1
0
mirror of https://github.com/anope/anope.git synced 2026-07-06 22:03:12 +02:00

Allow modules to use the encryption modules to encrypt arbitrary things.

Made enc_old depend on enc_md5.
Allow not loading any encryption modules if you want to only use an
external mechanism.
Removed ns_sendpass since it's just a bad idea.
This commit is contained in:
Adam
2012-11-30 02:49:09 -05:00
parent 337f361526
commit a4468dd56e
15 changed files with 688 additions and 966 deletions
+17 -12
View File
@@ -1174,18 +1174,26 @@ db_sql
}
/*
* [REQUIRED] Encryption modules.
* [RECOMMENDED] Encryption modules.
*
* The encryption modules are used when dealing with passwords. This determines how
* the passwords are stored in the databases, and does not add any security as
* far as transmitting passwords over the network goes.
*
* Without any encryption modules, passwords will be stored in plain text, allowing
* Without any encryption modules loaded users will not be able to authenticate unless
* there is another module loaded that provides authentication checking, such as
* m_ldap_authentication or m_sql_authentication.
*
* With enc_none, passwords will be stored in plain text, allowing
* for passwords to be recovered later but isn't secure therefore is not recommended.
*
* The other encryption modules use one-way encryption, so the passwords can not
* be recovered later if those are used.
*
* The first encryption module loaded is the primary encryption module. All new passwords are
* encrypted by this module. Old passwords stored in another encryption method are
* automatically re-encrypted by the primary encryption module on next identify.
*
* NOTE: enc_old is Anope's previous (broken) MD5 implementation, if your databases
* were made using that module, continue to use it and do not use enc_md5.
*
@@ -1196,24 +1204,21 @@ db_sql
* that you first try to get everyone's passwords converted to enc_sha256 before
* switching OSes by placing enc_sha256 at the beginning of the list.
*
* The first encryption module loaded is the primary encryption module. All new passwords are
* encrypted by this module. Old passwords stored in another encryption method are
* automatically re-encrypted by the primary encryption module on next identify.
*/
module { name = "enc_md5" }
module { name = "enc_sha256" }
#module { name = "enc_md5" }
#module { name = "enc_sha1" }
#module { name = "enc_sha256" }
/*
* When using enc_none, passwords will be stored without encryption in plain
* text, allowing for passwords to be recovered later. This isn't secure therefore
* is not recommended.
* When using enc_none, passwords will be stored without encryption. This isn't secure
* therefore it is not recommended.
*/
#module { name = "enc_none" }
/*
* enc_old is Anope's previous (broken) MD5 implementation, if your databases
* were made using that module, load it here to allow conversion to the primary
* enc_old is Anope's previous (broken) MD5 implementation used from 1.4.x to 1.7.16.
* If your databases were made using that module, load it here to allow conversion to the primary
* encryption method.
*/
#module { name = "enc_old" }
-12
View File
@@ -603,18 +603,6 @@ module { name = "ns_set_secure" }
command { service = "NickServ"; name = "SET SECURE"; command = "nickserv/set/secure"; }
command { service = "NickServ"; name = "SASET SECURE"; command = "nickserv/saset/secure"; permission = "nickserv/saset/secure"; }
/*
* ns_sendpass
*
* Provides the command nickserv/sendpass.
*
* Used to send users their password via email.
*
* Requires that no encryption is being used.
*/
module { name = "ns_sendpass" }
command { service = "NickServ"; name = "SENDPASS"; command = "nickserv/sendpass"; permission = "nickserv/sendpass"; }
/*
* ns_set_misc
*
+3
View File
@@ -138,6 +138,9 @@ namespace Anope
*/
inline void push_back(char c) { return this->_string.push_back(c); }
inline string& append(const string &s) { this->_string.append(s.str()); return *this; }
inline string& append(const char *s, size_t n) { this->_string.append(s, n); return *this; }
/**
* Resizes the string content to n characters.
*/
-104
View File
@@ -1,104 +0,0 @@
/* NickServ core functions
*
* (C) 2003-2012 Anope Team
* Contact us at team@anope.org
*
* Please read COPYING and README for further details.
*
* Based on the original code of Epona by Lara.
* Based on the original code of Services by Andy Church.
*/
/*************************************************************************/
#include "module.h"
static bool SendPassMail(User *u, const NickAlias *na, const BotInfo *bi, const Anope::string &pass);
class CommandNSSendPass : public Command
{
public:
CommandNSSendPass(Module *creator) : Command(creator, "nickserv/sendpass", 1, 1)
{
this->SetFlag(CFLAG_ALLOW_UNREGISTERED);
this->SetDesc(_("Forgot your password? Try this"));
this->SetSyntax(_("\037nickname\037"));
}
void Execute(CommandSource &source, const std::vector<Anope::string> &params) anope_override
{
const Anope::string &nick = params[0];
const NickAlias *na;
if (Config->RestrictMail && !source.HasCommand("nickserv/sendpass"))
source.Reply(ACCESS_DENIED);
else if (!(na = NickAlias::Find(nick)))
source.Reply(NICK_X_NOT_REGISTERED, nick.c_str());
else
{
Anope::string tmp_pass;
if (Anope::Decrypt(na->nc->pass, tmp_pass) == 1)
{
if (SendPassMail(source.GetUser(), na, source.service, tmp_pass))
{
Log(Config->RestrictMail ? LOG_ADMIN : LOG_COMMAND, source, this) << "for " << na->nick;
source.Reply(_("Password of \002%s\002 has been sent."), nick.c_str());
}
}
else
source.Reply(_("%s command unavailable because encryption is in use."), source.command.c_str());
}
return;
}
bool OnHelp(CommandSource &source, const Anope::string &subcommand) anope_override
{
this->SendSyntax(source);
source.Reply(" ");
source.Reply(_("Send the password of the given nickname to the e-mail address\n"
"set in the nickname record. This command is really useful\n"
"to deal with lost passwords.\n"
" \n"
"May be limited to \002IRC operators\002 on certain networks."));
return true;
}
};
class NSSendPass : public Module
{
CommandNSSendPass commandnssendpass;
public:
NSSendPass(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, CORE),
commandnssendpass(this)
{
this->SetAuthor("Anope");
if (!Config->UseMail)
throw ModuleException("Not using mail.");
Anope::string tmp_pass = "plain:tmp";
if (Anope::Decrypt(tmp_pass, tmp_pass) == -1)
throw ModuleException("Incompatible with the encryption module being used");
}
};
static bool SendPassMail(User *u, const NickAlias *na, const BotInfo *bi, const Anope::string &pass)
{
Anope::string subject = Language::Translate(na->nc, Config->MailSendpassSubject.c_str());
Anope::string message = Language::Translate(na->nc, Config->MailSendpassMessage.c_str());
subject = subject.replace_all_cs("%n", na->nick);
subject = subject.replace_all_cs("%N", Config->NetworkName);
subject = subject.replace_all_cs("%p", pass);
message = message.replace_all_cs("%n", na->nick);
message = message.replace_all_cs("%N", Config->NetworkName);
message = message.replace_all_cs("%p", pass);
return Mail::Send(u, na->nc, bi, subject, message);
}
MODULE_INIT(NSSendPass)
+255 -225
View File
@@ -12,6 +12,7 @@
*/
#include "module.h"
#include "encryption.h"
/*************************************************************************/
@@ -37,43 +38,6 @@ These notices must be retained in any copies of any part of this
documentation and/or software.
