char *
_srp_crypt (const char *username, const char *passwd, int salt_size,
const gnutls_datum_t * g, const gnutls_datum_t * n)
{
char salt[128];
static char result[1024];
gnutls_datum_t dat_salt, txt_salt;
gnutls_datum_t verifier, txt_verifier;
if ((unsigned) salt_size > sizeof (salt))
return NULL;
/* generate the salt
*/
if (gc_nonce (salt, salt_size) != GC_OK)
{
fprintf (stderr, "Could not create nonce\n");
return NULL;
}
dat_salt.data = salt;
dat_salt.size = salt_size;
if (gnutls_srp_verifier (username, passwd, &dat_salt, g, n, &verifier) < 0)
{
fprintf (stderr, "Error getting verifier\n");
return NULL;
}
/* base64 encode the verifier */
if (gnutls_srp_base64_encode_alloc (&verifier, &txt_verifier) < 0)
{
fprintf (stderr, "Error encoding\n");
free (verifier.data);
return NULL;
}
free (verifier.data);
if (gnutls_srp_base64_encode_alloc (&dat_salt, &txt_salt) < 0)
{
fprintf (stderr, "Error encoding\n");
return NULL;
}
sprintf (result, "%s:%s", txt_verifier.data, txt_salt.data);
free (txt_salt.data);
free (txt_verifier.data);
return result;
}
/**
* gnutls_pkcs12_generate_mac - This function generates the MAC of the PKCS12 structure
* @pkcs12: should contain a gnutls_pkcs12_t structure
* @pass: The password for the MAC
*
* This function will generate a MAC for the PKCS12 structure.
* Returns 0 on success.
*
**/
int
gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
{
opaque salt[8], key[20];
int result;
const int iter = 1;
mac_hd_t td1 = NULL;
gnutls_datum_t tmp = { NULL, 0 };
opaque sha_mac[20];
if (pkcs12 == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
/* Generate the salt.
*/
if (gc_nonce (salt, sizeof (salt)) != GC_OK)
{
gnutls_assert ();
return GNUTLS_E_RANDOM_FAILED;
}
/* Write the salt into the structure.
*/
result =
asn1_write_value (pkcs12->pkcs12, "macData.macSalt", salt, sizeof (salt));
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
/* write the iterations
*/
if (iter > 1)
{
result =
_gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations",
iter);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
}
/* Generate the key.
*/
result = _pkcs12_string_to_key (3 /*MAC*/, salt, sizeof (salt),
iter, pass, sizeof (key), key);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
/* Get the data to be MACed
*/
result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
/* MAC the data
*/
td1 = _gnutls_hmac_init (GNUTLS_MAC_SHA1, key, sizeof (key));
if (td1 == GNUTLS_MAC_FAILED)
{
gnutls_assert ();
result = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
_gnutls_hmac (td1, tmp.data, tmp.size);
_gnutls_free_datum (&tmp);
_gnutls_hmac_deinit (td1, sha_mac);
result =
asn1_write_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac,
sizeof (sha_mac));
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
result =
asn1_write_value (pkcs12->pkcs12,
"macData.mac.digestAlgorithm.parameters", NULL, 0);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
result =
asn1_write_value (pkcs12->pkcs12,
"macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1,
1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
return 0;
cleanup:
_gnutls_free_datum (&tmp);
return result;
}
/**
* gsasl_nonce:
* @data: output array to be filled with unpredictable random data.
* @datalen: size of output array.
*
* Store unpredictable data of given size in the provided buffer.
*
* Return value: Returns %GSASL_OK iff successful.
**/
int
gsasl_nonce (char *data, size_t datalen)
{
return gc_nonce (data, datalen);
}
