/* ACKNOWLEDGEMENT:
* This work was initially developed by Jeff Turner for inclusion
* in OpenLDAP Software.
+ *
+ * Hash methods for passwords generation added by Cédric Delfosse.
*/
#include <lber.h>
#include <stdio.h>
#endif
+/* pw_string64 function taken from libraries/liblutil/passwd.c */
+static int pw_string64(
+ const struct berval *sc,
+ const struct berval *hash,
+ struct berval *b64,
+ const struct berval *salt )
+{
+ int rc;
+ struct berval string;
+ size_t b64len;
+
+ if( salt ) {
+ /* need to base64 combined string */
+ string.bv_len = hash->bv_len + salt->bv_len;
+ string.bv_val = ber_memalloc( string.bv_len + 1 );
+
+ if( string.bv_val == NULL ) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ AC_MEMCPY( string.bv_val, hash->bv_val,
+ hash->bv_len );
+ AC_MEMCPY( &string.bv_val[hash->bv_len], salt->bv_val,
+ salt->bv_len );
+ string.bv_val[string.bv_len] = '\0';
+
+ } else {
+ string = *hash;
+ }
+
+ b64len = LUTIL_BASE64_ENCODE_LEN( string.bv_len ) + 1;
+ b64->bv_len = b64len + sc->bv_len;
+ b64->bv_val = ber_memalloc( b64->bv_len + 1 );
+
+ if( b64->bv_val == NULL ) {
+ if( salt ) ber_memfree( string.bv_val );
+ return LUTIL_PASSWD_ERR;
+ }
+
+ AC_MEMCPY(b64->bv_val, sc->bv_val, sc->bv_len);
+
+ rc = lutil_b64_ntop(
+ (unsigned char *) string.bv_val, string.bv_len,
+ &b64->bv_val[sc->bv_len], b64len );
+
+ if( salt ) ber_memfree( string.bv_val );
+
+ if( rc < 0 ) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ /* recompute length */
+ b64->bv_len = sc->bv_len + rc;
+ assert( strlen(b64->bv_val) == b64->bv_len );
+ return LUTIL_PASSWD_OK;
+}
+
char * sha256_hex_hash(const char * passwd) {
SHA256_CTX ct;
return real_hash;
}
+static int hash_sha256(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ SHA256_CTX ct;
+ unsigned char hash256[SHA256_DIGEST_LENGTH];
+
+ SHA256_Init(&ct);
+ SHA256_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+ SHA256_Final(hash256, &ct);
+
+ struct berval digest;
+ digest.bv_val = (char *) hash256;
+ digest.bv_len = sizeof(hash256);
+
+ return pw_string64(scheme, &digest, hash, NULL);
+}
+
+static int hash_sha384(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ SHA384_CTX ct;
+ unsigned char hash384[SHA384_DIGEST_LENGTH];
+
+#ifdef SLAPD_SHA2_DEBUG
+ fprintf(stderr, "hashing password\n");
+#endif
+ SHA384_Init(&ct);
+ SHA384_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+ SHA384_Final(hash384, &ct);
+
+ struct berval digest;
+ digest.bv_val = (char *) hash384;
+ digest.bv_len = sizeof(hash384);
+
+ return pw_string64(scheme, &digest, hash, NULL);
+}
+
+static int hash_sha512(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ SHA512_CTX ct;
+ unsigned char hash512[SHA512_DIGEST_LENGTH];
+
+ SHA512_Init(&ct);
+ SHA512_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+ SHA512_Final(hash512, &ct);
+
+ struct berval digest;
+ digest.bv_val = (char *) hash512;
+ digest.bv_len = sizeof(hash512);
+
+ return pw_string64(scheme, &digest, hash, NULL);
+}
+
static int chk_sha256(
const struct berval *scheme, // Scheme of hashed reference password
const struct berval *passwd, // Hashed reference password to check against
int init_module(int argc, char *argv[]) {
int result = 0;
- result = lutil_passwd_add( (struct berval *)&sha256scheme, chk_sha256, NULL );
+ result = lutil_passwd_add( (struct berval *)&sha256scheme, chk_sha256, hash_sha256 );
if (result != 0) return result;
- result = lutil_passwd_add( (struct berval *)&sha384scheme, chk_sha384, NULL );
+ result = lutil_passwd_add( (struct berval *)&sha384scheme, chk_sha384, hash_sha384 );
if (result != 0) return result;
- result = lutil_passwd_add( (struct berval *)&sha512scheme, chk_sha512, NULL );
+ result = lutil_passwd_add( (struct berval *)&sha512scheme, chk_sha512, hash_sha512 );
return result;
}
projects / thirdparty / openldap.git / commitdiff
