Exemplo n.º 1
0
int GenerateCrypt(char *szUser, 
							 char *szPassword, 
							 char *szChallenge64, 
                                                         long clientinfo,
                                                         long embkey,
							 char *szResult)
{
	unsigned char szDecoded[256];
	unsigned char szKey[256];
	unsigned char szAscii[256];

	unsigned int nDecodedLen;
	long challengetime = 0;
	int nMoveBits;
	long challengetime_new = 0;
	long a, b, c, d;
	unsigned int nKey;
	int nUser;
	unsigned int nEncoded;

	//Base64 解码
	nDecodedLen =  lutil_b64_pton(szChallenge64, szDecoded, 256);
	memcpy(&challengetime, szDecoded + 6, 4);
	
	//取反进行或运算
	challengetime |= ~embkey;

	//得到循环移位位数
	nMoveBits = challengetime % 30;

	//完成32位的循环位移
	a = challengetime << ((32 - nMoveBits) % 32);
	b = challengetime >> (((unsigned int )nMoveBits) % 32);
	c = ~(0xffffffff << ((32 - nMoveBits) % 32));
	d = b & c;
	challengetime_new = a | d;

	//KEY-MD5
	nKey = KeyMD5Encode(szKey, (unsigned char*)szPassword, strlen((char*)szPassword), (unsigned char*)szDecoded, nDecodedLen);
	szKey[nKey] = 0;
	
	nUser = strlen((char *)szUser);
	memcpy(szAscii, szUser, nUser);
	szAscii[nUser] = ' ';
	memcpy(szAscii+nUser+1, &challengetime_new,4);
	memcpy(szAscii+nUser+1+4,&clientinfo,4);
	memcpy(szAscii+nUser+1+4+4, szKey, nKey);
	//base64 编码
	nEncoded =  lutil_b64_ntop((unsigned char *)szAscii, nUser + 1 + 4 + 4 + nKey, szResult, 256);
	return nEncoded;
}
Exemplo n.º 2
0
static int chk_sha512(
	const struct berval *scheme, /* Scheme of hashed reference password */
	const struct berval *passwd, /* Hashed reference password to check against */
	const struct berval *cred, /* user-supplied password to check */
	const char **text )
{
	SHA512_CTX SHAcontext;
	unsigned char SHAdigest[SHA512_DIGEST_LENGTH];
	int rc;
	unsigned char *orig_pass = NULL;
	size_t decode_len = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);

	/* safety check */
	if (decode_len < sizeof(SHAdigest)) {
		return LUTIL_PASSWD_ERR;
	}

	/* base64 un-encode password */
	orig_pass = (unsigned char *) ber_memalloc(decode_len + 1);

	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;

	rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);

	if( rc != sizeof(SHAdigest) ) {
		ber_memfree(orig_pass);
		return LUTIL_PASSWD_ERR;
	}

	/* hash credentials with salt */
	SHA512_Init(&SHAcontext);
	SHA512_Update(&SHAcontext,
		(const unsigned char *) cred->bv_val, cred->bv_len);
	SHA512_Final(SHAdigest, &SHAcontext);

	/* compare */
	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
#ifdef SLAPD_SHA2_DEBUG
	chk_sha_debug(scheme, passwd, cred, (char *)SHAdigest, sizeof(SHAdigest), rc);
#endif
	ber_memfree(orig_pass);
	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
Exemplo n.º 3
0
static int chk_phk(
	const struct berval *magic,
	const struct berval *passwd,
	const struct berval *cred,
	const char **text)
{
	unsigned char digest[LUTIL_MD5_BYTES];
	unsigned char *orig_pass;
	int rc, n;
	struct berval salt;

	/* safety check */
	n = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);
	if (n <= sizeof(digest))
		return LUTIL_PASSWD_ERR;

	/* base64 un-encode password hash */
	orig_pass = (unsigned char *) ber_memalloc((size_t) (n + 1));

	if (orig_pass == NULL)
		return LUTIL_PASSWD_ERR;

	rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);

	if (rc <= (int) sizeof(digest)) {
		ber_memfree(orig_pass);
		return LUTIL_PASSWD_ERR;
	}

	salt.bv_val = (char *) &orig_pass[sizeof(digest)];
	salt.bv_len = rc - sizeof(digest);

	do_phk_hash(cred, magic, &salt, digest);

	if (text)
		*text = NULL;

