int crsha256(char *username, const char *password, const char *challenge, const char *response) { char buf[1024]; SHA256_CTX ctx; unsigned char digest[32]; char hexbuf[sizeof(digest) * 2 + 1]; hmacsha256 hmac; /* not sure how this helps but the RFC says to do it... */ SHA256_Init(&ctx); SHA256_Update(&ctx, (unsigned char *)password, strlen(password)); SHA256_Final(digest, &ctx); snprintf(buf, sizeof(buf), "%s:%s", username, hmac_printhex(digest, hexbuf, sizeof(digest))); SHA256_Init(&ctx); SHA256_Update(&ctx, (unsigned char *)buf, strlen(buf)); SHA256_Final(digest, &ctx); hmacsha256_init(&hmac, (unsigned char *)hmac_printhex(digest, hexbuf, sizeof(digest)), sizeof(digest) * 2); hmacsha256_update(&hmac, (unsigned char *)challenge, strlen(challenge)); hmacsha256_final(&hmac, digest); if(!hmac_strcmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response)) return 1; return 0; }
int csc_verifyqticket(char *data, char *digest) { hmacsha256 hmac; unsigned char digestbuf[32]; char hexbuf[sizeof(digestbuf) * 2 + 1]; if(!ticketsecret) return -1; hmacsha256_init(&hmac, (unsigned char *)ticketsecret->content, ticketsecret->length); hmacsha256_update(&hmac, (unsigned char *)data, strlen(data)); hmacsha256_final(&hmac, digestbuf); hmac_printhex(digestbuf, hexbuf, sizeof(digestbuf)); if(!hmac_strcmp(hexbuf, digest)) return 0; return 1; }
char *csc_generateresetcode(time_t lockuntil, char *username) { unsigned char digest[32]; static char hexbuf[sizeof(digest) * 2 + 1]; hmacsha256 hmac; SHA256_CTX ctx; char buf[1024]; snprintf(buf, sizeof(buf), "%s:%lu", username, lockuntil); SHA256_Init(&ctx); SHA256_Update(&ctx, (unsigned char *)buf, strlen(buf)); SHA256_Final(digest, &ctx); hmac_printhex(digest, hexbuf, sizeof(digest)); hmacsha256_init(&hmac, (unsigned char *)codesecret->content, codesecret->length); hmacsha256_update(&hmac, (unsigned char *)hexbuf, strlen(hexbuf)); hmacsha256_final(&hmac, digest); hmac_printhex(digest, hexbuf, sizeof(digest)); return hexbuf; }
static struct aes256cprng* ecdsa_cprng_init(const char *msg, const gcry_mpi_t d, const struct curve_params *cp) { int len = cp->order_len_bin; struct aes256cprng *cprng; gcry_md_hd_t mh; char *buf; if (!(buf = gcry_malloc_secure(len))) { fprintf(stderr, "Failed to malloc secure memory in ecdsa_cprng_init()\n"); return NULL; } serialize_mpi(buf, len, DF_BIN, d); if (!hmacsha256_init(&mh, buf, len)) { fprintf(stderr, "Failed to run hmacsha256_init()\n"); return NULL; } gcry_free(buf); gcry_md_write(mh, msg, 64); gcry_md_final(mh); cprng = aes256cprng_init((const char*)gcry_md_read(mh, 0)); gcry_md_close(mh); return cprng; }