diff options
author | Nick Zitzmann <nick@chronosnet.com> | 2012-06-27 11:57:31 +0200 |
---|---|---|
committer | Yang Tse <yangsita@gmail.com> | 2012-06-27 11:57:31 +0200 |
commit | 7aa95afadd39867dd95fd4f3df316f7e7decac7a (patch) | |
tree | caf5354894c6a786fb5b5bb3fc5a60ab553575ae /lib | |
parent | dc7dc9786f43484ca422c2505880b832dea0f4f1 (diff) |
DarwinSSL: allow using NTLM authentication
Allow NTLM authentication when building using SecureTransport (Darwin) for SSL.
This uses CommonCrypto, a cryptography library that ships with all versions of
iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few
less-common cyphers and doesn't have a big number data structure.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/curl_darwinssl.c | 22 | ||||
-rw-r--r-- | lib/curl_darwinssl.h | 10 | ||||
-rw-r--r-- | lib/curl_ntlm_core.c | 31 | ||||
-rw-r--r-- | lib/setup.h | 2 |
4 files changed, 58 insertions, 7 deletions
diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c index 627117d1d..b98e06868 100644 --- a/lib/curl_darwinssl.c +++ b/lib/curl_darwinssl.c @@ -21,8 +21,8 @@ ***************************************************************************/ /* - * Source file for all SecureTransport-specific code for the TLS/SSL layer. - * No code but sslgen.c should ever call or use these functions. + * Source file for all iOS and Mac OS X SecureTransport-specific code for the + * TLS/SSL layer. No code but sslgen.c should ever call or use these functions. */ #include "setup.h" @@ -38,6 +38,7 @@ #include <Security/Security.h> #include <Security/SecureTransport.h> #include <CoreFoundation/CoreFoundation.h> +#include <CommonCrypto/CommonDigest.h> #include "urldata.h" #include "sendf.h" #include "inet_pton.h" @@ -606,6 +607,23 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn, return false; } +void Curl_darwinssl_random(struct SessionHandle *data, + unsigned char *entropy, + size_t length) +{ + (void)data; + arc4random_buf(entropy, length); +} + +void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *md5sum, /* output */ + size_t md5len) +{ + (void)md5len; + (void)CC_MD5(tmp, tmplen, md5sum); +} + static ssize_t darwinssl_send(struct connectdata *conn, int sockindex, const void *mem, diff --git a/lib/curl_darwinssl.h b/lib/curl_darwinssl.h index 6c4f3289c..53053edca 100644 --- a/lib/curl_darwinssl.h +++ b/lib/curl_darwinssl.h @@ -43,6 +43,14 @@ int Curl_darwinssl_check_cxn(struct connectdata *conn); bool Curl_darwinssl_data_pending(const struct connectdata *conn, int connindex); +void Curl_darwinssl_random(struct SessionHandle *data, + unsigned char *entropy, + size_t length); +void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *md5sum, /* output */ + size_t md5len); + /* API setup for SecureTransport */ #define curlssl_init() (1) #define curlssl_cleanup() Curl_nop_stmt @@ -58,6 +66,8 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn, #define curlssl_version Curl_darwinssl_version #define curlssl_check_cxn Curl_darwinssl_check_cxn #define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y) +#define curlssl_random(x,y,z) Curl_darwinssl_random(x,y,z) +#define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d) #endif /* USE_DARWINSSL */ #endif /* HEADER_CURL_DARWINSSL_H */ diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index 6d1fb8091..6b7d9fc46 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -82,6 +82,11 @@ # include "curl_md4.h" # define MD5_DIGEST_LENGTH MD5_LENGTH +#elif defined(USE_DARWINSSL) + +# include <CommonCrypto/CommonCryptor.h> +# include <CommonCrypto/CommonDigest.h> + #else # error "Can't compile NTLM support without a crypto library." #endif @@ -221,7 +226,23 @@ fail: return rv; } -#endif /* defined(USE_NSS) */ +#elif defined(USE_DARWINSSL) + +static bool encrypt_des(const unsigned char *in, unsigned char *out, + const unsigned char *key_56) +{ + char key[8]; + size_t out_len; + CCCryptorStatus err; + + extend_key_56_to_64(key_56, key); + err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key, + kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out, + 8 /* outbuflen */, &out_len); + return err == kCCSuccess; +} + +#endif /* defined(USE_DARWINSSL) */ #endif /* defined(USE_SSLEAY) */ @@ -273,7 +294,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, setup_des_key(keys + 14, &des); gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8); gcry_cipher_close(des); -#elif defined(USE_NSS) +#elif defined(USE_NSS) || defined(USE_DARWINSSL) encrypt_des(plaintext, results, keys); encrypt_des(plaintext, results + 8, keys + 7); encrypt_des(plaintext, results + 16, keys + 14); @@ -336,7 +357,7 @@ void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data, setup_des_key(pw + 7, &des); gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8); gcry_cipher_close(des); -#elif defined(USE_NSS) +#elif defined(USE_NSS) || defined(USE_DARWINSSL) encrypt_des(magic, lmbuffer, pw); encrypt_des(magic, lmbuffer + 8, pw + 7); #endif @@ -399,6 +420,8 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data, gcry_md_close(MD4pw); #elif defined(USE_NSS) Curl_md4it(ntbuffer, pw, 2 * len); +#elif defined(USE_DARWINSSL) + (void)CC_MD4(pw, 2 * len, ntbuffer); #endif memset(ntbuffer + 16, 0, 21 - 16); diff --git a/lib/setup.h b/lib/setup.h index a2d0b2845..42a0a813a 100644 --- a/lib/setup.h +++ b/lib/setup.h @@ -593,7 +593,7 @@ int netware_init(void); /* Single point where USE_NTLM definition might be done */ #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \ - defined(USE_GNUTLS) || defined(USE_NSS) + defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) #define USE_NTLM #endif #endif |