	/* compare */
	rc = memcmp((char *) orig_pass, (char *) digest, sizeof(digest));
	ber_memfree(orig_pass);
	return rc ?  LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
Exemplo n.º 4
0
/*porting from oms project: parse_url */
BOOL RTSP_Parse_Url(const char *url, char *server, int *port, char *file_name, char *user, char *password)
{
	/* expects format '[rtsp://[user:password@]server[:port]/]filename[?param=encoded_parameters]' */
	/* parameters: username=xxx&password=yyyy&expire=nnnn */

	BOOL ret = FALSE;
	/* copy url */
	*port = RTSP_DEFAULT_SVR_PORT;
	if(user) *user = '******';
	if(password) *password = '******';
	if (strncmp(url, "rtsp://", 7) == 0) 
	{
		char *param;
		char *p1 =(char*)(url+7);
		char *p2 = p1;
		int hasAccount = strchr(url, '@');

		param = strchr(p1, '?');
		if(param) *param = '\0';	//set to '\0' temporarily for convenionce of string operation
		while(*p2 && *p2 != '/')
		{
			if(*p2 == '@')
			{
				if(password) strncpyz(password, p1, p2-p1+1);
				p1 = p2 + 1;
				hasAccount = 0;
			}
			else if(*p2 == ':')
			{
				if(hasAccount)
				{
					if(user) strncpyz(user, p1, p2-p1+1);
					p1 = p2 + 1;
				}
				else
					break;
			}
			p2++;
		}
		strncpy(server, p1, p2-p1);
		server[p2-p1] = '\0';

		if(*p2 == ':') {
			*port = atoi(p2+1);
			while(*p2 && *p2 != '/') p2++;
		}
		strcpy(file_name, p2+1);

		if(param)
		{
			*param++ = '?';	//restore
			if(strncmp("param=", param, 6) == 0)
			{
				char str[128], *usr, *pswd;

				KEYVAL kv[] = {
					{ "username", KEYVALTYPE_POINTER, &usr },
					{ "password", KEYVALTYPE_POINTER, &pswd }
				};
				memset(str, 0, sizeof(str));
				lutil_b64_pton(param+6, str, sizeof(str));
				ParseHttpBody(str, kv, sizeof(kv)/sizeof(KEYVAL), 0);
				if(usr && user) strcpy(user, usr);
				if(pswd && password) strcpy(password, pswd);
			}
		}
		dbg_msg("Parse rtsp usl: %s\nResult: user=%s,password=%s, host=%s, port=%d, path=%s\n", 
						url, user?user:"", password?password:"", server, *port, file_name);

		return TRUE;
	} 
	else 
	{
		/* try just to extract a file name */
		char *token = strtok((char*)url, " \t\n");
		if (token) 
		{
			strcpy(file_name, token);
			server[0] = '\0';
			ret = 0;
		}
	}

	return ret;
}
Exemplo n.º 5
0
int
main( int argc, char **argv )
{
	char		*compdn = NULL, *attrs = NULL;
	char		*sep;
	int		rc;
	LDAP		*ld = NULL;
	struct berval	bvalue = { 0, NULL };
	int		i = 0; 
	LDAPControl	c[1];


	tool_init( TOOL_COMPARE );
	prog = lutil_progname( "ldapcompare", argc, argv );

	tool_args( argc, argv );

	if ( argc - optind != 2 ) {
		usage();
	}

	compdn = argv[optind++];
	attrs = argv[optind++];

	/* user passed in only 2 args, the last one better be in
	 * the form attr:value or attr::b64value
	 */
	sep = strchr(attrs, ':');
	if (!sep) {
		usage();
	}

	*sep++='\0';
	if ( *sep != ':' ) {
		bvalue.bv_val = strdup( sep );
		bvalue.bv_len = strlen( bvalue.bv_val );

