sha passwords

2025-12-29 16:14:43 +00:00 · 2018-03-09 03:51:03 +01:00
parent f9d37e65a4
commit 00da630c45
14 changed files with 568 additions and 44 deletions
--- a/src/auth.c
+++ b/src/auth.c
@@ -1,7 +1,7 @@
 /*

    EnergyMech, IRC bot software
-    Copyright (c) 2001-2004 proton
+    Copyright (c) 2001-2018 proton

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -29,6 +29,7 @@
 #include "mcmd.h"

 #ifndef MD5CRYPT
+#ifndef SHACRYPT

 /*
 *  simple password encryption
@@ -114,7 +115,39 @@ int passmatch(char *plain, char *encoded)
 	return(!Strcmp(cipher(plain),encoded));
 }

-#else /* MD5CRYPT */
+#endif /* not SHACRYPT */
+#endif /* not MD5CRYPT */
+
+#ifdef SHACRYPT
+
+/*
+ *  use SHA512 to hash passwords
+ */
+
+char *CRYPT_FUNC(const char *, const char *);
+
+char *makepass(char *plain)
+{
+	char	salt[8];
+
+	sprintf(salt,"$6$%04x",(rand() >> 16));
+	return(CRYPT_FUNC(plain,salt));
+}
+
+int passmatch(char *plain, char *encoded)
+{
+	char	*enc;
+
+	if (matches("$6$????$*",encoded))
+		return(FALSE);
+	enc = CRYPT_FUNC(plain,encoded);
+	return(!Strcmp(enc,encoded));
+}
+
+#endif /* SHACRYPT */
+
+#ifndef SHACRYPT
+#ifdef MD5CRYPT

 /*
 *  use MD5 to hash passwords
@@ -141,7 +174,7 @@ int passmatch(char *plain, char *encoded)
 }

 #endif /* MD5CRYPT */
-
+#endif /* not SHACRYPT */
 /*
 *
 */
--- a/src/config.h.in
+++ b/src/config.h.in
@@ -70,6 +70,11 @@
 */
@DEF_WINGATE@

+/*
+ *  SHACRYPT: support use of SHA to hash passwords
+ */
+@DEF_SHA@
+
 /*
 *  MD5CRYPT: support use of MD5 to hash passwords
 */
@@ -218,6 +223,7 @@
 *
 */
@DEF_CRYPT_FUNCTION@
+@CRYPT_HAS_SHA@
@CRYPT_HAS_MD5@
@CRYPT_HAS_DES@

@@ -446,6 +452,13 @@ const char __mx_opts[] =	""
 #undef	OPT_COREONLY
 #endif /* DYNCMD */

+#ifdef SHACRYPT
+			OPT_COMMA "sha"
+#undef	OPT_COMMA
+#define OPT_COMMA	", "
+#undef	OPT_COREONLY
+#endif /* SHACRYPT */
+
 #ifdef MD5CRYPT
 			OPT_COMMA "md5"
 #undef	OPT_COMMA
--- a/src/global.h
+++ b/src/global.h
@@ -1,7 +1,7 @@
 /*

    EnergyMech, IRC bot software
-    Copyright (c) 1997-2009 proton
+    Copyright (c) 1997-2018 proton

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -41,7 +41,7 @@
 #define MECHUSERLOGIN			"v3.energymech.net"

