Exemple #1
0
char *DES_crypt(const char *buf, const char *salt)
{
    static char buff[14];

#ifndef CHARSET_EBCDIC
    return DES_fcrypt(buf, salt, buff);
#else
    char e_salt[2 + 1];
    char e_buf[32 + 1];         /* replace 32 by 8 ? */
    char *ret;

    if (salt[0] == '\0' || salt[1] == '\0')
        return NULL;

    /* Copy salt, convert to ASCII. */
    e_salt[0] = salt[0];
    e_salt[1] = salt[1];
    e_salt[2] = '\0';
    ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));

    /* Convert password to ASCII. */
    OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf));
    ebcdic2ascii(e_buf, e_buf, sizeof e_buf);

    /* Encrypt it (from/to ASCII); if it worked, convert back. */
    ret = DES_fcrypt(e_buf, e_salt, buff);
    if (ret != NULL)
        ascii2ebcdic(ret, ret, strlen(ret));

    return ret;
#endif
}
GByteArray*
gq_hash_crypt(gchar const *data, gsize len)
{
     GString *salt;
     GByteArray *gb = g_byte_array_new();
     unsigned char *password, rand[16], cryptbuf[32];

     password = (guchar*) g_malloc((len + 1) * sizeof(guchar));
     memcpy(password, data, len);
     password[len] = 0;

     salt = g_string_sized_new(32);
     RAND_pseudo_bytes(rand, 8);
     b64_encode(salt, (gchar*)rand, 8);
     /* crypt(3) says [a-zA-Z0-9./] while base64 has [a-zA-Z0-9+/] */
     if(salt->str[0] == '+') salt->str[0] = '.';
     if(salt->str[1] == '+') salt->str[1] = '.';
     salt->str[2] = 0;

     g_byte_array_append(gb, (guchar*)"{CRYPT}", 7);
     DES_fcrypt((gchar*)password, salt->str, (gchar*)cryptbuf);

     g_byte_array_append(gb, cryptbuf, strlen((gchar*)cryptbuf));

     g_string_free(salt, TRUE);
     g_free(password);

     return gb;
}
Exemple #3
0
/** \brief Implementation of encrypt function.
 *
 * @param src Source chars.
 * @param srclen Length of source in chars.
 * @return Newly allocated encrypted string.
 */
static char* encrypt_2chan(const char *src, size_t srclen)
{
	char salt[3], enc[14],
			 *str = create_safe_cstr_buffer(srclen);

	generate_salt(salt, str, src, srclen);

	DES_fcrypt(str, salt, enc);
	free(str);
	return memdup(enc + 3, 11);
}
Exemple #4
0
EXPORT_C char *DES_crypt(const char *buf, const char *salt)
	{
#ifndef EMULATOR	
	static char buff[14];
#endif

#ifndef CHARSET_EBCDIC
	return(DES_fcrypt(buf,salt,buff));
#else
	char e_salt[2+1];
	char e_buf[32+1];	/* replace 32 by 8 ? */
	char *ret;

	/* Copy at most 2 chars of salt */
	if ((e_salt[0] = salt[0]) != '\0')
	    e_salt[1] = salt[1];

	/* Copy at most 32 chars of password */
	strncpy (e_buf, buf, sizeof(e_buf));

	/* Make sure we have a delimiter */
	e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';

	/* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
	ebcdic2ascii(e_salt, e_salt, sizeof e_salt);

	/* Convert the cleartext password to ASCII */
	ebcdic2ascii(e_buf, e_buf, sizeof e_buf);

	/* Encrypt it (from/to ASCII) */
	ret = DES_fcrypt(e_buf,e_salt,buff);

	/* Convert the result back to EBCDIC */
	ascii2ebcdic(ret, ret, strlen(ret));
	
	return ret;
#endif
	}
Exemple #5
0
/** \brief Implementation of the test function.
 *
 * @param src Source chars.
 * @param srclen Length of source in chars.
 * @param print File to print into.
 * @return Number of tests done.
 */
static int test_2chan(const char *src, size_t srclen, FILE *print)
{
	char salt[3],
			 enc[14],
			 cmp[11],
			 *str = create_safe_cstr_buffer(srclen);

	generate_salt(salt, str, src, srclen);

