Back to index

openldap  2.4.31
slapd-sha2.c
Go to the documentation of this file.
00001 /* $OpenLDAP$ */
00002 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00003  *
00004  * Copyright 2009-2012 The OpenLDAP Foundation.
00005  * All rights reserved.
00006  *
00007  * Redistribution and use in source and binary forms, with or without
00008  * modification, are permitted only as authorized by the OpenLDAP
00009  * Public License.
00010  *
00011  * A copy of this license is available in the file LICENSE in the
00012  * top-level directory of the distribution or, alternatively, at
00013  * <http://www.OpenLDAP.org/license.html>.
00014  */
00015 /* ACKNOWLEDGEMENT:
00016  * This work was initially developed by Jeff Turner for inclusion
00017  * in OpenLDAP Software.
00018  *
00019  * Hash methods for passwords generation added by C├ędric Delfosse.
00020  */
00021 
00022 #include <lber.h>
00023 #include <lber_pvt.h>
00024 #include <ac/string.h>
00025 #include "lutil.h"
00026 #include <stdint.h>
00027 #include <string.h>
00028 #include <assert.h>
00029 #include "sha2.h"
00030 
00031 #ifdef SLAPD_SHA2_DEBUG
00032 #include <stdio.h>
00033 #endif
00034 
00035 char * sha256_hex_hash(const char * passwd) {
00036 
00037        SHA256_CTX ct;
00038        unsigned char hash[SHA256_DIGEST_LENGTH];
00039        static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA256_DIGEST_LENGTH)+1]; // extra char for \0
00040 
00041        SHA256_Init(&ct);
00042        SHA256_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
00043        SHA256_Final(hash, &ct);
00044 
00045         /* base64 encode it */
00046        lutil_b64_ntop(
00047                      hash,
00048                      SHA256_DIGEST_LENGTH,
00049                      real_hash,
00050                      LUTIL_BASE64_ENCODE_LEN(SHA256_DIGEST_LENGTH)+1
00051                      );
00052 
00053        return real_hash;
00054 }
00055 
00056 
00057 char * sha384_hex_hash(const char * passwd) {
00058 
00059        SHA384_CTX ct;
00060        unsigned char hash[SHA384_DIGEST_LENGTH];
00061        static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1]; // extra char for \0
00062 
00063        SHA384_Init(&ct);
00064        SHA384_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
00065        SHA384_Final(hash, &ct);
00066 
00067         /* base64 encode it */
00068        lutil_b64_ntop(
00069                      hash,
00070                      SHA384_DIGEST_LENGTH,
00071                      real_hash,
00072                      LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1
00073                      );
00074 
00075        return real_hash;
00076 }
00077 
00078 char * sha512_hex_hash(const char * passwd) {
00079 
00080        SHA512_CTX ct;
00081        unsigned char hash[SHA512_DIGEST_LENGTH];
00082        static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA512_DIGEST_LENGTH)+1]; // extra char for \0
00083 
00084        SHA512_Init(&ct);
00085        SHA512_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
00086        SHA512_Final(hash, &ct);
00087 
00088         /* base64 encode it */
00089        lutil_b64_ntop(
00090                      hash,
00091                      SHA512_DIGEST_LENGTH,
00092                      real_hash,
00093                      LUTIL_BASE64_ENCODE_LEN(SHA512_DIGEST_LENGTH)+1
00094                      );
00095 
00096        return real_hash;
00097 }
00098 
00099 static int hash_sha256(
00100        const struct berval *scheme,
00101        const struct berval *passwd,
00102        struct berval *hash,
00103        const char **text )
00104 {
00105        SHA256_CTX ct;
00106        unsigned char hash256[SHA256_DIGEST_LENGTH];
00107 
00108        SHA256_Init(&ct);
00109        SHA256_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
00110        SHA256_Final(hash256, &ct);
00111 
00112        struct berval digest;
00113        digest.bv_val = (char *) hash256;
00114        digest.bv_len = sizeof(hash256);
00115 
00116        return lutil_passwd_string64(scheme, &digest, hash, NULL);
00117 }
00118 
00119 static int hash_sha384(
00120        const struct berval *scheme,
00121        const struct berval *passwd,
00122        struct berval *hash,
00123        const char **text )
00124 {
00125        SHA384_CTX ct;
00126        unsigned char hash384[SHA384_DIGEST_LENGTH];
00127 
00128 #ifdef SLAPD_SHA2_DEBUG
00129        fprintf(stderr, "hashing password\n");
00130 #endif