 BEG const char VERSION[]		MDEF("3.0.99p4");
-BEG const char SRCDATE[]		MDEF("March 5th, 2018");
+BEG const char SRCDATE[]		MDEF("March 9th, 2018");
 #ifdef __CYGWIN__
 BEG const char BOTCLASS[]		MDEF("WinMech");
 #else /* ! CYGWIN */
--- a/src/sha/sha.c
+++ b/src/sha/sha.c
@@ -0,0 +1,27 @@
+#include <string.h>
+#include <stdio.h>
+#include <unistd.h>
+#include "sha1.h"
+
+int main(int argc, char **argv)
+{
+    SHA1_CTX sha;
+ uint8_t results[20];
+ char *buf;
+ int n;
+
+    buf = "abc";
+ n = strlen(buf);
+ SHA1Init(&sha);
+ SHA1Update(&sha, (uint8_t *)buf, n);
+ SHA1Final(results, &sha);
+
+    /* Print the digest as one long hex value */
+printf("a9993e364706816aba3e25717850c26c9cd0d89d <-- expected result\n");
+for (n = 0; n < 20; n++)
+        printf("%02x", results[n]);
+
+    putchar('\n');
+
+	return(0);
+}
--- a/src/sha/sha1.c
+++ b/src/sha/sha1.c
@@ -0,0 +1,296 @@
+/*
+SHA-1 in C
+By Steve Reid <steve@edmweb.com>
+100% Public Domain
+
+Test Vectors (from FIPS PUB 180-1)
+"abc"
+  A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+  84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+A million repetitions of "a"
+  34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+*/
+
+/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
+/* #define SHA1HANDSOFF * Copies data before messing with it. */
+
+#define SHA1HANDSOFF
+
+#include <stdio.h>
+#include <string.h>
+
+/* for uint32_t */
+#include <stdint.h>
+
+#include "sha1.h"
+
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+/* I got the idea of expanding during the round function from SSLeay */
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
+    |(rol(block->l[i],8)&0x00FF00FF))
+#elif BYTE_ORDER == BIG_ENDIAN
+#define blk0(i) block->l[i]
+#else
+#error "Endianness not defined!"
+#endif
+#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
+    ^block->l[(i+2)&15]^block->l[i&15],1))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
+#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
+#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+
+
+/* Hash a single 512-bit block. This is the core of the algorithm. */
+
+void SHA1Transform(
+    uint32_t state[5],
+    const unsigned char buffer[64]
+)
+{
+    uint32_t a, b, c, d, e;
+
+    typedef union
+    {
+        unsigned char c[64];
+        uint32_t l[16];
+    } CHAR64LONG16;
+
+#ifdef SHA1HANDSOFF
+    CHAR64LONG16 block[1];      /* use array to appear as a pointer */
+
+    memcpy(block, buffer, 64);
+#else
+    /* The following had better never be used because it causes the
+     * pointer-to-const buffer to be cast into a pointer to non-const.
+     * And the result is written through.  I threw a "const" in, hoping
+     * this will cause a diagnostic.
+     */
+    CHAR64LONG16 *block = (const CHAR64LONG16 *) buffer;
+#endif
+    /* Copy context->state[] to working vars */
+    a = state[0];
+    b = state[1];
+    c = state[2];
+    d = state[3];
+    e = state[4];
+    /* 4 rounds of 20 operations each. Loop unrolled. */
+    R0(a, b, c, d, e, 0);
+    R0(e, a, b, c, d, 1);
+    R0(d, e, a, b, c, 2);
+    R0(c, d, e, a, b, 3);
+    R0(b, c, d, e, a, 4);
+    R0(a, b, c, d, e, 5);
+    R0(e, a, b, c, d, 6);
+    R0(d, e, a, b, c, 7);
+    R0(c, d, e, a, b, 8);
+    R0(b, c, d, e, a, 9);
+    R0(a, b, c, d, e, 10);
+    R0(e, a, b, c, d, 11);
+    R0(d, e, a, b, c, 12);
+    R0(c, d, e, a, b, 13);
+    R0(b, c, d, e, a, 14);
+    R0(a, b, c, d, e, 15);
+    R1(e, a, b, c, d, 16);
+    R1(d, e, a, b, c, 17);
+    R1(c, d, e, a, b, 18);
+    R1(b, c, d, e, a, 19);
+    R2(a, b, c, d, e, 20);
+    R2(e, a, b, c, d, 21);
+    R2(d, e, a, b, c, 22);
+    R2(c, d, e, a, b, 23);
+    R2(b, c, d, e, a, 24);
+    R2(a, b, c, d, e, 25);
+    R2(e, a, b, c, d, 26);
+    R2(d, e, a, b, c, 27);
+    R2(c, d, e, a, b, 28);
+    R2(b, c, d, e, a, 29);
+    R2(a, b, c, d, e, 30);
+    R2(e, a, b, c, d, 31);
+    R2(d, e, a, b, c, 32);
+    R2(c, d, e, a, b, 33);
+    R2(b, c, d, e, a, 34);
+    R2(a, b, c, d, e, 35);
+    R2(e, a, b, c, d, 36);
+    R2(d, e, a, b, c, 37);
+    R2(c, d, e, a, b, 38);
+    R2(b, c, d, e, a, 39);
+    R3(a, b, c, d, e, 40);
+    R3(e, a, b, c, d, 41);
+    R3(d, e, a, b, c, 42);
+    R3(c, d, e, a, b, 43);
+    R3(b, c, d, e, a, 44);
+    R3(a, b, c, d, e, 45);
+    R3(e, a, b, c, d, 46);
+    R3(d, e, a, b, c, 47);
+    R3(c, d, e, a, b, 48);
+    R3(b, c, d, e, a, 49);
+    R3(a, b, c, d, e, 50);
+    R3(e, a, b, c, d, 51);
+    R3(d, e, a, b, c, 52);
+    R3(c, d, e, a, b, 53);
+    R3(b, c, d, e, a, 54);
+    R3(a, b, c, d, e, 55);
+    R3(e, a, b, c, d, 56);
+    R3(d, e, a, b, c, 57);
+    R3(c, d, e, a, b, 58);
+    R3(b, c, d, e, a, 59);
+    R4(a, b, c, d, e, 60);
+    R4(e, a, b, c, d, 61);
+    R4(d, e, a, b, c, 62);
+    R4(c, d, e, a, b, 63);
+    R4(b, c, d, e, a, 64);
+    R4(a, b, c, d, e, 65);
+    R4(e, a, b, c, d, 66);
+    R4(d, e, a, b, c, 67);
