42 if( p ==
nullptr )
throw G::Exception(
"no tls library" ) ;
53 std::string operator()(
const std::string & data_1 ,
const std::string & data_2 )
const
60 std::size_t blocksize()
const
65 std::size_t m_blocksize ;
72 GSsl::Digester d( CramImp::lib().digester(m_name,std::string(),
true) ) ;
74 throw GAuth::Cram::NoState( m_name ) ;
78 std::string operator()(
const std::string & state_pair ,
const std::string & data )
const
80 if( state_pair.size() != (2U*m_valuesize) )
throw GAuth::Cram::InvalidState( m_name ) ;
90 std::size_t m_valuesize ;
91 std::size_t m_blocksize ;
97 const Secret & secret ,
const std::string & challenge ,
98 const std::string & id_prefix )
102 G_DEBUG(
"GAuth::Cram::response: [" << hash_type <<
"]"
103 <<
"[" << as_hmac <<
"]"
107 <<
"[" << responseImp(hash_type,as_hmac,secret,
challenge) <<
"]" ) ;
109 return id_prefix +
" " + responseImp(hash_type,as_hmac,secret,
challenge) ;
111 catch( std::exception & e )
113 G_WARNING(
"GAuth::Cram::response: challenge-response failure: " << e.what() ) ;
114 return std::string() ;
119 const Secret & secret ,
const std::string & challenge ,
120 const std::string & response_in )
124 G_DEBUG(
"GAuth::Cram::validate: [" << hash_type <<
"]"
125 <<
"[" << as_hmac <<
"]"
128 <<
"[" << challenge <<
"]"
129 <<
"[" << response_in <<
"]"
130 <<
"[" << responseImp(hash_type,as_hmac,secret,challenge) <<
"]" ) ;
132 std::string expectation =
G::Str::tail( response_in , response_in.rfind(
' ') ) ;
133 return !expectation.empty() && responseImp(hash_type,as_hmac,secret,challenge) == expectation ;
135 catch( std::exception & e )
137 G_WARNING(
"GAuth::Cram::validate: challenge-response failure: " << e.what() ) ;
148std::string GAuth::Cram::responseImp(
const std::string & mechanism_hash_type ,
bool as_hmac ,
149 const Secret & secret ,
const std::string & challenge )
151 G_DEBUG(
"GAuth::Cram::responseImp: mechanism-hash=[" << mechanism_hash_type <<
"] "
152 <<
"secret-hash=[" << secret.
maskType() <<
"] "
153 <<
"as-hmac=" << as_hmac ) ;
158 throw BadType( secret.
maskType() ) ;
160 if( mechanism_hash_type ==
"MD5" )
166 CramImp::DigesterAdaptor digest( mechanism_hash_type ) ;
170 else if( secret.
masked() )
173 throw Mismatch( secret.
maskType() , mechanism_hash_type ) ;
175 if( mechanism_hash_type ==
"MD5" )
181 CramImp::PostDigesterAdaptor postdigest( mechanism_hash_type ) ;
187 if( mechanism_hash_type ==
"MD5" )
193 CramImp::DigesterAdaptor digest( mechanism_hash_type ) ;
207 result.push_back(
"FAKE" ) ;
210 G_DEBUG(
"GAuth::Cram::hashTypes: tls library hash types: [" <<
G::Str::join(
",",result) <<
"] "
211 <<
"(" << (require_state?1:0) <<
")" ) ;
215 result.push_back(
"MD5" ) ;
217 if( !prefix.empty() )
219 for(
auto & hashtype : result )
220 hashtype.insert( 0U , prefix ) ;
227 std::ostringstream ss ;
228 ss <<
"<" << random <<
"."
static std::string challenge(unsigned int random)
Returns a challenge string that incorporates the given random number and the current time.
static std::string id(const std::string &response)
Returns the leading id part of the response.
static std::string response(const std::string &hash_type, bool hmac, const Secret &secret, const std::string &challenge, const std::string &response_prefix)
Constructs a response to a challenge comprising the response-prefix, space, and digest-or-hmac of sec...
static bool validate(const std::string &hash_type, bool hmac, const Secret &secret, const std::string &challenge, const std::string &response)
Validates the response with respect to the original challenge.
static G::StringArray hashTypes(const std::string &prefix=std::string(), bool require_state=false)
Returns a list of supported hash types, such as "MD5" and "SHA1", ordered with the strongest first.
Encapsulates a shared secret from the secrets file plus the associated userid.
bool masked() const
Returns true if key() is masked.
std::string maskType() const
Returns the masking function name, such as "MD5", or the empty string if not masked().
std::string key() const
Returns the key. Throws if not valid().
static std::string canonicalName()
Returns the canonical network name assiciated with hostname().
A class for objects that can perform a cryptographic hash.
std::size_t valuesize() const
Returns the hash function's value size in bytes.
std::size_t statesize() const
Returns the size of the state() string in bytes, or zero if state() is not implemented.
std::string value()
Returns the hash value.
void add(const std::string &)
Adds data of arbitrary size.
std::size_t blocksize() const
Returns the hash function's block size in bytes.
A singleton class for initialising the underlying TLS library.
static Library * instance()
Returns a pointer to a library object, if any.
static std::string ids()
Returns a concatenation of all available TLS library names and versions.
static G::StringArray digesters(bool need_state=false)
Returns a list of hash function names (such as "MD5") that the TLS library can do,...
A general-purpose exception class derived from std::exception and containing an error message.
static std::string extension(U n)
Returns the given data size as a four-character string.
static std::string hmac(Fn2 digest, std::size_t blocksize, const std::string &key, const std::string &input)
Computes a Hashed Message Authentication Code using the given hash function.
static std::string printable(const std::string &input)
Converts a binary string into a printable form, using a lowercase hexadecimal encoding.
static std::string postdigest(const std::string &state_pair, const std::string &message)
A convenience function that returns the value() from an outer digest that is initialised with the sec...
static std::size_t blocksize()
Returns the block size in bytes (64).
static std::string digest2(const std::string &input_1, const std::string &input_2)
A non-overloaded name for the digest() overload taking two parameters.
static std::string digest(const std::string &input)
A convenience function that returns a digest from one input.
static std::string join(const std::string &sep, const StringArray &strings)
Concatenates an array of strings with separators.
static bool imatch(char, char)
Returns true if the two characters are the same, ignoring Latin-1 case.
static std::string tail(const std::string &in, std::size_t pos, const std::string &default_=std::string())
Returns the last part of the string after the given position.
static bool match(const std::string &, const std::string &)
Returns true if the two strings are the same.
static std::string printable(const std::string &in, char escape='\\')
Returns a printable representation of the given input string, using chacter code ranges 0x20 to 0x7e ...
static std::string head(const std::string &in, std::size_t pos, const std::string &default_=std::string())
Returns the first part of the string up to just before the given position.
static SystemTime now()
Factory function for the current time.
std::time_t s() const noexcept
Returns the number of seconds since the start of the epoch.
static bool enabled() noexcept
Returns true if test features are enabled.
An interface to an underlying TLS library.
SASL authentication classes.
std::vector< std::string > StringArray
A std::vector of std::strings.
Used by GAuth::Cram to use GSsl::Digester.
Used by GAuth::Cram to use GSsl::Digester.
An overload discriminator for G::Hash::hmac()