	} else {
		/* it's base64 encoded. */
		bvalue.bv_val = malloc( strlen( &sep[1] ));
		bvalue.bv_len = lutil_b64_pton( &sep[1],
			(unsigned char *) bvalue.bv_val, strlen( &sep[1] ));

		if (bvalue.bv_len == (ber_len_t)-1) {
			fprintf(stderr, _("base64 decode error\n"));
			exit(-1);
		}
	}

	ld = tool_conn_setup( 0, 0 );

	tool_bind( ld );

	if ( 0
#ifdef LDAP_CONTROL_DONTUSECOPY
		|| dontUseCopy
#endif
		)
	{
#ifdef LDAP_CONTROL_DONTUSECOPY
		if ( dontUseCopy ) {  
			c[i].ldctl_oid = LDAP_CONTROL_DONTUSECOPY;
			c[i].ldctl_value.bv_val = NULL;
			c[i].ldctl_value.bv_len = 0;
			c[i].ldctl_iscritical = dontUseCopy > 1;
			i++;    
		}
#endif
	}

	tool_server_controls( ld, c, i );

	if ( verbose ) {
		fprintf( stderr, _("DN:%s, attr:%s, value:%s\n"),
			compdn, attrs, sep );
	}

	rc = docompare( ld, compdn, attrs, &bvalue, quiet, NULL, NULL );

	free( bvalue.bv_val );

	tool_exit( ld, rc );
}
Exemplo n.º 6
0
int ExecuteUpdate(PHGlobal *phglobal)
{
    char buffer[1024];

    char username[128] = "";
    char key[128] = "";
    char sendbuffer[256];

    char domains[255][255];
    char regicommand[255];
    int i,len, totaldomains;
    long challengetime = 0;

    char *chatid = NULL;
    char *startid = NULL;
    char *xmldata = NULL;
    int buflen = 0;

    LOG(1) ("ExecuteUpdate Connecting %s.\n",phglobal->szHost);

    if (!phConnect(phglobal->m_tcpsocket, phglobal->szHost,phglobal->nPort,&phglobal->nAddressIndex,phglobal->szTcpConnectAddress))
    {
        LOG(1) ("ExecuteUpdate errorConnectFailed.\n");
        phglobal->nAddressIndex++;
        return errorConnectFailed;
    }
    //////////////////////////////////////////////////////////////////////////
    //Recv server hello string
    memset(buffer, 0, 128);
    len = phReadOneLine(phglobal->m_tcpsocket, buffer,sizeof(buffer));
    if (len <=0 )
    {
        LOG(1) ("ExecuteUpdate Recv server hello string failed.\n");
        phClose(&phglobal->m_tcpsocket);
        phglobal->nAddressIndex++;
        return errorConnectFailed;
    }

    LOG(1) (("SEND AUTH REQUEST COMMAND..."));
    phSend(phglobal->m_tcpsocket, (char*)COMMAND_AUTH,sizeof(COMMAND_AUTH),0);
    LOG(1) (("OK.\n"));

    //////////////////////////////////////////////////////////////////////////
    //Recv server key string
    memset(buffer, 0, 128);
    len = phReadOneLine(phglobal->m_tcpsocket, buffer,sizeof(buffer));
    if (len <=0 )
    {
        LOG(1) (("ExecuteUpdate Recv server key string failed.\n"));
        phClose(&phglobal->m_tcpsocket);
        return errorConnectFailed;
    }
    LOG(1) (("SERVER SIDE KEY \"%s\" RECEIVED.\n"),buffer);

    phglobal->nChallengeLen =  lutil_b64_pton(buffer+4, (unsigned char *)phglobal->szChallenge, 256);


    //////////////////////////////////////////////////////////////////////////
    //////////////////////////////////////////////////////////////////////////
    //////////////////////////////////////////////////////////////////////////
    //Generate encoded auth string
    len = GenerateCrypt(phglobal->szUserID, phglobal->szUserPWD, buffer+4, phglobal->clientinfo, phglobal->challengekey, sendbuffer);
    strcat(sendbuffer, "\r\n");
    //Generate ok.
    //////////////////////////////////////////////////////////////////////////
    //////////////////////////////////////////////////////////////////////////
    //////////////////////////////////////////////////////////////////////////

