPYING. If not, write to
+;; the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+;; Boston, MA 02111-1307, USA.
+
+;;; Commentary:
+
+;; This program is implemented from draft-newman-auth-scram-03.txt.
+;;
+;; It is caller's responsibility to base64-decode challenges and
+;; base64-encode responses in IMAP4 AUTHENTICATE command.
+;;
+;; Passphrase should be longer than 16 bytes. (See RFC 2195)
+
+;; Examples.
+;;
+;; (sasl-scram-md5-make-security-info nil t 0)
+;; => "^A^@^@^@"
+;;
+;; (base64-encode-string
+;; (sasl-scram-md5-make-client-msg-2
+;; (base64-decode-string "dGVzdHNhbHQBAAAAaW1hcEBlbGVhbm9yLmlubm9zb2Z0LmNvbQBqaGNOWmxSdVBiemlGcCt2TFYrTkN3")
+;; (base64-decode-string "AGNocmlzADx0NG40UGFiOUhCMEFtL1FMWEI3MmVnQGVsZWFub3IuaW5ub3NvZnQuY29tPg==")
+;; (sasl-scram-md5-make-salted-pass
+;; "secret stuff" "testsalt")
+;; (sasl-scram-md5-make-security-info nil t 0)))
+;; => "AQAAAMg9jU8CeB4KOfk7sUhSQPs="
+;;
+;; (base64-encode-string
+;; (sasl-scram-md5-make-server-msg-2
+;; (base64-decode-string "dGVzdHNhbHQBAAAAaW1hcEBlbGVhbm9yLmlubm9zb2Z0LmNvbQBqaGNOWmxSdVBiemlGcCt2TFYrTkN3")
+;; (base64-decode-string "AGNocmlzADx0NG40UGFiOUhCMEFtL1FMWEI3MmVnQGVsZWFub3IuaW5ub3NvZnQuY29tPg==")
+;; (sasl-scram-md5-make-security-info nil t 0)
+;; "testsalt"
+;; (sasl-scram-md5-make-salted-pass
+;; "secret stuff" "testsalt")))
+;; => "U0odqYw3B7XIIW0oSz65OQ=="
+
+;;; Code:
+
+(require 'sasl)
+(require 'hmac-md5)
+
+(defvar sasl-scram-md5-unique-id-function
+ sasl-unique-id-function)
+
+(defconst sasl-scram-md5-steps
+ '(ignore ;no initial response
+ sasl-scram-md5-response-1
+ sasl-scram-md5-response-2
+ sasl-scram-md5-authenticate-server))
+
+(defmacro sasl-scram-md5-security-info-no-security-layer (security-info)
+ `(eq (logand (aref ,security-info 0) 1) 1))
+(defmacro sasl-scram-md5-security-info-integrity-protection-layer (security-info)
+ `(eq (logand (aref ,security-info 0) 2) 2))
+(defmacro sasl-scram-md5-security-info-buffer-size (security-info)
+ `(let ((ssecinfo ,security-info))
+ (+ (lsh (aref ssecinfo 1) 16)
+ (lsh (aref ssecinfo 2) 8)
+ (aref ssecinfo 3))))
+
+(defun sasl-scram-md5-make-security-info (integrity-protection-layer
+ no-security-layer buffer-size)
+ (let ((csecinfo (make-string 4 0)))
+ (when integrity-protection-layer
+ (aset csecinfo 0 2))
+ (if no-security-layer
+ (aset csecinfo 0 (logior (aref csecinfo 0) 1))
+ (aset csecinfo 1
+ (lsh (logand buffer-size (lsh 255 16)) -16))
+ (aset csecinfo 2
+ (lsh (logand buffer-size (lsh 255 8)) -8))
+ (aset csecinfo 3 (logand buffer-size 255)))
+ csecinfo))
+
+(defun sasl-scram-md5-make-unique-nonce () ; 8*OCTET, globally unique.
+ ;; For example, concatenated string of process-identifier, system-clock,
+ ;; sequence-number, random-number, and domain-name.
+ (let* ((sasl-unique-id-function sasl-scram-md5-unique-id-function)
+ (id (sasl-unique-id)))
+ (unwind-protect
+ (concat "<" id "@" (system-name) ">")
+ (fillarray id 0))))
+
+(defun sasl-scram-md5-xor-string (str1 str2)
+ ;; (length str1) == (length str2) == (length dst) == 16 (in SCRAM-MD5)
+ (let* ((len (length str1))
+ (dst (make-string len 0))
+ (pos 0))
+ (while (< pos len)
+ (aset dst pos (logxor (aref str1 pos) (aref str2 pos)))
+ (setq pos (1+ pos)))
+ dst))
+
+(defun sasl-scram-md5-make-client-msg-1 (authenticate-id &optional authorize-id nonce)
+ "Make an initial client message from AUTHENTICATE-ID and AUTHORIZE-ID.
