]>
Commit | Line | Data |
---|---|---|
0095f096 | 1 | /* |
2 | * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION | |
3 | * ALL RIGHTS RESERVED | |
4 | * | |
5 | * "Digital Equipment Corporation authorizes the reproduction, | |
6 | * distribution and modification of this software subject to the following | |
7 | * restrictions: | |
8 | * | |
9 | * 1. Any partial or whole copy of this software, or any modification | |
10 | * thereof, must include this copyright notice in its entirety. | |
11 | * | |
12 | * 2. This software is supplied "as is" with no warranty of any kind, | |
13 | * expressed or implied, for any purpose, including any warranty of fitness | |
14 | * or merchantibility. DIGITAL assumes no responsibility for the use or | |
15 | * reliability of this software, nor promises to provide any form of | |
16 | * support for it on any basis. | |
17 | * | |
18 | * 3. Distribution of this software is authorized only if no profit or | |
19 | * remuneration of any kind is received in exchange for such distribution. | |
20 | * | |
21 | * 4. This software produces public key authentication certificates | |
22 | * bearing an expiration date established by DIGITAL and RSA Data | |
23 | * Security, Inc. It may cease to generate certificates after the expiration | |
24 | * date. Any modification of this software that changes or defeats | |
25 | * the expiration date or its effect is unauthorized. | |
26 | * | |
27 | * 5. Software that will renew or extend the expiration date of | |
28 | * authentication certificates produced by this software may be obtained | |
29 | * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA | |
30 | * 94065, (415)595-8782, or from DIGITAL" | |
31 | * | |
32 | */ | |
33 | ||
34 | #include "hashes.h" | |
35 | #include <stdio.h> | |
36 | ||
37 | int MIN_PASSWORD_LENGTH = 6 ; | |
38 | ||
39 | ||
40 | #define TEMP_BUFSIZ 256 | |
41 | ||
42 | static unsigned char scramble_key [8] = { 0x01, 0x23, 0x45, 0x67, | |
43 | 0x89, 0xab, 0xcd, 0xef }; | |
44 | ||
45 | char *getpassword(); | |
46 | ||
47 | \f | |
48 | /* | |
49 | * Password hashing routine number 1. This is stored with the encrypted | |
50 | * private key in the LEAF database. Result is an 8 byte quantity. | |
51 | */ | |
52 | ||
53 | int H1(username, pw, hash) | |
54 | char *username, *pw, *hash ; | |
55 | { | |
56 | char temp[TEMP_BUFSIZ]; | |
57 | char md2_hash [16]; | |
58 | ||
59 | temp[0] = '\0'; | |
60 | ||
61 | if (2 + (username?strlen(username):0) + strlen(pw) > sizeof(temp)) return(0); | |
62 | ||
63 | if (username) strcat(temp,username); | |
64 | strcat(temp,pw); | |
65 | ||
66 | RSA_MD2 (temp, strlen(temp), md2_hash); | |
67 | memcpy(hash, md2_hash, 8); | |
68 | ||
69 | memset(temp,0,sizeof(temp)); | |
70 | memset(md2_hash,0,sizeof(md2_hash)); | |
71 | ||
72 | return(1); | |
73 | } | |
74 | ||
75 | ||
76 | \f | |
77 | /* | |
78 | * Password hashing routine number 2. This is the key used to encrypt | |
79 | * the private key. | |
80 | */ | |
81 | ||
82 | int H2(username, pw, hash) | |
83 | char *username, *pw, *hash ; | |
84 | { | |
85 | char temp[TEMP_BUFSIZ]; | |
86 | ||
87 | if (2 + (username?strlen(username):0) + strlen(pw) > sizeof(temp)) return(0); | |
88 | ||
89 | temp[0] = '\0'; | |
90 | if (username) strcat(temp,username); | |
91 | strcat(temp,pw); | |
92 | ||
93 | DES_X9_MAC (scramble_key, temp, strlen(temp), hash); | |
94 | ||
95 | memset(temp,0,sizeof(temp)); | |
96 | ||
97 | return(1); | |
98 | } | |
99 | ||
100 | \f | |
101 | /* | |
102 | * Read password. Returns a DES key. | |
103 | */ | |
104 | ||
105 | int DES_read_password(k,prompt,verify) | |
106 | char *prompt, *k; | |
107 | int verify; /* non-zero means prompt twice for password */ | |
108 | { | |
109 | char *pw = getpassword(prompt); | |
110 | char *env = NULL; | |
111 | int ret = 0; | |
112 | ||
113 | if ((verify) && (strlen(pw) < MIN_PASSWORD_LENGTH)) { | |
114 | printf("Length error, (must be at least %d char) please re-enter: ", MIN_PASSWORD_LENGTH); | |
115 | fflush(stdout); | |
116 | pw = getpassword(""); | |
117 | if (strlen(pw) < MIN_PASSWORD_LENGTH) { | |
118 | printf("Password length error. \n"); | |
119 | goto cleanup; | |
120 | } | |
121 | } | |
122 | ||
123 | if (verify) { | |
124 | char pwcpy[80]; | |
125 | strcpy(pwcpy,pw); | |
126 | printf("Verifying, please re-enter: "); | |
127 | fflush(stdout); | |
128 | pw = getpassword(""); | |
129 | if (verify = strcmp(pwcpy,pw)) { | |
130 | printf("\nVerification Error\n"); | |
131 | memset(pwcpy,0,strlen(pwcpy)); | |
132 | goto cleanup; | |
133 | } | |
134 | memset(pwcpy,0,strlen(pwcpy)); | |
135 | } | |
136 | ||
137 | done: | |
138 | ret = H2(0,pw,k); | |
139 | ||
140 | cleanup: | |
141 | memset(pw,0,strlen(pw)); | |
142 | return(ret); | |
143 | } | |
144 | ||
145 | ||
146 | int DES_read_password_hash(H2hash,H1hash,username,prompt,verify) | |
147 | char *prompt, *H2hash, *username, *H1hash; | |
148 | int verify; /* non-zero means prompt twice for password */ | |
149 | { | |
150 | ||
151 | char *pw = getpassword(prompt); | |
152 | char *env = NULL; | |
153 | int ret = 0; | |
154 | ||
155 | if ((verify) && (strlen(pw) < MIN_PASSWORD_LENGTH)) { | |
156 | printf("Length error, (must be at least %d char) please re-enter: ", MIN_PASSWORD_LENGTH); | |
157 | fflush(stdout); | |
158 | pw = getpassword(""); | |
159 | if (strlen(pw) < MIN_PASSWORD_LENGTH) { | |
160 | printf("Password length error. \n"); | |
161 | goto cleanup; | |
162 | } | |
163 | } | |
164 | ||
165 | if (verify) { | |
166 | char pwcpy[80]; | |
167 | strcpy(pwcpy,pw); | |
168 | printf("Verifying, please re-enter: "); | |
169 | fflush(stdout); | |
170 | pw = getpassword(""); | |
171 | if (verify = strcmp(pwcpy,pw)) { | |
172 | printf("\nVerification Error\n"); | |
173 | memset(pwcpy,0,strlen(pwcpy)); | |
174 | goto cleanup; | |
175 | } | |
176 | memset(pwcpy,0,strlen(pwcpy)); | |
177 | } | |
178 | ||
179 | done: | |
180 | H1(username,pw,H1hash); | |
181 | H2(0,pw,H2hash); | |
182 | ret = 1; | |
183 | ||
184 | cleanup: | |
185 | memset(pw,0,strlen(pw)); | |
186 | return(ret); | |
187 | } | |
188 |