    //////////////////////////////////////////////////////////////////////////
    //send auth data
    LOG(1) (("SEND AUTH DATA..."));
    phSend(phglobal->m_tcpsocket, sendbuffer,strlen(sendbuffer),0);
    LOG(1) (("OK\n"));

    memset(buffer, 0, 128);
    len = phReadOneLine(phglobal->m_tcpsocket, buffer,sizeof(buffer));
    buffer[3] = 0;

    if (len <=0 )
    {
        LOG(1) (("ExecuteUpdate Recv server auth response failed.\n"));
        phClose(&phglobal->m_tcpsocket);
        //modified skyvense 2005/10/08, for server db conn lost bug
        //return errorAuthFailed;
        return errorConnectFailed;
    }
    if (strcmp(buffer,"250")!=0 && strcmp(buffer,"536")!=0)
    {
        LOG(1) ("CTcpThread::ExecuteUpdate auth failed.\n");
        phClose(&phglobal->m_tcpsocket);

        if (strstr(buffer + 4, "Busy.") != NULL) return errorAuthBusy;
        return errorAuthFailed;
    }
    if (strcmp(buffer,"536") == 0) //find redirected server address, and let us connect again to new server
    {
        char *pos0 = strchr(buffer + 4, '<');
        if (pos0)
        {
            char *pos1 = strchr(pos0 + 1, '>');
            if (pos1)
            {
                *pos1 = '\0';
                strcpy(phglobal->szHost, pos0 + 1);

                phClose(&phglobal->m_tcpsocket);
                return okRedirecting;
            }
        }
        return errorAuthFailed;
    }
    if (strcmp(buffer,"250") == 0) //get user type level, 0(free),1(pro),2(biz)
    {
        char *pos0 = strchr(buffer + 4, '<');
        if (pos0)
        {
            char *pos1 = strchr(pos0 + 1, '>');
            if (pos1)
            {
                *pos1 = '\0';
                phglobal->nUserType = atoi(pos0 + 1);
            }
        }
    }

    //////////////////////////////////////////////////////////////////////////
    //list domains
    for (i=0,totaldomains=0; i<255; i++)
    {
        memset(domains[i], 0, 255);
        phReadOneLine(phglobal->m_tcpsocket, domains[i],255);
        LOG(1) (("ExecuteUpdate domain \"%s\"\n"),domains[i]);
        totaldomains++;
        strcpy(phglobal->szActiveDomains[i],domains[i]);
        if (domains[i][0] == '.') break;
    }
    if (totaldomains<=0)
    {
        LOG(1) (("ExecuteUpdate Domain List Failed.\n"));
        phClose(&phglobal->m_tcpsocket);
        return errorDomainListFailed;
    }

    phglobal->cLastResult = okDomainListed;
    if (phglobal->cbOnStatusChanged) phglobal->cbOnStatusChanged(phglobal->cLastResult, 0);
    //::SendMessage(theApp.m_hWndController,WM_DOMAIN_UPDATEMSG,okDomainListed,(long)domains);
    //////////////////////////////////////////////////////////////////////////
    //send domain regi commands list
    for (i=0;; i++)
    {
        if (domains[i][0] == '.') break;
        memset(regicommand, 0, 128);
        strcpy(regicommand, COMMAND_REGI);
        strcat(regicommand, " ");
        strcat(regicommand, domains[i]);
        strcat(regicommand, "\r\n");
        //printf("%s",regicommand);
        phSend(phglobal->m_tcpsocket,regicommand,strlen(regicommand),0);
    }

    //////////////////////////////////////////////////////////////////////////
    //send confirm
    LOG(1) (("SEND CNFM DATA..."));
    phSend(phglobal->m_tcpsocket,(char*)COMMAND_CNFM,strlen(COMMAND_CNFM),0);
    LOG(1) (("OK\n"));

    for (i=0; i<totaldomains-1; i++)
    {
        memset(buffer, 0, 128);
        len = phReadOneLine(phglobal->m_tcpsocket, buffer,sizeof(buffer));
        if (len <= 0)
        {
            LOG(1) (("ExecuteUpdate Recv server confirm response failed.\n"));
            phClose(&phglobal->m_tcpsocket);
            return errorDomainRegisterFailed;
        }
        LOG(1) (("ExecuteUpdate %s\n"),buffer);
        if (phglobal->cbOnDomainRegistered) phglobal->cbOnDomainRegistered(domains[i]);
    }