+If AUTHORIZE-ID is the same as AUTHENTICATE-ID, it may be omitted."
+ (concat authorize-id "\0" authenticate-id "\0"
+ (or nonce
+ (sasl-scram-md5-make-unique-nonce))))
+
+(defun sasl-scram-md5-parse-server-msg-1 (server-msg-1)
+ "Parse SERVER-MSG-1 and return a list of (SALT SECURITY-INFO SERVICE-ID)."
+ (if (and (> (length server-msg-1) 16)
+ (eq (string-match "[^@]+@[^\0]+\0" server-msg-1 12) 12))
+ (list (substring server-msg-1 0 8) ; salt
+ (substring server-msg-1 8 12) ; server-security-info
+ (substring server-msg-1 ; service-id
+ 12 (1- (match-end 0))))
+ (sasl-error (format "Unexpected response: %s" server-msg-1))))
+
+(defun sasl-scram-md5-server-salt (server-msg-1)
+ (car (sasl-scram-md5-parse-server-msg-1 server-msg-1)))
+
+(defun sasl-scram-md5-make-salted-pass (passphrase salt)
+ (hmac-md5 salt passphrase))
+
+(defun sasl-scram-md5-make-client-key (salted-pass)
+ (md5-binary salted-pass))
+
+(defun sasl-scram-md5-make-client-verifier (client-key)
+ (md5-binary client-key))
+
+(defun sasl-scram-md5-make-shared-key (server-msg-1
+ client-msg-1
+ client-security-info
+ client-verifier)
+ (let (buff)
+ (unwind-protect
+ (hmac-md5
+ (setq buff
+ (concat server-msg-1 client-msg-1 client-security-info))
+ client-verifier)
+ (fillarray buff 0))))
+
+(defun sasl-scram-md5-make-client-proof (client-key shared-key)
+ (sasl-scram-md5-xor-string client-key shared-key))
+
+(defun sasl-scram-md5-make-client-msg-2 (server-msg-1
+ client-msg-1
+ salted-pass
+ client-security-info)
+ (let (client-proof client-key shared-key client-verifier)
+ (setq client-key
+ (sasl-scram-md5-make-client-key salted-pass))
+ (setq client-verifier
+ (sasl-scram-md5-make-client-verifier client-key))
+ (setq shared-key
+ (unwind-protect
+ (sasl-scram-md5-make-shared-key
+ server-msg-1
+ client-msg-1
+ client-security-info
+ client-verifier)
+ (fillarray client-verifier 0)))
+ (setq client-proof
+ (unwind-protect
+ (sasl-scram-md5-make-client-proof
+ client-key shared-key)
+ (fillarray client-key 0)
+ (fillarray shared-key 0)))
+ (unwind-protect
+ (concat
+ client-security-info
+ client-proof)
+ (fillarray client-proof 0))))
+
+(defun sasl-scram-md5-make-server-msg-2 (server-msg-1
+ client-msg-1
+ client-security-info
+ salt salted-pass)
+ (let ((server-salt
+ (hmac-md5 salt salted-pass))
+ buff)
+ (unwind-protect
+ (hmac-md5
+ (setq buff
+ (concat
+ client-msg-1
+ server-msg-1
+ client-security-info))
+ server-salt)
+ (fillarray server-salt 0)
+ (fillarray buff 0))))
+
+(defun sasl-scram-md5-response-1 (client step)
+ (sasl-client-set-property
+ client 'client-msg-1
+ (sasl-scram-md5-make-client-msg-1
+ (sasl-client-name client)
+ (sasl-client-property client 'authorize-id)
+ (sasl-client-property client 'nonce))))
+
+(defun sasl-scram-md5-response-2 (client step)
+ (let* ((server-msg-1
+ (sasl-client-set-property
+ client 'server-msg-1
+ (sasl-step-data step)))
+ (salted-pass
+ (sasl-client-set-property
+ client 'salted-pass
+ (sasl-scram-md5-make-salted-pass
+ (sasl-read-passphrase
+ (format "SCRAM-MD5 passphrase for %s: "
+ (sasl-client-name client)))
+ (sasl-scram-md5-server-salt server-msg-1)))))
+ (sasl-client-set-property
+ client 'client-msg-2
+ (sasl-scram-md5-make-client-msg-2
+ server-msg-1
+ (sasl-client-property client 'client-msg-1)
+ salted-pass
+ (or (sasl-client-property client 'client-security-info)
+ (sasl-scram-md5-make-security-info nil t 0))))))
+
+(defun sasl-scram-md5-authenticate-server (client step)
+ (let ((server-msg-2
+ (sasl-client-set-property
+ client 'server-msg-2
+ (sasl-step-data step)))
+ (server-msg-1
+ (sasl-client-property client 'server-msg-1)))
+ (if (string= server-msg-2
+ (sasl-scram-md5-make-server-msg-2
+ server-msg-1
+ (sasl-client-property client 'client-msg-1)
+ (or (sasl-client-property client 'client-security-info)
+ (sasl-scram-md5-make-security-info nil t 0))
+ (sasl-scram-md5-server-salt server-msg-1)
+ (sasl-client-property client 'salted-pass)))
+ " "
+ (sasl-error "SCRAM-MD5: authenticate server failed."))))
