search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix dangling/unused bindings in `(gnutls)'.
[gnutls.git] / src / crypt.c
blob9058381c47897a0b2483be8b477084a13d21779c
1 /*
2 * Copyright (C) 2004, 2005, 2006, 2007 Simon Josefsson
3 * Copyright (C) 2001,2003 Nikos Mavrogiannopoulos
4 * Copyright (C) 2004 Free Software Foundation
5 *
6 * This file is part of GNUTLS.
7 *
8 * GNUTLS is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * GNUTLS is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include <config.h>
23
24
25
26 #ifndef ENABLE_SRP
27
28 #include <stdio.h>
29
30 int
31 main (int argc, char **argv)
32 {
33 printf ("\nSRP not supported. This program is a dummy.\n\n");
34 return 1;
35 };
36
37 void
38 srptool_version (void)
39 {
40 fprintf (stderr, "GNU TLS dummy srptool.\n");
41 }
42
43 #else
44
45 #include <stdio.h>
46 #include <string.h>
47 #include <stdlib.h>
48 #include <gnutls/gnutls.h>
49 #include <gnutls/extra.h>
50 #include <crypt-gaa.h>
51
52 #include <gc.h> /* for randomize */
53
54 #include <sys/types.h>
55 #include <sys/stat.h>
56
57 #ifndef _WIN32
58 # include <pwd.h>
59 # include <unistd.h>
60 #else
61 # include <windows.h>
62 #endif
63
64 /* Gnulib portability files. */
65 #include <getpass.h>
66
67 #define _MAX(x,y) (x>y?x:y)
68
69 /* This may need some rewrite. A lot of stuff which should be here
70 * are in the library, which is not good.
71 */
72
73 int crypt_int (const char *username, const char *passwd, int salt,
74 char *tpasswd_conf, char *tpasswd, int uindex);
75 static int read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n, char *str);
76 static int _verify_passwd_int (const char *username, const char *passwd,
77 char *verifier, char *salt,
78 const gnutls_datum_t * g,
79 const gnutls_datum_t * n);
80
81 void
82 srptool_version (void)
83 {
84 const char *v = gnutls_check_version (NULL);
85
86 printf ("srptool (GnuTLS) %s\n", LIBGNUTLS_VERSION);
87 if (strcmp (v, LIBGNUTLS_VERSION) != 0)
88 printf ("libgnutls %s\n", v);
89 }
90
91
92 static void
93 print_num (const char *msg, const gnutls_datum_t * num)
94 {
95 unsigned int i;
96
97 printf ("%s:\t", msg);
98
99 for (i = 0; i < num->size; i++)
100 {
101 if (i != 0 && i % 12 == 0)
102 printf ("\n\t");
103 else if (i != 0 && i != num->size)
104 printf (":");
105 printf ("%.2x", num->data[i]);
106 }
107 printf ("\n\n");
108
109 }
110
111 int
112 generate_create_conf (char *tpasswd_conf)
113 {
114 FILE *fd;
115 char line[5 * 1024];
116 int index = 1;
117 gnutls_datum_t g, n;
118 gnutls_datum_t str_g, str_n;
119
120 fd = fopen (tpasswd_conf, "w");
121 if (fd == NULL)
122 {
123 fprintf (stderr, "Cannot open file '%s'\n", tpasswd_conf);
124 return -1;
125 }
126
127 for (index = 1; index <= 3; index++)
128 {
129
130 if (index == 1)
131 {
132 n = gnutls_srp_1024_group_prime;
133 g = gnutls_srp_1024_group_generator;
134 }
135 else if (index == 2)
136 {
137 n = gnutls_srp_1536_group_prime;
138 g = gnutls_srp_1536_group_generator;
139 }
140 else
141 {
142 n = gnutls_srp_2048_group_prime;
143 g = gnutls_srp_2048_group_generator;
144 }
145
146 printf ("\nGroup %d, of %d bits:\n", index, n.size * 8);
147 print_num ("Generator", &g);
148 print_num ("Prime", &n);
149
150 if (gnutls_srp_base64_encode_alloc (&n, &str_n) < 0)
151 {
152 fprintf (stderr, "Could not encode\n");
153 return -1;
154 }
155