*/
/* MD5 context. */
struct MD5_CTX
{
unsigned state[4]; /* state (ABCD) */
unsigned count[2]; /* number of bits, modulo 2^64 (lsb first) */
unsigned char buffer[64]; /* input buffer */
};
/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
*/
/* Constants for MD5Transform routine.
*/
enum
{
S11 = 7,
S12 = 12,
S13 = 17,
S14 = 22,
S21 = 5,
S22 = 9,
S23 = 14,
S24 = 20,
S31 = 4,
S32 = 11,
S33 = 16,
S34 = 23,
S41 = 6,
S42 = 10,
S43 = 15,
S44 = 21
};
void MD5Transform(unsigned [4], const unsigned char [64]);
void Encode(unsigned char *, unsigned *, unsigned);
void Decode(unsigned *, const unsigned char *, unsigned);
static unsigned char PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -119,203 +83,269 @@ inline static void II(unsigned &a, unsigned b, unsigned c, unsigned d, unsigned
a += b;
}
/* MD5 initialization. Begins an MD5 operation, writing a new context.
*/
void MD5Init(MD5_CTX *context)
static const uint32_t md5_iv[4] =
{
context->count[0] = context->count[1] = 0;
/* Load magic initialization constants. */
context->state[0] = 0x67452301;
context->state[1] = 0xefcdab89;
context->state[2] = 0x98badcfe;
context->state[3] = 0x10325476;
}
0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476
};
/* MD5 block update operation. Continues an MD5 message-digest
* operation, processing another message block, and updating the
* context.
*/
void MD5Update(MD5_CTX *context, const unsigned char *input, unsigned inputLen)
class MD5Context : public Encryption::Context
{
unsigned i, index, partLen;
unsigned state[4]; /* state (ABCD) */
unsigned count[2]; /* number of bits, modulo 2^64 (lsb first) */
unsigned char buffer[64]; /* input buffer */
unsigned char digest[16]; /* final digest */
/* Compute number of bytes mod 64 */
index = (context->count[0] >> 3) & 0x3F;
/* Update number of bits */
if ((context->count[0] += inputLen << 3) < (inputLen << 3))
++context->count[1];
context->count[1] += inputLen >> 29;
partLen = 64 - index;
/* Transform as many times as possible. */
if (inputLen >= partLen)
/* Constants for MD5Transform routine.
*/
enum
{
memcpy(&context->buffer[index], input, partLen);
MD5Transform(context->state, context->buffer);
S11 = 7,
S12 = 12,
S13 = 17,
S14 = 22,
S21 = 5,
S22 = 9,
S23 = 14,
S24 = 20,
S31 = 4,
S32 = 11,
S33 = 16,
S34 = 23,
S41 = 6,
S42 = 10,
S43 = 15,
S44 = 21
};
for (i = partLen; i + 63 < inputLen; i += 64)
MD5Transform(context->state, &input[i]);
index = 0;
}
else
i = 0;
/* Buffer remaining input */
memcpy(&context->buffer[index], &input[i], inputLen - i);
}
/* MD5 finalization. Ends an MD5 message-digest operation, writing the
* the message digest and zeroizing the context.
*/
void MD5Final(unsigned char digest[17], MD5_CTX *context)
{
unsigned char bits[8];
unsigned index, padLen;
/* Save number of bits */
Encode(bits, context->count, 8);
/* Pad out to 56 mod 64. */
index = (context->count[0] >> 3) & 0x3f;
padLen = index < 56 ? 56 - index : 120 - index;
MD5Update(context, PADDING, padLen);
/* Append length (before padding) */
MD5Update(context, bits, 8);
/* Store state in digest */
Encode(digest, context->state, 16);
/* Zeroize sensitive information. */
memset(context, 0, sizeof(*context));
}
/* MD5 basic transformation. Transforms state based on block.
