iksmd5 *iks_md5_new(void) { iksmd5 *md5 = iks_malloc(sizeof(iksmd5)); if (!md5) return NULL; iks_md5_reset(md5); return md5; }
static iks *make_sasl_response(struct stream_data *data, char *message) { iks *x = NULL; char *realm, *realm_end; char *nonce, *nonce_end; char cnonce[CNONCE_LEN * 8 + 1]; iksmd5 *md5; unsigned char a1_h[16], a1[33], a2[33], response_value[33]; char *response, *response_coded; int i; parse_digest(message, "realm=\"", &realm, &realm_end); parse_digest(message, "nonce=\"", &nonce, &nonce_end); /* nonce is necessary for auth */ if(!nonce || !nonce_end) return NULL; *nonce_end = '\0'; /* if no realm is given use the server hostname */ if(realm) { if(!realm_end) return NULL; *realm_end = '\0'; } else { realm = (char *) data->server; } /* generate random client challenge */ for(i = 0; i < CNONCE_LEN; ++i) sprintf(cnonce + i * 8, "%08x", rand()); md5 = iks_md5_new(); if(!md5) return NULL; iks_md5_hash(md5, (const unsigned char*)data->auth_username, iks_strlen(data->auth_username), 0); iks_md5_hash(md5, (const unsigned char*)":", 1, 0); iks_md5_hash(md5, (const unsigned char*)realm, iks_strlen(realm), 0); iks_md5_hash(md5, (const unsigned char*)":", 1, 0); iks_md5_hash(md5, (const unsigned char*)data->auth_pass, iks_strlen(data->auth_pass), 1); iks_md5_digest(md5, a1_h); iks_md5_reset(md5); iks_md5_hash(md5, (const unsigned char*)a1_h, 16, 0); iks_md5_hash(md5, (const unsigned char*)":", 1, 0); iks_md5_hash(md5, (const unsigned char*)nonce, iks_strlen(nonce), 0); iks_md5_hash(md5, (const unsigned char*)":", 1, 0); iks_md5_hash(md5, (const unsigned char*)cnonce, iks_strlen(cnonce), 1); iks_md5_print(md5, (char*)a1); iks_md5_reset(md5); iks_md5_hash(md5, (const unsigned char*)"AUTHENTICATE:xmpp/", 18, 0); iks_md5_hash(md5, (const unsigned char*)data->server, iks_strlen(data->server), 1); iks_md5_print(md5, (char*)a2); iks_md5_reset(md5); iks_md5_hash(md5, (const unsigned char*)a1, 32, 0); iks_md5_hash(md5, (const unsigned char*)":", 1, 0); iks_md5_hash(md5, (const unsigned char*)nonce, iks_strlen(nonce), 0); iks_md5_hash(md5, (const unsigned char*)":00000001:", 10, 0); iks_md5_hash(md5, (const unsigned char*)cnonce, iks_strlen(cnonce), 0); iks_md5_hash(md5, (const unsigned char*)":auth:", 6, 0); iks_md5_hash(md5, (const unsigned char*)a2, 32, 1); iks_md5_print(md5, (char*)response_value); iks_md5_delete(md5); i = iks_strlen(data->auth_username) + iks_strlen(realm) + iks_strlen(nonce) + iks_strlen(data->server) + CNONCE_LEN * 8 + 136; response = iks_malloc(i); if(!response) return NULL; sprintf(response, "username=\"%s\",realm=\"%s\",nonce=\"%s\"" ",cnonce=\"%s\",nc=00000001,qop=auth,digest-uri=\"" "xmpp/%s\",response=%s,charset=utf-8", data->auth_username, realm, nonce, cnonce, data->server, response_value); response_coded = iks_base64_encode(response, 0); if(response_coded) { x = iks_new("response"); iks_insert_cdata(x, response_coded, 0); iks_free(response_coded); } iks_free(response); return x; }