	DES_fcrypt(str, salt, enc);
	trip_transform(cmp, enc + 3, 10);
	trip_compare(src, enc + 3, cmp, 10, print);
	free(str);
	return 1;
}
char * tripcode_crypt (const char * s, size_t len, char * dest) {
  char salt[] = "HH";

  switch (len) {
  case 1:
    salt[1] = '.';
    break;
  default:
    salt[1] = salt_table[(unsigned char) s[2]];
  case 2:
    salt[0] = salt_table[(unsigned char) s[1]];
    break;
  }

  (void) DES_fcrypt(s, salt, dest);

  return dest + 3;
}
Exemple #7
0
/* Called by:  zx_password_authn */
static int zx_pw_chk(const char* uid, const char* pw_buf, const char* passw, int fd_hint)
{
  unsigned char pw_hash[120];
  
  /* *** Add here support for other authentication backends */
  
  DD("io(%x) pw_buf (%s) len=%d", fd_hint, pw_buf, strlen(pw_buf));
  
  if (!memcmp(pw_buf, "$1$", sizeof("$1$")-1)) {              /* MD5 hashed password */
    zx_md5_crypt(passw, (char*)pw_buf, (char*)pw_hash);
    D("io(%x) pw_hash(%s)", fd_hint, pw_hash);
    if (strcmp((char*)pw_buf, (char*)pw_hash)) {
      ERR("Bad password. uid(%s)", uid);
      D("md5 pw(%s) .pw(%s) pw_hash(%s)", passw, pw_buf, pw_hash);
      return 0;
    }
#ifdef USE_OPENSSL
  } else if (!memcmp(pw_buf, "$c$", sizeof("$c$")-1)) {       /* DES fcrypt hashed password */
    DES_fcrypt(passw, (char*)pw_buf+3, (char*)pw_hash);
    D("io(%x) pw_hash(%s)", fd_hint, pw_hash);
    if (strcmp((char*)pw_buf+3, (char*)pw_hash)) {
      ERR("Bad password for uid(%s)", uid);
      D("crypt pw(%s) .pw(%s) pw_hash(%s)", passw, pw_buf, pw_hash);
      return 0;
    }
#endif
  } else if (ONE_OF_2(pw_buf[0], '$', '_')) {                 /* Unsupported hash */
    ERR("Unsupported password hash. uid(%s)", uid);
    D("io(%x) pw(%s) .pw(%s)", fd_hint, passw, pw_buf);
    return 0;
  } else {                                                    /* Plaintext password (no hash) */
    if (strcmp((char*)pw_buf, passw)) {
      ERR("Bad password. uid(%s)", uid);
      D("io(%x) pw(%s) .pw(%s)", fd_hint, passw, pw_buf);
      return 0;
    }
  }
  INFO("Login(%x) OK acnt(%s)", fd_hint, uid);
  return 2;
}
Exemple #8
0
    bool checkPermissions(const string& userId, const string& password, string&, const Current&) const 
    {
        map<string, string>::const_iterator p = _passwords.find(userId);
        if(p == _passwords.end())
        {
            return false;
        }
        
        if(p->second.size() != 13) // Crypt passwords are 13 characters long.
        {
            return false;
        }
        
        char buff[14];
        string salt = p->second.substr(0, 2);
#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
        DES_fcrypt(password.c_str(), salt.c_str(), buff);
#else
        des_fcrypt(password.c_str(), salt.c_str(), buff);
#endif
        return p->second == buff;
    }
Exemple #9
0
/* this function verify the given password. */
int32_t pppd__verify_password(uint8_t *passwd, uint8_t *secret_name, uint8_t *encryption, uint8_t *key) {