*/
void MD5Transform(unsigned state[4], const unsigned char block[64])
{
unsigned a = state[0], b = state[1], c = state[2], d = state[3], x[16];
Decode(x, block, 64);
/* Round 1 */
FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */
FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */
FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */
FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */
FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */
FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */
FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */
FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */
FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */
FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */
FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */
GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */
GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */
GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */
GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */
GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */
GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */
GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */
GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */
GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */
GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */
HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */
HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */
HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */
HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */
HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */
HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */
HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */
HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */
HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */
II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */
II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */
II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */
II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */
II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */
II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */
II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */
II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */
II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
/* Zeroize sensitive information. */
memset(x, 0, sizeof(x));
}
/* Encodes input (unsigned) into output (unsigned char). Assumes len is
* a multiple of 4.
*/
void Encode(unsigned char *output, unsigned *input, unsigned len)
{
unsigned i, j;
for (i = 0, j = 0; j < len; ++i, j += 4)
/* MD5 basic transformation. Transforms state based on block.
*/
void Transform(const unsigned char block[64])
{
output[j] = static_cast<unsigned char>(input[i] & 0xff);
output[j + 1] = static_cast<unsigned char>((input[i] >> 8) & 0xff);
output[j + 2] = static_cast<unsigned char>((input[i] >> 16) & 0xff);
output[j + 3] = static_cast<unsigned char>((input[i] >> 24) & 0xff);
unsigned a = state[0], b = state[1], c = state[2], d = state[3], x[16];
Decode(x, block, 64);
/* Round 1 */
FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */
FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */
FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */
FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */
FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */
FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */
FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */
FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */
FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */
FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */
FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */
GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */
GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */
GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */
GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */
GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */
GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */
GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */
GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */
GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */
GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */
HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */
HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */
HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */
HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */
HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */
HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */
HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */
HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */
HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */
II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */
II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */
II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */
II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */
II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */
II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */
II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */
II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */
II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
/* Zeroize sensitive information. */
memset(x, 0, sizeof(x));
}
}
/* Decodes input (unsigned char) into output (unsigned). Assumes len is
* a multiple of 4.
*/
void Decode(unsigned *output, const unsigned char *input, unsigned len)
/* Encodes input (unsigned) into output (unsigned char). Assumes len is
* a multiple of 4.
*/
void Encode(unsigned char *output, unsigned *input, unsigned len)
{
for (unsigned i = 0, j = 0; j < len; ++i, j += 4)
{
output[j] = static_cast<unsigned char>(input[i] & 0xff);
output[j + 1] = static_cast<unsigned char>((input[i] >> 8) & 0xff);
output[j + 2] = static_cast<unsigned char>((input[i] >> 16) & 0xff);
output[j + 3] = static_cast<unsigned char>((input[i] >> 24) & 0xff);
}
}
/* Decodes input (unsigned char) into output (unsigned). Assumes len is
* a multiple of 4.
*/
void Decode(unsigned *output, const unsigned char *input, unsigned len)
{
for (unsigned i = 0, j = 0; j < len; ++i, j += 4)
output[i] = static_cast<unsigned>(input[j]) | (static_cast<unsigned>(input[j + 1]) << 8) | (static_cast<unsigned>(input[j + 2]) << 16) | (static_cast<unsigned>(input[j + 3]) << 24);
}
public:
MD5Context(Encryption::IV *iv = NULL)
{
if (iv != NULL)
{
if (iv->second != 4)
throw CoreException("Invalid IV size");
/* Load magic initialization constants. */
for (int i = 0; i < 4; ++i)
this->state[i] = iv->first[i];
}
else
for (int i = 0; i < 4; ++i)
this->state[i] = md5_iv[i];
this->count[0] = this->count[1] = 0;
memset(this->buffer, 0, sizeof(this->buffer));
}
/* MD5 block update operation. Continues an MD5 message-digest
* operation, processing another message block, and updating the
* context.
*/
void Update(const unsigned char *input, size_t len) anope_override
{
unsigned i, index, partLen;
/* Compute number of bytes mod 64 */
index = (this->count[0] >> 3) & 0x3F;
/* Update number of bits */
if ((this->count[0] += len << 3) < (len << 3))
++this->count[1];
this->count[1] += len >> 29;
partLen = 64 - index;
/* Transform as many times as possible. */
if (len >= partLen)
{
memcpy(&this->buffer[index], input, partLen);
this->Transform(this->buffer);
for (i = partLen; i + 63 < len; i += 64)
this->Transform(&input[i]);
index = 0;
}
else
i = 0;
/* Buffer remaining input */
memcpy(&this->buffer[index], &input[i], len - i);
}
/* MD5 finalization. Ends an MD5 message-digest opera
* the message digest and zeroizing the context.
