From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Thu, 27 Feb 2025 19:56:20 +0000 (+0100)
Subject: lib-auth: password-scheme-scram - Move scram_scheme_parse() to auth-scram
X-Git-Tag: 2.4.2~347
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60fb4efc0d6c4fd74560a1ccbbdad00858405ceb;p=thirdparty%2Fdovecot%2Fcore.git

lib-auth: password-scheme-scram - Move scram_scheme_parse() to auth-scram
---

diff --git a/src/lib-auth/auth-scram.c b/src/lib-auth/auth-scram.c
index eeb78c3d20..370d0fd751 100644
--- a/src/lib-auth/auth-scram.c
+++ b/src/lib-auth/auth-scram.c
@@ -113,3 +113,49 @@ void auth_scram_generate_key_data(const struct hash_method *hmethod,
 	safe_memset(salted_password, 0, sizeof(salted_password));
 	safe_memset(client_key, 0, sizeof(client_key));
 }
+
+int scram_scheme_parse(const struct hash_method *hmethod, const char *name,
+		       const unsigned char *credentials, size_t size,
+		       unsigned int *iter_count_r, const char **salt_r,
+		       unsigned char stored_key_r[],
+		       unsigned char server_key_r[], const char **error_r)
+{
+	const char *const *fields;
+	buffer_t *buf;
+
+	/* password string format: iter,salt,stored_key,server_key */
+	fields = t_strsplit(t_strndup(credentials, size), ",");
+
+	if (str_array_length(fields) != 4) {
+		*error_r = t_strdup_printf(
+			"Invalid %s passdb entry format", name);
+		return -1;
+	}
+	if (str_to_uint(fields[0], iter_count_r) < 0 ||
+	    *iter_count_r < AUTH_SCRAM_MIN_ITERATE_COUNT ||
+	    *iter_count_r > AUTH_SCRAM_MAX_ITERATE_COUNT) {
+		*error_r = t_strdup_printf(
+			"Invalid %s iteration count in passdb", name);
+		return -1;
+	}
+	*salt_r = fields[1];
+
+	buf = t_buffer_create(hmethod->digest_size);
+	if (base64_decode(fields[2], strlen(fields[2]), buf) < 0 ||
+	    buf->used != hmethod->digest_size) {
+		*error_r = t_strdup_printf(
+			"Invalid %s StoredKey in passdb", name);
+		return -1;
+	}
+	memcpy(stored_key_r, buf->data, hmethod->digest_size);
+
+	buffer_set_used_size(buf, 0);
+	if (base64_decode(fields[3], strlen(fields[3]), buf) < 0 ||
+	    buf->used != hmethod->digest_size) {
+		*error_r = t_strdup_printf(
+			"Invalid %s ServerKey in passdb", name);
+		return -1;
+	}
+	memcpy(server_key_r, buf->data, hmethod->digest_size);
+	return 0;
+}
diff --git a/src/lib-auth/auth-scram.h b/src/lib-auth/auth-scram.h
index 31d9501e35..398eb22cc4 100644
--- a/src/lib-auth/auth-scram.h
+++ b/src/lib-auth/auth-scram.h
@@ -37,4 +37,11 @@ void auth_scram_generate_key_data(const struct hash_method *hmethod,
 				  const char **salt_r,
 				  unsigned char stored_key_r[],
 				  unsigned char server_key_r[]);
+
+int scram_scheme_parse(const struct hash_method *hmethod, const char *name,
+		       const unsigned char *credentials, size_t size,
+		       unsigned int *iter_count_r, const char **salt_r,
+		       unsigned char stored_key_r[],
+		       unsigned char server_key_r[], const char **error_r);
+
 #endif
diff --git a/src/lib-auth/password-scheme-scram.c b/src/lib-auth/password-scheme-scram.c
index c70ff2c607..2a9d2afe9c 100644
--- a/src/lib-auth/password-scheme-scram.c
+++ b/src/lib-auth/password-scheme-scram.c
@@ -19,52 +19,6 @@
 #include "auth-scram.h"
 #include "password-scheme.h"
 
-int scram_scheme_parse(const struct hash_method *hmethod, const char *name,
-		       const unsigned char *credentials, size_t size,
-		       unsigned int *iter_count_r, const char **salt_r,
-		       unsigned char stored_key_r[],
-		       unsigned char server_key_r[], const char **error_r)
-{
-	const char *const *fields;
-	buffer_t *buf;
-
-	/* password string format: iter,salt,stored_key,server_key */
-	fields = t_strsplit(t_strndup(credentials, size), ",");
-
-	if (str_array_length(fields) != 4) {
-		*error_r = t_strdup_printf(
-			"Invalid %s passdb entry format", name);
-		return -1;
-	}
-	if (str_to_uint(fields[0], iter_count_r) < 0 ||
-	    *iter_count_r < AUTH_SCRAM_MIN_ITERATE_COUNT ||
-	    *iter_count_r > AUTH_SCRAM_MAX_ITERATE_COUNT) {
-		*error_r = t_strdup_printf(
-			"Invalid %s iteration count in passdb", name);
-		return -1;
-	}
-	*salt_r = fields[1];
-
-	buf = t_buffer_create(hmethod->digest_size);
-	if (base64_decode(fields[2], strlen(fields[2]), buf) < 0 ||
-	    buf->used != hmethod->digest_size) {
-		*error_r = t_strdup_printf(
-			"Invalid %s StoredKey in passdb", name);
-		return -1;
-	}
-	memcpy(stored_key_r, buf->data, hmethod->digest_size);
-
-	buffer_set_used_size(buf, 0);
-	if (base64_decode(fields[3], strlen(fields[3]), buf) < 0 ||
-	    buf->used != hmethod->digest_size) {
-		*error_r = t_strdup_printf(
-			"Invalid %s ServerKey in passdb", name);
-		return -1;
-	}
-	memcpy(server_key_r, buf->data, hmethod->digest_size);
-	return 0;
-}
-
 int scram_verify(const struct hash_method *hmethod, const char *scheme_name,
 		 const char *plaintext, const unsigned char *raw_password,
 		 size_t size, const char **error_r)
diff --git a/src/lib-auth/password-scheme.h b/src/lib-auth/password-scheme.h
index e45c7a981d..7bc89caa5b 100644
--- a/src/lib-auth/password-scheme.h
+++ b/src/lib-auth/password-scheme.h
@@ -102,11 +102,6 @@ int password_generate_otp(const char *pw, const char *state_data,
 			  unsigned int algo, const char **result_r)
 	ATTR_NULL(2);
 
-int scram_scheme_parse(const struct hash_method *hmethod, const char *name,
-		       const unsigned char *credentials, size_t size,
-		       unsigned int *iter_count_r, const char **salt_r,
-		       unsigned char stored_key_r[],
-		       unsigned char server_key_r[], const char **error_r);
 int scram_verify(const struct hash_method *hmethod, const char *scheme_name,
 		 const char *plaintext, const unsigned char *raw_password,
 		 size_t size, const char **error_r);