    memset(buffer, 0, 128);
    len = phReadOneLine(phglobal->m_tcpsocket, buffer,sizeof(buffer));
    if (len <= 0)
    {
        LOG(1) (("ExecuteUpdate Recv server confirmed chatID response failed.\n"));
        phClose(&phglobal->m_tcpsocket);
        return errorDomainRegisterFailed;
    }
    LOG(1) (("%s\n"),buffer);

    //////////////////////////////////////////////////////////////////////////
    //find chatid & startid
    chatid = buffer + 4;
    startid = NULL;

    for (i=4; i<strlen(buffer); i++)
    {
        if (buffer[i] == ' ')
        {
            buffer[i] = 0;
            startid = buffer + i + 1;
            break;
        }
    }
    phglobal->nChatID = atoi(chatid);
    if (startid) phglobal->nStartID = atoi(startid);
    LOG(1) (("ExecuteUpdate nChatID:%d, nStartID:%d\n"),phglobal->nChatID,phglobal->nStartID);
    //////////////////////////////////////////////////////////////////////////
    //////////////////////////////////////////////////////////////////////////
    //after confirm domain register, we begin to get user information
    phSend(phglobal->m_tcpsocket,(void *)COMMAND_STAT_USER,sizeof(COMMAND_STAT_USER),0);
    memset(buffer, 0, 1024);
    len = phReadOneLine(phglobal->m_tcpsocket, buffer,sizeof(buffer));
    buffer[3] = 0;
    if (len <= 0 || strcmp(buffer,"250")!=0)
    {
        LOG(1) ("CTcpThread::ExecuteUpdate Recv server confirmed stat user response failed.\n");
        phClose(&phglobal->m_tcpsocket);
        return errorStatDetailInfoFailed;
    }

    buflen = MAX_PATH;
    xmldata = (char *)malloc(buflen);
    memset(xmldata, 0, buflen);

    for (;;)
    {
        memset(buffer, 0, 1024);
        len = phReadOneLine(phglobal->m_tcpsocket, buffer,1024);
        if (buffer[0] == '.' || len <= 0) break;
        if (buflen < strlen(xmldata) + len)
        {
            buflen += MAX_PATH;
            xmldata = realloc(xmldata, buflen);
            memset((xmldata + buflen) - MAX_PATH, 0, MAX_PATH);
        }
        strncat(xmldata, buffer, len);
    }
    LOG(1) ("userinfo: \r\n%s\r\n", xmldata);
    if (phglobal->cbOnUserInfo) phglobal->cbOnUserInfo(xmldata, strlen(xmldata));
    free(xmldata);
    buflen = 0;


    phSend(phglobal->m_tcpsocket,(void *)COMMAND_STAT_DOM,sizeof(COMMAND_STAT_DOM),0);
    memset(buffer, 0, 1024);
    len = phReadOneLine(phglobal->m_tcpsocket, buffer,sizeof(buffer));
    buffer[3] = 0;
    if (len <= 0 || strcmp(buffer,"250")!=0)
    {
        LOG(1) ("CTcpThread::ExecuteUpdate Recv server confirmed stat user response failed.\n");
        phClose(&phglobal->m_tcpsocket);
        return errorStatDetailInfoFailed;
    }

    buflen = MAX_PATH;
    xmldata = (char *)malloc(buflen);
    memset(xmldata, 0, buflen);

    for (;;)
    {
        memset(buffer, 0, 1024);
        len = phReadOneLine(phglobal->m_tcpsocket, buffer,1024);
        if (buffer[0] == '.' || len <= 0) break;
        if (buflen < strlen(xmldata) + len)
        {
            buflen += MAX_PATH;
            xmldata = realloc(xmldata, buflen);
            memset((xmldata + buflen) - MAX_PATH, 0, MAX_PATH);
        }
        strncat(xmldata, buffer, len);
    }
    LOG(1) ("domaininfo: \r\n%s\r\n", xmldata);
    if (phglobal->cbOnAccountDomainInfo) phglobal->cbOnAccountDomainInfo(xmldata, strlen(xmldata));
    free(xmldata);
    buflen = 0;

