3 #include <lber_pvt.h> // Required for BER_BVC
4 #include <ac/string.h> // Required for BER_BVC dep
7 #include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
8 #include <assert.h> /* assert() */
11 #ifdef SLAPD_SHA2_DEBUG
15 char * sha256_hex_hash(const char * passwd) {
18 unsigned char hash[SHA256_DIGEST_LENGTH];
19 static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA256_DIGEST_LENGTH)+1]; // extra char for \0
22 SHA256_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
23 SHA256_Final(hash, &ct);
25 /* base64 encode it */
30 LUTIL_BASE64_ENCODE_LEN(SHA256_DIGEST_LENGTH)+1
37 char * sha384_hex_hash(const char * passwd) {
40 unsigned char hash[SHA384_DIGEST_LENGTH];
41 static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1]; // extra char for \0
44 SHA384_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
45 SHA384_Final(hash, &ct);
47 /* base64 encode it */
52 LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1
58 char * sha512_hex_hash(const char * passwd) {
61 unsigned char hash[SHA512_DIGEST_LENGTH];
62 static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA512_DIGEST_LENGTH)+1]; // extra char for \0
65 SHA512_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
66 SHA512_Final(hash, &ct);
68 /* base64 encode it */
73 LUTIL_BASE64_ENCODE_LEN(SHA512_DIGEST_LENGTH)+1
79 static int chk_sha256(
80 const struct berval *scheme, // Scheme of hashed reference password
81 const struct berval *passwd, // Hashed reference password to check against
82 const struct berval *cred, // user-supplied password to check
85 #ifdef SLAPD_SHA2_DEBUG
86 fprintf(stderr, "Validating password\n");
87 fprintf(stderr, " Password to validate: %s\n", cred->bv_val);
88 fprintf(stderr, " Hashes to: %s\n", sha256_hex_hash(cred->bv_val));
89 fprintf(stderr, " Stored password scheme: %s\n", scheme->bv_val);
90 fprintf(stderr, " Stored password value: %s\n", passwd->bv_val);
91 fprintf(stderr, " -> Passwords %s\n", strcmp(sha256_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
93 return (strcmp(sha256_hex_hash(cred->bv_val), passwd->bv_val));
96 static int chk_sha384(
97 const struct berval *scheme, // Scheme of hashed reference password
98 const struct berval *passwd, // Hashed reference password to check against
99 const struct berval *cred, // user-supplied password to check
102 #ifdef SLAPD_SHA2_DEBUG
103 fprintf(stderr, "Validating password\n");
104 fprintf(stderr, " Password to validate: %s\n", cred->bv_val);
105 fprintf(stderr, " Hashes to: %s\n", sha384_hex_hash(cred->bv_val));
106 fprintf(stderr, " Stored password scheme: %s\n", scheme->bv_val);
107 fprintf(stderr, " Stored password value: %s\n", passwd->bv_val);
108 fprintf(stderr, " -> Passwords %s\n", strcmp(sha384_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
110 return (strcmp(sha384_hex_hash(cred->bv_val), passwd->bv_val));
113 static int chk_sha512(
114 const struct berval *scheme, // Scheme of hashed reference password
115 const struct berval *passwd, // Hashed reference password to check against
116 const struct berval *cred, // user-supplied password to check
119 #ifdef SLAPD_SHA2_DEBUG
120 fprintf(stderr, " Password to validate: %s\n", cred->bv_val);
121 fprintf(stderr, " Hashes to: %s\n", sha512_hex_hash(cred->bv_val));
122 fprintf(stderr, " Stored password scheme: %s\n", scheme->bv_val);
123 fprintf(stderr, " Stored password value: %s\n", passwd->bv_val);
124 fprintf(stderr, " -> Passwords %s\n", strcmp(sha512_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
126 return (strcmp(sha512_hex_hash(cred->bv_val), passwd->bv_val));
129 const struct berval sha256scheme = BER_BVC("{SHA256}");
130 const struct berval sha384scheme = BER_BVC("{SHA384}");
131 const struct berval sha512scheme = BER_BVC("{SHA512}");
133 int init_module(int argc, char *argv[]) {
135 result = lutil_passwd_add( (struct berval *)&sha256scheme, chk_sha256, NULL );
136 if (result != 0) return result;
137 result = lutil_passwd_add( (struct berval *)&sha384scheme, chk_sha384, NULL );
138 if (result != 0) return result;
139 result = lutil_passwd_add( (struct berval *)&sha512scheme, chk_sha512, NULL );