156 if (gnutls_srp_base64_encode_alloc (&g, &str_g) < 0)
157 {
158 fprintf (stderr, "Could not encode\n");
159 return -1;
160 }
161
162 sprintf (line, "%d:%s:%s\n", index, str_n.data, str_g.data);
163
164 gnutls_free (str_n.data);
165 gnutls_free (str_g.data);
166
167 fwrite (line, 1, strlen (line), fd);
168
169 }
170
171 fclose (fd);
172
173 return 0;
174
175 }
176
177 /* The format of a tpasswd file is:
178 * username:verifier:salt:index
179 *
180 * index is the index of the prime-generator pair in tpasswd.conf
181 */
182 static int
183 _verify_passwd_int (const char *username, const char *passwd,
184 char *verifier, char *salt,
185 const gnutls_datum_t * g, const gnutls_datum_t * n)
186 {
187 char _salt[1024];
188 gnutls_datum_t tmp, raw_salt, new_verifier;
189 size_t salt_size;
190 char *pos;
191
192 if (salt == NULL || verifier == NULL)
193 return -1;
194
195 /* copy salt, and null terminate after the ':' */
196 strcpy (_salt, salt);
197 pos = strchr (_salt, ':');
198 if (pos != NULL)
199 *pos = 0;
200
201 /* convert salt to binary. */
202 tmp.data = _salt;
203 tmp.size = strlen (_salt);
204
205 if (gnutls_srp_base64_decode_alloc (&tmp, &raw_salt) < 0)
206 {
207 fprintf (stderr, "Could not decode salt.\n");
208 return -1;
209 }
210
211 if (gnutls_srp_verifier
212 (username, passwd, &raw_salt, g, n, &new_verifier) < 0)
213 {
214 fprintf (stderr, "Could not make the verifier\n");
215 return -1;
216 }
217
218 free (raw_salt.data);
219
220 /* encode the verifier into _salt */
221 salt_size = sizeof (_salt);
222 if (gnutls_srp_base64_encode (&new_verifier, _salt, &salt_size) < 0)
223 {
224 fprintf (stderr, "Encoding error\n");
225 return -1;
226 }
227
228 free (new_verifier.data);
229
230 if (strncmp (verifier, _salt, strlen (_salt)) == 0)
231 {
232 fprintf (stderr, "Password verified\n");
233 return 0;
234 }
235 else
236 {
237 fprintf (stderr, "Password does NOT match\n");
238 }
239 return -1;
240 }
241
242 static int
243 filecopy (char *src, char *dst)
244 {
245 FILE *fd, *fd2;
246 char line[5 * 1024];
247 char *p;
248
249 fd = fopen (dst, "w");
250 if (fd == NULL)
251 {
252 fprintf (stderr, "Cannot open '%s' for write\n", dst);
253 return -1;
254 }
255
256 fd2 = fopen (src, "r");
257 if (fd2 == NULL)
258 {
259 /* empty file */
260 fclose (fd);
261 return 0;
262 }
263
264 line[sizeof (line) - 1] = 0;
265 do
266 {
267 p = fgets (line, sizeof (line) - 1, fd2);
268 if (p == NULL)
269 break;
270
271 fputs (line, fd);
272 }
273 while (1);
274
275 fclose (fd);
276 fclose (fd2);
277
278 return 0;
279 }
280
281 /* accepts password file */
282 static int
283 find_strchr (char *username, char *file)
284 {
285 FILE *fd;
286 char *pos;
287 char line[5 * 1024];
288 unsigned int i;
289
290 fd = fopen (file, "r");
291 if (fd == NULL)
292 {
293 fprintf (stderr, "Cannot open file '%s'\n", file);
294 return -1;
295 }
296
297 while (fgets (line, sizeof (line), fd) != NULL)
298 {
299 /* move to first ':' */
300 i = 0;
301 while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
302 {
303 i++;
304 }
305 if (strncmp (username, line, _MAX (i, strlen (username))) == 0)
306 {
307 /* find the index */
308 pos = strrchr (line, ':');
309 pos++;
310 fclose (fd);
311 return atoi (pos);
312 }
313 }
314
315 fclose (fd);
316 return -1;
317 }
318
319 /* Parses the tpasswd files, in order to verify the given
320 * username/password pair.
