password generation tool and additional hashes (was: [Dovecot] weakness in hash salt generation)
Joshua Goodall
joshua at roughtrade.net
Sun Jul 25 15:40:29 EEST 2004
On Sat, Jul 24, 2004 at 11:49:12AM +1000, Joshua Goodall wrote:
> On Fri, Jul 23, 2004 at 09:06:05PM +0300, Timo Sirainen wrote:
> > So it seems. But how did you notice it? I don't think those functions
> > are ever called by Dovecot itself? They're there just in case some day
> > they would be useful..
>
> They're useful now. Reason attached, a first draft of dovecotpw.c.
> Only tested on FreeBSD 5-CURRENT.
I fleshed this out a bit. OK, a lot, because this was done to improve
interoperability with OpenLDAP. The attached diff:
* Provides two new schemes, {SMD5} and {SSHA} (salted strong password
hashes, both available in OpenLDAP);
* Supports the {MD5} that OpenLDAP uses (which is actually more like
the unsalted {PLAIN-MD5} only base64-encoded;
* Provides a BSD-licensed (non-advertising clause) SHA implementation
so you don't have to rely on openssl for {SHA};
* Adds a password generation tool that hooks directly into Dovecot's
password scheme code:
usage: dovecotpw [-l] [-p plaintext] [-s scheme] [-u user] [-V]
-l List known password schemes
-p plaintext New password
-s scheme Password scheme
-u user Username (if scheme uses it)
-V Internally verify the hash
I originally wrote this for production of HMAC-MD5 contexts to
support CRAM-MD5, and just generalised it.
Diff against cvs HEAD attached. Tested on FreeBSD 5-CURRENT and
Debian GNU/Linux (unstable), both only on i386. You'll need to
rerun automake & autoconf after patching.
- Joshua
-------------- next part --------------
diff -ruN --exclude-from=diffignore dovecot/configure.in dovecot-xtrahash/configure.in
--- dovecot/configure.in Sun Jul 25 17:56:23 2004
+++ dovecot-xtrahash/configure.in Sun Jul 25 16:16:14 2004
@@ -588,13 +588,6 @@
fi
AC_SUBST(RAND_LIBS)
-AC_CHECK_LIB(crypto, SHA1_Init, [
- AC_CHECK_HEADER(openssl/sha.h, [
- AC_DEFINE(HAVE_OPENSSL_SHA1,, Define if you have SHA1 in OpenSSL)
- AUTH_LIBS=-lcrypto
- ])
-])
-
dnl * do we have tm_gmtoff
AC_MSG_CHECKING([for tm_gmtoff])
AC_CACHE_VAL(i_cv_field_tm_gmtoff,
diff -ruN --exclude-from=diffignore dovecot/src/auth/passdb.c dovecot-xtrahash/src/auth/passdb.c
--- dovecot/src/auth/passdb.c Thu Jun 24 03:47:06 2004
+++ dovecot-xtrahash/src/auth/passdb.c Sun Jul 25 12:14:05 2004
@@ -52,7 +52,8 @@
if (password != NULL) {
wanted_scheme = passdb_credentials_to_str(credentials);
if (strcasecmp(scheme, wanted_scheme) != 0) {
- if (strcasecmp(scheme, "PLAIN") == 0) {
+ if (strcasecmp(scheme, "PLAIN") == 0
+ || strcasecmp(scheme, "CLEARTEXT") == 0) {
/* we can generate anything out of plaintext
passwords */
password = password_generate(password, user,
diff -ruN --exclude-from=diffignore dovecot/src/auth/password-scheme.c dovecot-xtrahash/src/auth/password-scheme.c
--- dovecot/src/auth/password-scheme.c Sat Jul 24 04:07:14 2004
+++ dovecot-xtrahash/src/auth/password-scheme.c Sun Jul 25 12:02:32 2004
@@ -8,13 +8,10 @@
#include "module-dir.h"
#include "mycrypt.h"
#include "randgen.h"
+#include "sha1.h"
#include "str.h"
#include "password-scheme.h"
-#ifdef HAVE_OPENSSL_SHA1
-# include <openssl/sha.h>
-#endif
-
static const char salt_chars[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
@@ -40,6 +37,19 @@
return -1;
}
+const char *password_list_schemes(const struct password_scheme **listptr)
+{
+ if (*listptr == NULL)
+ *listptr = schemes;
+
+ if ((*listptr)->name == NULL) {
+ *listptr = NULL;
+ return NULL;
+ }
+
+ return (*listptr)++->name;
+}
+
const char *password_get_scheme(const char **password)
{
const char *p, *scheme;
@@ -68,6 +78,14 @@
scheme = t_strdup_until(*password + 1, p);
*password = p + 1;
+
+ /* LDAP's RFC2307 specifies the MD5 scheme for what we call PLAIN-MD5,
+ * only base64-encoded rather than hex-encoded.
