From 90054e8a7df36eea21b612de6bd28d88e67989f9 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@kth.se>
Date: Mon, 12 Apr 2021 23:05:22 +0200
Subject: First commit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@kth.se>
---
 libsecauth_server_hash.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 libsecauth_server_hash.c

(limited to 'libsecauth_server_hash.c')

diff --git a/libsecauth_server_hash.c b/libsecauth_server_hash.c
new file mode 100644
index 0000000..6f0d4f0
--- /dev/null
+++ b/libsecauth_server_hash.c
@@ -0,0 +1,55 @@
+/* See LICENSE file for copyright and license details. */
+#include "libsecauth.h"
+
+#include <crypt.h>
+#include <stdlib.h>
+#include <string.h>
+
+
+int
+libsecauth_server_hash(const struct libsecauth_spec *spec, const char *inhash, const char *pepper, char **resultp)
+{
+	struct crypt_data hashbuf[2];
+	const char *hash = inhash, *result;
+	char *posthash = NULL, *p;
+	uint32_t rounds;
+	size_t i = 0;
+
+	*resultp = NULL;
+	memset(hashbuf, 0, sizeof(hashbuf));
+
+	for (i = 0, rounds = spec->server_rounds; rounds--; i ^= 1) {
+		hash = crypt_r(hash, spec->xferhash, &hashbuf[i]);
+		if (!hash)
+			return -1;
+	}
+
+	if (pepper) {
+		posthash = malloc(strlen(spec->posthash) + strlen(pepper) + 2);
+		if (!posthash)
+			return -1;
+		p = stpcpy(posthash, spec->posthash);
+		if (*posthash && p[-1] == '$')
+			p -= 1;
+		stpcpy(p, pepper);
+	}
+
+	hash = crypt_r(hash, posthash ? posthash : spec->posthash, &hashbuf[i]);
+	free(posthash);
+	if (!hash)
+		return -1;
+
+	result = strrchr(hash, '$');
+	result = result ? &result[1] : hash;
+
+	if (resultp) {
+		*resultp = strdup(result);
+		if (!*resultp)
+			return -1;
+	}
+
+	if (!spec->expected || !*spec->expected)
+		return 0;
+
+	return !strcmp(result, spec->expected);
+}
-- 
cgit v1.2.3-70-g09d2