[moira.git] / util / gdss / lib / crypto / read_password.c

/*
 * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
 * ALL RIGHTS RESERVED
 *
 * "Digital Equipment Corporation authorizes the reproduction,
 * distribution and modification of this software subject to the following
 * restrictions:
 * 
 * 1.  Any partial or whole copy of this software, or any modification
 * thereof, must include this copyright notice in its entirety.
 *
 * 2.  This software is supplied "as is" with no warranty of any kind,
 * expressed or implied, for any purpose, including any warranty of fitness 
 * or merchantibility.  DIGITAL assumes no responsibility for the use or
 * reliability of this software, nor promises to provide any form of 
 * support for it on any basis.
 *
 * 3.  Distribution of this software is authorized only if no profit or
 * remuneration of any kind is received in exchange for such distribution.
 * 
 * 4.  This software produces public key authentication certificates
 * bearing an expiration date established by DIGITAL and RSA Data
 * Security, Inc.  It may cease to generate certificates after the expiration
 * date.  Any modification of this software that changes or defeats
 * the expiration date or its effect is unauthorized.
 * 
 * 5.  Software that will renew or extend the expiration date of
 * authentication certificates produced by this software may be obtained
 * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
 * 94065, (415)595-8782, or from DIGITAL"
 *
 */

#include "hashes.h"
#include <stdio.h>

int MIN_PASSWORD_LENGTH = 6 ;


#define TEMP_BUFSIZ 256

static unsigned char scramble_key [8] = { 0x01, 0x23, 0x45, 0x67, 
		0x89, 0xab, 0xcd, 0xef };

char *getpassword();

\f
/*
 * Password hashing routine number 1.  This is stored with the encrypted
 * private key in the LEAF database.  Result is an 8 byte quantity.
 */

int H1(username, pw, hash)
char *username, *pw, *hash ;
{
    char temp[TEMP_BUFSIZ];
    char md2_hash [16];

    temp[0] = '\0';
    
    if (2 + (username?strlen(username):0) + strlen(pw) > sizeof(temp)) return(0);
    
    if (username) strcat(temp,username);
    strcat(temp,pw);

    RSA_MD2 (temp, strlen(temp), md2_hash);
    memcpy(hash, md2_hash, 8);

    memset(temp,0,sizeof(temp));    
    memset(md2_hash,0,sizeof(md2_hash));    

    return(1);
}


\f
/*
 * Password hashing routine number 2.  This is the key used to encrypt 
 * the private key.
 */

int H2(username, pw, hash)
char *username, *pw, *hash ;
{
    char temp[TEMP_BUFSIZ];

    if (2 + (username?strlen(username):0) + strlen(pw) > sizeof(temp)) return(0);
    
    temp[0] = '\0';
    if (username) strcat(temp,username);
    strcat(temp,pw);
    
    DES_X9_MAC (scramble_key, temp, strlen(temp), hash);

    memset(temp,0,sizeof(temp));    

    return(1);
}

\f
/*
 * Read password.  Returns a DES key.
 */

int DES_read_password(k,prompt,verify)
char *prompt, *k;
int verify;                             /* non-zero means prompt twice for password */
{
    char *pw = getpassword(prompt);
    char *env = NULL;
    int ret = 0;

    if ((verify) && (strlen(pw) < MIN_PASSWORD_LENGTH)) {
        printf("Length error, (must be at least %d char) please re-enter: ", MIN_PASSWORD_LENGTH);
        fflush(stdout);
        pw = getpassword("");
        if (strlen(pw) < MIN_PASSWORD_LENGTH) {
            printf("Password length error. \n");
            goto cleanup;
        }
    }        

    if (verify) {
        char pwcpy[80];
        strcpy(pwcpy,pw);
        printf("Verifying, please re-enter: ");
        fflush(stdout);
        pw = getpassword("");
        if (verify = strcmp(pwcpy,pw)) {
                printf("\nVerification Error\n");
                memset(pwcpy,0,strlen(pwcpy));
                goto cleanup;
                }
        memset(pwcpy,0,strlen(pwcpy));
    }

