示例#1
0
/* this function parses tpasswd.conf file. Format is:
 * int(index):base64(n):base64(g)
 */
static int
read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n, char *str)
{
  char *p;
  int len;
  int index, ret;
  gnutls_datum_t dat;

  index = atoi (str);

  p = strrchr (str, ':');       /* we have g */
  if (p == NULL)
    {
      return -1;
    }

  *p = '\0';
  p++;

  /* read the generator */
  len = strlen (p);
  if (p[len - 1] == '\n')
    len--;

  dat.data = (void*)p;
  dat.size = len;
  ret = gnutls_srp_base64_decode_alloc (&dat, g);

  if (ret < 0)
    {
      fprintf (stderr, "Decoding error\n");
      return -1;
    }

  /* now go for n - modulo */
  p = strrchr (str, ':');       /* we have n */
  if (p == NULL)
    {
      return -1;
    }

  *p = '\0';
  p++;

  dat.data = (void*)p;
  dat.size = strlen (p);

  ret = gnutls_srp_base64_decode_alloc (&dat, n);

  if (ret < 0)
    {
      fprintf (stderr, "Decoding error\n");
      free (g->data);
      return -1;
    }

  return index;
}
示例#2
0
/* The format of a tpasswd file is:
 * username:verifier:salt:index
 *
 * index is the index of the prime-generator pair in tpasswd.conf
 */
static int
_verify_passwd_int(const char *username, const char *passwd,
		   char *verifier, const char *salt,
		   const gnutls_datum_t * g, const gnutls_datum_t * n)
{
	char _salt[1024];
	gnutls_datum_t tmp, raw_salt, new_verifier;
	size_t salt_size;
	char *pos;

	if (salt == NULL || verifier == NULL)
		return -1;

	if (strlen(salt) >= sizeof(_salt)) {
		fprintf(stderr, "Too long salt.\n");
		return -1;
	}

	/* copy salt, and null terminate after the ':' */
	strcpy(_salt, salt);
	pos = strchr(_salt, ':');
	if (pos != NULL)
		*pos = 0;

	/* convert salt to binary. */
	tmp.data = (void *) _salt;
	tmp.size = strlen(_salt);

	if (gnutls_srp_base64_decode_alloc(&tmp, &raw_salt) < 0) {
		fprintf(stderr, "Could not decode salt.\n");
		return -1;
	}

	if (gnutls_srp_verifier
	    (username, passwd, &raw_salt, g, n, &new_verifier) < 0) {
		fprintf(stderr, "Could not make the verifier\n");
		return -1;
	}

	free(raw_salt.data);

	/* encode the verifier into _salt */
	salt_size = sizeof(_salt);
	memset(_salt, 0, salt_size);
	if (gnutls_srp_base64_encode(&new_verifier, _salt, &salt_size) < 0) {
		fprintf(stderr, "Encoding error\n");
		return -1;
	}

	free(new_verifier.data);

	if (strncmp(verifier, _salt, strlen(_salt)) == 0) {
		fprintf(stderr, "Password verified\n");
		return 0;
	} else {
		fprintf(stderr, "Password does NOT match\n");
	}
	return -1;
}