char * sha384_hex_hash(const char * passwd) {
SHA384_CTX ct;
unsigned char hash[SHA384_DIGEST_LENGTH];
static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1]; // extra char for \0
SHA384_Init(&ct);
SHA384_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
SHA384_Final(hash, &ct);
/* base64 encode it */
lutil_b64_ntop(
hash,
SHA384_DIGEST_LENGTH,
real_hash,
LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1
);
return real_hash;
}
static void chk_sha_debug(
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred,
const char *cred_hash,
size_t cred_len,
int cmp_rc)
{
int rc;
struct berval cred_b64;
cred_b64.bv_len = LUTIL_BASE64_ENCODE_LEN(cred_len) + 1;
cred_b64.bv_val = ber_memalloc(cred_b64.bv_len + 1);
if( cred_b64.bv_val == NULL ) {
return;
}
rc = lutil_b64_ntop(
(unsigned char *) cred_hash, cred_len,
cred_b64.bv_val, cred_b64.bv_len );
if( rc < 0 ) {
ber_memfree(cred_b64.bv_val);
return;
}
fprintf(stderr, "Validating password\n");
fprintf(stderr, " Hash scheme:\t\t%s\n", scheme->bv_val);
fprintf(stderr, " Password to validate: %s\n", cred->bv_val);
fprintf(stderr, " Password hash:\t%s\n", cred_b64.bv_val);
fprintf(stderr, " Stored password hash:\t%s\n", passwd->bv_val);
fprintf(stderr, " Result:\t\t%s\n", cmp_rc ? "do not match" : "match");
ber_memfree(cred_b64.bv_val);
}
