From: Timo Sirainen Date: Thu, 13 Nov 2008 10:05:54 +0000 (+0200) Subject: Added support for SSHA256 password scheme. X-Git-Tag: 1.2.alpha4~95 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e14ccef85097644c0c9de49d87cbcd67d1ad539b;p=thirdparty%2Fdovecot%2Fcore.git Added support for SSHA256 password scheme. --HG-- branch : HEAD --- diff --git a/src/auth/password-scheme.c b/src/auth/password-scheme.c index cb75f99f4e..46f17599a6 100644 --- a/src/auth/password-scheme.c +++ b/src/auth/password-scheme.c @@ -401,6 +401,47 @@ static bool ssha_verify(const char *plaintext, const char *user, return memcmp(sha1_digest, raw_password, SHA1_RESULTLEN) == 0; } +static void +ssha256_generate(const char *plaintext, const char *user ATTR_UNUSED, + const unsigned char **raw_password_r, size_t *size_r) +{ +#define SSHA256_SALT_LEN 4 + unsigned char *digest, *salt; + struct sha256_ctx ctx; + + digest = t_malloc(SHA256_RESULTLEN + SSHA256_SALT_LEN); + salt = digest + SHA256_RESULTLEN; + random_fill(salt, SSHA256_SALT_LEN); + + sha256_init(&ctx); + sha256_loop(&ctx, plaintext, strlen(plaintext)); + sha256_loop(&ctx, salt, SSHA256_SALT_LEN); + sha256_result(&ctx, digest); + + *raw_password_r = digest; + *size_r = SHA256_RESULTLEN + SSHA256_SALT_LEN; +} + +static bool ssha256_verify(const char *plaintext, const char *user, + const unsigned char *raw_password, size_t size) +{ + unsigned char sha256_digest[SHA256_RESULTLEN]; + struct sha256_ctx ctx; + + /* format: */ + if (size <= SHA256_RESULTLEN) { + i_error("ssha256_verify(%s): SSHA256 password too short", user); + return FALSE; + } + + sha256_init(&ctx); + sha256_loop(&ctx, plaintext, strlen(plaintext)); + sha256_loop(&ctx, raw_password + SHA256_RESULTLEN, + size - SHA256_RESULTLEN); + sha256_result(&ctx, sha256_digest); + return memcmp(sha256_digest, raw_password, SHA256_RESULTLEN) == 0; +} + static void smd5_generate(const char *plaintext, const char *user ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r) @@ -596,6 +637,7 @@ static const struct password_scheme builtin_schemes[] = { NULL, sha256_generate }, { "SMD5", PW_ENCODING_BASE64, 0, smd5_verify, smd5_generate }, { "SSHA", PW_ENCODING_BASE64, 0, ssha_verify, ssha_generate }, + { "SSHA256", PW_ENCODING_BASE64, 0, ssha256_verify, ssha256_generate }, { "PLAIN", PW_ENCODING_NONE, 0, NULL, plain_generate }, { "CLEARTEXT", PW_ENCODING_NONE, 0, NULL, plain_generate }, { "CRAM-MD5", PW_ENCODING_HEX, 0, NULL, cram_md5_generate },