+ * We can detect this case - base64 doesn't use '$'. */
+ if (strncasecmp(scheme, "MD5", 3) == 0
+ && strncmp(*password, "$1$", 3) != 0) {
+ scheme = "LDAP-MD5";
+ }
return scheme;
}
@@ -124,20 +142,146 @@
return password_generate_md5_crypt(plaintext, salt);
}
-#ifdef HAVE_OPENSSL_SHA1
-static int sha_verify(const char *plaintext, const char *password,
+static const char *sha1_generate(const char *plaintext,
+ const char *user __attr_unused__)
+{
+ unsigned char digest[SHA1_RESULTLEN];
+ string_t *str;
+
+ sha1_get_digest(plaintext, strlen(plaintext), digest);
+ str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(digest)+1));
+ base64_encode(digest, sizeof(digest), str);
+ return str_c(str);
+}
+
+static int sha1_verify(const char *plaintext, const char *password,
const char *user __attr_unused__)
{
- unsigned char digest[SHA_DIGEST_LENGTH];
+ unsigned char sha1_digest[SHA1_RESULTLEN];
+ const char *data;
+ buffer_t *buf;
+ size_t size;
+
+ sha1_get_digest(plaintext, strlen(plaintext), sha1_digest);
+
+ buf = buffer_create_static(pool_datastack_create(),
+ MAX_BASE64_DECODED_SIZE(strlen(password)+1));
+
+ if (base64_decode(password, strlen(password), NULL, buf) == 1) {
+ data = buffer_get_data(buf, &size);
+ if (size < SHA1_RESULTLEN) {
+ i_error("sha1_verify(%s): invalid SHA base64 decode", user);
+ return 0;
+ }
+
+ return memcmp(sha1_digest, data, SHA1_RESULTLEN) == 0;
+ } else {
+ i_error("sha1_verify(%s): failed decoding SHA base64", user);
+ return 0;
+ }
+}
+
+static const char *ssha_generate(const char *plaintext,
+ const char *user __attr_unused__)
+{
+ unsigned char ssha_digest[SHA1_RESULTLEN+4];
+ unsigned char *salt = &ssha_digest[SHA1_RESULTLEN];
+ struct sha1_ctxt ctx;
string_t *str;
- SHA1(plaintext, strlen(plaintext), digest);
+ random_fill(salt, 4);
- str = t_str_new(64);
- base64_encode(digest, sizeof(digest), str);
- return strcasecmp(str_c(str), password) == 0;
+ sha1_init(&ctx);
+ sha1_loop(&ctx, plaintext, strlen(plaintext));
+ sha1_loop(&ctx, salt, 4);
+ sha1_result(&ctx, ssha_digest);
+
+ str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(ssha_digest))+1);
+ base64_encode(ssha_digest, sizeof(ssha_digest), str);
+ return str_c(str);
+}
+
+static int ssha_verify(const char *plaintext, const char *password,
+ const char *user __attr_unused__)
+{
+ unsigned char sha1_digest[SHA1_RESULTLEN];
+ buffer_t *buf;
+ const char *data;
+ size_t size;
+ struct sha1_ctxt ctx;
+
+ /* format: base64-encoded MD5 hash and salt */
+ buf = buffer_create_static(pool_datastack_create(),
+ MAX_BASE64_DECODED_SIZE(strlen(password)+1));
+
+ if (base64_decode(password, strlen(password), NULL, buf) == 1) {
+ data = buffer_get_data(buf, &size);
+ if (size <= SHA1_RESULTLEN) {
+ i_error("ssha_verify(%s): invalid SSHA base64 decode", user);
+ return 0;
+ }
+
+ sha1_init(&ctx);
+ sha1_loop(&ctx, plaintext, strlen(plaintext));
+ sha1_loop(&ctx, &data[SHA1_RESULTLEN], size-SHA1_RESULTLEN);
+ sha1_result(&ctx, sha1_digest);