*/
void Finalize() anope_override
{
unsigned char bits[8];
unsigned index, padLen;
/* Save number of bits */
this->Encode(bits, this->count, 8);
/* Pad out to 56 mod 64. */
index = (this->count[0] >> 3) & 0x3f;
padLen = index < 56 ? 56 - index : 120 - index;
this->Update(PADDING, padLen);
/* Append length (before padding) */
this->Update(bits, 8);
/* Store state in digest */
this->Encode(digest, this->state, 16);
/* Zeroize sensitive information. */
memset(this->state, 0, sizeof(this->state));
memset(this->count, 0, sizeof(this->count));
memset(this->buffer, 0, sizeof(this->buffer));
}
Encryption::Hash GetFinalizedHash() anope_override
{
Encryption::Hash hash;
hash.first = this->digest;
hash.second = sizeof(this->digest);
return hash;
}
};
class MD5Provider : public Encryption::Provider
{
unsigned i, j;
public:
MD5Provider(Module *creator) : Encryption::Provider(creator, "md5") { }
for (i = 0, j = 0; j < len; ++i, j += 4)
output[i] = static_cast<unsigned>(input[j]) | (static_cast<unsigned>(input[j + 1]) << 8) | (static_cast<unsigned>(input[j + 2]) << 16) | (static_cast<unsigned>(input[j + 3]) << 24);
}
Encryption::Context *CreateContext(Encryption::IV *iv) anope_override
{
return new MD5Context(iv);
}
/*************************************************************************/
/* Module stuff. */
Encryption::IV GetDefaultIV() anope_override
{
Encryption::IV iv;
iv.first = md5_iv;
iv.second = sizeof(md5_iv) / sizeof(uint32_t);
return iv;
}
};
class EMD5 : public Module
{
MD5Provider md5provider;
public:
EMD5(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, ENCRYPTION)
EMD5(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, ENCRYPTION),
md5provider(this)
{
this->SetAuthor("Anope");
@@ -325,15 +355,15 @@ class EMD5 : public Module
EventReturn OnEncrypt(const Anope::string &src, Anope::string &dest) anope_override
{
MD5_CTX context;
char digest[17] = "";
Anope::string buf = "md5:";
MD5Context context;
MD5Init(&context);
MD5Update(&context, reinterpret_cast<const unsigned char *>(src.c_str()), src.length());
MD5Final(reinterpret_cast<unsigned char *>(digest), &context);
context.Update(reinterpret_cast<const unsigned char *>(src.c_str()), src.length());
context.Finalize();
Encryption::Hash hash = context.GetFinalizedHash();
Anope::string buf = "md5:" + Anope::Hex(reinterpret_cast<const char *>(hash.first), hash.second);
buf += Anope::Hex(digest, 16);
Log(LOG_DEBUG_2) << "(enc_md5) hashed password from [" << src << "] to [" << buf << "]";
dest = buf;
return EVENT_ALLOW;
+41 -308
View File
@@ -10,342 +10,75 @@
*/
#include "module.h"
#include "encryption.h"
/******** Code specific to the type of encryption. ********/
static ServiceReference<Encryption::Provider> md5("Encryption::Provider", "md5");
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.
License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.
License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this
documentation and/or software.
*/
/* MD5 context. */
struct MD5_CTX
class OldMD5Provider : public Encryption::Provider
{
unsigned state[4]; /* state (ABCD) */
unsigned count[2]; /* number of bits, modulo 2^64 (lsb first) */
unsigned char buffer[64]; /* input buffer */
};
public:
OldMD5Provider(Module *creator) : Encryption::Provider(creator, "oldmd5") { }
/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
*/
/* Constants for MD5Transform routine.
*/
enum
{
S11 = 7,
S12 = 12,
S13 = 17,
S14 = 22,
S21 = 5,
S22 = 9,
S23 = 14,
S24 = 20,
S31 = 4,
S32 = 11,
S33 = 16,
S34 = 23,
S41 = 6,
S42 = 10,
S43 = 15,
S44 = 21
};
static void MD5Transform(unsigned [4], const unsigned char[64]);
static void Encode(unsigned char *, unsigned *, unsigned);
static void Decode(unsigned *, const unsigned char *, unsigned);
static unsigned char PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/* F, G, H and I are basic MD5 functions.
*/
inline static unsigned F(unsigned x, unsigned y, unsigned z) { return (x & y) | (~x & z); }
inline static unsigned G(unsigned x, unsigned y, unsigned z) { return (x & z) | (y & ~z); }
inline static unsigned H(unsigned x, unsigned y, unsigned z) { return x ^ y ^ z; }
inline static unsigned MD5_I(unsigned x, unsigned y, unsigned z) { return y ^ (x | ~z); }
/* ROTATE_LEFT rotates x left n bits.
*/
inline static unsigned ROTATE_LEFT(unsigned x, unsigned n) { return (x << n) | (x >> (32 - n)); }
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
* Rotation is separate from addition to prevent recomputation.
*/
inline static void FF(unsigned &a, unsigned b, unsigned c, unsigned d, unsigned x, unsigned s, unsigned ac)
{
a += F(b, c, d) + x + ac;
a = ROTATE_LEFT(a, s);
a += b;
}
inline static void GG(unsigned &a, unsigned b, unsigned c, unsigned d, unsigned x, unsigned s, unsigned ac)
{
a += G(b, c, d) + x + ac;
a = ROTATE_LEFT(a, s);
a += b;
}
inline static void HH(unsigned &a, unsigned b, unsigned c, unsigned d, unsigned x, unsigned s, unsigned ac)
{
a += H(b, c, d) + x + ac;
a = ROTATE_LEFT(a, s);
a += b;
}
inline static void II(unsigned &a, unsigned b, unsigned c, unsigned d, unsigned x, unsigned s, unsigned ac)
{
a += MD5_I(b, c, d) + x + ac;
a = ROTATE_LEFT(a, s);
a += b;
}
/* MD5 initialization. Begins an MD5 operation, writing a new context.
*/
static void MD5Init(MD5_CTX *context)
{
context->count[0] = context->count[1] = 0;
/* Load magic initialization constants.
*/
context->state[0] = 0x67452301;
context->state[1] = 0xefcdab89;
context->state[2] = 0x98badcfe;
context->state[3] = 0x10325476;
}
/* MD5 block update operation. Continues an MD5 message-digest
* operation, processing another message block, and updating the
* context.
*/
static void MD5Update(MD5_CTX *context, const unsigned char *input, unsigned inputLen)
{
unsigned i, index, partLen;
/* Compute number of bytes mod 64 */
index = (context->count[0] >> 3) & 0x3F;
/* Update number of bits */
if ((context->count[0] += inputLen << 3) < (inputLen << 3))
++context->count[1];
context->count[1] += inputLen >> 29;
partLen = 64 - index;
/* Transform as many times as possible.
