diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-08 22:14:07 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-08 22:17:10 +0100 |
commit | 76c93d23c073ef8b885503b7d28a31ffe2add6d8 (patch) | |
tree | 1dd2d22a197bc40c5330e516969a7cb1ae9bc96f /lib/auth/srp_passwd.c | |
parent | 559a144f6bbcbb611453f82e655dd7438c14d1a7 (diff) | |
download | gnutls-76c93d23c073ef8b885503b7d28a31ffe2add6d8.tar.gz |
reindented code
Diffstat (limited to 'lib/auth/srp_passwd.c')
-rw-r--r-- | lib/auth/srp_passwd.c | 763 |
1 files changed, 362 insertions, 401 deletions
diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index a9693d886e..a97114a2c1 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -39,160 +39,148 @@ #include <gnutls_num.h> #include <random.h> -static int _randomize_pwd_entry (SRP_PWD_ENTRY * entry); +static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry); /* this function parses tpasswd.conf file. Format is: * string(username):base64(v):base64(salt):int(index) */ -static int -parse_tpasswd_values (SRP_PWD_ENTRY * entry, char *str) +static int parse_tpasswd_values(SRP_PWD_ENTRY * entry, char *str) { - char *p; - int len, ret; - uint8_t *verifier; - size_t verifier_size; - int indx; - - p = strrchr (str, ':'); /* we have index */ - if (p == NULL) - { - gnutls_assert (); - return GNUTLS_E_SRP_PWD_PARSING_ERROR; - } - - *p = '\0'; - p++; - - indx = atoi (p); - if (indx == 0) - { - gnutls_assert (); - return GNUTLS_E_SRP_PWD_PARSING_ERROR; - } - - /* now go for salt */ - p = strrchr (str, ':'); /* we have salt */ - if (p == NULL) - { - gnutls_assert (); - return GNUTLS_E_SRP_PWD_PARSING_ERROR; - } - - *p = '\0'; - p++; - - len = strlen (p); - - entry->salt.size = _gnutls_sbase64_decode (p, len, &entry->salt.data); - - if (entry->salt.size <= 0) - { - gnutls_assert (); - return GNUTLS_E_SRP_PWD_PARSING_ERROR; - } - - /* now go for verifier */ - p = strrchr (str, ':'); /* we have verifier */ - if (p == NULL) - { - _gnutls_free_datum (&entry->salt); - return GNUTLS_E_SRP_PWD_PARSING_ERROR; - } - - *p = '\0'; - p++; - - len = strlen (p); - ret = _gnutls_sbase64_decode (p, len, &verifier); - if (ret <= 0) - { - gnutls_assert (); - _gnutls_free_datum (&entry->salt); - return GNUTLS_E_SRP_PWD_PARSING_ERROR; - } - - verifier_size = ret; - entry->v.data = verifier; - entry->v.size = verifier_size; - - /* now go for username */ - *p = '\0'; - - entry->username = gnutls_strdup (str); - if (entry->username == NULL) - { - _gnutls_free_datum (&entry->salt); - _gnutls_free_datum (&entry->v); - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - return indx; + char *p; + int len, ret; + uint8_t *verifier; + size_t verifier_size; + int indx; + + p = strrchr(str, ':'); /* we have index */ + if (p == NULL) { + gnutls_assert(); + return GNUTLS_E_SRP_PWD_PARSING_ERROR; + } + + *p = '\0'; + p++; + + indx = atoi(p); + if (indx == 0) { + gnutls_assert(); + return GNUTLS_E_SRP_PWD_PARSING_ERROR; + } + + /* now go for salt */ + p = strrchr(str, ':'); /* we have salt */ + if (p == NULL) { + gnutls_assert(); + return GNUTLS_E_SRP_PWD_PARSING_ERROR; + } + + *p = '\0'; + p++; + + len = strlen(p); + + entry->salt.size = + _gnutls_sbase64_decode(p, len, &entry->salt.data); + + if (entry->salt.size <= 0) { + gnutls_assert(); + return GNUTLS_E_SRP_PWD_PARSING_ERROR; + } + + /* now go for verifier */ + p = strrchr(str, ':'); /* we have verifier */ + if (p == NULL) { + _gnutls_free_datum(&entry->salt); + return GNUTLS_E_SRP_PWD_PARSING_ERROR; + } + + *p = '\0'; + p++; + + len = strlen(p); + ret = _gnutls_sbase64_decode(p, len, &verifier); + if (ret <= 0) { + gnutls_assert(); + _gnutls_free_datum(&entry->salt); + return GNUTLS_E_SRP_PWD_PARSING_ERROR; + } + + verifier_size = ret; + entry->v.data = verifier; + entry->v.size = verifier_size; + + /* now go for username */ + *p = '\0'; + + entry->username = gnutls_strdup(str); + if (entry->username == NULL) { + _gnutls_free_datum(&entry->salt); + _gnutls_free_datum(&entry->v); + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + return indx; } /* this function parses tpasswd.conf file. Format is: * int(index):base64(n):int(g) */ -static int -parse_tpasswd_conf_values (SRP_PWD_ENTRY * entry, char *str) +static int parse_tpasswd_conf_values(SRP_PWD_ENTRY * entry, char *str) { - char *p; - int len; - uint8_t *tmp; - int ret; - - p = strrchr (str, ':'); /* we have g */ - if (p == NULL) - { - gnutls_assert (); - return GNUTLS_E_SRP_PWD_PARSING_ERROR; - } - - *p = '\0'; - p++; - - /* read the generator */ - len = strlen (p); - if (p[len - 1] == '\n' || p[len - 1] == ' ') - len--; - ret = _gnutls_sbase64_decode (p, len, &tmp); - - if (ret < 0) - { - gnutls_assert (); - return GNUTLS_E_SRP_PWD_PARSING_ERROR; - } - - entry->g.data = tmp; - entry->g.size = ret; - - /* now go for n - modulo */ - p = strrchr (str, ':'); /* we have n */ - if (p == NULL) - { - _gnutls_free_datum (&entry->g); - gnutls_assert (); - return GNUTLS_E_SRP_PWD_PARSING_ERROR; - } - - *p = '\0'; - p++; - - len = strlen (p); - ret = _gnutls_sbase64_decode (p, len, &tmp); - - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (&entry->g); - return GNUTLS_E_SRP_PWD_PARSING_ERROR; - } - - entry->n.data = tmp; - entry->n.size = ret; - - return 0; + char *p; + int len; + uint8_t *tmp; + int ret; + + p = strrchr(str, ':'); /* we have g */ + if (p == NULL) { + gnutls_assert(); + return GNUTLS_E_SRP_PWD_PARSING_ERROR; + } + + *p = '\0'; + p++; + + /* read the generator */ + len = strlen(p); + if (p[len - 1] == '\n' || p[len - 1] == ' ') + len--; + ret = _gnutls_sbase64_decode(p, len, &tmp); + + if (ret < 0) { + gnutls_assert(); + return GNUTLS_E_SRP_PWD_PARSING_ERROR; + } + + entry->g.data = tmp; + entry->g.size = ret; + + /* now go for n - modulo */ + p = strrchr(str, ':'); /* we have n */ + if (p == NULL) { + _gnutls_free_datum(&entry->g); + gnutls_assert(); + return GNUTLS_E_SRP_PWD_PARSING_ERROR; + } + + *p = '\0'; + p++; + + len = strlen(p); + ret = _gnutls_sbase64_decode(p, len, &tmp); + + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(&entry->g); + return GNUTLS_E_SRP_PWD_PARSING_ERROR; + } + + entry->n.data = tmp; + entry->n.size = ret; + + return 0; } @@ -200,283 +188,256 @@ parse_tpasswd_conf_values (SRP_PWD_ENTRY * entry, char *str) * values. They are put in the entry. */ static int -pwd_read_conf (const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) +pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) { - FILE *fd; - char line[2 * 1024]; - unsigned i, len; - char indexstr[10]; - int ret; - - snprintf (indexstr, sizeof(indexstr), "%u", (unsigned int)idx); - - fd = fopen (pconf_file, "r"); - if (fd == NULL) - { - gnutls_assert (); - return GNUTLS_E_FILE_ERROR; - } - - len = strlen (indexstr); - while (fgets (line, sizeof (line), fd) != NULL) - { - /* move to first ':' */ - i = 0; - while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line))) - { - i++; - } - if (strncmp (indexstr, line, MAX (i, len)) == 0) - { - if ((idx = parse_tpasswd_conf_values (entry, line)) >= 0) - { - ret = 0; - goto cleanup; - } - else - { - ret = GNUTLS_E_SRP_PWD_ERROR; - goto cleanup; - } - } - } - ret = GNUTLS_E_SRP_PWD_ERROR; - -cleanup: - fclose(fd); - return ret; + FILE *fd; + char line[2 * 1024]; + unsigned i, len; + char indexstr[10]; + int ret; + + snprintf(indexstr, sizeof(indexstr), "%u", (unsigned int) idx); + + fd = fopen(pconf_file, "r"); + if (fd == NULL) { + gnutls_assert(); + return GNUTLS_E_FILE_ERROR; + } + + len = strlen(indexstr); + while (fgets(line, sizeof(line), fd) != NULL) { + /* move to first ':' */ + i = 0; + while ((line[i] != ':') && (line[i] != '\0') + && (i < sizeof(line))) { + i++; + } + if (strncmp(indexstr, line, MAX(i, len)) == 0) { + if ((idx = + parse_tpasswd_conf_values(entry, + line)) >= 0) { + ret = 0; + goto cleanup; + } else { + ret = GNUTLS_E_SRP_PWD_ERROR; + goto cleanup; + } + } + } + ret = GNUTLS_E_SRP_PWD_ERROR; + + cleanup: + fclose(fd); + return ret; } int -_gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, - SRP_PWD_ENTRY ** _entry) +_gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, + SRP_PWD_ENTRY ** _entry) { - gnutls_srp_server_credentials_t cred; - FILE *fd = NULL; - char line[2 * 1024]; - unsigned i, len; - int