+
+(put 'sasl-scram 'sasl-mechanism
+ (sasl-make-mechanism "SCRAM-MD5" sasl-scram-md5-steps))
+
+(provide 'sasl-scram)
+
+;;; sasl-scram.el ends here
;;; Code:
(defvar sasl-mechanisms
- '("CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" "ANONYMOUS"))
+ '("CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" "ANONYMOUS"
+ "NTLM" "SCRAM-MD5"))
(defvar sasl-mechanism-alist
'(("CRAM-MD5" sasl-cram)
("DIGEST-MD5" sasl-digest)
("PLAIN" sasl-plain)
("LOGIN" sasl-login)
- ("ANONYMOUS" sasl-anonymous)))
+ ("ANONYMOUS" sasl-anonymous)
+ ("NTLM" sasl-ntlm)
+ ("SCRAM-MD5" sasl-scram)))
(defvar sasl-unique-id-function #'sasl-unique-id-function)
(lunit-assert
(string=
(plist-get response 'response) "6084c6db3fede7352c551284490fd0fc"))))
+
+(luna-define-method test-sasl-scram-md5-imap ((case test-sasl))
+ (let* ((sasl-mechanisms '("SCRAM-MD5"))
+ (mechanism
+ (sasl-find-mechanism '("SCRAM-MD5")))
+ (client
+ (sasl-make-client mechanism "chris" "imap" "eleanor.innosoft.com"))
+ (sasl-read-passphrase
+ #'(lambda (prompt)
+ "secret stuff"))
+ step
+ response)
+ (sasl-client-set-property client 'nonce
+ "<t4n4Pab9HB0Am/QLXB72eg@eleanor.innosoft.com>")
+ (setq step (sasl-next-step client nil))
+ (sasl-step-set-data step "")
+ (setq step (sasl-next-step client step))
+ (sasl-step-set-data
+ step
+ (base64-decode-string
+ "dGVzdHNhbHQBAAAAaW1hcEBlbGVhbm9yLmlubm9zb2Z0LmNvbQBqaGNOWmxSdVBiemlGcCt2TFYrTkN3"))
+ (setq step (sasl-next-step client step))
+ (lunit-assert
+ (string= (sasl-step-data step)
+ (base64-decode-string "AQAAAMg9jU8CeB4KOfk7sUhSQPs=")))))
+
+(luna-define-method test-sasl-ntlm-imap ((case test-sasl))
+ (let* ((sasl-mechanisms '("NTLM"))
+ (mechanism
+ (sasl-find-mechanism '("NTLM")))
+ (client
+ (sasl-make-client mechanism "kawagish@nokiaseap" "imap" "xxx.yyy.com"))
+ (sasl-read-passphrase
+ #'(lambda (passphrase)
+ "!\"#456secret"))
+ step
+ response)
+ ;; init
+ (setq step (sasl-next-step client nil))
+ ;; generate authentication request
+ (sasl-step-set-data step "")
+ (setq step (sasl-next-step client step))
+ (sasl-step-data step)
+ ;; (base64-encode-string (sasl-step-data step) t) is sent to server
+ ;; generate response to challenge
+ (sasl-step-set-data
+ step
+ (string-as-unibyte
+ (base64-decode-string
+ "TlRMTVNTUAACAAAADAAMADAAAAAFggEApmEjGvh9M8YAAAAAAAAAAAAAAAA8AAAATgBPAEsARQBYAEMA")))
+ (setq step (sasl-next-step client step))
+ (sasl-step-data step)
+ (setq response (base64-encode-string (sasl-step-data step) t))
+ (lunit-assert
+ (string=
+ response "TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAABIAEgBwAAAAEAAQAIIAAAAQABAAkgAAAAAAAABiAAAABYIBAIwN9i7qK/9Y31dIDR6JQTaBbjcLJm8Sc6VogMe7fnHP96+eQ5Yf3ys2nIY4rx+iQG4AbwBrAGkAYQBzAGUAYQBwAGsAYQB3AGEAZwBpAHMAaABrAGEAdwBhAGcAaQBzAGgA"))
+;;response
+))
projects / elisp / flim.git / commitdiff