done:
    ret = H2(0,pw,k);

cleanup:
    memset(pw,0,strlen(pw));
    return(ret);
}


int DES_read_password_hash(H2hash,H1hash,username,prompt,verify)
char *prompt, *H2hash, *username, *H1hash;
int verify;                             /* non-zero means prompt twice for password */
{

    char *pw = getpassword(prompt);
    char *env = NULL;
    int ret = 0;

    if ((verify) && (strlen(pw) < MIN_PASSWORD_LENGTH)) {
        printf("Length error, (must be at least %d char) please re-enter: ", MIN_PASSWORD_LENGTH);
        fflush(stdout);
        pw = getpassword("");
        if (strlen(pw) < MIN_PASSWORD_LENGTH) {
            printf("Password length error. \n");
            goto cleanup;
        }
    }        

    if (verify) {
        char pwcpy[80];
        strcpy(pwcpy,pw);
        printf("Verifying, please re-enter: ");
        fflush(stdout);
        pw = getpassword("");
        if (verify = strcmp(pwcpy,pw)) {
                printf("\nVerification Error\n");
                memset(pwcpy,0,strlen(pwcpy));
                goto cleanup;
                }
        memset(pwcpy,0,strlen(pwcpy));
    }

done:
    H1(username,pw,H1hash);
    H2(0,pw,H2hash);
    ret = 1;

