annotate src/c/mhash.c @ 1163:6c507826fae9

Tips for CGI scripts without httpd.conf access
author Adam Chlipala <adamc@hcoop.net>
date Tue, 09 Feb 2010 20:08:59 -0500
parents 042f618f7c77
children 236dc296c32d
rev   line source
adamc@1104 1 #include <mhash.h>
adamc@1145 2 #include <fcntl.h>
adamc@1104 3
adamc@1104 4 #define KEYSIZE 16
adamc@1104 5 #define PASSSIZE 4
adamc@1104 6
adamc@1104 7 #define HASH_ALGORITHM MHASH_SHA256
adamc@1104 8 #define HASH_BLOCKSIZE 32
adamc@1104 9 #define KEYGEN_ALGORITHM KEYGEN_MCRYPT
adamc@1104 10
adamc@1104 11 int uw_hash_blocksize = HASH_BLOCKSIZE;
adamc@1104 12
adamc@1104 13 static int password[PASSSIZE];
adamc@1104 14 static unsigned char private_key[KEYSIZE];
adamc@1104 15
adamc@1145 16 char *uw_sig_file = NULL;
adamc@1145 17
adamc@1145 18 static void random_password() {
adamc@1145 19 int i;
adamc@1145 20
adamc@1145 21 for (i = 0; i < PASSSIZE; ++i)
adamc@1145 22 password[i] = rand();
adamc@1145 23 }
adamc@1145 24
adamc@1104 25 void uw_init_crypto() {
adamc@1104 26 KEYGEN kg = {{HASH_ALGORITHM, HASH_ALGORITHM}};
adamc@1104 27
adamc@1104 28 assert(mhash_get_block_size(HASH_ALGORITHM) == HASH_BLOCKSIZE);
adamc@1104 29
adamc@1145 30 if (uw_sig_file) {
adamc@1145 31 int fd;
adamc@1145 32
adamc@1155 33 if (access(uw_sig_file, F_OK)) {
adamc@1145 34 random_password();
adamc@1145 35
adamc@1145 36 if ((fd = open(uw_sig_file, O_WRONLY | O_CREAT, 0700)) < 0) {
adamc@1145 37 fprintf(stderr, "Can't open signature file %s\n", uw_sig_file);
adamc@1145 38 perror("open");
adamc@1145 39 exit(1);
adamc@1145 40 }
adamc@1145 41
adamc@1145 42 if (write(fd, &password, sizeof password) != sizeof password) {
adamc@1145 43 fprintf(stderr, "Error writing signature file\n");
adamc@1145 44 exit(1);
adamc@1145 45 }
adamc@1145 46
adamc@1145 47 close(fd);
adamc@1145 48 } else {
adamc@1145 49 if ((fd = open(uw_sig_file, O_RDONLY)) < 0) {
adamc@1145 50 fprintf(stderr, "Can't open signature file %s\n", uw_sig_file);
adamc@1145 51 perror("open");
adamc@1145 52 exit(1);
adamc@1145 53 }
adamc@1145 54
adamc@1145 55 if (read(fd, &password, sizeof password) != sizeof password) {
adamc@1145 56 fprintf(stderr, "Error reading signature file\n");
adamc@1145 57 exit(1);
adamc@1145 58 }
adamc@1145 59
adamc@1145 60 close(fd);
adamc@1145 61 }
adamc@1145 62 } else
adamc@1145 63 random_password();
adamc@1104 64
adamc@1104 65 if (mhash_keygen_ext(KEYGEN_ALGORITHM, kg,
adamc@1104 66 private_key, sizeof(private_key),
adamc@1104 67 (unsigned char*)password, sizeof(password)) < 0) {
adamc@1104 68 fprintf(stderr, "Key generation failed\n");
adamc@1104 69 exit(1);
adamc@1104 70 }
adamc@1104 71 }
adamc@1104 72
adamc@1104 73 void uw_sign(const char *in, char *out) {
adamc@1104 74 MHASH td;
adamc@1104 75
adamc@1104 76 td = mhash_hmac_init(HASH_ALGORITHM, private_key, sizeof(private_key),
adamc@1104 77 mhash_get_hash_pblock(HASH_ALGORITHM));
adamc@1104 78
adamc@1104 79 mhash(td, in, strlen(in));
adamc@1104 80 if (mhash_hmac_deinit(td, out) < 0)
adamc@1104 81 fprintf(stderr, "Signing failed\n");
adamc@1104 82 }