+    R4(c, d, e, a, b, 68);
+    R4(b, c, d, e, a, 69);
+    R4(a, b, c, d, e, 70);
+    R4(e, a, b, c, d, 71);
+    R4(d, e, a, b, c, 72);
+    R4(c, d, e, a, b, 73);
+    R4(b, c, d, e, a, 74);
+    R4(a, b, c, d, e, 75);
+    R4(e, a, b, c, d, 76);
+    R4(d, e, a, b, c, 77);
+    R4(c, d, e, a, b, 78);
+    R4(b, c, d, e, a, 79);
+    /* Add the working vars back into context.state[] */
+    state[0] += a;
+    state[1] += b;
+    state[2] += c;
+    state[3] += d;
+    state[4] += e;
+    /* Wipe variables */
+    a = b = c = d = e = 0;
+#ifdef SHA1HANDSOFF
+    memset(block, '\0', sizeof(block));
+#endif
+}
+
+
+/* SHA1Init - Initialize new context */
+
+void SHA1Init(
+    SHA1_CTX * context
+)
+{
+    /* SHA1 initialization constants */
+    context->state[0] = 0x67452301;
+    context->state[1] = 0xEFCDAB89;
+    context->state[2] = 0x98BADCFE;
+    context->state[3] = 0x10325476;
+    context->state[4] = 0xC3D2E1F0;
+    context->count[0] = context->count[1] = 0;
+}
+
+
+/* Run your data through this. */
+
+void SHA1Update(
+    SHA1_CTX * context,
+    const unsigned char *data,
+    uint32_t len
+)
+{
+    uint32_t i;
+
+    uint32_t j;
+
+    j = context->count[0];
+    if ((context->count[0] += len << 3) < j)
+        context->count[1]++;
+    context->count[1] += (len >> 29);
+    j = (j >> 3) & 63;
+    if ((j + len) > 63)
+    {
+        memcpy(&context->buffer[j], data, (i = 64 - j));
+        SHA1Transform(context->state, context->buffer);
+        for (; i + 63 < len; i += 64)
+        {
+            SHA1Transform(context->state, &data[i]);
+        }
+        j = 0;
+    }
+    else
+        i = 0;
+    memcpy(&context->buffer[j], &data[i], len - i);
+}
+
+
+/* Add padding and return the message digest. */
+
+void SHA1Final(
+    unsigned char digest[20],
+    SHA1_CTX * context
+)
+{
+    unsigned i;
+
+    unsigned char finalcount[8];
+
+    unsigned char c;
+
+#if 0    /* untested "improvement" by DHR */
+    /* Convert context->count to a sequence of bytes
+     * in finalcount.  Second element first, but
+     * big-endian order within element.
+     * But we do it all backwards.
+     */
+    unsigned char *fcp = &finalcount[8];
+
+    for (i = 0; i < 2; i++)
+    {
+        uint32_t t = context->count[i];
+
+        int j;
+
+        for (j = 0; j < 4; t >>= 8, j++)
+            *--fcp = (unsigned char) t}
+#else
+    for (i = 0; i < 8; i++)
+    {
+        finalcount[i] = (unsigned char) ((context->count[(i >= 4 ? 0 : 1)] >> ((3 - (i & 3)) * 8)) & 255);      /* Endian independent */
+    }
+#endif
+    c = 0200;
+    SHA1Update(context, &c, 1);
+    while ((context->count[0] & 504) != 448)
+    {
+        c = 0000;
+        SHA1Update(context, &c, 1);
+    }
+    SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
+    for (i = 0; i < 20; i++)
+    {
+        digest[i] = (unsigned char)
+            ((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) & 255);
+    }
+    /* Wipe variables */
+    memset(context, '\0', sizeof(*context));
+    memset(&finalcount, '\0', sizeof(finalcount));
+}
+
+void SHA1(
+    char *hash_out,
+    const char *str,
+    int len)
+{
+    SHA1_CTX ctx;
+    unsigned int ii;
+
+    SHA1Init(&ctx);
+    for (ii=0; ii<len; ii+=1)
+        SHA1Update(&ctx, (const unsigned char*)str + ii, 1);
+    SHA1Final((unsigned char *)hash_out, &ctx);
+    hash_out[20] = '\0';
+}
+
--- a/src/sha/sha1.h
+++ b/src/sha/sha1.h
@@ -0,0 +1,44 @@
+#ifndef SHA1_H
+#define SHA1_H
+
+/*
+   SHA-1 in C
+   By Steve Reid <steve@edmweb.com>
+   100% Public Domain
+ */
+
+#include "stdint.h"
+
+typedef struct
+{
+    uint32_t state[5];
+    uint32_t count[2];
+    unsigned char buffer[64];
+} SHA1_CTX;
+
+void SHA1Transform(
+    uint32_t state[5],
+    const unsigned char buffer[64]
+    );
+
+void SHA1Init(
+    SHA1_CTX * context
+    );
+
+void SHA1Update(
+    SHA1_CTX * context,
+    const unsigned char *data,
+    uint32_t len
+    );
+
+void SHA1Final(
+    unsigned char digest[20],
+    SHA1_CTX * context
+    );
+
+void SHA1(
+    char *hash_out,
+    const char *str,
+    int len);
+
+#endif /* SHA1_H */
--- a/src/user.c
+++ b/src/user.c
@@ -1255,7 +1255,7 @@ void do_user(COMMAND_ARGS)
 		addtouser(&user->mask,tmpmask,FALSE);	// does not run rehash_chanusers(), does not clobber nuh_buf
 		addtouser(&user->chan,chan,TRUE);	// clobbers nuh_buf
 #ifdef DEBUG
-		debug("(do_user) from %s, handle %s,\n\tmask %s (arg %s),\n\tuser->mask %s, chan %s\n",from,handle,mask,nick,user->mask,chan);
+		debug("(do_user) from %s, handle %s,\n\tmask %s, chan %s\n",from,handle,tmpmask,chan);
 #endif /* DEBUG */
 		to_user(from,"%s has been added as %s on %s",handle,tmpmask,chan);
 		to_user(from,"Access level: %i%s%s",newaccess,(pass) ? "  Password: " : "",(pass) ? pass : "");
@@ -1525,7 +1525,14 @@ void do_echo(COMMAND_ARGS)
 void change_pass(User *user, char *pass)
 {
 	User	*new,**uptr;
+	char	*enc;

