File Coverage

blib/lib/Authen/Passphrase/NetscapeMail.pm

Criterion	Covered	Total	%
statement	71	73	97.2
branch	24	38	63.1
condition	3	9	33.3
subroutine	16	16	100.0
pod	7	7	100.0
total	121	143	84.6

line	stmt	bran	cond	sub	pod	time	code
1							=head1 NAME
2
3							Authen::Passphrase::NetscapeMail - passphrases using Netscape Mail
4							Server's method
5
6							=head1 SYNOPSIS
7
8							use Authen::Passphrase::NetscapeMail;
9
10							$ppr = Authen::Passphrase::NetscapeMail->new(
11							salt => "8fd9d0a03491ce8f99cfbc9ab39f0dd5",
12							hash_hex => "983757d7b519e86d9b5d472aca4eea3a");
13
14							$ppr = Authen::Passphrase::NetscapeMail->new(
15							salt_random => 1,
16							passphrase => "passphrase");
17
18							$ppr = Authen::Passphrase::NetscapeMail->from_rfc2307(
19							"{NS-MTA-MD5}8fd9d0a03491ce8f99cfbc9ab39f0dd5".
20							"983757d7b519e86d9b5d472aca4eea3a");
21
22							$salt = $ppr->salt;
23							$hash = $ppr->hash;
24							$hash_hex = $ppr->hash_hex;
25
26							if($ppr->match($passphrase)) { ...
27
28							$userPassword = $ppr->as_rfc2307;
29
30							=head1 DESCRIPTION
31
32							An object of this class encapsulates a passphrase hashed using
33							the algorithm used by Netscape Mail Server. This is a subclass of
34							L, and this document assumes that the reader is
35							familiar with the documentation for that class.
36
37							The Netscape Mail Server scheme is based on the MD5 digest algorithm.
38							The passphrase and a salt are concatenated, along with some fixed
39							bytes, and this record is hashed through MD5. The output of MD5 is the
40							password hash.
41
42							This algorithm is deprecated, and is supported for compatibility only.
43							Prefer the mechanism of L.
44
45							=cut
46
47							package Authen::Passphrase::NetscapeMail;
48
49	2			2		96035	{ use 5.006; }
	2					9
50	2			2		11	use warnings;
	2					7
	2					130
51	2			2		10	use strict;
	2					3
	2					63
52
53	2			2		403	use Authen::Passphrase 0.003;
	2					52
	2					72
54	2			2		13	use Carp qw(croak);
	2					6
	2					139
55	2			2		355	use Crypt::SysRandom 'random_bytes';
	2					3152
	2					132
56	2			2		24	use Digest::MD5 1.99_53 ();
	2					43
	2					144
57
58							our $VERSION = "0.009";
59
60	2			2		364	use parent "Authen::Passphrase";
	2					255
	2					16
61
62							=head1 CONSTRUCTORS
63
64							=over
65
66							=item Authen::Passphrase::NetscapeMail->new(ATTR => VALUE, ...)
67
68							Generates a new passphrase recogniser object using the Netscape Mail
69							Server algorithm. The following attributes may be given:
70
71							=over
72
73							=item B
74
75							The salt, as a raw 32-byte string. It may be any 32-byte string, but
76							it is conventionally limited to lowercase hexadecimal digits.
77
78							=item B
79
80							Causes salt to be generated randomly. The value given for this attribute
81							is ignored. The salt will be a string of 32 lowercase hexadecimal digits.
82
83							=item B
84
85							The hash, as a string of 16 bytes.
86
87							=item B
88
89							The hash, as a string of 32 hexadecimal digits.
90
91							=item B
92
93							A passphrase that will be accepted.
94
95							=back
96
97							The salt must be given, and either the hash or the passphrase.
98
99							=cut
100
101							sub new {
102	8			8	1	172879	my $class = shift;
103	8					23	my $self = bless({}, $class);
104	8					17	my $passphrase;
105	8					25	while(@_) {
106	16					25	my $attr = shift;
107	16					28	my $value = shift;
108	16	100				56	if($attr eq "salt") {
		100
		100
		100
		50
109							croak "salt specified redundantly"
110	7	50				23	if exists $self->{salt};
111	7	50				34	$value =~ m#\A[\x00-\xff]{32}\z#
112							or croak "not a valid salt";
113	7					31	$self->{salt} = "$value";
114							} elsif($attr eq "salt_random") {
115							croak "salt specified redundantly"
116	1	50				4	if exists $self->{salt};
117	1					13	$self->{salt} = unpack("H*", random_bytes(16));
118							} elsif($attr eq "hash") {
119							croak "hash specified redundantly"
120	3	50	33			20	if exists($self->{hash}) \|\|
121							defined($passphrase);
