| 1 | /* ----------------------------------------------------------------------- * |
|---|
| 2 | * |
|---|
| 3 | * Copyright 2004-2008 H. Peter Anvin - All Rights Reserved |
|---|
| 4 | * |
|---|
| 5 | * This program is free software; you can redistribute it and/or modify |
|---|
| 6 | * it under the terms of the GNU General Public License as published by |
|---|
| 7 | * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, |
|---|
| 8 | * Boston MA 02110-1301, USA; either version 2 of the License, or |
|---|
| 9 | * (at your option) any later version; incorporated herein by reference. |
|---|
| 10 | * |
|---|
| 11 | * ----------------------------------------------------------------------- */ |
|---|
| 12 | |
|---|
| 13 | #include <string.h> |
|---|
| 14 | #include <xcrypt.h> |
|---|
| 15 | #include <sha1.h> |
|---|
| 16 | #include <base64.h> |
|---|
| 17 | |
|---|
| 18 | #include "menu.h" |
|---|
| 19 | |
|---|
| 20 | static int passwd_compare_sha1(const char *passwd, const char *entry) |
|---|
| 21 | { |
|---|
| 22 | struct { |
|---|
| 23 | SHA1_CTX ctx; |
|---|
| 24 | unsigned char sha1[20], pwdsha1[20]; |
|---|
| 25 | } d; |
|---|
| 26 | const char *p; |
|---|
| 27 | int rv; |
|---|
| 28 | |
|---|
| 29 | SHA1Init(&d.ctx); |
|---|
| 30 | |
|---|
| 31 | if ((p = strchr(passwd + 3, '$'))) { |
|---|
| 32 | SHA1Update(&d.ctx, (void *)passwd + 3, p - (passwd + 3)); |
|---|
| 33 | p++; |
|---|
| 34 | } else { |
|---|
| 35 | p = passwd + 3; /* Assume no salt */ |
|---|
| 36 | } |
|---|
| 37 | |
|---|
| 38 | SHA1Update(&d.ctx, (void *)entry, strlen(entry)); |
|---|
| 39 | SHA1Final(d.sha1, &d.ctx); |
|---|
| 40 | |
|---|
| 41 | memset(d.pwdsha1, 0, 20); |
|---|
| 42 | unbase64(d.pwdsha1, 20, p); |
|---|
| 43 | |
|---|
| 44 | rv = !memcmp(d.sha1, d.pwdsha1, 20); |
|---|
| 45 | |
|---|
| 46 | memset(&d, 0, sizeof d); |
|---|
| 47 | return rv; |
|---|
| 48 | } |
|---|
| 49 | |
|---|
| 50 | static int passwd_compare_md5(const char *passwd, const char *entry) |
|---|
| 51 | { |
|---|
| 52 | const char *crypted = crypt_md5(entry, passwd + 3); |
|---|
| 53 | int len = strlen(crypted); |
|---|
| 54 | |
|---|
| 55 | return !strncmp(crypted, passwd, len) && |
|---|
| 56 | (passwd[len] == '\0' || passwd[len] == '$'); |
|---|
| 57 | } |
|---|
| 58 | |
|---|
| 59 | static int passwd_compare_sha256(const char *passwd, const char *entry) |
|---|
| 60 | { |
|---|
| 61 | const char *crypted = sha256_crypt(entry, passwd + 3); |
|---|
| 62 | int len = strlen(crypted); |
|---|
| 63 | |
|---|
| 64 | return !strncmp(crypted, passwd, len) && |
|---|
| 65 | (passwd[len] == '\0' || passwd[len] == '$'); |
|---|
| 66 | } |
|---|
| 67 | |
|---|
| 68 | static int passwd_compare_sha512(const char *passwd, const char *entry) |
|---|
| 69 | { |
|---|
| 70 | const char *crypted = sha512_crypt(entry, passwd + 3); |
|---|
| 71 | int len = strlen(crypted); |
|---|
| 72 | |
|---|
| 73 | return !strncmp(crypted, passwd, len) && |
|---|
| 74 | (passwd[len] == '\0' || passwd[len] == '$'); |
|---|
| 75 | } |
|---|
| 76 | |
|---|
| 77 | int passwd_compare(const char *passwd, const char *entry) |
|---|
| 78 | { |
|---|
| 79 | if (passwd[0] != '$' || !passwd[1] || passwd[2] != '$') { |
|---|
| 80 | /* Plaintext passwd, yuck! */ |
|---|
| 81 | return !strcmp(entry, passwd); |
|---|
| 82 | } else { |
|---|
| 83 | switch (passwd[1]) { |
|---|
| 84 | case '1': |
|---|
| 85 | return passwd_compare_md5(passwd, entry); |
|---|
| 86 | case '4': |
|---|
| 87 | return passwd_compare_sha1(passwd, entry); |
|---|
| 88 | case '5': |
|---|
| 89 | return passwd_compare_sha256(passwd, entry); |
|---|
| 90 | case '6': |
|---|
| 91 | return passwd_compare_sha512(passwd, entry); |
|---|
| 92 | default: |
|---|
| 93 | return 0; /* Unknown encryption algorithm -> false */ |
|---|
| 94 | } |
|---|
| 95 | } |
|---|
| 96 | } |
|---|