+ return memcmp(sha1_digest, data, SHA1_RESULTLEN) == 0;
+ } else {
+ i_error("ssha_verify(%s): failed decoding SSHA base64", user);
+ return 0;
+ }
+}
+
+static const char *smd5_generate(const char *plaintext,
+ const char *user __attr_unused__)
+{
+ unsigned char smd5_digest[20];
+ unsigned char *salt = &smd5_digest[16];
+ struct md5_context ctx;
+ string_t *str;
+
+ random_fill(salt, 4);
+
+ md5_init(&ctx);
+ md5_update(&ctx, plaintext, strlen(plaintext));
+ md5_update(&ctx, salt, 4);
+ md5_final(&ctx, smd5_digest);
+
+ str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(smd5_digest))+1);
+ base64_encode(smd5_digest, sizeof(smd5_digest), str);
+ return str_c(str);
+}
+
+static int smd5_verify(const char *plaintext, const char *password,
+ const char *user __attr_unused__)
+{
+ unsigned char md5_digest[16];
+ buffer_t *buf;
+ const char *data;
+ size_t size;
+ struct md5_context ctx;
+
+ /* format: base64-encoded MD5 hash and salt */
+ buf = buffer_create_static(pool_datastack_create(),
+ MAX_BASE64_DECODED_SIZE(strlen(password)+1));
+
+ if (base64_decode(password, strlen(password), NULL, buf) == 1) {
+ data = buffer_get_data(buf, &size);
+ if (size <= 16) {
+ i_error("smd5_verify(%s): invalid SMD5 base64 decode", user);
+ return 0;
+ }
+
+ md5_init(&ctx);
+ md5_update(&ctx, plaintext, strlen(plaintext));
+ md5_update(&ctx, &data[16], size-16);
+ md5_final(&ctx, md5_digest);
+ return memcmp(md5_digest, data, 16) == 0;
+ } else {
+ i_error("smd5_verify(%s): failed decoding SMD5 base64", user);
+ return 0;
+ }
}
-#endif
static int plain_verify(const char *plaintext, const char *password,
const char *user __attr_unused__)
@@ -216,17 +360,58 @@
return binary_to_hex(digest, sizeof(digest));
}
+static const char *ldap_md5_generate(const char *plaintext,
+ const char *user __attr_unused__)
+{
+ unsigned char digest[16];
+ string_t *str;
+
+ md5_get_digest(plaintext, strlen(plaintext), digest);
+ str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(digest)+1));
+ base64_encode(digest, sizeof(digest), str);
+ return str_c(str);
+}
+
+static int ldap_md5_verify(const char *plaintext, const char *password,
+ const char *user __attr_unused__)
+{
+ unsigned char md5_digest[16];
+ buffer_t *buf;
+ const char *data;
+ size_t size;
+
+ md5_get_digest(plaintext, strlen(plaintext), md5_digest);
+
+ buf = buffer_create_static(pool_datastack_create(),
+ MAX_BASE64_DECODED_SIZE(strlen(password)+1));
+
+ if (base64_decode(password, strlen(password), NULL, buf) == 1) {
+ data = buffer_get_data(buf, &size);
+ if (size != 16) {
+ i_error("ldap_md5_verify(%s): invalid MD5 base64 decode", user);
+ return 0;
+ }
+
+ return memcmp(md5_digest, data, 16) == 0;
+ } else {
+ i_error("ldap_md5_verify(%s): failed decoding MD5 base64", user);
+ return 0;
+ }
+}
+
static const struct password_scheme default_schemes[] = {
{ "CRYPT", crypt_verify, crypt_generate },
{ "MD5", md5_verify, md5_generate },
-#ifdef HAVE_OPENSSL_SHA1
