Real cryptography

[subauth.git] / server / subauthd.h

diff --git a/server/subauthd.h b/server/subauthd.h
index d1a1cf7409e5c16514a4a4403ff6e0bbba6fb089..30fd01657d8f44fcba2e4be4a83f371621e2926b 100644 (file)
--- a/server/subauthd.h
+++ b/server/subauthd.h
@@ -39,6 +39,13 @@ struct json_node *get_object(struct json_node *n, const char *key);
 
 /* auth.c */
 
+#define DEFAULT_SALT_BYTES 8
+#define DEFAULT_IDENT_BYTES 2
+#define DEFAULT_GENERATED_BYTES 8
+#define HASH_BYTES 32                  // We are using SHA-256
+#define DEFAULT_HASH_ITERATIONS 64     // Number of hash function iterations per PBKDF2
+#define MAX_TEXT_HASH_SIZE 256
+
 struct auth_zone {
   cnode n;
   char *name;
@@ -60,6 +67,7 @@ struct auth_acct {
 };
 
 enum token_type {
+  TOKEN_UNDEFINED,
   TOKEN_PASSWORD,
   TOKEN_GENERATED,
   TOKEN_NUM_TYPES,
@@ -71,8 +79,10 @@ struct auth_token {
   enum token_type type;
   char *salt;
   char *hash;
+  char *ident;
   char *comment;
   time_t last_modified;
+  uint iterations;
 };
 
 void auth_init(void);
@@ -80,8 +90,14 @@ void db_write(void);
 struct auth_zone *auth_find_zone(const char *name);
 struct auth_user *auth_find_user(const char *login, bool create);
 struct auth_acct *auth_find_acct(struct auth_user *au, struct auth_zone *az, bool create);
+struct auth_token *auth_find_token_passwd(struct auth_acct *aa);
+struct auth_token *auth_find_token_generated(struct auth_acct *aa, char *ident);
 void auth_delete_user(struct auth_user *au);
 void auth_delete_acct(struct auth_acct *aa);
 void auth_delete_token(struct auth_token *at);
 struct auth_token *auth_create_token(struct auth_acct *aa);
 void auth_set_token_passwd(struct auth_token *at, const char *passwd);
+char *auth_set_token_generated(struct auth_token *at, const char *comment);
+bool auth_check_token(struct auth_token *at, const char *passwd);
+
+extern struct auth_token *auth_fake_token;