char * _srp_crypt (const char *username, const char *passwd, int salt_size, const gnutls_datum_t * g, const gnutls_datum_t * n) { char salt[128]; static char result[1024]; gnutls_datum_t dat_salt, txt_salt; gnutls_datum_t verifier, txt_verifier; if ((unsigned) salt_size > sizeof (salt)) return NULL; /* generate the salt */ if (gc_nonce (salt, salt_size) != GC_OK) { fprintf (stderr, "Could not create nonce\n"); return NULL; } dat_salt.data = salt; dat_salt.size = salt_size; if (gnutls_srp_verifier (username, passwd, &dat_salt, g, n, &verifier) < 0) { fprintf (stderr, "Error getting verifier\n"); return NULL; } /* base64 encode the verifier */ if (gnutls_srp_base64_encode_alloc (&verifier, &txt_verifier) < 0) { fprintf (stderr, "Error encoding\n"); free (verifier.data); return NULL; } free (verifier.data); if (gnutls_srp_base64_encode_alloc (&dat_salt, &txt_salt) < 0) { fprintf (stderr, "Error encoding\n"); return NULL; } sprintf (result, "%s:%s", txt_verifier.data, txt_salt.data); free (txt_salt.data); free (txt_verifier.data); return result; }
/** * gnutls_pkcs12_generate_mac - This function generates the MAC of the PKCS12 structure * @pkcs12: should contain a gnutls_pkcs12_t structure * @pass: The password for the MAC * * This function will generate a MAC for the PKCS12 structure. * Returns 0 on success. * **/ int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) { opaque salt[8], key[20]; int result; const int iter = 1; mac_hd_t td1 = NULL; gnutls_datum_t tmp = { NULL, 0 }; opaque sha_mac[20]; if (pkcs12 == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } /* Generate the salt. */ if (gc_nonce (salt, sizeof (salt)) != GC_OK) { gnutls_assert (); return GNUTLS_E_RANDOM_FAILED; } /* Write the salt into the structure. */ result = asn1_write_value (pkcs12->pkcs12, "macData.macSalt", salt, sizeof (salt)); if (result != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } /* write the iterations */ if (iter > 1) { result = _gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations", iter); if (result < 0) { gnutls_assert (); goto cleanup; } } /* Generate the key. */ result = _pkcs12_string_to_key (3 /*MAC*/, salt, sizeof (salt), iter, pass, sizeof (key), key); if (result < 0) { gnutls_assert (); goto cleanup; } /* Get the data to be MACed */ result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp); if (result < 0) { gnutls_assert (); goto cleanup; } /* MAC the data */ td1 = _gnutls_hmac_init (GNUTLS_MAC_SHA1, key, sizeof (key)); if (td1 == GNUTLS_MAC_FAILED) { gnutls_assert (); result = GNUTLS_E_INTERNAL_ERROR; goto cleanup; } _gnutls_hmac (td1, tmp.data, tmp.size); _gnutls_free_datum (&tmp); _gnutls_hmac_deinit (td1, sha_mac); result = asn1_write_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac, sizeof (sha_mac)); if (result != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } result = asn1_write_value (pkcs12->pkcs12, "macData.mac.digestAlgorithm.parameters", NULL, 0); if (result != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } result = asn1_write_value (pkcs12->pkcs12, "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1, 1); if (result != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } return 0; cleanup: _gnutls_free_datum (&tmp); return result; }
/** * gsasl_nonce: * @data: output array to be filled with unpredictable random data. * @datalen: size of output array. * * Store unpredictable data of given size in the provided buffer. * * Return value: Returns %GSASL_OK iff successful. **/ int gsasl_nonce (char *data, size_t datalen) { return gc_nonce (data, datalen); }