- { "SHA", sha_verify, NULL },
- { "SHA1", sha_verify, NULL },
-#endif
+ { "SHA", sha1_verify, sha1_generate },
+ { "SHA1", sha1_verify, sha1_generate },
+ { "SMD5", smd5_verify, smd5_generate },
+ { "SSHA", ssha_verify, ssha_generate },
{ "PLAIN", plain_verify, plain_generate },
+ { "CLEARTEXT", plain_verify, plain_generate },
{ "HMAC-MD5", hmac_md5_verify, hmac_md5_generate },
{ "DIGEST-MD5", digest_md5_verify, digest_md5_generate },
{ "PLAIN-MD5", plain_md5_verify, plain_md5_generate },
+ { "LDAP-MD5", ldap_md5_verify, ldap_md5_generate },
{ NULL, NULL, NULL }
};
diff -ruN --exclude-from=diffignore dovecot/src/auth/password-scheme.h dovecot-xtrahash/src/auth/password-scheme.h
--- dovecot/src/auth/password-scheme.h Sun May 30 13:57:15 2004
+++ dovecot-xtrahash/src/auth/password-scheme.h Sun Jul 25 16:15:41 2004
@@ -21,6 +21,9 @@
const char *password_generate(const char *plaintext, const char *user,
const char *scheme);
+/* Iterate through the list of password schemes, returning names */
+const char *password_list_schemes(const struct password_scheme **listptr);
+
void password_schemes_init(void);
void password_schemes_deinit(void);
diff -ruN --exclude-from=diffignore dovecot/src/lib/Makefile.am dovecot-xtrahash/src/lib/Makefile.am
--- dovecot/src/lib/Makefile.am Wed Apr 28 06:25:52 2004
+++ dovecot-xtrahash/src/lib/Makefile.am Sat Jul 24 20:59:55 2004
@@ -54,6 +54,7 @@
safe-memset.c \
safe-mkdir.c \
sendfile-util.c \
+ sha1.c \
str.c \
strescape.c \
strfuncs.c \
@@ -109,6 +110,7 @@
safe-memset.h \
safe-mkdir.h \
sendfile-util.h \
+ sha1.h \
str.h \
strescape.h \
strfuncs.h \
diff -ruN --exclude-from=diffignore dovecot/src/lib/sha1.c dovecot-xtrahash/src/lib/sha1.c
--- dovecot/src/lib/sha1.c Thu Jan 1 10:00:00 1970
+++ dovecot-xtrahash/src/lib/sha1.c Sat Jul 24 21:28:32 2004
@@ -0,0 +1,286 @@
+/* $KAME: sha1.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
+ * based on: http://csrc.nist.gov/fips/fip180-1.txt
+ * implemented by Jun-ichiro itojun Itoh <itojun at itojun.org>
+ */
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <string.h>
+
+#include "sha1.h"
+#include "safe-memset.h"
+
+/* sanity check */
+#if BYTE_ORDER != BIG_ENDIAN
+# if BYTE_ORDER != LITTLE_ENDIAN
+# define unsupported 1
+# endif
+#endif
+
+#ifndef unsupported
+
+/* constant table */
+static u_int32_t _K[] = { 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 };
+#define K(t) _K[(t) / 20]
+
+#define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d)))
+#define F1(b, c, d) (((b) ^ (c)) ^ (d))
+#define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
+#define F3(b, c, d) (((b) ^ (c)) ^ (d))
+
+#define S(n, x) (((x) << (n)) | ((x) >> (32 - n)))
+
+#define H(n) (ctxt->h.b32[(n)])
+#define COUNT (ctxt->count)
+#define BCOUNT (ctxt->c.b64[0] / 8)
+#define W(n) (ctxt->m.b32[(n)])
+
+#define PUTBYTE(x) { \
+ ctxt->m.b8[(COUNT % 64)] = (x); \
+ COUNT++; \
+ COUNT %= 64; \
+ ctxt->c.b64[0] += 8; \
+ if (COUNT % 64 == 0) \