*/
if (inputLen >= partLen)
Encryption::Context *CreateContext(Encryption::IV *iv) anope_override
{
memcpy(&context->buffer[index], input, partLen);
MD5Transform(context->state, context->buffer);
for (i = partLen; i + 63 < inputLen; i += 64)
MD5Transform(context->state, &input[i]);
index = 0;
if (md5)
return md5->CreateContext(iv);
return NULL;
}
else
i = 0;
/* Buffer remaining input */
memcpy(&context->buffer[index], &input[i], inputLen - i);
}
/* MD5 finalization. Ends an MD5 message-digest operation, writing the
* the message digest and zeroizing the context.
*/
static void MD5Final(unsigned char digest[17], MD5_CTX *context)
{
unsigned char bits[8];
unsigned index, padLen;
/* Save number of bits */
Encode(bits, context->count, 8);
/* Pad out to 56 mod 64.
*/
index = (context->count[0] >> 3) & 0x3f;
padLen = index < 56 ? 56 - index : 120 - index;
MD5Update(context, PADDING, padLen);
/* Append length (before padding) */
MD5Update(context, bits, 8);
/* Store state in digest */
Encode(digest, context->state, 16);
/* Zeroize sensitive information.
*/
memset(context, 0, sizeof(*context));
}
/* MD5 basic transformation. Transforms state based on block.
*/
static void MD5Transform(unsigned state[4], const unsigned char block[64])
{
unsigned a = state[0], b = state[1], c = state[2], d = state[3], x[16];
Decode(x, block, 64);
/* Round 1 */
FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */
FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */
FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */
FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */
FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */
FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */
FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */
FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */
FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */
FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */
FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */
GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */
GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */
GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */
GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */
GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */
GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */
GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */
GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */
GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */
GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */
HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */
HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */
HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */
HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */
HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */
HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */
HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */
HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */
HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */
II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */
II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */
II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */
II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */
II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */
II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */
II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */
II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */
II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
/* Zeroize sensitive information.
*/
memset(x, 0, sizeof(x));
}
/* Encodes input (unsigned) into output (unsigned char). Assumes len is
* a multiple of 4.
*/
static void Encode(unsigned char *output, unsigned *input, unsigned len)
{
unsigned i, j;
for (i = 0, j = 0; j < len; ++i, j += 4)
Encryption::IV GetDefaultIV() anope_override
{
output[j] = static_cast<unsigned char>(input[i] & 0xff);
output[j + 1] = static_cast<unsigned char>((input[i] >> 8) & 0xff);
output[j + 2] = static_cast<unsigned char>((input[i] >> 16) & 0xff);
output[j + 3] = static_cast<unsigned char>((input[i] >> 24) & 0xff);
if (md5)
return md5->GetDefaultIV();
return Encryption::IV(NULL, 0);
}
}
/* Decodes input (unsigned char) into output (unsigned). Assumes len is
* a multiple of 4.
*/
static void Decode(unsigned *output, const unsigned char *input, unsigned len)
{
unsigned i, j;
for (i = 0, j = 0; j < len; ++i, j += 4)
output[i] = static_cast<unsigned>(input[j]) | (static_cast<unsigned>(input[j + 1]) << 8) | (static_cast<unsigned>(input[j + 2]) << 16) | (static_cast<unsigned>(input[j + 3]) << 24);
}
/*************************************************************************/
/******** Our own high-level routines. ********/
inline static char XTOI(char c) { return c > 9 ? c - 'A' + 10 : c - '0'; }
};
class EOld : public Module
{
OldMD5Provider oldmd5provider;
inline static char XTOI(char c) { return c > 9 ? c - 'A' + 10 : c - '0'; }
public:
EOld(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, ENCRYPTION)
EOld(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, ENCRYPTION),
