From 9b0b9f209e11c7562761214e5cc6801b2bbbaf2e Mon Sep 17 00:00:00 2001 From: Patrick Monnerat Date: Fri, 5 Dec 2014 16:11:07 +0100 Subject: [PATCH] OS400: enable NTLM authentication --- lib/config-os400.h | 3 +++ lib/curl_md4.h | 8 ++++---- lib/curl_ntlm_core.c | 26 ++++++++++++++++++++++---- lib/curl_setup.h | 3 ++- lib/md4.c | 8 ++++---- packages/OS400/make-lib.sh | 7 +++++++ 6 files changed, 42 insertions(+), 13 deletions(-) diff --git a/lib/config-os400.h b/lib/config-os400.h index 14c685ae7..1e622281d 100644 --- a/lib/config-os400.h +++ b/lib/config-os400.h @@ -540,6 +540,9 @@ /* Define to use the GSKit package. */ #define USE_GSKIT +/* Define to use the OS/400 crypto library. */ +#define USE_OS400CRYPTO + /* Define to use Unix sockets. */ #define USE_UNIX_SOCKETS diff --git a/lib/curl_md4.h b/lib/curl_md4.h index b0be9cf6c..c26649f44 100644 --- a/lib/curl_md4.h +++ b/lib/curl_md4.h @@ -24,10 +24,10 @@ #include "curl_setup.h" -/* NSS crypto library does not provide the MD4 hash algorithm, so that we have - * a local implementation of it */ -#ifdef USE_NSS +/* NSS and OS/400 crypto library do not provide the MD4 hash algorithm, so + * that we have a local implementation of it */ +#if defined(USE_NSS) || defined(USE_OS400CRYPTO) void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len); -#endif /* USE_NSS */ +#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) */ #endif /* HEADER_CURL_MD4_H */ diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index 68c82cad1..21fb37550 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -87,6 +87,9 @@ # include # include +#elif defined(USE_OS400CRYPTO) +# include "cipher.mih" /* mih/cipher */ +# include "curl_md4.h" #else # error "Can't compile NTLM support without a crypto library." #endif @@ -249,7 +252,22 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out, return err == kCCSuccess; } -#endif /* defined(USE_DARWINSSL) */ +#elif defined(USE_OS400CRYPTO) + +static bool encrypt_des(const unsigned char *in, unsigned char *out, + const unsigned char *key_56) +{ + char key[8]; + _CIPHER_Control_T ctl; + + ctl.Func_ID = ENCRYPT_ONLY; + ctl.Data_Len = 8; + extend_key_56_to_64(key_56, ctl.Crypto_Key); + _CIPHER((_SPCPTR *) &out, &ctl, (_SPCPTR *) &in); + return TRUE; +} + +#endif /* defined(USE_OS400CRYPTO) */ #endif /* defined(USE_SSLEAY) */ @@ -301,7 +319,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, setup_des_key(keys + 14, &des); gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8); gcry_cipher_close(des); -#elif defined(USE_NSS) || defined(USE_DARWINSSL) +#elif defined(USE_NSS) || defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO) encrypt_des(plaintext, results, keys); encrypt_des(plaintext, results + 8, keys + 7); encrypt_des(plaintext, results + 16, keys + 14); @@ -364,7 +382,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data, setup_des_key(pw + 7, &des); gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8); gcry_cipher_close(des); -#elif defined(USE_NSS) || defined(USE_DARWINSSL) +#elif defined(USE_NSS) || defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO) encrypt_des(magic, lmbuffer, pw); encrypt_des(magic, lmbuffer + 8, pw + 7); #endif @@ -455,7 +473,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data, gcry_md_write(MD4pw, pw, 2 * len); memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH); gcry_md_close(MD4pw); -#elif defined(USE_NSS) +#elif defined(USE_NSS) || defined(USE_OS400CRYPTO) Curl_md4it(ntbuffer, pw, 2 * len); #elif defined(USE_DARWINSSL) (void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer); diff --git a/lib/curl_setup.h b/lib/curl_setup.h index a82855989..6370e80f5 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -623,7 +623,8 @@ int netware_init(void); /* Single point where USE_NTLM definition might be defined */ #if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH) #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \ - defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) + defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) || \ + defined(USE_OS400CRYPTO) #define USE_NTLM #endif #endif diff --git a/lib/md4.c b/lib/md4.c index 6930e021a..fd0c6d4ab 100644 --- a/lib/md4.c +++ b/lib/md4.c @@ -22,9 +22,9 @@ #include "curl_setup.h" -/* NSS crypto library does not provide the MD4 hash algorithm, so that we have - * a local implementation of it */ -#ifdef USE_NSS +/* NSS and OS/400 crypto library do not provide the MD4 hash algorithm, so + * that we have a local implementation of it */ +#if defined(USE_NSS) || defined(USE_OS400CRYPTO) #include "curl_md4.h" #include "warnless.h" @@ -279,4 +279,4 @@ void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len) MD4Update(&ctx, input, curlx_uztoui(len)); MD4Final(output, &ctx); } -#endif /* USE_NSS */ +#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) */ diff --git a/packages/OS400/make-lib.sh b/packages/OS400/make-lib.sh index d987207f9..a4e505935 100644 --- a/packages/OS400/make-lib.sh +++ b/packages/OS400/make-lib.sh @@ -7,6 +7,13 @@ SCRIPTDIR=`dirname "${0}"` . "${SCRIPTDIR}/initscript.sh" cd "${TOPDIR}/lib" +# Need to have IFS access to the mih/cipher header file. + +if action_needed cipher.mih '/QSYS.LIB/QSYSINC.LIB/MIH.FILE/CIPHER.MBR' +then rm -f cipher.mih + ln -s '/QSYS.LIB/QSYSINC.LIB/MIH.FILE/CIPHER.MBR' cipher.mih +fi + # Create and compile the identification source file.