2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 2009-2010 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
16 * This work was initially developed by Jeff Turner for inclusion
17 * in OpenLDAP Software.
22 #include <ac/string.h>
29 #ifdef SLAPD_SHA2_DEBUG
33 char * sha256_hex_hash(const char * passwd) {
36 unsigned char hash[SHA256_DIGEST_LENGTH];
37 static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA256_DIGEST_LENGTH)+1]; // extra char for \0
40 SHA256_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
41 SHA256_Final(hash, &ct);
43 /* base64 encode it */
48 LUTIL_BASE64_ENCODE_LEN(SHA256_DIGEST_LENGTH)+1
55 char * sha384_hex_hash(const char * passwd) {
58 unsigned char hash[SHA384_DIGEST_LENGTH];
59 static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1]; // extra char for \0
62 SHA384_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
63 SHA384_Final(hash, &ct);
65 /* base64 encode it */
70 LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1
76 char * sha512_hex_hash(const char * passwd) {
79 unsigned char hash[SHA512_DIGEST_LENGTH];
80 static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA512_DIGEST_LENGTH)+1]; // extra char for \0
83 SHA512_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
84 SHA512_Final(hash, &ct);
86 /* base64 encode it */
91 LUTIL_BASE64_ENCODE_LEN(SHA512_DIGEST_LENGTH)+1
97 static int chk_sha256(
98 const struct berval *scheme, // Scheme of hashed reference password
99 const struct berval *passwd, // Hashed reference password to check against
100 const struct berval *cred, // user-supplied password to check
103 #ifdef SLAPD_SHA2_DEBUG
104 fprintf(stderr, "Validating password\n");
105 fprintf(stderr, " Password to validate: %s\n", cred->bv_val);
106 fprintf(stderr, " Hashes to: %s\n", sha256_hex_hash(cred->bv_val));
107 fprintf(stderr, " Stored password scheme: %s\n", scheme->bv_val);
108 fprintf(stderr, " Stored password value: %s\n", passwd->bv_val);
109 fprintf(stderr, " -> Passwords %s\n", strcmp(sha256_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
111 return (strcmp(sha256_hex_hash(cred->bv_val), passwd->bv_val));
114 static int chk_sha384(
115 const struct berval *scheme, // Scheme of hashed reference password
116 const struct berval *passwd, // Hashed reference password to check against
117 const struct berval *cred, // user-supplied password to check
120 #ifdef SLAPD_SHA2_DEBUG
121 fprintf(stderr, "Validating password\n");
122 fprintf(stderr, " Password to validate: %s\n", cred->bv_val);
123 fprintf(stderr, " Hashes to: %s\n", sha384_hex_hash(cred->bv_val));
124 fprintf(stderr, " Stored password scheme: %s\n", scheme->bv_val);
125 fprintf(stderr, " Stored password value: %s\n", passwd->bv_val);
126 fprintf(stderr, " -> Passwords %s\n", strcmp(sha384_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
128 return (strcmp(sha384_hex_hash(cred->bv_val), passwd->bv_val));
131 static int chk_sha512(
132 const struct berval *scheme, // Scheme of hashed reference password
133 const struct berval *passwd, // Hashed reference password to check against
134 const struct berval *cred, // user-supplied password to check
137 #ifdef SLAPD_SHA2_DEBUG
138 fprintf(stderr, " Password to validate: %s\n", cred->bv_val);
139 fprintf(stderr, " Hashes to: %s\n", sha512_hex_hash(cred->bv_val));
140 fprintf(stderr, " Stored password scheme: %s\n", scheme->bv_val);
141 fprintf(stderr, " Stored password value: %s\n", passwd->bv_val);
142 fprintf(stderr, " -> Passwords %s\n", strcmp(sha512_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
144 return (strcmp(sha512_hex_hash(cred->bv_val), passwd->bv_val));
147 const struct berval sha256scheme = BER_BVC("{SHA256}");
148 const struct berval sha384scheme = BER_BVC("{SHA384}");
149 const struct berval sha512scheme = BER_BVC("{SHA512}");
151 int init_module(int argc, char *argv[]) {
153 result = lutil_passwd_add( (struct berval *)&sha256scheme, chk_sha256, NULL );
154 if (result != 0) return result;
155 result = lutil_passwd_add( (struct berval *)&sha384scheme, chk_sha384, NULL );
156 if (result != 0) return result;
157 result = lutil_passwd_add( (struct berval *)&sha512scheme, chk_sha512, NULL );