diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-05-13 10:05:15 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-05-13 10:05:15 +0000 |
commit | ca8216a4c11f23541e04ec8b701cd125ec8ff2a6 (patch) | |
tree | d1c408c36ab1b065cb6f793e044394ac89c5e343 /src/crypt.c | |
parent | f9fa0b94d5901f336c5ec5d76893c675d859033c (diff) | |
download | gnutls-ca8216a4c11f23541e04ec8b701cd125ec8ff2a6.tar.gz |
Added compatibility with Tom Wu's libsrp's password files.
Diffstat (limited to 'src/crypt.c')
-rw-r--r-- | src/crypt.c | 328 |
1 files changed, 262 insertions, 66 deletions
diff --git a/src/crypt.c b/src/crypt.c index 7768f5229b..ec91803fb6 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -22,89 +22,285 @@ #include <string.h> #include <stdlib.h> #include <unistd.h> -#include "../lib/gnutls.h" +#include "../lib/defines.h" +#include "../lib/gnutls_int.h" +#include "../lib/gnutls_srp.h" +#include "../lib/crypt.h" +#include "../lib/cert_b64.h" #include "gaa.h" +#include <pwd.h> +#include <sys/types.h> +#include <unistd.h> + +int crypt_int(char *username, char *passwd, int crypt, int salt, + char *tpasswd_conf, char *tpasswd); +static int read_conf_values(MPI * g, MPI * n, char *str, int str_size); + +int generate_create_conf(char *file) +{ + FILE *fd; + char line[5 * 1024]; + int index = 1; + unsigned char *g, *n; + + fd = fopen(file, "w"); + if (fd == NULL) { + fprintf(stderr, "Cannot open file '%s'\n", file); + return -1; + } -int verify_passwd(char *file, char* username, char* passwd) { - FILE* fd; - char line[513]; + _gnutls_srp_gn(&g, &n); + sprintf(line, "%d:%s:%s\n", index, n, g); + + fwrite(line, 1, strlen(line), fd); + + fclose(fd); + return 0; + +} + + +int verify_passwd(char *conffile, char *file, char *username, char *passwd) +{ + FILE *fd; + char line[5 * 1024]; int i; - - fd = fopen( file, "r"); - if (fd==NULL) { + MPI g, n; + int index; + char *p; + + fd = fopen(conffile, "r"); + if (fd == NULL) { + fprintf(stderr, "Cannot find %s\n", conffile); + return -1; + } + + p = fgets(line, sizeof(line) - 1, fd); + + if (p == NULL) { + fprintf(stderr, "Cannot find entry in %s\n", conffile); + return -1; + } + line[sizeof(line) - 1] = 0; + + fclose(fd); + if ((index = read_conf_values(&g, &n, line, strlen(line))) < 0) { + fprintf(stderr, "Cannot parse conf file '%s'\n", conffile); + return -1; + } + + fd = fopen(file, "r"); + if (fd == NULL) { fprintf(stderr, "Cannot open file '%s'\n", file); return -1; } - while( fgets( line, sizeof(line), fd) != NULL) { + while (fgets(line, sizeof(line), fd) != NULL) { /* move to first ':' */ - i=0; - while( (line[i]!=':') && (line[i]!='\0') && (i < sizeof(line)) ) { + i = 0; + while ((line[i] != ':') && (line[i] != '\0') + && (i < sizeof(line))) { i++; } - if (strncmp( username, line, i) == 0) { - if (gnutls_crypt_vrfy( username, passwd, &line[++i]) == 0) { - fprintf(stderr, "Password verified\n"); - } else { - fprintf(stderr, "Password does NOT match\n"); - } - return 0; + if (strncmp(username, line, strlen(username)) == 0) { + if (gnutls_crypt_vrfy + (username, passwd, &line[++i], g, n) == 0) { + fprintf(stderr, "Password verified\n"); + } else { + fprintf(stderr, + "Password does NOT match\n"); + } + return 0; } } fclose(fd); return -1; - + } -int main(int argc, char** argv) { -gaainfo info; -char* passwd; -char* cr=NULL; -int crypt, salt; - - if ( gaa(argc, argv, &info) != -1) { - fprintf(stderr, "Error in the arguments.\n"); - return -1; - } - - salt = info.salt; - - if(info.crypt==NULL) { - crypt = SRPSHA1_CRYPT; - salt = 16; - } else { - if (strcasecmp( info.crypt, "bcrypt")==0) { - crypt = BLOWFISH_CRYPT; - if (salt==0) salt = 6; /* cost is 6 */ - } - else if (strcasecmp( info.crypt, "srpsha")==0) { - crypt = SRPSHA1_CRYPT; - if (salt==0) salt = 16; /* 16 bytes salt */ - } - else { - fprintf(stderr, "Unknown algorithm\n"); - return -1; - } - } - - passwd = getpass("Enter password: "); - - if (info.passwd != NULL) { - verify_passwd( info.passwd, info.username, passwd); - return 0; - } - - - cr = gnutls_crypt( info.username, passwd, crypt, salt); - if (cr==NULL) { - fprintf(stderr, "Cannot gnutls_crypt()...