oldmd5provider(this)
{
this->SetAuthor("Anope");
ModuleManager::LoadModule("enc_md5", User::Find(creator));
if (!md5)
throw ModuleException("Unable to find md5 reference");
Implementation i[] = { I_OnEncrypt, I_OnCheckAuthentication };
ModuleManager::Attach(i, this, sizeof(i) / sizeof(Implementation));
}
EventReturn OnEncrypt(const Anope::string &src, Anope::string &dest) anope_override
{
MD5_CTX context;
char digest[33] = "", digest2[17] = "";
int i;
Anope::string buf = "oldmd5:";
if (!md5)
return EVENT_CONTINUE;
memset(&context, 0, sizeof(context));
Encryption::Context *context = md5->CreateContext();
context->Update(reinterpret_cast<const unsigned char *>(src.c_str()), src.length());
context->Finalize();
MD5Init(&context);
MD5Update(&context, reinterpret_cast<const unsigned char *>(src.c_str()), src.length());
MD5Final(reinterpret_cast<unsigned char *>(digest), &context);
for (i = 0; i < 32; i += 2)
Encryption::Hash hash = context->GetFinalizedHash();
char digest[32], digest2[16];
memset(digest, 0, sizeof(digest));
if (hash.second > sizeof(digest))
throw CoreException("Hash too large");
memcpy(digest, hash.first, hash.second);
for (int i = 0; i < 32; i += 2)
digest2[i / 2] = XTOI(digest[i]) << 4 | XTOI(digest[i + 1]);
buf += Anope::Hex(digest2, 16);
Anope::string buf = "oldmd5:" + Anope::Hex(digest2, sizeof(digest2));
Log(LOG_DEBUG_2) << "(enc_old) hashed password from [" << src << "] to [" << buf << "]";
dest = buf;
delete context;
return EVENT_ALLOW;
}
+159 -129
View File
@@ -15,20 +15,7 @@ A million repetitions of "a"
/* #define LITTLE_ENDIAN * This should be #define'd if true. */
#include "module.h"
struct SHA1_CTX
{
uint32_t state[5];
uint32_t count[2];
unsigned char buffer[64];
};
void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]);
void SHA1Init(SHA1_CTX *context);
void SHA1Update(SHA1_CTX *context, const unsigned char *data, uint32_t len);
void SHA1Final(unsigned char digest[20], SHA1_CTX *context);
inline static uint32_t rol(uint32_t value, uint32_t bits) { return (value << bits) | (value >> (32 - bits)); }
#include "encryption.h"
union CHAR64LONG16
{
@@ -36,139 +23,182 @@ union CHAR64LONG16
uint32_t l[16];
};
inline static uint32_t rol(uint32_t value, uint32_t bits) { return (value << bits) | (value >> (32 - bits)); }
/* blk0() and blk() perform the initial expand. */
/* I got the idea of expanding during the round function from SSLeay */
inline static uint32_t blk0(CHAR64LONG16 *block, uint32_t i)
inline static uint32_t blk0(CHAR64LONG16 &block, uint32_t i)
{
#ifdef LITTLE_ENDIAN
return block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) | (rol(block->l[i], 8) & 0x00FF00FF);
return block.l[i] = (rol(block.l[i], 24) & 0xFF00FF00) | (rol(block.l[i], 8) & 0x00FF00FF);
#else
return block->l[i];
return block.l[i];
#endif
}
inline static uint32_t blk(CHAR64LONG16 *block, uint32_t i) { return block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ block->l[(i + 8) & 15] ^ block->l[(i + 2) & 15] ^ block->l[i & 15],1); }
inline static uint32_t blk(CHAR64LONG16 &block, uint32_t i) { return block.l[i & 15] = rol(block.l[(i + 13) & 15] ^ block.l[(i + 8) & 15] ^ block.l[(i + 2) & 15] ^ block.l[i & 15],1); }
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
inline static void R0(CHAR64LONG16 *block, uint32_t v, uint32_t &w, uint32_t x, uint32_t y, uint32_t &z, uint32_t i) { z += ((w & (x ^ y)) ^ y) + blk0(block, i) + 0x5A827999 + rol(v, 5); w = rol(w, 30); }
inline static void R1(CHAR64LONG16 *block, uint32_t v, uint32_t &w, uint32_t x, uint32_t y, uint32_t &z, uint32_t i) { z += ((w & (x ^ y)) ^ y) + blk(block, i) + 0x5A827999 + rol(v, 5); w = rol(w, 30); }
inline static void R2(CHAR64LONG16 *block, uint32_t v, uint32_t &w, uint32_t x, uint32_t y, uint32_t &z, uint32_t i) { z += (w ^ x ^ y) + blk(block, i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30); }
inline static void R3(CHAR64LONG16 *block, uint32_t v, uint32_t &w, uint32_t x, uint32_t y, uint32_t &z, uint32_t i) { z += (((w | x) & y) | (w & x)) + blk(block, i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30); }
inline static void R4(CHAR64LONG16 *block, uint32_t v, uint32_t &w, uint32_t x, uint32_t y, uint32_t &z, uint32_t i) { z += (w ^ x ^ y) + blk(block, i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30); }
inline static void R0(CHAR64LONG16 &block, uint32_t v, uint32_t &w, uint32_t x, uint32_t y, uint32_t &z, uint32_t i) { z += ((w & (x ^ y)) ^ y) + blk0(block, i) + 0x5A827999 + rol(v, 5); w = rol(w, 30); }
inline static void R1(CHAR64LONG16 &block, uint32_t v, uint32_t &w, uint32_t x, uint32_t y, uint32_t &z, uint32_t i) { z += ((w & (x ^ y)) ^ y) + blk(block, i) + 0x5A827999 + rol(v, 5); w = rol(w, 30); }
inline static void R2(CHAR64LONG16 &block, uint32_t v, uint32_t &w, uint32_t x, uint32_t y, uint32_t &z, uint32_t i) { z += (w ^ x ^ y) + blk(block, i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30); }
inline static void R3(CHAR64LONG16 &block, uint32_t v, uint32_t &w, uint32_t x, uint32_t y, uint32_t &z, uint32_t i) { z += (((w | x) & y) | (w & x)) + blk(block, i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30); }
