int crsha256(char *username, const char *password, const char *challenge, const char *response) {
char buf[1024];
SHA256_CTX ctx;
unsigned char digest[32];
char hexbuf[sizeof(digest) * 2 + 1];
hmacsha256 hmac;
/* not sure how this helps but the RFC says to do it... */
SHA256_Init(&ctx);
SHA256_Update(&ctx, (unsigned char *)password, strlen(password));
SHA256_Final(digest, &ctx);
snprintf(buf, sizeof(buf), "%s:%s", username, hmac_printhex(digest, hexbuf, sizeof(digest)));
SHA256_Init(&ctx);
SHA256_Update(&ctx, (unsigned char *)buf, strlen(buf));
SHA256_Final(digest, &ctx);
hmacsha256_init(&hmac, (unsigned char *)hmac_printhex(digest, hexbuf, sizeof(digest)), sizeof(digest) * 2);
hmacsha256_update(&hmac, (unsigned char *)challenge, strlen(challenge));
hmacsha256_final(&hmac, digest);
if(!hmac_strcmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
return 1;
return 0;
}
int csc_verifyqticket(char *data, char *digest) {
hmacsha256 hmac;
unsigned char digestbuf[32];
char hexbuf[sizeof(digestbuf) * 2 + 1];
if(!ticketsecret)
return -1;
hmacsha256_init(&hmac, (unsigned char *)ticketsecret->content, ticketsecret->length);
hmacsha256_update(&hmac, (unsigned char *)data, strlen(data));
hmacsha256_final(&hmac, digestbuf);
hmac_printhex(digestbuf, hexbuf, sizeof(digestbuf));
if(!hmac_strcmp(hexbuf, digest))
return 0;
return 1;
}
char *csc_generateresetcode(time_t lockuntil, char *username) {
unsigned char digest[32];
static char hexbuf[sizeof(digest) * 2 + 1];
hmacsha256 hmac;
SHA256_CTX ctx;
char buf[1024];
snprintf(buf, sizeof(buf), "%s:%lu", username, lockuntil);
SHA256_Init(&ctx);
SHA256_Update(&ctx, (unsigned char *)buf, strlen(buf));
SHA256_Final(digest, &ctx);
hmac_printhex(digest, hexbuf, sizeof(digest));
hmacsha256_init(&hmac, (unsigned char *)codesecret->content, codesecret->length);
hmacsha256_update(&hmac, (unsigned char *)hexbuf, strlen(hexbuf));
hmacsha256_final(&hmac, digest);
hmac_printhex(digest, hexbuf, sizeof(digest));
return hexbuf;
}
static struct aes256cprng*
ecdsa_cprng_init(const char *msg, const gcry_mpi_t d,
const struct curve_params *cp)
{
int len = cp->order_len_bin;
struct aes256cprng *cprng;
gcry_md_hd_t mh;
char *buf;
if (!(buf = gcry_malloc_secure(len))) {
fprintf(stderr, "Failed to malloc secure memory in ecdsa_cprng_init()\n");
return NULL;
}
serialize_mpi(buf, len, DF_BIN, d);
if (!hmacsha256_init(&mh, buf, len)) {
fprintf(stderr, "Failed to run hmacsha256_init()\n");
return NULL;
}
gcry_free(buf);
gcry_md_write(mh, msg, 64);
gcry_md_final(mh);
cprng = aes256cprng_init((const char*)gcry_md_read(mh, 0));
gcry_md_close(mh);
return cprng;
}