321 */
322 int
323 verify_passwd (char *conffile, char *tpasswd, char *username,
324 const char *passwd)
325 {
326 FILE *fd;
327 char line[5 * 1024];
328 unsigned int i;
329 gnutls_datum_t g, n;
330 int iindex;
331 char *p, *pos;
332
333 iindex = find_strchr (username, tpasswd);
334 if (iindex == -1)
335 {
336 fprintf (stderr, "Cannot find '%s' in %s\n", username, tpasswd);
337 return -1;
338 }
339
340 fd = fopen (conffile, "r");
341 if (fd == NULL)
342 {
343 fprintf (stderr, "Cannot find %s\n", conffile);
344 return -1;
345 }
346
347 do
348 {
349 p = fgets (line, sizeof (line) - 1, fd);
350 }
351 while (p != NULL && atoi (p) != iindex);
352
353 if (p == NULL)
354 {
355 fprintf (stderr, "Cannot find entry in %s\n", conffile);
356 return -1;
357 }
358 line[sizeof (line) - 1] = 0;
359
360 fclose (fd);
361
362 if ((iindex = read_conf_values (&g, &n, line)) < 0)
363 {
364 fprintf (stderr, "Cannot parse conf file '%s'\n", conffile);
365 return -1;
366 }
367
368 fd = fopen (tpasswd, "r");
369 if (fd == NULL)
370 {
371 fprintf (stderr, "Cannot open file '%s'\n", tpasswd);
372 return -1;
373 }
374
375 while (fgets (line, sizeof (line), fd) != NULL)
376 {
377 /* move to first ':'
378 * This is the actual verifier.
379 */
380 i = 0;
381 while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
382 {
383 i++;
384 }
385 if (strncmp (username, line, _MAX (i, strlen (username))) == 0)
386 {
387 char *verifier_pos, *salt_pos;
388
389 pos = strchr (line, ':');
390 fclose (fd);
391 if (pos == NULL)
392 {
393 fprintf (stderr, "Cannot parse conf file '%s'\n", conffile);
394 return -1;
395 }
396 pos++;
397 verifier_pos = pos;
398
399 /* Move to the salt */
400 pos = strchr (pos, ':');
401 if (pos == NULL)
402 {
403 fprintf (stderr, "Cannot parse conf file '%s'\n", conffile);
404 return -1;
405 }
406 pos++;
407 salt_pos = pos;
408
409 return _verify_passwd_int (username, passwd,
410 verifier_pos, salt_pos, &g, &n);
411 }
412 }
413
414 fclose (fd);
415 return -1;
416
417 }
418
419 #define KPASSWD "/etc/tpasswd"
420 #define KPASSWD_CONF "/etc/tpasswd.conf"
421
422 int
423 main (int argc, char **argv)
424 {
425 gaainfo info;
426 const char *passwd;
427 int salt, ret;
428 struct passwd *pwd;
429
430 if ((ret = gnutls_global_init ()) < 0)
431 {
432 fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret));
433 exit (1);
434 }
435
436 #ifdef HAVE_UMASK
437 umask (066);
438 #endif
439
440 if (gaa (argc, argv, &info) != -1)
441 {
442 fprintf (stderr, "Error in the arguments.\n");
443 return -1;
444 }
445
446 salt = info.salt;
447
448 if (info.create_conf != NULL)
449 {
450 return generate_create_conf (info.create_conf);
451 }
452
453 if (info.passwd == NULL)
454 info.passwd = KPASSWD;
455 if (info.passwd_conf == NULL)
456 info.passwd_conf = KPASSWD_CONF;
457
458 if (info.username == NULL)
459 {
460 #ifndef _WIN32