+ sha1_step(ctxt); \
+ }
+
+#define PUTPAD(x) { \
+ ctxt->m.b8[(COUNT % 64)] = (x); \
+ COUNT++; \
+ COUNT %= 64; \
+ if (COUNT % 64 == 0) \
+ sha1_step(ctxt); \
+ }
+
+static void sha1_step(struct sha1_ctxt *);
+
+static void
+sha1_step(ctxt)
+ struct sha1_ctxt *ctxt;
+{
+ u_int32_t a, b, c, d, e;
+ size_t t, s;
+ u_int32_t tmp;
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+ struct sha1_ctxt tctxt;
+ memmove(&tctxt.m.b8[0], &ctxt->m.b8[0], 64);
+ ctxt->m.b8[0] = tctxt.m.b8[3]; ctxt->m.b8[1] = tctxt.m.b8[2];
+ ctxt->m.b8[2] = tctxt.m.b8[1]; ctxt->m.b8[3] = tctxt.m.b8[0];
+ ctxt->m.b8[4] = tctxt.m.b8[7]; ctxt->m.b8[5] = tctxt.m.b8[6];
+ ctxt->m.b8[6] = tctxt.m.b8[5]; ctxt->m.b8[7] = tctxt.m.b8[4];
+ ctxt->m.b8[8] = tctxt.m.b8[11]; ctxt->m.b8[9] = tctxt.m.b8[10];
+ ctxt->m.b8[10] = tctxt.m.b8[9]; ctxt->m.b8[11] = tctxt.m.b8[8];
+ ctxt->m.b8[12] = tctxt.m.b8[15]; ctxt->m.b8[13] = tctxt.m.b8[14];
+ ctxt->m.b8[14] = tctxt.m.b8[13]; ctxt->m.b8[15] = tctxt.m.b8[12];
+ ctxt->m.b8[16] = tctxt.m.b8[19]; ctxt->m.b8[17] = tctxt.m.b8[18];
+ ctxt->m.b8[18] = tctxt.m.b8[17]; ctxt->m.b8[19] = tctxt.m.b8[16];
+ ctxt->m.b8[20] = tctxt.m.b8[23]; ctxt->m.b8[21] = tctxt.m.b8[22];
+ ctxt->m.b8[22] = tctxt.m.b8[21]; ctxt->m.b8[23] = tctxt.m.b8[20];
+ ctxt->m.b8[24] = tctxt.m.b8[27]; ctxt->m.b8[25] = tctxt.m.b8[26];
+ ctxt->m.b8[26] = tctxt.m.b8[25]; ctxt->m.b8[27] = tctxt.m.b8[24];
+ ctxt->m.b8[28] = tctxt.m.b8[31]; ctxt->m.b8[29] = tctxt.m.b8[30];
+ ctxt->m.b8[30] = tctxt.m.b8[29]; ctxt->m.b8[31] = tctxt.m.b8[28];
+ ctxt->m.b8[32] = tctxt.m.b8[35]; ctxt->m.b8[33] = tctxt.m.b8[34];
+ ctxt->m.b8[34] = tctxt.m.b8[33]; ctxt->m.b8[35] = tctxt.m.b8[32];
+ ctxt->m.b8[36] = tctxt.m.b8[39]; ctxt->m.b8[37] = tctxt.m.b8[38];
+ ctxt->m.b8[38] = tctxt.m.b8[37]; ctxt->m.b8[39] = tctxt.m.b8[36];
+ ctxt->m.b8[40] = tctxt.m.b8[43]; ctxt->m.b8[41] = tctxt.m.b8[42];
+ ctxt->m.b8[42] = tctxt.m.b8[41]; ctxt->m.b8[43] = tctxt.m.b8[40];
+ ctxt->m.b8[44] = tctxt.m.b8[47]; ctxt->m.b8[45] = tctxt.m.b8[46];
+ ctxt->m.b8[46] = tctxt.m.b8[45]; ctxt->m.b8[47] = tctxt.m.b8[44];
+ ctxt->m.b8[48] = tctxt.m.b8[51]; ctxt->m.b8[49] = tctxt.m.b8[50];
+ ctxt->m.b8[50] = tctxt.m.b8[49]; ctxt->m.b8[51] = tctxt.m.b8[48];
+ ctxt->m.b8[52] = tctxt.m.b8[55]; ctxt->m.b8[53] = tctxt.m.b8[54];
+ ctxt->m.b8[54] = tctxt.m.b8[53]; ctxt->m.b8[55] = tctxt.m.b8[52];
+ ctxt->m.b8[56] = tctxt.m.b8[59]; ctxt->m.b8[57] = tctxt.m.b8[58];
+ ctxt->m.b8[58] = tctxt.m.b8[57]; ctxt->m.b8[59] = tctxt.m.b8[56];
+ ctxt->m.b8[60] = tctxt.m.b8[63]; ctxt->m.b8[61] = tctxt.m.b8[62];
+ ctxt->m.b8[62] = tctxt.m.b8[61]; ctxt->m.b8[63] = tctxt.m.b8[60];
+#endif
+
+ a = H(0); b = H(1); c = H(2); d = H(3); e = H(4);
+
+ for (t = 0; t < 20; t++) {
+ s = t & 0x0f;
+ if (t >= 16) {
+ W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
+ }
+ tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t);
+ e = d; d = c; c = S(30, b); b = a; a = tmp;
+ }
+ for (t = 20; t < 40; t++) {
+ s = t & 0x0f;