cleanup:
    memset(pw,0,strlen(pw));
    return(ret);
}
Commit	Line	Data
0095f096	1	/*
	2	* COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
	3	* ALL RIGHTS RESERVED
	4	*
	5	* "Digital Equipment Corporation authorizes the reproduction,
	6	* distribution and modification of this software subject to the following
	7	* restrictions:
	8	*
	9	* 1. Any partial or whole copy of this software, or any modification
	10	* thereof, must include this copyright notice in its entirety.
	11	*
	12	* 2. This software is supplied "as is" with no warranty of any kind,
	13	* expressed or implied, for any purpose, including any warranty of fitness
	14	* or merchantibility. DIGITAL assumes no responsibility for the use or
	15	* reliability of this software, nor promises to provide any form of
	16	* support for it on any basis.
	17	*
	18	* 3. Distribution of this software is authorized only if no profit or
	19	* remuneration of any kind is received in exchange for such distribution.
	20	*
	21	* 4. This software produces public key authentication certificates
	22	* bearing an expiration date established by DIGITAL and RSA Data
	23	* Security, Inc. It may cease to generate certificates after the expiration
	24	* date. Any modification of this software that changes or defeats
	25	* the expiration date or its effect is unauthorized.
	26	*
	27	* 5. Software that will renew or extend the expiration date of
	28	* authentication certificates produced by this software may be obtained
	29	* from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
	30	* 94065, (415)595-8782, or from DIGITAL"
	31	*
	32	*/
	33
	34	#include "hashes.h"
	35	#include <stdio.h>
	36
	37	int MIN_PASSWORD_LENGTH = 6 ;
	38
	39
	40	#define TEMP_BUFSIZ 256
	41
	42	static unsigned char scramble_key [8] = { 0x01, 0x23, 0x45, 0x67,
	43	0x89, 0xab, 0xcd, 0xef };
	44
	45	char *getpassword();
	46
	47	\f
	48	/*
	49	* Password hashing routine number 1. This is stored with the encrypted
	50	* private key in the LEAF database. Result is an 8 byte quantity.
	51	*/
	52
	53	int H1(username, pw, hash)
	54	char username, pw, *hash ;
	55	{
	56	char temp[TEMP_BUFSIZ];
	57	char md2_hash [16];
	58
	59	temp[0] = '\0';
	60
	61	if (2 + (username?strlen(username):0) + strlen(pw) > sizeof(temp)) return(0);
	62
	63	if (username) strcat(temp,username);
	64	strcat(temp,pw);
65
66	RSA_MD2 (temp, strlen(temp), md2_hash);
67	memcpy(hash, md2_hash, 8);
68
69	memset(temp,0,sizeof(temp));
70	memset(md2_hash,0,sizeof(md2_hash));
71
72	return(1);
73	}
74
75
76	\f
77	/*
78	* Password hashing routine number 2. This is the key used to encrypt
79	* the private key.
80	*/
81
82	int H2(username, pw, hash)
83	char username, pw, *hash ;
84	{
85	char temp[TEMP_BUFSIZ];
86
87	if (2 + (username?strlen(username):0) + strlen(pw) > sizeof(temp)) return(0);
88
89	temp[0] = '\0';
90	if (username) strcat(temp,username);
91	strcat(temp,pw);
92
93	DES_X9_MAC (scramble_key, temp, strlen(temp), hash);
94
95	memset(temp,0,sizeof(temp));
96
97	return(1);
98	}
99
100	\f
101	/*
102	* Read password. Returns a DES key.
103	*/
104
105	int DES_read_password(k,prompt,verify)
106	char prompt, k;
107	int verify; /* non-zero means prompt twice for password */
108	{
109	char *pw = getpassword(prompt);
110	char *env = NULL;
111	int ret = 0;
112
113	if ((verify) && (strlen(pw) < MIN_PASSWORD_LENGTH)) {
114	printf("Length error, (must be at least %d char) please re-enter: ", MIN_PASSWORD_LENGTH);
115	fflush(stdout);
116	pw = getpassword("");
117	if (strlen(pw) < MIN_PASSWORD_LENGTH) {
118	printf("Password length error. \n");
119	goto cleanup;
120	}
121	}
122
123	if (verify) {
124	char pwcpy[80];
125	strcpy(pwcpy,pw);
126	printf("Verifying, please re-enter: ");
127	fflush(stdout);
128	pw = getpassword("");
129	if (verify = strcmp(pwcpy,pw)) {
130	printf("\nVerification Error\n");
131	memset(pwcpy,0,strlen(pwcpy));
132	goto cleanup;
133	}
134	memset(pwcpy,0,strlen(pwcpy));
135	}
136
137	done:
138	ret = H2(0,pw,k);
139
140	cleanup:
141	memset(pw,0,strlen(pw));
142	return(ret);
143	}
144
145
146	int DES_read_password_hash(H2hash,H1hash,username,prompt,verify)
147	char prompt, H2hash, username, H1hash;
148	int verify; /* non-zero means prompt twice for password */
149	{
150
151	char *pw = getpassword(prompt);
152	char *env = NULL;
153	int ret = 0;
154
155	if ((verify) && (strlen(pw) < MIN_PASSWORD_LENGTH)) {
156	printf("Length error, (must be at least %d char) please re-enter: ", MIN_PASSWORD_LENGTH);
157	fflush(stdout);
158	pw = getpassword("");
159	if (strlen(pw) < MIN_PASSWORD_LENGTH) {
160	printf("Password length error. \n");
161	goto cleanup;
162	}
163	}
164
165	if (verify) {
166	char pwcpy[80];
167	strcpy(pwcpy,pw);
168	printf("Verifying, please re-enter: ");
169	fflush(stdout);
170	pw = getpassword("");
171	if (verify = strcmp(pwcpy,pw)) {
172	printf("\nVerification Error\n");
173	memset(pwcpy,0,strlen(pwcpy));
174	goto cleanup;
175	}
176	memset(pwcpy,0,strlen(pwcpy));
177	}
178
179	done:
180	H1(username,pw,H1hash);
181	H2(0,pw,H2hash);
182	ret = 1;
183
184	cleanup:
185	memset(pw,0,strlen(pw));
186	return(ret);
187	}
188