	/* some common variables. */
	uint8_t passwd_aes[MAXSECRETLEN / 2];
	uint8_t passwd_key[SIZE_AES];
	uint8_t passwd_md5[SIZE_MD5];
	uint8_t passwd_crypt[SIZE_CRYPT];
	uint32_t count      = 0;
	int32_t passwd_size = 0;
	int32_t temp_size   = 0;
	EVP_MD_CTX ctx_md5;
	EVP_CIPHER_CTX ctx_aes;

	/* cleanup the static array. */
	memset(passwd_aes, 0, sizeof(passwd_aes));
	memset(passwd_key, 0, sizeof(passwd_key));
	memset(passwd_md5, 0, sizeof(passwd_md5));
	memset(passwd_crypt, 0, sizeof(passwd_crypt));

	/* check if we use no algorithm. */
	if (strcasecmp((char *)encryption, "NONE") == 0) {

		/* check if we found valid password. */
		if (strcmp((char *)passwd, (char *)secret_name) != 0) {

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}
	}

	/* check if we use des crypt algorithm. */
	if (strcasecmp((char *)encryption, "CRYPT") == 0) {

		/* check if secret from database is shorter than an expected crypt() result. */
		if (strlen((char *)secret_name) < (SIZE_CRYPT * 2)) {

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}

		/* check if password was successfully encrypted. */
		if ((uint8_t *)DES_fcrypt((char *)passwd, (char *)key, (char *)passwd_crypt) == NULL) {

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}

		/* loop through every byte and compare it. */
		for (count = 0; count < (strlen((char *)secret_name) / 2); count++) {

			/* check if our hex value matches the hash byte. (this isn't the fastest way, but hash is everytime 13 byte) */
			if (pppd__htoi(secret_name[2 * count]) * 16 + pppd__htoi(secret_name[2 * count + 1]) != passwd_crypt[count]) {

				/* clear the memory with the hash, so nobody is able to dump it. */
				memset(passwd_crypt, 0, sizeof(passwd_crypt));

				/* return with error and terminate link. */
				return PPPD_SQL_ERROR_PASSWORD;
			}
		}
	}

	/* check if we use md5 hashing algorithm. */
	if (strcasecmp((char *)encryption, "MD5") == 0) {

		/* check if secret from database is shorter than an expected md5 hash. */
		if (strlen((char *)secret_name) < (SIZE_MD5 * 2)) {

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}

		/* initialize the openssl context. */
		EVP_MD_CTX_init(&ctx_md5);

		/* check if cipher initialization is working. */
		if (EVP_DigestInit_ex(&ctx_md5, EVP_md5(), NULL) == 0) {

			/* cleanup cipher context to prevent memory dumping. */
			EVP_MD_CTX_cleanup(&ctx_md5);

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}

		/* encrypt the input buffer. */
		if (EVP_DigestUpdate(&ctx_md5, passwd, strlen((char *)passwd)) == 0) {

			/* cleanup cipher context to prevent memory dumping. */
			EVP_MD_CTX_cleanup(&ctx_md5);

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}

		/* encrypt the last block from input buffer. */
		if (EVP_DigestFinal_ex(&ctx_md5, passwd_md5, (uint32_t *)&passwd_size) == 0) {

			/* cleanup cipher context to prevent memory dumping. */
			EVP_MD_CTX_cleanup(&ctx_md5);

			/* clear the memory with the hash, so nobody is able to dump it. */
			memset(passwd_md5, 0, sizeof(passwd_md5));

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}

		/* cleanup cipher context to prevent memory dumping. */
		EVP_MD_CTX_cleanup(&ctx_md5);

		/* loop through every byte and compare it. */
		for (count = 0; count < (strlen((char *)secret_name) / 2); count++) {

			/* check if our hex value matches the hash byte. (this isn't the fastest way, but hash is everytime 16 byte) */
			if (pppd__htoi(secret_name[2 * count]) * 16 + pppd__htoi(secret_name[2 * count + 1]) != passwd_md5[count]) {

				/* clear the memory with the hash, so nobody is able to dump it. */
				memset(passwd_md5, 0, sizeof(passwd_md5));