+ W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
+ tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t);
+ e = d; d = c; c = S(30, b); b = a; a = tmp;
+ }
+ for (t = 40; t < 60; t++) {
+ s = t & 0x0f;
+ W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
+ tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t);
+ e = d; d = c; c = S(30, b); b = a; a = tmp;
+ }
+ for (t = 60; t < 80; t++) {
+ s = t & 0x0f;
+ W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
+ tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t);
+ e = d; d = c; c = S(30, b); b = a; a = tmp;
+ }
+
+ H(0) = H(0) + a;
+ H(1) = H(1) + b;
+ H(2) = H(2) + c;
+ H(3) = H(3) + d;
+ H(4) = H(4) + e;
+
+ memset(&ctxt->m.b8[0], 0, 64);
+}
+
+/*------------------------------------------------------------*/
+
+void
+sha1_init(ctxt)
+ struct sha1_ctxt *ctxt;
+{
+ memset(ctxt, 0, sizeof(struct sha1_ctxt));
+ H(0) = 0x67452301;
+ H(1) = 0xefcdab89;
+ H(2) = 0x98badcfe;
+ H(3) = 0x10325476;
+ H(4) = 0xc3d2e1f0;
+}
+
+void
+sha1_pad(ctxt)
+ struct sha1_ctxt *ctxt;
+{
+ size_t padlen; /*pad length in bytes*/
+ size_t padstart;
+
+ PUTPAD(0x80);
+
+ padstart = COUNT % 64;
+ padlen = 64 - padstart;
+ if (padlen < 8) {
+ memset(&ctxt->m.b8[padstart], 0, padlen);
+ COUNT += padlen;
+ COUNT %= 64;
+ sha1_step(ctxt);
+ padstart = COUNT % 64; /* should be 0 */
+ padlen = 64 - padstart; /* should be 64 */
+ }
+ memset(&ctxt->m.b8[padstart], 0, padlen - 8);
+ COUNT += (padlen - 8);
+ COUNT %= 64;
+#if BYTE_ORDER == BIG_ENDIAN
+ PUTPAD(ctxt->c.b8[0]); PUTPAD(ctxt->c.b8[1]);
+ PUTPAD(ctxt->c.b8[2]); PUTPAD(ctxt->c.b8[3]);
+ PUTPAD(ctxt->c.b8[4]); PUTPAD(ctxt->c.b8[5]);
+ PUTPAD(ctxt->c.b8[6]); PUTPAD(ctxt->c.b8[7]);
+#else
+ PUTPAD(ctxt->c.b8[7]); PUTPAD(ctxt->c.b8[6]);
+ PUTPAD(ctxt->c.b8[5]); PUTPAD(ctxt->c.b8[4]);
+ PUTPAD(ctxt->c.b8[3]); PUTPAD(ctxt->c.b8[2]);
+ PUTPAD(ctxt->c.b8[1]); PUTPAD(ctxt->c.b8[0]);
+#endif
+}
+
+void
+sha1_loop(ctxt, input, len)
+ struct sha1_ctxt *ctxt;
+ const u_int8_t *input;
+ size_t len;
+{
+ size_t gaplen;
+ size_t gapstart;
+ size_t off;
+ size_t copysiz;
+
+ off = 0;
+
+ while (off < len) {
+ gapstart = COUNT % 64;
+ gaplen = 64 - gapstart;
+
+ copysiz = (gaplen < len - off) ? gaplen : len - off;
+ memmove(&ctxt->m.b8[gapstart], &input[off], copysiz);
+ COUNT += copysiz;
+ COUNT %= 64;
+ ctxt->c.b64[0] += copysiz * 8;
+ if (COUNT % 64 == 0)
+ sha1_step(ctxt);
+ off += copysiz;
+ }
+}
+
+void
+sha1_result(ctxt, digest0)
+ struct sha1_ctxt *ctxt;
+ void *digest0;
+{
+ u_int8_t *digest;
+
+ digest = (u_int8_t *)digest0;
+ sha1_pad(ctxt);
+#if BYTE_ORDER == BIG_ENDIAN
+ memmove(digest, &ctxt->h.b8[0], 20);
+#else
+ digest[0] = ctxt->h.b8[3]; digest[1] = ctxt->h.b8[2];
+ digest[2] = ctxt->h.b8[1]; digest[3] = ctxt->h.b8[0];
+ digest[4] = ctxt->h.b8[7]; digest[5] = ctxt->h.b8[6];
+ digest[6] = ctxt->h.b8[5]; digest[7] = ctxt->h.b8[4];
+ digest[8] = ctxt->h.b8[11]; digest[9] = ctxt->h.b8[10];
+ digest[10] = ctxt->h.b8[9]; digest[11] = ctxt->h.b8[8];