+	enc = makepass(pass);
+	if (strlen(user->pass) <= strlen(enc))
+	{
+		Strcpy(user->pass,enc);
+		user->modcount++;
+	}
 	/*
 	 *  password is stuck in a solid malloc in a linked list
 	 *  add_user() touches current->ul_save for us
--- a/src/vars.c
+++ b/src/vars.c
@@ -133,6 +133,11 @@ void ec_access(char *from, char *to)
 	nobo_strcpy(num);
 }

+void ec_capabilities(char *from, char *to)
+{
+	nobo_strcpy(__mx_opts);
+}
+
 void ec_cc(char *from, char *to)
 {
 	nobo_strcpy((current->activechan) ? current->activechan->name : TEXT_NONE);
@@ -272,16 +277,17 @@ LS const struct

 } ecmd[] =
 {
-	{ ec_access,	"$access",	7	},
-	{ ec_cc,	"$cc",		3	},
-	{ ec_channels,	"$channels",	9	},
-	{ ec_time,	"$time",	5	},
-	{ ec_set,	"$var(",	5	},
-	{ ec_on,	"$on",		3	},
-	{ ec_server,	"$server",	7	},
-	{ ec_up,	"$up",		3	},
-	{ ec_ver,	"$ver",		4	},
-	{ NULL,		"",		0	},
+	{ ec_access,		"$access",	7	},
+	{ ec_capabilities,	"$cap",		4	},
+	{ ec_cc,		"$cc",		3	},
+	{ ec_channels,		"$channels",	9	},
+	{ ec_time,		"$time",	5	},
+	{ ec_set,		"$var(",	5	},
+	{ ec_on,		"$on",		3	},
+	{ ec_server,		"$server",	7	},
+	{ ec_up,		"$up",		3	},
+	{ ec_ver,		"$ver",		4	},
+	{ NULL,			"",		0	},
 };

 /*