    //////////////////////////////////////////////////////////////////////////
    //good bye!
    LOG(1) (("SEND QUIT COMMAND..."));
    phSend(phglobal->m_tcpsocket,(char*)COMMAND_QUIT,sizeof(COMMAND_QUIT),0);
    LOG(1) (("OK.\n"));

    memset(buffer, 0, 128);
    len = phReadOneLine(phglobal->m_tcpsocket, buffer,sizeof(buffer));
    if (len <= 0)
    {
        LOG(1) (("ExecuteUpdate Recv server goodbye response failed.\n"));
        phClose(&phglobal->m_tcpsocket);
        return okDomainsRegistered;
    }
    LOG(1) (("%s\n"),buffer);
    phClose(&phglobal->m_tcpsocket);
    return okDomainsRegistered;
}
Exemplo n.º 7
0
static int pbkdf2_check(
	const struct berval *scheme,
	const struct berval *passwd,
	const struct berval *cred,
	const char **text)
{
	int rc;
	int iteration;

	/* salt_value require PBKDF2_SALT_SIZE + 1 in lutil_b64_pton. */
	unsigned char salt_value[PBKDF2_SALT_SIZE + 1];
	char salt_b64[LUTIL_BASE64_ENCODE_LEN(PBKDF2_SALT_SIZE) + 1];
	/* dk_value require PBKDF2_MAX_DK_SIZE + 1 in lutil_b64_pton. */
	unsigned char dk_value[PBKDF2_MAX_DK_SIZE + 1];
	char dk_b64[LUTIL_BASE64_ENCODE_LEN(PBKDF2_MAX_DK_SIZE) + 1];
	unsigned char input_dk_value[PBKDF2_MAX_DK_SIZE];
	size_t dk_len;
#ifdef HAVE_OPENSSL
	const EVP_MD *md;
#elif HAVE_GNUTLS
	struct hmac_sha1_ctx sha1_ctx;
	struct hmac_sha256_ctx sha256_ctx;
	struct hmac_sha512_ctx sha512_ctx;
	void * current_ctx = NULL;
	pbkdf2_hmac_update current_hmac_update = NULL;
	pbkdf2_hmac_digest current_hmac_digest = NULL;
#endif

#ifdef SLAPD_PBKDF2_DEBUG
	printf("Checking for %s\n", scheme->bv_val);
	printf("  Stored Value:\t%s\n", passwd->bv_val);
	printf("  Input Cred:\t%s\n", cred->bv_val);
#endif

#ifdef HAVE_OPENSSL
	if(!ber_bvcmp(scheme, &pbkdf2_scheme)){
		dk_len = PBKDF2_SHA1_DK_SIZE;
		md = EVP_sha1();
	}else if(!ber_bvcmp(scheme, &pbkdf2_sha1_scheme)){
		dk_len = PBKDF2_SHA1_DK_SIZE;
		md = EVP_sha1();
	}else if(!ber_bvcmp(scheme, &pbkdf2_sha256_scheme)){
		dk_len = PBKDF2_SHA256_DK_SIZE;
		md = EVP_sha256();
	}else if(!ber_bvcmp(scheme, &pbkdf2_sha512_scheme)){
		dk_len = PBKDF2_SHA512_DK_SIZE;
		md = EVP_sha512();
	}else{
		return LUTIL_PASSWD_ERR;
	}
#elif HAVE_GNUTLS
	if(!ber_bvcmp(scheme, &pbkdf2_scheme)){
		dk_len = PBKDF2_SHA1_DK_SIZE;
		current_ctx = &sha1_ctx;
		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha1_update;
		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha1_digest;
		hmac_sha1_set_key(current_ctx, cred->bv_len, (const uint8_t *) cred->bv_val);
	}else if(!ber_bvcmp(scheme, &pbkdf2_sha1_scheme)){
		dk_len = PBKDF2_SHA1_DK_SIZE;
		current_ctx = &sha1_ctx;
		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha1_update;
		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha1_digest;
		hmac_sha1_set_key(current_ctx, cred->bv_len, (const uint8_t *) cred->bv_val);
	}else if(!ber_bvcmp(scheme, &pbkdf2_sha256_scheme)){
		dk_len = PBKDF2_SHA256_DK_SIZE;
		current_ctx = &sha256_ctx;
		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha256_update;
		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha256_digest;
		hmac_sha256_set_key(current_ctx, cred->bv_len, (const uint8_t *) cred->bv_val);
	}else if(!ber_bvcmp(scheme, &pbkdf2_sha512_scheme)){
		dk_len = PBKDF2_SHA512_DK_SIZE;
		current_ctx = &sha512_ctx;
		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha512_update;
		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha512_digest;
		hmac_sha512_set_key(current_ctx, cred->bv_len, (const uint8_t *) cred->bv_val);
	}else{
		return LUTIL_PASSWD_ERR;
	}
#endif