ret; - int idx; - SRP_PWD_ENTRY *entry = NULL; - - *_entry = gnutls_calloc (1, sizeof (SRP_PWD_ENTRY)); - if (*_entry == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - entry = *_entry; - - cred = (gnutls_srp_server_credentials_t) - _gnutls_get_cred (state, GNUTLS_CRD_SRP, NULL); - if (cred == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS; - goto cleanup; - } - - /* if the callback which sends the parameters is - * set, use it. - */ - if (cred->pwd_callback != NULL) - { - ret = cred->pwd_callback (state, username, &entry->salt, - &entry->v, &entry->g, &entry->n); - - if (ret == 1) - { /* the user does not exist */ - if (entry->g.size != 0 && entry->n.size != 0) - { - ret = _randomize_pwd_entry (entry); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - return 0; - } - else - { - gnutls_assert (); - ret = -1; /* error in the callback */ - } - } - - if (ret < 0) - { - gnutls_assert (); - ret = GNUTLS_E_SRP_PWD_ERROR; - goto cleanup; - } - - return 0; - } - - /* The callback was not set. Proceed. - */ - - if (cred->password_file == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_SRP_PWD_ERROR; - goto cleanup; - } - - /* Open the selected password file. - */ - fd = fopen (cred->password_file, "r"); - if (fd == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_SRP_PWD_ERROR; - goto cleanup; - } - - len = strlen (username); - while (fgets (line, sizeof (line), fd) != NULL) - { - /* move to first ':' */ - i = 0; - while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line))) - { - i++; - } - - if (strncmp (username, line, MAX (i, len)) == 0) - { - if ((idx = parse_tpasswd_values (entry, line)) >= 0) - { - /* Keep the last index in memory, so we can retrieve fake parameters (g,n) - * when the user does not exist. - */ - if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0) - { - goto found; - } - else - { - gnutls_assert (); - ret = GNUTLS_E_SRP_PWD_ERROR; - goto cleanup; - } - } - else - { - gnutls_assert (); - ret = GNUTLS_E_SRP_PWD_ERROR; - goto cleanup; - } - } - } - - /* user was not found. Fake him. Actually read the g,n values from - * the last index found and randomize the entry. - */ - if (pwd_read_conf (cred->password_conf_file, entry, 1) == 0) - { - ret = _randomize_pwd_entry (entry); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - goto found; - } - - ret = GNUTLS_E_SRP_PWD_ERROR; -cleanup: - gnutls_assert (); - if (fd) fclose(fd); - _gnutls_srp_entry_free (entry); - return ret; - -found: - if (fd) fclose(fd); - return 0; + gnutls_srp_server_credentials_t cred; + FILE *fd = NULL; + char line[2 * 1024]; + unsigned i, len; + int ret; + int idx; + SRP_PWD_ENTRY *entry = NULL; + + *_entry = gnutls_calloc(1, sizeof(SRP_PWD_ENTRY)); + if (*_entry == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + entry = *_entry; + + cred = (gnutls_srp_server_credentials_t) + _gnutls_get_cred(state, GNUTLS_CRD_SRP, NULL); + if (cred == NULL) { + gnutls_assert(); + ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS; + goto cleanup; + } + + /* if the callback which sends the parameters is + * set, use it. + */ + if (cred->pwd_callback != NULL) { + ret = cred->pwd_callback(state, username, &entry->salt, + &entry->v, &entry->g, &entry->n); + + if (ret == 1) { /* the user does not exist */ + if (entry->g.size != 0 && entry->n.size != 0) { + ret = _randomize_pwd_entry(entry); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + return 0; + } else { + gnutls_assert(); + ret = -1; /* error in the callback */ + } + } + + if (ret < 0) { + gnutls_assert(); + ret = GNUTLS_E_SRP_PWD_ERROR; + goto cleanup; + } + + return 0; + } + + /* The callback was not set. Proceed. + */ + + if (cred->password_file == NULL) { + gnutls_assert(); + ret = GNUTLS_E_SRP_PWD_ERROR; + goto cleanup; + } + + /* Open the selected password file. + */ + fd = fopen(cred->password_file, "r"); + if (fd == NULL) { + gnutls_assert(); + ret = GNUTLS_E_SRP_PWD_ERROR; + goto cleanup; + } + + len = strlen(username); + while (fgets(line, sizeof(line), fd) != NULL) { + /* move to first ':' */ + i = 0; + while ((line[i] != ':') && (line[i] != '\0') + && (i < sizeof(line))) { + i++; + } + + if (strncmp(username, line, MAX(i, len)) == 0) { + if ((idx = parse_tpasswd_values(entry, line)) >= 0) { + /* Keep the last index in memory, so we can retrieve fake parameters (g,n) + * when the user does not exist. + */ + if (pwd_read_conf + (cred->password_conf_file, entry, + idx) == 0) { + goto found; + } else { + gnutls_assert(); + ret = GNUTLS_E_SRP_PWD_ERROR; + goto cleanup; + } + } else { + gnutls_assert(); + ret = GNUTLS_E_SRP_PWD_ERROR; + goto cleanup; + } + } + } + + /* user was not found. Fake him. Actually read the g,n values from + * the last index found and randomize the entry. + */ + if (pwd_read_conf(cred->password_conf_file, entry, 1) == 0) { + ret = _randomize_pwd_entry(entry); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + goto found; + } + + ret = GNUTLS_E_SRP_PWD_ERROR; + cleanup: + gnutls_assert(); + if (fd) + fclose(fd); + _gnutls_srp_entry_free(entry); + return ret; + + found: + if (fd) + fclose(fd); + return 0; } /* Randomizes the given password entry. It actually sets the verifier * and the salt. Returns 0 on success. */ -static int -_randomize_pwd_entry (SRP_PWD_ENTRY * entry) +static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry) { - unsigned char rnd; - int ret; - - if (entry->g.size == 0 || entry->n.size == 0) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - entry->salt.size = (rnd % 10) + 9; - - entry->v.data = gnutls_malloc (20); - entry->v.size = 20; - if (entry->v.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, entry->v.data, 20); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - entry->salt.data = gnutls_malloc (entry->salt.size); - if (entry->salt.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = _gnutls_rnd (GNUTLS_RND_NONCE, entry->salt.data, entry->salt.size); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - return 0; + unsigned char rnd; + int ret; + + if (entry->g.size == 0 || entry->n.size == 0) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + + ret = _gnutls_rnd(GNUTLS_RND_NONCE, &rnd, 1); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + entry->salt.size = (rnd % 10) + 9; + + entry->v.data = gnutls_malloc(20); + entry->v.size = 20; + if (entry->v.data == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = _gnutls_rnd(GNUTLS_RND_RANDOM, entry->v.data, 20); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + entry->salt.data = gnutls_malloc(entry->salt.size); + if (entry->salt.data == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = + _gnutls_rnd(GNUTLS_RND_NONCE, entry->salt.data, + entry->salt.size); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return 0; } /* Free all the entry parameters, except if g and n are * the static ones defined in gnutls.h */ -void -_gnutls_srp_entry_free (SRP_PWD_ENTRY * entry) +void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry) { - _gnutls_free_datum (&entry->v); - _gnutls_free_datum (&entry->salt); - - if ((entry->g.data != gnutls_srp_1024_group_generator.data) - && (entry->g.data != gnutls_srp_3072_group_generator.data)) - _gnutls_free_datum (&entry->g); - - if (entry->n.data != gnutls_srp_1024_group_prime.data && - entry->n.data != gnutls_srp_1536_group_prime.data && - entry->n.data != gnutls_srp_2048_group_prime.data && - entry->n.data != gnutls_srp_3072_group_prime.data && - entry->n.data != gnutls_srp_4096_group_prime.data) - _gnutls_free_datum (&entry->n); - - gnutls_free (entry->username); - gnutls_free (entry); + _gnutls_free_datum(&entry->v); + _gnutls_free_datum(&entry->salt); + + if ((entry->g.data != gnutls_srp_1024_group_generator.data) + && (entry->g.data != gnutls_srp_3072_group_generator.data)) + _gnutls_free_datum(&entry->g); + + if (entry->n.data != gnutls_srp_1024_group_prime.data && + entry->n.data != gnutls_srp_1536_group_prime.data && + entry->n.data != gnutls_srp_2048_group_prime.data && + entry->n.data != gnutls_srp_3072_group_prime.data && + entry->n.data != gnutls_srp_4096_group_prime.data) + _gnutls_free_datum(&entry->n); + + gnutls_free(entry->username); + gnutls_free(entry); } -#endif /* ENABLE SRP */ +#endif /* ENABLE SRP */ |