aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNick Zitzmann <nick@chronosnet.com>2012-06-27 11:57:31 +0200
committerYang Tse <yangsita@gmail.com>2012-06-27 11:57:31 +0200
commit7aa95afadd39867dd95fd4f3df316f7e7decac7a (patch)
treecaf5354894c6a786fb5b5bb3fc5a60ab553575ae /lib
parentdc7dc9786f43484ca422c2505880b832dea0f4f1 (diff)
DarwinSSL: allow using NTLM authentication
Allow NTLM authentication when building using SecureTransport (Darwin) for SSL. This uses CommonCrypto, a cryptography library that ships with all versions of iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few less-common cyphers and doesn't have a big number data structure.
Diffstat (limited to 'lib')
-rw-r--r--lib/curl_darwinssl.c22
-rw-r--r--lib/curl_darwinssl.h10
-rw-r--r--lib/curl_ntlm_core.c31
-rw-r--r--lib/setup.h2
4 files changed, 58 insertions, 7 deletions
diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c
index 627117d1d..b98e06868 100644
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
@@ -21,8 +21,8 @@
***************************************************************************/
/*
- * Source file for all SecureTransport-specific code for the TLS/SSL layer.
- * No code but sslgen.c should ever call or use these functions.
+ * Source file for all iOS and Mac OS X SecureTransport-specific code for the
+ * TLS/SSL layer. No code but sslgen.c should ever call or use these functions.
*/
#include "setup.h"
@@ -38,6 +38,7 @@
#include <Security/Security.h>
#include <Security/SecureTransport.h>
#include <CoreFoundation/CoreFoundation.h>
+#include <CommonCrypto/CommonDigest.h>
#include "urldata.h"
#include "sendf.h"
#include "inet_pton.h"
@@ -606,6 +607,23 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn,
return false;
}
+void Curl_darwinssl_random(struct SessionHandle *data,
+ unsigned char *entropy,
+ size_t length)
+{
+ (void)data;
+ arc4random_buf(entropy, length);
+}
+
+void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len)
+{
+ (void)md5len;
+ (void)CC_MD5(tmp, tmplen, md5sum);
+}
+
static ssize_t darwinssl_send(struct connectdata *conn,
int sockindex,
const void *mem,
diff --git a/lib/curl_darwinssl.h b/lib/curl_darwinssl.h
index 6c4f3289c..53053edca 100644
--- a/lib/curl_darwinssl.h
+++ b/lib/curl_darwinssl.h
@@ -43,6 +43,14 @@ int Curl_darwinssl_check_cxn(struct connectdata *conn);
bool Curl_darwinssl_data_pending(const struct connectdata *conn,
int connindex);
+void Curl_darwinssl_random(struct SessionHandle *data,
+ unsigned char *entropy,
+ size_t length);
+void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len);
+
/* API setup for SecureTransport */
#define curlssl_init() (1)
#define curlssl_cleanup() Curl_nop_stmt
@@ -58,6 +66,8 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn,
#define curlssl_version Curl_darwinssl_version
#define curlssl_check_cxn Curl_darwinssl_check_cxn
#define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y)
+#define curlssl_random(x,y,z) Curl_darwinssl_random(x,y,z)
+#define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d)
#endif /* USE_DARWINSSL */
#endif /* HEADER_CURL_DARWINSSL_H */
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index 6d1fb8091..6b7d9fc46 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -82,6 +82,11 @@
# include "curl_md4.h"
# define MD5_DIGEST_LENGTH MD5_LENGTH
+#elif defined(USE_DARWINSSL)
+
+# include <CommonCrypto/CommonCryptor.h>
+# include <CommonCrypto/CommonDigest.h>
+
#else
# error "Can't compile NTLM support without a crypto library."
#endif
@@ -221,7 +226,23 @@ fail:
return rv;
}
-#endif /* defined(USE_NSS) */
+#elif defined(USE_DARWINSSL)
+
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+ const unsigned char *key_56)
+{
+ char key[8];
+ size_t out_len;
+ CCCryptorStatus err;
+
+ extend_key_56_to_64(key_56, key);
+ err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key,
+ kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out,
+ 8 /* outbuflen */, &out_len);
+ return err == kCCSuccess;
+}
+
+#endif /* defined(USE_DARWINSSL) */
#endif /* defined(USE_SSLEAY) */
@@ -273,7 +294,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
setup_des_key(keys + 14, &des);
gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
gcry_cipher_close(des);
-#elif defined(USE_NSS)
+#elif defined(USE_NSS) || defined(USE_DARWINSSL)
encrypt_des(plaintext, results, keys);
encrypt_des(plaintext, results + 8, keys + 7);
encrypt_des(plaintext, results + 16, keys + 14);
@@ -336,7 +357,7 @@ void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
setup_des_key(pw + 7, &des);
gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
gcry_cipher_close(des);
-#elif defined(USE_NSS)
+#elif defined(USE_NSS) || defined(USE_DARWINSSL)
encrypt_des(magic, lmbuffer, pw);
encrypt_des(magic, lmbuffer + 8, pw + 7);
#endif
@@ -399,6 +420,8 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
gcry_md_close(MD4pw);
#elif defined(USE_NSS)
Curl_md4it(ntbuffer, pw, 2 * len);
+#elif defined(USE_DARWINSSL)
+ (void)CC_MD4(pw, 2 * len, ntbuffer);
#endif
memset(ntbuffer + 16, 0, 21 - 16);
diff --git a/lib/setup.h b/lib/setup.h
index a2d0b2845..42a0a813a 100644
--- a/lib/setup.h
+++ b/lib/setup.h
@@ -593,7 +593,7 @@ int netware_init(void);
/* Single point where USE_NTLM definition might be done */
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM)
#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
- defined(USE_GNUTLS) || defined(USE_NSS)
+ defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL)
#define USE_NTLM
#endif
#endif