461 pwd = getpwuid (getuid ());
462
463 if (pwd == NULL)
464 {
465 fprintf (stderr, "No such user\n");
466 return -1;
467 }
468
469 info.username = pwd->pw_name;
470 #else
471 fprintf (stderr, "Please specify a user\n");
472 return -1;
473 #endif
474 }
475
476 salt = 16;
477
478 passwd = getpass ("Enter password: ");
479 if (passwd == NULL)
480 {
481 fprintf (stderr, "Please specify a password\n");
482 return -1;
483 }
484
485 /* not ready yet */
486 if (info.verify != 0)
487 {
488 return verify_passwd (info.passwd_conf, info.passwd,
489 info.username, passwd);
490 }
491
492
493 return crypt_int (info.username, passwd, salt,
494 info.passwd_conf, info.passwd, info.index);
495
496 }
497
498 char *
499 _srp_crypt (const char *username, const char *passwd, int salt_size,
500 const gnutls_datum_t * g, const gnutls_datum_t * n)
501 {
502 char salt[128];
503 static char result[1024];
504 gnutls_datum_t dat_salt, txt_salt;
505 gnutls_datum_t verifier, txt_verifier;
506
507 if ((unsigned) salt_size > sizeof (salt))
508 return NULL;
509
510 /* generate the salt
511 */
512 if (gc_nonce (salt, salt_size) != GC_OK)
513 {
514 fprintf (stderr, "Could not create nonce\n");
515 return NULL;
516 }
517
518 dat_salt.data = salt;
519 dat_salt.size = salt_size;
520
521 if (gnutls_srp_verifier (username, passwd, &dat_salt, g, n, &verifier) < 0)
522 {
523 fprintf (stderr, "Error getting verifier\n");
524 return NULL;
525 }
526
527 /* base64 encode the verifier */
528 if (gnutls_srp_base64_encode_alloc (&verifier, &txt_verifier) < 0)
529 {
530 fprintf (stderr, "Error encoding\n");
531 free (verifier.data);
532 return NULL;
533 }
534
535 free (verifier.data);
536
537 if (gnutls_srp_base64_encode_alloc (&dat_salt, &txt_salt) < 0)
538 {
539 fprintf (stderr, "Error encoding\n");
540 return NULL;
541 }
542
543 sprintf (result, "%s:%s", txt_verifier.data, txt_salt.data);
544 free (txt_salt.data);
545 free (txt_verifier.data);
546
547 return result;
548
549 }
550
551
552 int
553 crypt_int (const char *username, const char *passwd, int salt_size,
554 char *tpasswd_conf, char *tpasswd, int uindex)
555 {
556 FILE *fd;
557 char *cr;
558 gnutls_datum_t g, n;
559 char line[5 * 1024];
560 char *p, *pp;
561 int iindex;
562 char tmpname[1024];
563
564 fd = fopen (tpasswd_conf, "r");
565 if (fd == NULL)
566 {
567 fprintf (stderr, "Cannot find %s\n", tpasswd_conf);
568 return -1;
569 }
570
571 do
572 { /* find the specified uindex in file */
573 p = fgets (line, sizeof (line) - 1, fd);
574 iindex = atoi (p);
575 }
576 while (p != NULL && iindex != uindex);
577
578 if (p == NULL)
579 {
580 fprintf (stderr, "Cannot find entry in %s\n", tpasswd_conf);
581 return -1;
582 }
583 line[sizeof (line) - 1] = 0;
584
585 fclose (fd);
586 if ((iindex = read_conf_values (&g, &n, line)) < 0)
587 {
588 fprintf (stderr, "Cannot parse conf file '%s'\n", tpasswd_conf);