	iteration = atoi(passwd->bv_val);
	if(iteration < 1){
		return LUTIL_PASSWD_ERR;
	}

	char *ptr;
	ptr = strchr(passwd->bv_val, '$');
	if(!ptr){
		return LUTIL_PASSWD_ERR;
	}
	ptr++; /* skip '$' */
	rc = ab64_to_b64(ptr, salt_b64, sizeof(salt_b64));
	if(rc < 0){
		return LUTIL_PASSWD_ERR;
	}

	ptr = strchr(ptr, '$');
	if(!ptr){
		return LUTIL_PASSWD_ERR;
	}
	ptr++; /* skip '$' */
	rc = ab64_to_b64(ptr, dk_b64, sizeof(dk_b64));
	if(rc < 0){
		return LUTIL_PASSWD_ERR;
	}

	/* The targetsize require PBKDF2_SALT_SIZE + 1 in lutil_b64_pton. */
	rc = lutil_b64_pton(salt_b64, salt_value, PBKDF2_SALT_SIZE + 1);
	if(rc < 0){
		return LUTIL_PASSWD_ERR;
	}

	/* consistency check */
	if(rc != PBKDF2_SALT_SIZE){
		return LUTIL_PASSWD_ERR;
	}

	/* The targetsize require PBKDF2_MAX_DK_SIZE + 1 in lutil_b64_pton. */
	rc = lutil_b64_pton(dk_b64, dk_value, sizeof(dk_value));
	if(rc < 0){
		return LUTIL_PASSWD_ERR;
	}

	/* consistency check */
	if(rc != dk_len){
		return LUTIL_PASSWD_ERR;
	}

#ifdef HAVE_OPENSSL
	if(!PKCS5_PBKDF2_HMAC(cred->bv_val, cred->bv_len,
						  salt_value, PBKDF2_SALT_SIZE,
						  iteration, md, dk_len, input_dk_value)){
		return LUTIL_PASSWD_ERR;
	}
#elif HAVE_GNUTLS
	PBKDF2(current_ctx, current_hmac_update, current_hmac_digest,
						  dk_len, iteration,
						  PBKDF2_SALT_SIZE, salt_value,
						  dk_len, input_dk_value);
#endif

	rc = memcmp(dk_value, input_dk_value, dk_len);
#ifdef SLAPD_PBKDF2_DEBUG
	printf("  Iteration:\t%d\n", iteration);
	printf("  Base64 Salt:\t%s\n", salt_b64);
	printf("  Base64 DK:\t%s\n", dk_b64);
	int i;
	printf("  Stored Salt:\t");
	for(i=0; i<PBKDF2_SALT_SIZE; i++){
		printf("%02x", salt_value[i]);
	}
	printf("\n");

	printf("  Stored DK:\t");
	for(i=0; i<dk_len; i++){
		printf("%02x", dk_value[i]);
	}
	printf("\n");

	printf("  Input DK:\t");
	for(i=0; i<dk_len; i++){
		printf("%02x", input_dk_value[i]);
	}
	printf("\n");
	printf("  Result:\t%d\n", rc);
#endif
	return rc?LUTIL_PASSWD_ERR:LUTIL_PASSWD_OK;
}
Exemplo n.º 8
0
static int pbkdf2_check(
	const struct berval *scheme,
	const struct berval *passwd,
	const struct berval *cred,
	const char **text)
{
	int rc;
	int iteration;