00131        SHA384_Init(&ct);
00132        SHA384_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
00133        SHA384_Final(hash384, &ct);
00134 
00135        struct berval digest;
00136        digest.bv_val = (char *) hash384;
00137        digest.bv_len = sizeof(hash384);
00138 
00139        return lutil_passwd_string64(scheme, &digest, hash, NULL);
00140 }
00141 
00142 static int hash_sha512(
00143        const struct berval *scheme,
00144        const struct berval *passwd,
00145        struct berval *hash,
00146        const char **text )
00147 {
00148        SHA512_CTX ct;
00149        unsigned char hash512[SHA512_DIGEST_LENGTH];
00150 
00151        SHA512_Init(&ct);
00152        SHA512_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
00153        SHA512_Final(hash512, &ct);
00154 
00155        struct berval digest;
00156        digest.bv_val = (char *) hash512;
00157        digest.bv_len = sizeof(hash512);
00158 
00159        return lutil_passwd_string64(scheme, &digest, hash, NULL);
00160 }
00161 
00162 static int chk_sha256(
00163        const struct berval *scheme, // Scheme of hashed reference password
00164        const struct berval *passwd, // Hashed reference password to check against
00165        const struct berval *cred, // user-supplied password to check
00166        const char **text )
00167 {
00168 #ifdef SLAPD_SHA2_DEBUG
00169        fprintf(stderr, "Validating password\n");
00170        fprintf(stderr, "  Password to validate: %s\n", cred->bv_val);
00171        fprintf(stderr, "  Hashes to: %s\n", sha256_hex_hash(cred->bv_val));
00172        fprintf(stderr, "  Stored password scheme: %s\n", scheme->bv_val);
00173        fprintf(stderr, "  Stored password value: %s\n", passwd->bv_val);
00174        fprintf(stderr, "  -> Passwords %s\n", strcmp(sha256_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
00175 #endif
00176        return (strcmp(sha256_hex_hash(cred->bv_val), passwd->bv_val));
00177 }
00178 
00179 static int chk_sha384(
00180        const struct berval *scheme, // Scheme of hashed reference password
00181        const struct berval *passwd, // Hashed reference password to check against
00182        const struct berval *cred, // user-supplied password to check
00183        const char **text )
00184 {
00185 #ifdef SLAPD_SHA2_DEBUG
00186        fprintf(stderr, "Validating password\n");
00187        fprintf(stderr, "  Password to validate: %s\n", cred->bv_val);
00188        fprintf(stderr, "  Hashes to: %s\n", sha384_hex_hash(cred->bv_val));
00189        fprintf(stderr, "  Stored password scheme: %s\n", scheme->bv_val);
00190        fprintf(stderr, "  Stored password value: %s\n", passwd->bv_val);
00191        fprintf(stderr, "  -> Passwords %s\n", strcmp(sha384_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
00192 #endif
00193        return (strcmp(sha384_hex_hash(cred->bv_val), passwd->bv_val));
00194 }
00195 
00196 static int chk_sha512(
00197        const struct berval *scheme, // Scheme of hashed reference password
00198        const struct berval *passwd, // Hashed reference password to check against
00199        const struct berval *cred, // user-supplied password to check
00200        const char **text )
00201 {
00202 #ifdef SLAPD_SHA2_DEBUG
00203        fprintf(stderr, "  Password to validate: %s\n", cred->bv_val);
00204        fprintf(stderr, "  Hashes to: %s\n", sha512_hex_hash(cred->bv_val));
00205        fprintf(stderr, "  Stored password scheme: %s\n", scheme->bv_val);
00206        fprintf(stderr, "  Stored password value: %s\n", passwd->bv_val);
00207        fprintf(stderr, "  -> Passwords %s\n", strcmp(sha512_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
00208 #endif
00209        return (strcmp(sha512_hex_hash(cred->bv_val), passwd->bv_val));
00210 }
00211 
00212 const struct berval sha256scheme = BER_BVC("{SHA256}");
00213 const struct berval sha384scheme = BER_BVC("{SHA384}");
00214 const struct berval sha512scheme = BER_BVC("{SHA512}");
00215 
00216 int init_module(int argc, char *argv[]) {
00217        int result = 0;
00218        result = lutil_passwd_add( (struct berval *)&sha256scheme, chk_sha256, hash_sha256 );
00219        if (result != 0) return result;
00220        result = lutil_passwd_add( (struct berval *)&sha384scheme, chk_sha384, hash_sha384 );
00221        if (result != 0) return result;
00222        result = lutil_passwd_add( (struct berval *)&sha512scheme, chk_sha512, hash_sha512 );
00223        return result;
00224 }