+ digest[12] = ctxt->h.b8[15]; digest[13] = ctxt->h.b8[14];
+ digest[14] = ctxt->h.b8[13]; digest[15] = ctxt->h.b8[12];
+ digest[16] = ctxt->h.b8[19]; digest[17] = ctxt->h.b8[18];
+ digest[18] = ctxt->h.b8[17]; digest[19] = ctxt->h.b8[16];
+#endif
+ safe_memset(ctxt, 0, sizeof(struct sha1_ctxt));
+}
+
+void sha1_get_digest(data, size, result)
+ const void *data;
+ size_t size;
+ unsigned char result[SHA1_RESULTLEN];
+{
+ struct sha1_ctxt ctx;
+
+ sha1_init(&ctx);
+ sha1_loop(&ctx, data, size);
+ sha1_result(&ctx, result);
+}
+
+#endif /*unsupported*/
diff -ruN --exclude-from=diffignore dovecot/src/lib/sha1.h dovecot-xtrahash/src/lib/sha1.h
--- dovecot/src/lib/sha1.h Thu Jan 1 10:00:00 1970
+++ dovecot-xtrahash/src/lib/sha1.h Sat Jul 24 21:28:41 2004
@@ -0,0 +1,74 @@
+/* $FreeBSD: src/sys/crypto/sha1.h,v 1.8 2002/03/20 05:13:50 alfred Exp $ */
+/* $KAME: sha1.h,v 1.5 2000/03/27 04:36:23 sumikawa Exp $ */
+
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
+ * based on: http://csrc.nist.gov/fips/fip180-1.txt
+ * implemented by Jun-ichiro itojun Itoh <itojun at itojun.org>
+ */
+
+#ifndef __SHA1_H
+#define __SHA1_H
+
+struct sha1_ctxt {
+ union {
+ u_int8_t b8[20];
+ u_int32_t b32[5];
+ } h;
+ union {
+ u_int8_t b8[8];
+ u_int64_t b64[1];
+ } c;
+ union {
+ u_int8_t b8[64];
+ u_int32_t b32[16];
+ } m;
+ u_int8_t count;
+};
+
+extern void sha1_init(struct sha1_ctxt *);
+extern void sha1_pad(struct sha1_ctxt *);
+extern void sha1_loop(struct sha1_ctxt *, const u_int8_t *, size_t);
+extern void sha1_result(struct sha1_ctxt *, void *);
+
+
+/* compatibilty with other SHA1 source codes */
+typedef struct sha1_ctxt SHA1_CTX;
+#define SHA1Init(x) sha1_init((x))
+#define SHA1Update(x, y, z) sha1_loop((x), (y), (z))
+#define SHA1Final(x, y) sha1_result((y), (x))
+
+#define SHA1_RESULTLEN (160/8)
+
+extern void sha1_get_digest(const void *, size_t,
+ unsigned char [SHA1_RESULTLEN]);
+
+#endif /*__SHA1_H*/
diff -ruN --exclude-from=diffignore dovecot/src/util/Makefile.am dovecot-xtrahash/src/util/Makefile.am
--- dovecot/src/util/Makefile.am Thu Aug 21 09:26:37 2003
+++ dovecot-xtrahash/src/util/Makefile.am Sat Jul 24 19:37:56 2004
@@ -1,12 +1,25 @@
pkglibexecdir = $(libexecdir)/dovecot
pkglibexec_PROGRAMS = rawlog
+sbin_PROGRAMS = dovecotpw
INCLUDES = \
- -I$(top_srcdir)/src/lib
+ -I$(top_srcdir)/src/lib \
+ -I$(top_srcdir)/src/auth
rawlog_LDADD = \
../lib/liblib.a
rawlog_SOURCES = \
rawlog.c
+
+dovecotpw_LDADD = \
+ ../lib/liblib.a \
+ ../auth/password-scheme.o \
+ ../auth/password-scheme-cram-md5.o \
+ ../auth/password-scheme-md5crypt.o \
+ ../auth/mycrypt.o \
+ $(AUTH_LIBS)
+
+dovecotpw_SOURCES = \
+ dovecotpw.c
diff -ruN --exclude-from=diffignore dovecot/src/util/dovecotpw.c dovecot-xtrahash/src/util/dovecotpw.c
--- dovecot/src/util/dovecotpw.c Thu Jan 1 10:00:00 1970
+++ dovecot-xtrahash/src/util/dovecotpw.c Sun Jul 25 22:24:22 2004
@@ -0,0 +1,140 @@
+/* Copyright (C) 2004 Joshua Goodall */
+
+#include "lib.h"
+#include "password-scheme.h"
+#include "randgen.h"
+
+#include <ctype.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <libgen.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define DEFAULT_SCHEME "HMAC-MD5"
+
+#define STRWIPE(s) do { \
+ char *c; \
+ for (c = s; *c != '\0'; c++) \
+ *c = '\0'; \
+} while (0)
+
+static void
+usage(const char *s)
+{
+ fprintf(stderr,
+ "usage: %s [-l] [-p plaintext] [-s scheme] [-u user] [-V]\n", s);
+ fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n",
+ " -l List known password schemes",
+ " -p plaintext New password",
+ " -s scheme Password scheme",
+ " -u user Username (if scheme uses it)",
+ " -V Internally verify the hash");
+
+ exit(1);
+}
+
+int main(int argc, char *argv[] __attr_unused__)
+{
+ extern char *optarg;
+ extern int optind;
+ const char *hash = NULL;
+ const char *user = NULL;
+ char *scheme = NULL;
+ char *plaintext = NULL;
+ char ch;
+ int lflag = 0, Vflag = 0;
+
+ lib_init();
+ random_init();
+ password_schemes_init();
+
+ while ((ch = getopt(argc, argv, "lp:s:u:V")) != -1) {
+ switch (ch) {
+ case 'l':
+ lflag = 1;
+ break;
+ case 'p':
+ plaintext = strdup(optarg);
+ STRWIPE(optarg);
+ break;
+ case 's':
+ scheme = strdup(optarg);
+ break;
+ case 'u':
+ user = strdup(optarg);
+ break;
+ case 'V':
+ Vflag = 1;
+ break;
+ case '?':
+ default:
+ usage(basename(*argv));
+ }
+ }
+
+ if (lflag) {
+ const struct password_scheme *p = NULL;
+ const char *s;
+
+ while ((s = password_list_schemes(&p)) != NULL)
+ printf("%s ", s);
+ printf("\n");
+ exit(0);
+ }
+
+ if (argc != optind)
+ usage(basename(*argv));
+
+ if (scheme == NULL)
+ scheme = strdup(DEFAULT_SCHEME);
+ else {
+ char *c;
+ for (c = scheme; *c != '\0'; c++)
+ *c = toupper(*c);
+ }
+
+
+ while (plaintext == NULL) {
+ char *check;
+ static int lives = 3;
+
+ plaintext = strdup(getpass("Enter new password: "));
+ check = strdup(getpass("Retype new password: "));
+ if (strcmp(plaintext, check) != 0) {
+ fprintf(stderr, "Passwords don't match!\n");
+ if (--lives == 0)
+ exit(1);
+ STRWIPE(plaintext);
+ STRWIPE(check);
+ free(plaintext);
+ plaintext = NULL;
+ }
+ }
+
+ if ((hash = password_generate(plaintext, user, scheme)) == NULL) {
+ fprintf(stderr, "error generating password hash\n");
+ exit(1);
+ }
+ if (Vflag == 1) {
+ const char *checkscheme, *checkpass;
+
+ checkpass = t_strdup_printf("{%s}%s", scheme, hash);
+ checkscheme = password_get_scheme(&checkpass);
+
+ if (strcmp(scheme, checkscheme) != 0) {
+ fprintf(stderr, "reverse scheme lookup check failed\n");
+ exit(2);
+ }
+ if (password_verify(plaintext, checkpass, checkscheme, user) != 1) {
+ fprintf(stderr, "reverse password verification check failed\n");
+ exit(2);
+ }
+
+ printf("{%s}%s (verified)\n", scheme, hash);
+ } else
+ printf("{%s}%s\n", scheme, hash);
+
+ return 0;
+}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040725/1a2cdddf/attachment-0001.bin>
More information about the dovecot
mailing list