2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 2009 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
17 #include <lber_pvt.h> // Required for BER_BVC
18 #include <ac/string.h> // Required for BER_BVC dep
21 #include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
22 #include <assert.h> /* assert() */
25 #ifdef SLAPD_SHA2_DEBUG
29 char * sha256_hex_hash(const char * passwd) {
32 unsigned char hash[SHA256_DIGEST_LENGTH];
33 static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA256_DIGEST_LENGTH)+1]; // extra char for \0
36 SHA256_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
37 SHA256_Final(hash, &ct);
39 /* base64 encode it */
44 LUTIL_BASE64_ENCODE_LEN(SHA256_DIGEST_LENGTH)+1
51 char * sha384_hex_hash(const char * passwd) {
54 unsigned char hash[SHA384_DIGEST_LENGTH];
55 static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1]; // extra char for \0
58 SHA384_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
59 SHA384_Final(hash, &ct);
61 /* base64 encode it */
66 LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1
72 char * sha512_hex_hash(const char * passwd) {
75 unsigned char hash[SHA512_DIGEST_LENGTH];
76 static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA512_DIGEST_LENGTH)+1]; // extra char for \0
79 SHA512_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
80 SHA512_Final(hash, &ct);
82 /* base64 encode it */
87 LUTIL_BASE64_ENCODE_LEN(SHA512_DIGEST_LENGTH)+1
93 static int chk_sha256(
94 const struct berval *scheme, // Scheme of hashed reference password
95 const struct berval *passwd, // Hashed reference password to check against
96 const struct berval *cred, // user-supplied password to check
99 #ifdef SLAPD_SHA2_DEBUG
100 fprintf(stderr, "Validating password\n");
101 fprintf(stderr, " Password to validate: %s\n", cred->bv_val);
102 fprintf(stderr, " Hashes to: %s\n", sha256_hex_hash(cred->bv_val));
103 fprintf(stderr, " Stored password scheme: %s\n", scheme->bv_val);
104 fprintf(stderr, " Stored password value: %s\n", passwd->bv_val);
105 fprintf(stderr, " -> Passwords %s\n", strcmp(sha256_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
107 return (strcmp(sha256_hex_hash(cred->bv_val), passwd->bv_val));
110 static int chk_sha384(
111 const struct berval *scheme, // Scheme of hashed reference password
112 const struct berval *passwd, // Hashed reference password to check against
113 const struct berval *cred, // user-supplied password to check
116 #ifdef SLAPD_SHA2_DEBUG
117 fprintf(stderr, "Validating password\n");
118 fprintf(stderr, " Password to validate: %s\n", cred->bv_val);
119 fprintf(stderr, " Hashes to: %s\n", sha384_hex_hash(cred->bv_val));
120 fprintf(stderr, " Stored password scheme: %s\n", scheme->bv_val);
121 fprintf(stderr, " Stored password value: %s\n", passwd->bv_val);
122 fprintf(stderr, " -> Passwords %s\n", strcmp(sha384_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
124 return (strcmp(sha384_hex_hash(cred->bv_val), passwd->bv_val));
127 static int chk_sha512(
128 const struct berval *scheme, // Scheme of hashed reference password
129 const struct berval *passwd, // Hashed reference password to check against
130 const struct berval *cred, // user-supplied password to check
133 #ifdef SLAPD_SHA2_DEBUG
134 fprintf(stderr, " Password to validate: %s\n", cred->bv_val);
135 fprintf(stderr, " Hashes to: %s\n", sha512_hex_hash(cred->bv_val));
136 fprintf(stderr, " Stored password scheme: %s\n", scheme->bv_val);
137 fprintf(stderr, " Stored password value: %s\n", passwd->bv_val);
138 fprintf(stderr, " -> Passwords %s\n", strcmp(sha512_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
140 return (strcmp(sha512_hex_hash(cred->bv_val), passwd->bv_val));
143 const struct berval sha256scheme = BER_BVC("{SHA256}");
144 const struct berval sha384scheme = BER_BVC("{SHA384}");
145 const struct berval sha512scheme = BER_BVC("{SHA512}");
147 int init_module(int argc, char *argv[]) {
149 result = lutil_passwd_add( (struct berval *)&sha256scheme, chk_sha256, NULL );
150 if (result != 0) return result;
151 result = lutil_passwd_add( (struct berval *)&sha384scheme, chk_sha384, NULL );
152 if (result != 0) return result;
153 result = lutil_passwd_add( (struct berval *)&sha512scheme, chk_sha512, NULL );