diff options
| author | Linus Nordberg <linus@nordu.net> | 2011-09-29 11:21:30 +0200 |
|---|---|---|
| committer | Linus Nordberg <linus@nordu.net> | 2011-09-29 11:21:30 +0200 |
| commit | 4806ddac9fc1dd243f9297c031689c23be6ee8b0 (patch) | |
| tree | 07519d6c9657c34360ae67b8fb807bfcad561be3 /fticks.c | |
| parent | d6bb6b8aa41e6a6f9c6779cef754ef4fd5a4cbd2 (diff) | |
Add binary radsecproxy-hash.
Split up fticks.c in order not to have to drag in too much of
radsecproxy in order to just hash a MAC.
Diffstat (limited to 'fticks.c')
| -rw-r--r-- | fticks.c | 94 |
1 files changed, 1 insertions, 93 deletions
@@ -2,55 +2,10 @@ * See LICENSE for information about licensing. */ -#include <stdio.h> /* For sprintf(). */ -#include <string.h> -#include <ctype.h> -#include <errno.h> -#include <nettle/sha.h> -#include <nettle/hmac.h> - -#include <regex.h> -#include <pthread.h> -#include <sys/time.h> #include "radsecproxy.h" #include "debug.h" - #include "fticks.h" - -static void -_format_hash(const uint8_t *hash, size_t out_len, uint8_t *out) -{ - int ir, iw; - - for (ir = 0, iw = 0; iw <= out_len - 3; ir++, iw += 2) - sprintf((char *) out + iw, "%02x", hash[ir % SHA256_DIGEST_SIZE]); -} - -static void -_hash(const uint8_t *in, - const uint8_t *key, - size_t out_len, - uint8_t *out) -{ - if (key == NULL) { - struct sha256_ctx ctx; - uint8_t hash[SHA256_DIGEST_SIZE]; - - sha256_init(&ctx); - sha256_update(&ctx, strlen((char *) in), in); - sha256_digest(&ctx, sizeof(hash), hash); - _format_hash(hash, out_len, out); - } - else { - struct hmac_sha256_ctx ctx; - uint8_t hash[SHA256_DIGEST_SIZE]; - - hmac_sha256_set_key(&ctx, strlen((char *) key), key); - hmac_sha256_update(&ctx, strlen((char *) in), in); - hmac_sha256_digest(&ctx, sizeof(hash), hash); - _format_hash(hash, out_len, out); - } -} +#include "fticks_hashmac.h" int fticks_configure(struct options *options, @@ -122,53 +77,6 @@ out: return r; } -/** Hash the Ethernet MAC address in \a IN, keying a HMAC with \a KEY - unless \a KEY is NULL. If \a KEY is null \a IN is hashed with an - ordinary cryptographic hash function such as SHA-2. - - \a IN and \a KEY are NULL terminated strings. - - \a IN is supposed to be an Ethernet MAC address and is sanitised - by lowercasing it, removing all but [0-9a-f] and truncating it at - the first ';' found. The truncation is done because RADIUS - supposedly has a praxis of tacking on SSID to the MAC address in - Calling-Station-Id. - - \return 0 on success, -ENOMEM on out of memory. -*/ -int -fticks_hashmac(const uint8_t *in, - const uint8_t *key, - size_t out_len, - uint8_t *out) -{ - uint8_t *in_copy = NULL; - uint8_t *p = NULL; - int i; - - in_copy = calloc(1, strlen((const char *) in) + 1); - if (in_copy == NULL) - return -ENOMEM; - - /* Sanitise and lowercase 'in' into 'in_copy'. */ - for (i = 0, p = in_copy; in[i] != '\0'; i++) { - if (in[i] == ';') { - *p++ = '\0'; - break; - } - if (in[i] >= '0' && in[i] <= '9') { - *p++ = in[i]; - } - else if (tolower(in[i]) >= 'a' && tolower(in[i]) <= 'f') { - *p++ = tolower(in[i]); - } - } - - _hash(in_copy, key, out_len, out); - free(in_copy); - return 0; -} - void fticks_log(const struct options *options, const struct client *client, |