122	3	50				13	$value =~ m#\A[\x00-\xff]{16}\z#
123							or croak "not a valid MD5 hash";
124	3					13	$self->{hash} = "$value";
125							} elsif($attr eq "hash_hex") {
126							croak "hash specified redundantly"
127	3	50	33			21	if exists($self->{hash}) \|\|
128							defined($passphrase);
129	3	50				12	$value =~ m#\A[0-9A-Fa-f]{32}\z#
130							or croak "\"$value\" is not a valid ".
131							"hex MD5 hash";
132	3					20	$self->{hash} = pack("H*", $value);
133							} elsif($attr eq "passphrase") {
134							croak "passphrase specified redundantly"
135	2	50	33			11	if exists($self->{hash}) \|\|
136							defined($passphrase);
137	2					5	$passphrase = $value;
138							} else {
139	0					0	croak "unrecognised attribute `$attr'";
140							}
141							}
142	8	50				20	croak "salt not specified" unless exists $self->{salt};
143	8	100				24	$self->{hash} = $self->_hash_of($passphrase) if defined $passphrase;
144	8	50				22	croak "hash not specified" unless exists $self->{hash};
145	8					32	return $self;
146							}
147
148							=item Authen::Passphrase::NetscapeMail->from_rfc2307(USERPASSWORD)
149
150							Generates a new Netscape Mail Server passphrase recogniser object from
151							an RFC 2307 string. The string must consist of "B<{NS-MTA-MD5}>" (case
152							insensitive) followed by the hash in case-insensitive hexadecimal and
153							then the salt. The salt must be exactly 32 characters long, and cannot
154							contain any character that cannot appear in an RFC 2307 string.
155
156							=cut
157
158							sub from_rfc2307 {
159	1			1	1	5	my($class, $userpassword) = @_;
160	1	50				51	if($userpassword =~ /\A\{(?i:ns-mta-md5)\}/) {
161	1	50				12	$userpassword =~ /\A\{.*?\}([0-9a-fA-F]{32})([!-~]{32})\z/
162							or croak "malformed {NS-MTA-MD5} data";
163	1					7	my($hash, $salt) = ($1, $2);
164	1					7	return $class->new(salt => $salt, hash_hex => $hash);
165							}
166	0					0	return $class->SUPER::from_rfc2307($userpassword);
167							}
168
169							=back
170
171							=head1 METHODS
172
173							=over
174
175							=item $ppr->salt
176
177							Returns the salt value, as a string of 32 bytes.
178
179							=cut
180
181							sub salt {
182	8			8	1	3728	my($self) = @_;
183	8					39	return $self->{salt};
184							}
185
186							=item $ppr->hash
187
188							Returns the hash value, as a string of 16 bytes.
189
190							=cut
191
192							sub hash {
193	7			7	1	18	my($self) = @_;
194	7					41	return $self->{hash};
195							}
196
197							=item $ppr->hash_hex
198
199							Returns the hash value, as a string of 32 hexadecimal digits.
200
201							=cut
202
203							sub hash_hex {
204	12			12	1	28	my($self) = @_;
205	12					97	return unpack("H*", $self->{hash});
206							}
207
208							=item $ppr->match(PASSPHRASE)
209
210							=item $ppr->as_rfc2307
211
212							These methods are part of the standard L interface.
213
214							=cut
215
216							sub _hash_of {
217	28			28		62	my($self, $passphrase) = @_;
218	28					165	my $ctx = Digest::MD5->new;
219	28					141	$ctx->add($self->{salt});
220	28					86	$ctx->add("\x59");
221	28					130	$ctx->add($passphrase);
222	28					82	$ctx->add("\xf7");
223	28					86	$ctx->add($self->{salt});
224	28					217	return $ctx->digest;
225							}
226
227							sub match {
228	26			26	1	9554	my($self, $passphrase) = @_;
229	26					81	return $self->_hash_of($passphrase) eq $self->{hash};
230							}
231
232							sub as_rfc2307 {
233	5			5	1	14	my($self) = @_;
234							croak "can't put this salt into an RFC 2307 string"
235	5	50				28	if $self->{salt} =~ /[^!-~]/;
236	5					14	return "{NS-MTA-MD5}".$self->hash_hex.$self->{salt};
237							}
238
239							=back
240
241							=head1 SEE ALSO
242
243							L,
244							L
245
246							=head1 AUTHOR
247
248							Andrew Main (Zefram)
249
250							=head1 COPYRIGHT
251
252							Copyright (C) 2006, 2007, 2009, 2010, 2012
253							Andrew Main (Zefram)
254
255							=head1 LICENSE
256
257							This module is free software; you can redistribute it and/or modify it
258							under the same terms as Perl itself.
259
260							=cut
261
262							1;