Commit 4806ddac authored by Linus Nordberg's avatar Linus Nordberg

Add binary radsecproxy-hash.

Split up fticks.c in order not to have to drag in too much of
radsecproxy in order to just hash a MAC.
parent d6bb6b8a
......@@ -2,55 +2,10 @@
* See LICENSE for information about licensing.
*/
#include <stdio.h> /* For sprintf(). */
#include <string.h>
#include <ctype.h>
#include <errno.h>
#include <nettle/sha.h>
#include <nettle/hmac.h>
#include <regex.h>
#include <pthread.h>
#include <sys/time.h>
#include "radsecproxy.h"
#include "debug.h"
#include "fticks.h"
static void
_format_hash(const uint8_t *hash, size_t out_len, uint8_t *out)
{
int ir, iw;
for (ir = 0, iw = 0; iw <= out_len - 3; ir++, iw += 2)
sprintf((char *) out + iw, "%02x", hash[ir % SHA256_DIGEST_SIZE]);
}
static void
_hash(const uint8_t *in,
const uint8_t *key,
size_t out_len,
uint8_t *out)
{
if (key == NULL) {
struct sha256_ctx ctx;
uint8_t hash[SHA256_DIGEST_SIZE];
sha256_init(&ctx);
sha256_update(&ctx, strlen((char *) in), in);
sha256_digest(&ctx, sizeof(hash), hash);
_format_hash(hash, out_len, out);
}
else {
struct hmac_sha256_ctx ctx;
uint8_t hash[SHA256_DIGEST_SIZE];
hmac_sha256_set_key(&ctx, strlen((char *) key), key);
hmac_sha256_update(&ctx, strlen((char *) in), in);
hmac_sha256_digest(&ctx, sizeof(hash), hash);
_format_hash(hash, out_len, out);
}
}
#include "fticks_hashmac.h"
int
fticks_configure(struct options *options,
......@@ -122,53 +77,6 @@ out:
return r;
}
/** Hash the Ethernet MAC address in \a IN, keying a HMAC with \a KEY
unless \a KEY is NULL. If \a KEY is null \a IN is hashed with an
ordinary cryptographic hash function such as SHA-2.
\a IN and \a KEY are NULL terminated strings.
\a IN is supposed to be an Ethernet MAC address and is sanitised
by lowercasing it, removing all but [0-9a-f] and truncating it at
the first ';' found. The truncation is done because RADIUS
supposedly has a praxis of tacking on SSID to the MAC address in
Calling-Station-Id.
\return 0 on success, -ENOMEM on out of memory.
*/
int
fticks_hashmac(const uint8_t *in,
const uint8_t *key,
size_t out_len,
uint8_t *out)
{
uint8_t *in_copy = NULL;
uint8_t *p = NULL;
int i;
in_copy = calloc(1, strlen((const char *) in) + 1);
if (in_copy == NULL)
return -ENOMEM;
/* Sanitise and lowercase 'in' into 'in_copy'. */
for (i = 0, p = in_copy; in[i] != '\0'; i++) {
if (in[i] == ';') {
*p++ = '\0';
break;
}
if (in[i] >= '0' && in[i] <= '9') {
*p++ = in[i];
}
else if (tolower(in[i]) >= 'a' && tolower(in[i]) <= 'f') {
*p++ = tolower(in[i]);
}
}
_hash(in_copy, key, out_len, out);
free(in_copy);
return 0;
}
void
fticks_log(const struct options *options,
const struct client *client,
......
......@@ -6,10 +6,6 @@ int fticks_configure(struct options *options,
uint8_t **reportingp,
uint8_t **macp,
uint8_t **keyp);
int fticks_hashmac(const uint8_t *in,
const uint8_t *key,
size_t out_len,
uint8_t *out);
void fticks_log(const struct options *options,
const struct client *client,
const struct radmsg *msg,
......
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <ctype.h>
#include <nettle/sha.h>
#include <nettle/hmac.h>
#include "fticks_hashmac.h"
static void
_format_hash(const uint8_t *hash, size_t out_len, uint8_t *out)
{
int ir, iw;
for (ir = 0, iw = 0; iw <= out_len - 3; ir++, iw += 2)
sprintf((char *) out + iw, "%02x", hash[ir % SHA256_DIGEST_SIZE]);
}
static void
_hash(const uint8_t *in,
const uint8_t *key,
size_t out_len,
uint8_t *out)
{
if (key == NULL) {
struct sha256_ctx ctx;
uint8_t hash[SHA256_DIGEST_SIZE];
sha256_init(&ctx);
sha256_update(&ctx, strlen((char *) in), in);
sha256_digest(&ctx, sizeof(hash), hash);
_format_hash(hash, out_len, out);
}
else {
struct hmac_sha256_ctx ctx;
uint8_t hash[SHA256_DIGEST_SIZE];
hmac_sha256_set_key(&ctx, strlen((char *) key), key);
hmac_sha256_update(&ctx, strlen((char *) in), in);
hmac_sha256_digest(&ctx, sizeof(hash), hash);
_format_hash(hash, out_len, out);
}
}
/** Hash the Ethernet MAC address in \a IN, keying a HMAC with \a KEY
unless \a KEY is NULL. If \a KEY is null \a IN is hashed with an
ordinary cryptographic hash function such as SHA-2.
\a IN and \a KEY are NULL terminated strings.
\a IN is supposed to be an Ethernet MAC address and is sanitised
by lowercasing it, removing all but [0-9a-f] and truncating it at
the first ';' found. The truncation is done because RADIUS
supposedly has a praxis of tacking on SSID to the MAC address in
Calling-Station-Id.
\return 0 on success, -ENOMEM on out of memory.
*/
int
fticks_hashmac(const uint8_t *in,
const uint8_t *key,
size_t out_len,
uint8_t *out)
{
uint8_t *in_copy = NULL;
uint8_t *p = NULL;
int i;
in_copy = calloc(1, strlen((const char *) in) + 1);
if (in_copy == NULL)
return -ENOMEM;
/* Sanitise and lowercase 'in' into 'in_copy'. */
for (i = 0, p = in_copy; in[i] != '\0'; i++) {
if (in[i] == ';') {
*p++ = '\0';
break;
}
if (in[i] >= '0' && in[i] <= '9') {
*p++ = in[i];
}
else if (tolower(in[i]) >= 'a' && tolower(in[i]) <= 'f') {
*p++ = tolower(in[i]);
}
}
_hash(in_copy, key, out_len, out);
free(in_copy);
return 0;
}
#include <stdint.h>
#include <stddef.h>
int fticks_hashmac(const uint8_t *in,
const uint8_t *key,
size_t out_len,
uint8_t *out);
.TH radsecproxy-hash 1 "29 Sep 2011"
.SH "NAME"
radsecproxy-hash - print digests of Ethernet MAC addresses
.SH "SYNOPSIS"
.HP 12
radsecproxy-hash [-h] [-k key] [-t type]
.sp
.SH "DESCRIPTION"
Print the hash or hmac of Ethernet MAC addresses read from standard
input.
.SH "OPTIONS"
.TP
.B -h
\fIdisplay help and exit\fR
.TP
.B -k key
\fIuse KEY for HMAC calculation\fR
.TP
.B -t type
\fIprint digest of type TYPE [hash|hmac]\fR
.SH "SEE ALSO"
radsecproxy.conf(5)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment