Mercurial > dovecot > core-2.2
changeset 10750:6936dbe28947 HEAD
auth: Added SHA512 and SSHA512 password schemes.
Based on patch by Mark Washenberger.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 18 Feb 2010 07:51:44 +0200 |
parents | 9c188cfba679 |
children | 5ec28d7a5d13 |
files | src/auth/password-scheme.c |
diffstat | 1 files changed, 57 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/password-scheme.c Thu Feb 18 07:51:14 2010 +0200 +++ b/src/auth/password-scheme.c Thu Feb 18 07:51:44 2010 +0200 @@ -395,6 +395,19 @@ } static void +sha512_generate(const char *plaintext, const char *user ATTR_UNUSED, + const unsigned char **raw_password_r, size_t *size_r) +{ + unsigned char *digest; + + digest = t_malloc(SHA512_RESULTLEN); + sha512_get_digest(plaintext, strlen(plaintext), digest); + + *raw_password_r = digest; + *size_r = SHA512_RESULTLEN; +} + +static void ssha_generate(const char *plaintext, const char *user ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r) { @@ -476,6 +489,47 @@ } static void +ssha512_generate(const char *plaintext, const char *user ATTR_UNUSED, + const unsigned char **raw_password_r, size_t *size_r) +{ +#define SSHA512_SALT_LEN 4 + unsigned char *digest, *salt; + struct sha512_ctx ctx; + + digest = t_malloc(SHA512_RESULTLEN + SSHA512_SALT_LEN); + salt = digest + SHA512_RESULTLEN; + random_fill(salt, SSHA512_SALT_LEN); + + sha512_init(&ctx); + sha512_loop(&ctx, plaintext, strlen(plaintext)); + sha512_loop(&ctx, salt, SSHA512_SALT_LEN); + sha512_result(&ctx, digest); + + *raw_password_r = digest; + *size_r = SHA512_RESULTLEN + SSHA512_SALT_LEN; +} + +static bool ssha512_verify(const char *plaintext, const char *user, + const unsigned char *raw_password, size_t size) +{ + unsigned char sha512_digest[SHA512_RESULTLEN]; + struct sha512_ctx ctx; + + /* format: <SHA512 hash><salt> */ + if (size <= SHA512_RESULTLEN) { + i_error("ssha512_verify(%s): SSHA512 password too short", user); + return FALSE; + } + + sha512_init(&ctx); + sha512_loop(&ctx, plaintext, strlen(plaintext)); + sha512_loop(&ctx, raw_password + SHA512_RESULTLEN, + size - SHA512_RESULTLEN); + sha512_result(&ctx, sha512_digest); + return memcmp(sha512_digest, raw_password, SHA512_RESULTLEN) == 0; +} + +static void smd5_generate(const char *plaintext, const char *user ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r) { @@ -675,9 +729,12 @@ { "SHA1", PW_ENCODING_BASE64, SHA1_RESULTLEN, NULL, sha1_generate }, { "SHA256", PW_ENCODING_BASE64, SHA256_RESULTLEN, NULL, sha256_generate }, + { "SHA512", PW_ENCODING_BASE64, SHA512_RESULTLEN, + NULL, sha512_generate }, { "SMD5", PW_ENCODING_BASE64, 0, smd5_verify, smd5_generate }, { "SSHA", PW_ENCODING_BASE64, 0, ssha_verify, ssha_generate }, { "SSHA256", PW_ENCODING_BASE64, 0, ssha256_verify, ssha256_generate }, + { "SSHA512", PW_ENCODING_BASE64, 0, ssha512_verify, ssha512_generate }, { "PLAIN", PW_ENCODING_NONE, 0, NULL, plain_generate }, { "CLEARTEXT", PW_ENCODING_NONE, 0, NULL, plain_generate }, { "CRAM-MD5", PW_ENCODING_HEX, CRAM_MD5_CONTEXTLEN,