inline static void R4(CHAR64LONG16 &block, uint32_t v, uint32_t &w, uint32_t x, uint32_t y, uint32_t &z, uint32_t i) { z += (w ^ x ^ y) + blk(block, i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30); }
/* Hash a single 512-bit block. This is the core of the algorithm. */
void SHA1Transform(uint32_t state[5], const unsigned char buffer[64])
static const uint32_t sha1_iv[5] =
{
uint32_t a, b, c, d, e;
static unsigned char workspace[64];
CHAR64LONG16 *block = reinterpret_cast<CHAR64LONG16 *>(workspace);
memcpy(block, buffer, 64);
/* Copy context->state[] to working vars */
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
/* 4 rounds of 20 operations each. Loop unrolled. */
R0(block, a, b, c, d, e, 0); R0(block, e, a, b, c, d, 1); R0(block, d, e, a, b, c, 2); R0(block, c, d, e, a, b, 3);
R0(block, b, c, d, e, a, 4); R0(block, a, b, c, d, e, 5); R0(block, e, a, b, c, d, 6); R0(block, d, e, a, b, c, 7);
R0(block, c, d, e, a, b, 8); R0(block, b, c, d, e, a, 9); R0(block, a, b, c, d, e, 10); R0(block, e, a, b, c, d, 11);
R0(block, d, e, a, b, c, 12); R0(block, c, d, e, a, b, 13); R0(block, b, c, d, e, a, 14); R0(block, a, b, c, d, e, 15);
R1(block, e, a, b, c, d, 16); R1(block, d, e, a, b, c, 17); R1(block, c, d, e, a, b, 18); R1(block, b, c, d, e, a, 19);
R2(block, a, b, c, d, e, 20); R2(block, e, a, b, c, d, 21); R2(block, d, e, a, b, c, 22); R2(block, c, d, e, a, b, 23);
R2(block, b, c, d, e, a, 24); R2(block, a, b, c, d, e, 25); R2(block, e, a, b, c, d, 26); R2(block, d, e, a, b, c, 27);
R2(block, c, d, e, a, b, 28); R2(block, b, c, d, e, a, 29); R2(block, a, b, c, d, e, 30); R2(block, e, a, b, c, d, 31);
R2(block, d, e, a, b, c, 32); R2(block, c, d, e, a, b, 33); R2(block, b, c, d, e, a, 34); R2(block, a, b, c, d, e, 35);
R2(block, e, a, b, c, d, 36); R2(block, d, e, a, b, c, 37); R2(block, c, d, e, a, b, 38); R2(block, b, c, d, e, a, 39);
R3(block, a, b, c, d, e, 40); R3(block, e, a, b, c, d, 41); R3(block, d, e, a, b, c, 42); R3(block, c, d, e, a, b, 43);
R3(block, b, c, d, e, a, 44); R3(block, a, b, c, d, e, 45); R3(block, e, a, b, c, d, 46); R3(block, d, e, a, b, c, 47);
R3(block, c, d, e, a, b, 48); R3(block, b, c, d, e, a, 49); R3(block, a, b, c, d, e, 50); R3(block, e, a, b, c, d, 51);
R3(block, d, e, a, b, c, 52); R3(block, c, d, e, a, b, 53); R3(block, b, c, d, e, a, 54); R3(block, a, b, c, d, e, 55);
R3(block, e, a, b, c, d, 56); R3(block, d, e, a, b, c, 57); R3(block, c, d, e, a, b, 58); R3(block, b, c, d, e, a, 59);
R4(block, a, b, c, d, e, 60); R4(block, e, a, b, c, d, 61); R4(block, d, e, a, b, c, 62); R4(block, c, d, e, a, b, 63);
R4(block, b, c, d, e, a, 64); R4(block, a, b, c, d, e, 65); R4(block, e, a, b, c, d, 66); R4(block, d, e, a, b, c, 67);
R4(block, c, d, e, a, b, 68); R4(block, b, c, d, e, a, 69); R4(block, a, b, c, d, e, 70); R4(block, e, a, b, c, d, 71);
R4(block, d, e, a, b, c, 72); R4(block, c, d, e, a, b, 73); R4(block, b, c, d, e, a, 74); R4(block, a, b, c, d, e, 75);
R4(block, e, a, b, c, d, 76); R4(block, d, e, a, b, c, 77); R4(block, c, d, e, a, b, 78); R4(block, b, c, d, e, a, 79);
/* Add the working vars back into context.state[] */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
state[4] += e;
/* Wipe variables */
a = b = c = d = e = 0;
}
0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0
};
/* SHA1Init - Initialize new context */
void SHA1Init(SHA1_CTX *context)
class SHA1Context : public Encryption::Context
{
/* SHA1 initialization constants */
context->state[0] = 0x67452301;
context->state[1] = 0xEFCDAB89;
context->state[2] = 0x98BADCFE;
context->state[3] = 0x10325476;
context->state[4] = 0xC3D2E1F0;
context->count[0] = context->count[1] = 0;
}
uint32_t state[5];
uint32_t count[2];
unsigned char buffer[64];
unsigned char digest[20];
/* Run your data through this. */
void SHA1Update(SHA1_CTX *context, const unsigned char *data, uint32_t len)
{
uint32_t i, j;
j = (context->count[0] >> 3) & 63;
if ((context->count[0] += len << 3) < (len << 3))
++context->count[1];
context->count[1] += len >> 29;
if (j + len > 63)
void Transform(const unsigned char buf[64])
{
memcpy(&context->buffer[j], data, (i = 64 - j));
SHA1Transform(context->state, context->buffer);
for (; i + 63 < len; i += 64)
SHA1Transform(context->state, &data[i]);
j = 0;
uint32_t a, b, c, d, e;
CHAR64LONG16 block;
memcpy(block.c, buf, 64);
/* Copy context->state[] to working vars */
a = this->state[0];
b = this->state[1];
c = this->state[2];
d = this->state[3];
e = this->state[4];
/* 4 rounds of 20 operations each. Loop unrolled. */
R0(block, a, b, c, d, e, 0); R0(block, e, a, b, c, d, 1); R0(block, d, e, a, b, c, 2); R0(block, c, d, e, a, b, 3);
R0(block, b, c, d, e, a, 4); R0(block, a, b, c, d, e, 5); R0(block, e, a, b, c, d, 6); R0(block, d, e, a, b, c, 7);
R0(block, c, d, e, a, b, 8); R0(block, b, c, d, e, a, 9); R0(block, a, b, c, d, e, 10); R0(block, e, a, b, c, d, 11);
R0(block, d, e, a, b, c, 12); R0(block, c, d, e, a, b, 13); R0(block, b, c, d, e, a, 14); R0(block, a, b, c, d, e, 15);
R1(block, e, a, b, c, d, 16); R1(block, d, e, a, b, c, 17); R1(block, c, d, e, a, b, 18); R1(block, b, c, d, e, a, 19);