	/* salt_value require PBKDF2_SALT_SIZE + 1 in lutil_b64_pton. */
	unsigned char salt_value[PBKDF2_SALT_SIZE + 1];
	char salt_b64[LUTIL_BASE64_ENCODE_LEN(PBKDF2_SALT_SIZE) + 1];
	/* dk_value require PBKDF2_DK_SIZE + 1 in lutil_b64_pton. */
	unsigned char dk_value[PBKDF2_DK_SIZE + 1];
	char dk_b64[LUTIL_BASE64_ENCODE_LEN(PBKDF2_DK_SIZE) + 1];
	unsigned char input_dk_value[PBKDF2_DK_SIZE];

#ifdef SLAPD_PBKDF2_DEBUG
	printf("DEBUG pbkdf2_check()\n");
	printf("  Stored Value:\t%s\n", passwd->bv_val);
	printf("  Input Cred:\t%s\n", cred->bv_val);
#endif

	iteration = atoi(passwd->bv_val);
	if(iteration < 1){
		return LUTIL_PASSWD_ERR;
	}

	char *ptr;
	ptr = strchr(passwd->bv_val, '$');
	if(!ptr){
		return LUTIL_PASSWD_ERR;
	}
	ptr++; /* skip '$' */
	rc = ab64_to_b64(ptr, salt_b64, sizeof(salt_b64));
	if(rc < 0){
		return LUTIL_PASSWD_ERR;
	}

	ptr = strchr(ptr, '$');
	if(!ptr){
		return LUTIL_PASSWD_ERR;
	}
	ptr++; /* skip '$' */
	rc = ab64_to_b64(ptr, dk_b64, sizeof(dk_b64));
	if(rc < 0){
		return LUTIL_PASSWD_ERR;
	}

	/* The targetsize require PBKDF2_SALT_SIZE + 1 in lutil_b64_pton. */
	rc = lutil_b64_pton(salt_b64, salt_value, PBKDF2_SALT_SIZE + 1);
	if(rc < 0){
		return LUTIL_PASSWD_ERR;
	}

	/* consistency check */
	if(rc != PBKDF2_SALT_SIZE){
		return LUTIL_PASSWD_ERR;
	}

	/* The targetsize require PBKDF2_DK_SIZE + 1 in lutil_b64_pton. */
	rc = lutil_b64_pton(dk_b64, dk_value, PBKDF2_DK_SIZE + 1);
	if(rc < 0){
		return LUTIL_PASSWD_ERR;
	}

	/* consistency check */
	if(rc != PBKDF2_DK_SIZE){
		return LUTIL_PASSWD_ERR;
	}

	if(!PKCS5_PBKDF2_HMAC_SHA1(cred->bv_val, cred->bv_len,
							   salt_value, PBKDF2_SALT_SIZE,
							   iteration, PBKDF2_DK_SIZE, input_dk_value)){
		return LUTIL_PASSWD_ERR;
	}

	rc = memcmp(dk_value, input_dk_value, PBKDF2_DK_SIZE);
#ifdef SLAPD_PBKDF2_DEBUG
	printf("  Iteration:\t%d\n", iteration);
	printf("  Base64 Salt:\t%s\n", salt_b64);
	printf("  Base64 DK:\t%s\n", dk_b64);
	int i;
	printf("  Stored Salt:\t");
	for(i=0; i<PBKDF2_SALT_SIZE; i++){
		printf("%02x", salt_value[i]);
	}
	printf("\n");

	printf("  Stored DK:\t");
	for(i=0; i<PBKDF2_DK_SIZE; i++){
		printf("%02x", dk_value[i]);
	}
	printf("\n");

	printf("  Input DK:\t");
	for(i=0; i<PBKDF2_DK_SIZE; i++){
		printf("%02x", input_dk_value[i]);
	}
	printf("\n");
	printf("  Result:\t%d\n", rc);
#endif
	return rc?LUTIL_PASSWD_ERR:LUTIL_PASSWD_OK;
}