main/vaseboot
main
/
vaseboot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
vaseboot/VasEBoot-core/commands/password_pbkdf2.c

210 lines
5.3 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*
* VasEBoot -- GRand Unified Bootloader
* Copyright (C) 2009 Free Software Foundation, Inc.
*
* VasEBoot is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* VasEBoot is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with VasEBoot. If not, see <http://www.gnu.org/licenses/>.
*/
#include <VasEBoot/auth.h>
#include <VasEBoot/crypto.h>
#include <VasEBoot/list.h>
#include <VasEBoot/mm.h>
#include <VasEBoot/misc.h>
#include <VasEBoot/env.h>
#include <VasEBoot/normal.h>
#include <VasEBoot/dl.h>
#include <VasEBoot/i18n.h>
VasEBoot_MOD_LICENSE ("GPLv3+");
static VasEBoot_dl_t my_mod;
struct pbkdf2_password
{
VasEBoot_uint8_t *salt;
VasEBoot_size_t saltlen;
unsigned int c;
VasEBoot_uint8_t *expected;
VasEBoot_size_t buflen;
};
static VasEBoot_err_t
check_password (const char *user, const char *entered, void *pin)
{
VasEBoot_uint8_t *buf;
struct pbkdf2_password *pass = pin;
gcry_err_code_t err;
VasEBoot_err_t ret;
buf = VasEBoot_malloc (pass->buflen);
if (!buf)
return VasEBoot_crypto_gcry_error (GPG_ERR_OUT_OF_MEMORY);
err = VasEBoot_crypto_pbkdf2 (VasEBoot_MD_SHA512, (VasEBoot_uint8_t *) entered,
VasEBoot_strlen (entered),
pass->salt, pass->saltlen, pass->c,
buf, pass->buflen);
if (err)
ret = VasEBoot_crypto_gcry_error (err);
else if (VasEBoot_crypto_memcmp (buf, pass->expected, pass->buflen) != 0)
ret = VasEBoot_ACCESS_DENIED;
else
{
VasEBoot_auth_authenticate (user);
ret = VasEBoot_ERR_NONE;
}
VasEBoot_free (buf);
return ret;
}
static inline int
hex2val (char hex)
{
if ('0' <= hex && hex <= '9')
return hex - '0';
if ('a' <= hex && hex <= 'f')
return hex - 'a' + 10;
if ('A' <= hex && hex <= 'F')
return hex - 'A' + 10;
return -1;
}
static VasEBoot_err_t
VasEBoot_cmd_password (VasEBoot_command_t cmd __attribute__ ((unused)),
int argc, char **args)
{
VasEBoot_err_t err;
char *ptr, *ptr2;
VasEBoot_uint8_t *ptro;
struct pbkdf2_password *pass;
if (argc != 2)
return VasEBoot_error (VasEBoot_ERR_BAD_ARGUMENT, N_("two arguments expected"));
if (VasEBoot_memcmp (args[1], "VasEBoot.pbkdf2.sha512.",
sizeof ("VasEBoot.pbkdf2.sha512.") - 1) != 0)
return VasEBoot_error (VasEBoot_ERR_BAD_ARGUMENT, N_("invalid PBKDF2 password"));
ptr = args[1] + sizeof ("VasEBoot.pbkdf2.sha512.") - 1;
pass = VasEBoot_malloc (sizeof (*pass));
if (!pass)
return VasEBoot_errno;
pass->c = VasEBoot_strtoul (ptr, &ptr, 0);
if (VasEBoot_errno)
{
VasEBoot_free (pass);
return VasEBoot_errno;
}
if (*ptr != '.')
{
VasEBoot_free (pass);
return VasEBoot_error (VasEBoot_ERR_BAD_ARGUMENT, N_("invalid PBKDF2 password"));
}
ptr++;
ptr2 = VasEBoot_strchr (ptr, '.');
if (!ptr2 || ((ptr2 - ptr) & 1) || VasEBoot_strlen (ptr2 + 1) & 1)
{
VasEBoot_free (pass);
return VasEBoot_error (VasEBoot_ERR_BAD_ARGUMENT, N_("invalid PBKDF2 password"));
}
pass->saltlen = (ptr2 - ptr) >> 1;
pass->buflen = VasEBoot_strlen (ptr2 + 1) >> 1;
ptro = pass->salt = VasEBoot_malloc (pass->saltlen);
if (!ptro)
{
VasEBoot_free (pass);
return VasEBoot_errno;
}
while (ptr < ptr2)
{
int hex1, hex2;
hex1 = hex2val (*ptr);
ptr++;
hex2 = hex2val (*ptr);
ptr++;
if (hex1 < 0 || hex2 < 0)
{
VasEBoot_free (pass->salt);
VasEBoot_free (pass);
return VasEBoot_error (VasEBoot_ERR_BAD_ARGUMENT,
/* TRANSLATORS: it means that the string which
was supposed to be a password hash doesn't
have a correct format, not to password
mismatch. */
N_("invalid PBKDF2 password"));
}
*ptro = (hex1 << 4) | hex2;
ptro++;
}
ptro = pass->expected = VasEBoot_malloc (pass->buflen);
if (!ptro)
{
VasEBoot_free (pass->salt);
VasEBoot_free (pass);
return VasEBoot_errno;
}
ptr = ptr2 + 1;
ptr2 += VasEBoot_strlen (ptr2);
while (ptr < ptr2)
{
int hex1, hex2;
hex1 = hex2val (*ptr);
ptr++;
hex2 = hex2val (*ptr);
ptr++;
if (hex1 < 0 || hex2 < 0)
{
VasEBoot_free (pass->expected);
VasEBoot_free (pass->salt);
VasEBoot_free (pass);
return VasEBoot_error (VasEBoot_ERR_BAD_ARGUMENT,
N_("invalid PBKDF2 password"));
}
*ptro = (hex1 << 4) | hex2;
ptro++;
}
err = VasEBoot_auth_register_authentication (args[0], check_password, pass);
if (err)
{
VasEBoot_free (pass);
return err;
}
VasEBoot_dl_ref (my_mod);
return VasEBoot_ERR_NONE;
}
static VasEBoot_command_t cmd;
VasEBoot_MOD_INIT(password_pbkdf2)
{
my_mod = mod;
cmd = VasEBoot_register_command ("password_pbkdf2", VasEBoot_cmd_password,
N_("USER PBKDF2_PASSWORD"),
N_("Set user password (PBKDF2). "));
}
VasEBoot_MOD_FINI(password_pbkdf2)
{
VasEBoot_unregister_command (cmd);
}
Reference in New Issue View Git Blame Copy Permalink