/*
 * Copyright notice from original mutt:
 * Copyright (C) 1999-2000 Brendan Cully <brendan@kublai.com>
 *
 * This file is part of mutt-ng, see http://www.muttng.org/.
 * It's licensed under the GNU General Public License,
 * please see the file GPL in the top level source directory.
 */

/* IMAP login/authentication code */

#if HAVE_CONFIG_H
# include "config.h"
#endif

#include "mutt.h"
#include "imap_private.h"
#include "auth.h"

#include "md5.h"
#define MD5_BLOCK_LEN 64
#define MD5_DIGEST_LEN 16

#include "lib/intl.h"
#include "lib/debug.h"

/* forward declarations */
static void hmac_md5 (const char *password, char *challenge,
                      unsigned char *response);

/* imap_auth_cram_md5: AUTH=CRAM-MD5 support. */
imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA * idata, const char *method)
{
  char ibuf[LONG_STRING * 2], obuf[LONG_STRING];
  unsigned char hmac_response[MD5_DIGEST_LEN];
  int len;
  int rc;

  if (!mutt_bit_isset (idata->capabilities, ACRAM_MD5))
    return IMAP_AUTH_UNAVAIL;

  mutt_message _("Authenticating (CRAM-MD5)...");

  /* get auth info */
  if (mutt_account_getlogin (&idata->conn->account))
    return IMAP_AUTH_FAILURE;
  if (mutt_account_getpass (&idata->conn->account))
    return IMAP_AUTH_FAILURE;

  imap_cmd_start (idata, "AUTHENTICATE CRAM-MD5");

  /* From RFC 2195:
   * The data encoded in the first ready response contains a presumptively
   * arbitrary string of random digits, a timestamp, and the fully-qualified
   * primary host name of the server. The syntax of the unencoded form must
   * correspond to that of an RFC 822 'msg-id' [RFC822] as described in [POP3].
   */
  do
    rc = imap_cmd_step (idata);
  while (rc == IMAP_CMD_CONTINUE);

  if (rc != IMAP_CMD_RESPOND) {
    debug_print (1, ("Invalid response from server: %s\n", ibuf));
    goto bail;
  }

  if ((len = mutt_from_base64 (obuf, idata->cmd.buf + 2)) == -1) {
    debug_print (1, ("Error decoding base64 response.\n"));
    goto bail;
  }

  obuf[len] = '\0';
  debug_print (2, ("CRAM challenge: %s\n", obuf));

  /* The client makes note of the data and then responds with a string
   * consisting of the user name, a space, and a 'digest'. The latter is
   * computed by applying the keyed MD5 algorithm from [KEYED-MD5] where the
   * key is a shared secret and the digested text is the timestamp (including
   * angle-brackets).
   * 
   * Note: The user name shouldn't be quoted. Since the digest can't contain
   *   spaces, there is no ambiguity. Some servers get this wrong, we'll work
   *   around them when the bug report comes in. Until then, we'll remain
   *   blissfully RFC-compliant.
   */
  hmac_md5 (idata->conn->account.pass, obuf, hmac_response);
  /* dubious optimisation I saw elsewhere: make the whole string in one call */
  snprintf (obuf, sizeof (obuf),
            "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
            idata->conn->account.user,
            hmac_response[0], hmac_response[1], hmac_response[2],
            hmac_response[3], hmac_response[4], hmac_response[5],
            hmac_response[6], hmac_response[7], hmac_response[8],
            hmac_response[9], hmac_response[10], hmac_response[11],
            hmac_response[12], hmac_response[13], hmac_response[14],
            hmac_response[15]);
  debug_print (2, ("CRAM response: %s\n", obuf));

  /* XXX - ibuf must be long enough to store the base64 encoding of obuf, 
   * plus the additional debris
   */

  mutt_to_base64 ((unsigned char *) ibuf, (unsigned char *) obuf,
                  str_len (obuf), sizeof (ibuf) - 2);
  str_cat (ibuf, sizeof (ibuf), "\r\n");
  mutt_socket_write (idata->conn, ibuf);

  do
    rc = imap_cmd_step (idata);
  while (rc == IMAP_CMD_CONTINUE);

  if (rc != IMAP_CMD_OK) {
    debug_print (1, ("Error receiving server response.\n"));
    goto bail;
  }

  if (imap_code (idata->cmd.buf))
    return IMAP_AUTH_SUCCESS;

bail:
  mutt_error _("CRAM-MD5 authentication failed.");
  mutt_sleep (2);
  return IMAP_AUTH_FAILURE;
}

/* hmac_md5: produce CRAM-MD5 challenge response. */
static void hmac_md5 (const char *password, char *challenge,
                      unsigned char *response)
{
  MD5_CTX ctx;
  unsigned char ipad[MD5_BLOCK_LEN], opad[MD5_BLOCK_LEN];
  unsigned char secret[MD5_BLOCK_LEN + 1];
  unsigned char hash_passwd[MD5_DIGEST_LEN];
  unsigned int secret_len, chal_len;
  int i;

  secret_len = str_len (password);
  chal_len = str_len (challenge);

  /* passwords longer than MD5_BLOCK_LEN bytes are substituted with their MD5
   * digests */
  if (secret_len > MD5_BLOCK_LEN) {
    MD5Init (&ctx);
    MD5Update (&ctx, (unsigned char *) password, secret_len);
    MD5Final (hash_passwd, &ctx);
    strfcpy ((char *) secret, (char *) hash_passwd, MD5_DIGEST_LEN);
    secret_len = MD5_DIGEST_LEN;
  }
  else
    strfcpy ((char *) secret, password, sizeof (secret));

  memset (ipad, 0, sizeof (ipad));
  memset (opad, 0, sizeof (opad));
  memcpy (ipad, secret, secret_len);
  memcpy (opad, secret, secret_len);

  for (i = 0; i < MD5_BLOCK_LEN; i++) {
    ipad[i] ^= 0x36;
    opad[i] ^= 0x5c;
  }

  /* inner hash: challenge and ipadded secret */
  MD5Init (&ctx);
  MD5Update (&ctx, ipad, MD5_BLOCK_LEN);
  MD5Update (&ctx, (unsigned char *) challenge, chal_len);
  MD5Final (response, &ctx);

  /* outer hash: inner hash and opadded secret */
  MD5Init (&ctx);
  MD5Update (&ctx, opad, MD5_BLOCK_LEN);
  MD5Update (&ctx, response, MD5_DIGEST_LEN);
  MD5Final (response, &ctx);
}


syntax highlighted by Code2HTML, v. 0.9.1