Mercurial > dovecot > original-hg > dovecot-1.2
changeset 8394:8be0fe79093b HEAD
Added support for SSHA256 password scheme.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 13 Nov 2008 12:05:54 +0200 |
parents | 44f3bf2d0671 |
children | 401d1d3f4eca |
files | src/auth/password-scheme.c |
diffstat | 1 files changed, 42 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/password-scheme.c Thu Nov 13 12:05:28 2008 +0200 +++ b/src/auth/password-scheme.c Thu Nov 13 12:05:54 2008 +0200 @@ -402,6 +402,47 @@ } static void +ssha256_generate(const char *plaintext, const char *user ATTR_UNUSED, + const unsigned char **raw_password_r, size_t *size_r) +{ +#define SSHA256_SALT_LEN 4 + unsigned char *digest, *salt; + struct sha256_ctx ctx; + + digest = t_malloc(SHA256_RESULTLEN + SSHA256_SALT_LEN); + salt = digest + SHA256_RESULTLEN; + random_fill(salt, SSHA256_SALT_LEN); + + sha256_init(&ctx); + sha256_loop(&ctx, plaintext, strlen(plaintext)); + sha256_loop(&ctx, salt, SSHA256_SALT_LEN); + sha256_result(&ctx, digest); + + *raw_password_r = digest; + *size_r = SHA256_RESULTLEN + SSHA256_SALT_LEN; +} + +static bool ssha256_verify(const char *plaintext, const char *user, + const unsigned char *raw_password, size_t size) +{ + unsigned char sha256_digest[SHA256_RESULTLEN]; + struct sha256_ctx ctx; + + /* format: <SHA256 hash><salt> */ + if (size <= SHA256_RESULTLEN) { + i_error("ssha256_verify(%s): SSHA256 password too short", user); + return FALSE; + } + + sha256_init(&ctx); + sha256_loop(&ctx, plaintext, strlen(plaintext)); + sha256_loop(&ctx, raw_password + SHA256_RESULTLEN, + size - SHA256_RESULTLEN); + sha256_result(&ctx, sha256_digest); + return memcmp(sha256_digest, raw_password, SHA256_RESULTLEN) == 0; +} + +static void smd5_generate(const char *plaintext, const char *user ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r) { @@ -596,6 +637,7 @@ NULL, sha256_generate }, { "SMD5", PW_ENCODING_BASE64, 0, smd5_verify, smd5_generate }, { "SSHA", PW_ENCODING_BASE64, 0, ssha_verify, ssha_generate }, + { "SSHA256", PW_ENCODING_BASE64, 0, ssha256_verify, ssha256_generate }, { "PLAIN", PW_ENCODING_NONE, 0, NULL, plain_generate }, { "CLEARTEXT", PW_ENCODING_NONE, 0, NULL, plain_generate }, { "CRAM-MD5", PW_ENCODING_HEX, 0, NULL, cram_md5_generate },