\n"); - return -1; - } - - printf("%s:%s\n", info.username, cr); - free(cr); +#define KPASSWD "/etc/tpasswd" +#define KPASSWD_CONF "/etc/tpasswd.conf" + +int main(int argc, char **argv) +{ + gaainfo info; + char *passwd; + int crypt, salt; + struct passwd *pwd; + + if (gaa(argc, argv, &info) != -1) { + fprintf(stderr, "Error in the arguments.\n"); + return -1; + } + + salt = info.salt; + + if (info.create_conf != NULL) { + return generate_create_conf(info.create_conf); + } + + if (info.passwd == NULL) + info.passwd = KPASSWD; + if (info.passwd_conf == NULL) + info.passwd_conf = KPASSWD_CONF; + + if (info.username == NULL) { + pwd = getpwuid(getuid()); + + if (pwd == NULL) { + fprintf(stderr, "No such user\n"); + return -1; + } + + info.username = pwd->pw_name; + } + + if (info.crypt == NULL) { + crypt = SRPSHA1_CRYPT; + salt = 16; + } else { + if (strcasecmp(info.crypt, "bcrypt") == 0) { + crypt = BLOWFISH_CRYPT; + if (salt == 0) + salt = 6; /* cost is 6 */ + } else if (strcasecmp(info.crypt, "srpsha") == 0) { + crypt = SRPSHA1_CRYPT; + if (salt == 0) + salt = 10; /* 10 bytes salt */ + } else { + fprintf(stderr, "Unknown algorithm\n"); + return -1; + } + } + + passwd = getpass("Enter password: "); + +/* not ready yet */ + if (info.verify != 0) { + return verify_passwd(info.passwd_conf, info.passwd, + info.username, passwd); + } + + + return crypt_int(info.username, passwd, crypt, salt, + info.passwd_conf, info.passwd); + +} + +int crypt_int(char *username, char *passwd, int crypt, int salt, + char *tpasswd_conf, char *tpasswd) +{ + FILE *fd; + char *cr; + MPI g, n; + char line[5 * 1024]; + char *p; + int index; + + fd = fopen(tpasswd_conf, "r"); + if (fd == NULL) { + fprintf(stderr, "Cannot find %s\n", tpasswd_conf); + return -1; + } + + p = fgets(line, sizeof(line) - 1, fd); + + if (p == NULL) { + fprintf(stderr, "Cannot find entry in %s\n", tpasswd_conf); + return -1; + } + line[sizeof(line) - 1] = 0; + + fclose(fd); + if ((index = read_conf_values(&g, &n, line, strlen(line))) < 0) { + fprintf(stderr, "Cannot parse conf file '%s'\n", + tpasswd_conf); + return -1; + } + + cr = gnutls_crypt(username, passwd, crypt, salt, g, n); + if (cr == NULL) { + fprintf(stderr, "Cannot gnutls_crypt()...\n"); + return -1; + } else { + + fd = fopen(tpasswd, "a"); + if (fd == NULL) { + fprintf(stderr, "Cannot open '%s' for append\n", + tpasswd); + return -1; + } + fprintf(fd, "%s:%s:%u\n", username, cr, index); + fclose(fd); + free(cr); + } + + return 0; +} + + + +/* this function parses tpasswd.conf file. Format is: + * int(index):base64(n):int(g) + */ +static int read_conf_values(MPI * g, MPI * n, char *str, int str_size) +{ + char *p; + int len; + opaque *tmp; + int tmp_size; + int index; + index = atoi(str); -}
\ No newline at end of file + p = rindex(str, ':'); /* we have g */ + if (p == NULL) { + return -1; + } + + *p = '\0'; + p++; + + /* read the generator */ + len = strlen(p); + tmp_size = _gnutls_sbase64_decode(p, len, &tmp); + + if (tmp_size < 0) { + gnutls_free(tmp); + return -1; + } + if (gcry_mpi_scan(g, GCRYMPI_FMT_USG, tmp, &tmp_size)) { + gnutls_free(tmp); + return -1; + } + + gnutls_free(tmp); + + + /* now go for n - modulo */ + p = rindex(str, ':'); /* we have n */ + if (p == NULL) { + return -1; + } + + *p = '\0'; + p++; + + len = strlen(p); + tmp_size = _gnutls_sbase64_decode(p, len, &tmp); + + if (tmp_size < 0) { + gnutls_free(tmp); + return -1; + } + if (gcry_mpi_scan(n, GCRYMPI_FMT_USG, tmp, &tmp_size)) { + gnutls_free(tmp); + return -1; + } + + gnutls_free(tmp); + + return index; +} |