589 return -1;
590 }
591
592 cr = _srp_crypt (username, passwd, salt_size, &g, &n);
593 if (cr == NULL)
594 {
595 fprintf (stderr, "Cannot _srp_crypt()...\n");
596 return -1;
597 }
598 else
599 {
600 /* delete previous entry */
601 struct stat st;
602 FILE *fd2;
603 int put;
604
605 if (strlen (tpasswd) > sizeof (tmpname) + 5)
606 {
607 fprintf (stderr, "file '%s' is tooooo long\n", tpasswd);
608 return -1;
609 }
610 strcpy (tmpname, tpasswd);
611 strcat (tmpname, ".tmp");
612
613 if (stat (tmpname, &st) != -1)
614 {
615 fprintf (stderr, "file '%s' is locked\n", tpasswd);
616 return -1;
617 }
618
619 if (filecopy (tpasswd, tmpname) != 0)
620 {
621 fprintf (stderr, "Cannot copy '%s' to '%s'\n", tpasswd, tmpname);
622 return -1;
623 }
624
625 fd = fopen (tpasswd, "w");
626 if (fd == NULL)
627 {
628 fprintf (stderr, "Cannot open '%s' for write\n", tpasswd);
629 remove (tmpname);
630 return -1;
631 }
632
633 fd2 = fopen (tmpname, "r");
634 if (fd2 == NULL)
635 {
636 fprintf (stderr, "Cannot open '%s' for read\n", tmpname);
637 remove (tmpname);
638 return -1;
639 }
640
641 put = 0;
642 do
643 {
644 p = fgets (line, sizeof (line) - 1, fd2);
645 if (p == NULL)
646 break;
647
648 pp = strchr (line, ':');
649 if (pp == NULL)
650 continue;
651
652 if (strncmp
653 (p, username,
654 _MAX (strlen (username), (unsigned int) (pp - p))) == 0)
655 {
656 put = 1;
657 fprintf (fd, "%s:%s:%u\n", username, cr, iindex);
658 }
659 else
660 {
661 fputs (line, fd);
662 }
663 }
664 while (1);
665
666 if (put == 0)
667 {
668 fprintf (fd, "%s:%s:%u\n", username, cr, iindex);
669 }
670
671 fclose (fd);
672 fclose (fd2);
673
674 remove (tmpname);
675
676 }
677
678
679 return 0;
680 }
681
682
683
684 /* this function parses tpasswd.conf file. Format is:
685 * int(index):base64(n):base64(g)
686 */
687 static int
688 read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n, char *str)
689 {
690 char *p;
691 int len;
692 int index, ret;
693 gnutls_datum_t dat;
694
695 index = atoi (str);
696
697 p = strrchr (str, ':'); /* we have g */
698 if (p == NULL)
699 {
700 return -1;
701 }
702
703 *p = '\0';
704 p++;
705
706 /* read the generator */
707 len = strlen (p);
708 if (p[len - 1] == '\n')
709 len--;
710
711 dat.data = p;
712 dat.size = len;
713 ret = gnutls_srp_base64_decode_alloc (&dat, g);
714
715 if (ret < 0)
716 {
717 fprintf (stderr, "Decoding error\n");
718 return -1;
719 }
720
721 /* now go for n - modulo */
722 p = strrchr (str, ':'); /* we have n */
723 if (p == NULL)
724 {
725 return -1;
726 }
727
728 *p = '\0';
729 p++;
730
731 dat.data = p;
732 dat.size = strlen (p);
733
734 ret = gnutls_srp_base64_decode_alloc (&dat, n);
735
736 if (ret < 0)
737 {
738 fprintf (stderr, "Decoding error\n");
739 free (g->data);
740 return -1;
741 }
742
743 return index;
744 }
745
746 #endif /* ENABLE_SRP */
Implementation of the SSL/TLS protocol