dovecot-2.0: auth: Added SHA512 and SSHA512 password schemes.
dovecot at dovecot.org
dovecot at dovecot.org
Thu Feb 18 07:51:48 EET 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/6936dbe28947
changeset: 10750:6936dbe28947
user: Timo Sirainen <tss at iki.fi>
date: Thu Feb 18 07:51:44 2010 +0200
description:
auth: Added SHA512 and SSHA512 password schemes.
Based on patch by Mark Washenberger.
diffstat:
src/auth/password-scheme.c | 57 ++++++++++++++++++++++++++++
1 files changed, 57 insertions(+), 0 deletions(-)
diffs (84 lines):
diff -r 9c188cfba679 -r 6936dbe28947 src/auth/password-scheme.c
--- a/src/auth/password-scheme.c Thu Feb 18 07:51:14 2010 +0200
+++ b/src/auth/password-scheme.c Thu Feb 18 07:51:44 2010 +0200
@@ -395,6 +395,19 @@
}
static void
+sha512_generate(const char *plaintext, const char *user ATTR_UNUSED,
+ const unsigned char **raw_password_r, size_t *size_r)
+{
+ unsigned char *digest;
+
+ digest = t_malloc(SHA512_RESULTLEN);
+ sha512_get_digest(plaintext, strlen(plaintext), digest);
+
+ *raw_password_r = digest;
+ *size_r = SHA512_RESULTLEN;
+}
+
+static void
ssha_generate(const char *plaintext, const char *user ATTR_UNUSED,
const unsigned char **raw_password_r, size_t *size_r)
{
@@ -476,6 +489,47 @@
}
static void
+ssha512_generate(const char *plaintext, const char *user ATTR_UNUSED,
+ const unsigned char **raw_password_r, size_t *size_r)
+{
+#define SSHA512_SALT_LEN 4
+ unsigned char *digest, *salt;
+ struct sha512_ctx ctx;
+
+ digest = t_malloc(SHA512_RESULTLEN + SSHA512_SALT_LEN);
+ salt = digest + SHA512_RESULTLEN;
+ random_fill(salt, SSHA512_SALT_LEN);
+
+ sha512_init(&ctx);
+ sha512_loop(&ctx, plaintext, strlen(plaintext));
+ sha512_loop(&ctx, salt, SSHA512_SALT_LEN);
+ sha512_result(&ctx, digest);
+
+ *raw_password_r = digest;
+ *size_r = SHA512_RESULTLEN + SSHA512_SALT_LEN;
+}
+
+static bool ssha512_verify(const char *plaintext, const char *user,
+ const unsigned char *raw_password, size_t size)
+{
+ unsigned char sha512_digest[SHA512_RESULTLEN];
+ struct sha512_ctx ctx;
+
+ /* format: <SHA512 hash><salt> */
+ if (size <= SHA512_RESULTLEN) {
+ i_error("ssha512_verify(%s): SSHA512 password too short", user);
+ return FALSE;
+ }
+
+ sha512_init(&ctx);
+ sha512_loop(&ctx, plaintext, strlen(plaintext));
+ sha512_loop(&ctx, raw_password + SHA512_RESULTLEN,
+ size - SHA512_RESULTLEN);
+ sha512_result(&ctx, sha512_digest);
+ return memcmp(sha512_digest, raw_password, SHA512_RESULTLEN) == 0;
+}
+
+static void
smd5_generate(const char *plaintext, const char *user ATTR_UNUSED,
const unsigned char **raw_password_r, size_t *size_r)
{
@@ -675,9 +729,12 @@
{ "SHA1", PW_ENCODING_BASE64, SHA1_RESULTLEN, NULL, sha1_generate },
{ "SHA256", PW_ENCODING_BASE64, SHA256_RESULTLEN,
NULL, sha256_generate },
+ { "SHA512", PW_ENCODING_BASE64, SHA512_RESULTLEN,
+ NULL, sha512_generate },
{ "SMD5", PW_ENCODING_BASE64, 0, smd5_verify, smd5_generate },
{ "SSHA", PW_ENCODING_BASE64, 0, ssha_verify, ssha_generate },
{ "SSHA256", PW_ENCODING_BASE64, 0, ssha256_verify, ssha256_generate },
+ { "SSHA512", PW_ENCODING_BASE64, 0, ssha512_verify, ssha512_generate },
{ "PLAIN", PW_ENCODING_NONE, 0, NULL, plain_generate },
{ "CLEARTEXT", PW_ENCODING_NONE, 0, NULL, plain_generate },
{ "CRAM-MD5", PW_ENCODING_HEX, CRAM_MD5_CONTEXTLEN,
More information about the dovecot-cvs
mailing list