				/* return with error and terminate link. */
				return PPPD_SQL_ERROR_PASSWORD;
			}
		}

		/* clear the memory with the hash, so nobody is able to dump it. */
		memset(passwd_md5, 0, sizeof(passwd_md5));
	}

	/* check if we use aes block cipher algorithm. */
	if (strcasecmp((char *)encryption, "AES") == 0) {

		/* check if secret from database is shorter than an expected minimum aes size. */
		if (strlen((char *)secret_name) < (((strlen((char *)passwd) / 16) + 1) * 16)) {

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}

		/* check if we have to truncate source pointer. */
		if (strlen((char *)key) < SIZE_AES) {

			/* copy the key to the static buffer. */
			memcpy(passwd_key, key, strlen((char *)key));
		} else {

			/* copy the key to the static buffer. */
			memcpy(passwd_key, key, SIZE_AES);
		}

		/* initialize the openssl context. */
		EVP_CIPHER_CTX_init(&ctx_aes);

		/* check if cipher initialization is working. */
		if (EVP_EncryptInit_ex(&ctx_aes, EVP_aes_128_ecb(), NULL, passwd_key, NULL) == 0) {

			/* cleanup cipher context to prevent memory dumping. */
			EVP_CIPHER_CTX_cleanup(&ctx_aes);

			/* clear the memory with the aes key, so nobody is able to dump it. */
			memset(passwd_key, 0, sizeof(passwd_key));

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}

		/* encrypt the input buffer. */
		if (EVP_EncryptUpdate(&ctx_aes, passwd_aes, &passwd_size, passwd, strlen((char *)passwd)) == 0) {

			/* cleanup cipher context to prevent memory dumping. */
			EVP_CIPHER_CTX_cleanup(&ctx_aes);

			/* clear the memory with the aes key and buffer, so nobody is able to dump it. */
			memset(passwd_aes, 0, sizeof(passwd_aes));
			memset(passwd_key, 0, sizeof(passwd_key));

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}

		/* encrypt the last block from input buffer. */
		if (EVP_EncryptFinal_ex(&ctx_aes, passwd_aes + passwd_size, &temp_size) == 0) {

			/* cleanup cipher context to prevent memory dumping. */
			EVP_CIPHER_CTX_cleanup(&ctx_aes);

			/* clear the memory with the aes key and buffer, so nobody is able to dump it. */
			memset(passwd_aes, 0, sizeof(passwd_aes));
			memset(passwd_key, 0, sizeof(passwd_key));

			/* return with error and terminate link. */
			return PPPD_SQL_ERROR_PASSWORD;
		}

		/* cleanup cipher context to prevent memory dumping. */
		EVP_CIPHER_CTX_cleanup(&ctx_aes);

		/* compute final size. */
		passwd_size += temp_size;

		/* loop through every byte and compare it. */
		for (count = 0; count < (strlen((char *)secret_name) / 2); count++) {

			/* check if our hex value matches the hash byte. (this isn't the fastest way, but okay) */
			if (pppd__htoi(secret_name[2 * count]) * 16 + pppd__htoi(secret_name[2 * count + 1]) != passwd_aes[count]) {

				/* clear the memory with the aes key and buffer, so nobody is able to dump it. */
				memset(passwd_aes, 0, sizeof(passwd_aes));
				memset(passwd_key, 0, sizeof(passwd_key));

				/* return with error and terminate link. */
				return PPPD_SQL_ERROR_PASSWORD;
			}
		}

		/* clear the memory with the aes key and buffer, so nobody is able to dump it. */
		memset(passwd_aes, 0, sizeof(passwd_aes));
		memset(passwd_key, 0, sizeof(passwd_key));
	}

	/* if no error was found, establish link. */
	return 0;
}
Exemple #10
0
char *DES_crypt(const char *buf, const char *salt)
	{
	static char buff[14];

	return(DES_fcrypt(buf,salt,buff));
	}
Exemple #11
0
char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret)
  {
  return DES_fcrypt(buf, salt, ret);
  }