R2(block, a, b, c, d, e, 20); R2(block, e, a, b, c, d, 21); R2(block, d, e, a, b, c, 22); R2(block, c, d, e, a, b, 23);
R2(block, b, c, d, e, a, 24); R2(block, a, b, c, d, e, 25); R2(block, e, a, b, c, d, 26); R2(block, d, e, a, b, c, 27);
R2(block, c, d, e, a, b, 28); R2(block, b, c, d, e, a, 29); R2(block, a, b, c, d, e, 30); R2(block, e, a, b, c, d, 31);
R2(block, d, e, a, b, c, 32); R2(block, c, d, e, a, b, 33); R2(block, b, c, d, e, a, 34); R2(block, a, b, c, d, e, 35);
R2(block, e, a, b, c, d, 36); R2(block, d, e, a, b, c, 37); R2(block, c, d, e, a, b, 38); R2(block, b, c, d, e, a, 39);
R3(block, a, b, c, d, e, 40); R3(block, e, a, b, c, d, 41); R3(block, d, e, a, b, c, 42); R3(block, c, d, e, a, b, 43);
R3(block, b, c, d, e, a, 44); R3(block, a, b, c, d, e, 45); R3(block, e, a, b, c, d, 46); R3(block, d, e, a, b, c, 47);
R3(block, c, d, e, a, b, 48); R3(block, b, c, d, e, a, 49); R3(block, a, b, c, d, e, 50); R3(block, e, a, b, c, d, 51);
R3(block, d, e, a, b, c, 52); R3(block, c, d, e, a, b, 53); R3(block, b, c, d, e, a, 54); R3(block, a, b, c, d, e, 55);
R3(block, e, a, b, c, d, 56); R3(block, d, e, a, b, c, 57); R3(block, c, d, e, a, b, 58); R3(block, b, c, d, e, a, 59);
R4(block, a, b, c, d, e, 60); R4(block, e, a, b, c, d, 61); R4(block, d, e, a, b, c, 62); R4(block, c, d, e, a, b, 63);
R4(block, b, c, d, e, a, 64); R4(block, a, b, c, d, e, 65); R4(block, e, a, b, c, d, 66); R4(block, d, e, a, b, c, 67);
R4(block, c, d, e, a, b, 68); R4(block, b, c, d, e, a, 69); R4(block, a, b, c, d, e, 70); R4(block, e, a, b, c, d, 71);
R4(block, d, e, a, b, c, 72); R4(block, c, d, e, a, b, 73); R4(block, b, c, d, e, a, 74); R4(block, a, b, c, d, e, 75);
R4(block, e, a, b, c, d, 76); R4(block, d, e, a, b, c, 77); R4(block, c, d, e, a, b, 78); R4(block, b, c, d, e, a, 79);
/* Add the working vars back into context.state[] */
this->state[0] += a;
this->state[1] += b;
this->state[2] += c;
this->state[3] += d;
this->state[4] += e;
/* Wipe variables */
a = b = c = d = e = 0;
}
else
i = 0;
memcpy(&context->buffer[j], &data[i], len - i);
}
/* Add padding and return the message digest. */
public:
SHA1Context(Encryption::IV *iv = NULL)
{
if (iv != NULL)
{
if (iv->second != 5)
throw CoreException("Invalid IV size");
for (int i = 0; i < 5; ++i)
this->state[i] = iv->first[i];
}
else
for (int i = 0; i < 5; ++i)
this->state[i] = sha1_iv[i];
void SHA1Final(unsigned char digest[21], SHA1_CTX *context)
this->count[0] = this->count[1] = 0;
memset(this->buffer, 0, sizeof(this->buffer));
memset(this->digest, 0, sizeof(this->digest));
}
void Update(const unsigned char *data, size_t len) anope_override
{
uint32_t i, j;
j = (this->count[0] >> 3) & 63;
if ((this->count[0] += len << 3) < (len << 3))
++this->count[1];
this->count[1] += len >> 29;
if (j + len > 63)
{
memcpy(&this->buffer[j], data, (i = 64 - j));
this->Transform(this->buffer);
for (; i + 63 < len; i += 64)
this->Transform(&data[i]);
j = 0;
}
else
i = 0;
memcpy(&this->buffer[j], &data[i], len - i);
}
void Finalize() anope_override
{
uint32_t i;
unsigned char finalcount[8];
for (i = 0; i < 8; ++i)
finalcount[i] = static_cast<unsigned char>((this->count[i >= 4 ? 0 : 1] >> ((3 - (i & 3)) * 8)) & 255); /* Endian independent */
this->Update(reinterpret_cast<const unsigned char *>("\200"), 1);
while ((this->count[0] & 504) != 448)
this->Update(reinterpret_cast<const unsigned char *>("\0"), 1);
this->Update(finalcount, 8); /* Should cause a SHA1Transform() */
for (i = 0; i < 20; ++i)
this->digest[i] = static_cast<unsigned char>((this->state[i>>2] >> ((3 - (i & 3)) * 8)) & 255);
/* Wipe variables */
memset(this->buffer, 0, sizeof(this->buffer));
memset(this->state, 0, sizeof(this->state));
memset(this->count, 0, sizeof(this->count));
memset(&finalcount, 0, sizeof(finalcount));
this->Transform(this->buffer);
}
Encryption::Hash GetFinalizedHash() anope_override
{
Encryption::Hash hash;
hash.first = this->digest;
hash.second = sizeof(this->digest);
return hash;
}
};
class SHA1Provider : public Encryption::Provider
{
uint32_t i;
unsigned char finalcount[8];
public:
SHA1Provider(Module *creator) : Encryption::Provider(creator, "sha1") { }
for (i = 0; i < 8; ++i)
finalcount[i] = static_cast<unsigned char>((context->count[i >= 4 ? 0 : 1] >> ((3 - (i & 3)) * 8)) & 255); /* Endian independent */
SHA1Update(context, reinterpret_cast<const unsigned char *>("\200"), 1);
while ((context->count[0] & 504) != 448)
SHA1Update(context, reinterpret_cast<const unsigned char *>("\0"), 1);
SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
for (i = 0; i < 20; ++i)
digest[i] = static_cast<unsigned char>((context->state[i>>2] >> ((3 - (i & 3)) * 8)) & 255);
/* Wipe variables */
i = 0;
memset(context->buffer, 0, 64);
memset(context->state, 0, 20);
memset(context->count, 0, 8);
memset(&finalcount, 0, 8);
SHA1Transform(context->state, context->buffer);
}
Encryption::Context *CreateContext(Encryption::IV *iv) anope_override
{
return new SHA1Context(iv);
}
/*****************************************************************************/
/*****************************************************************************/
/* Module stuff. */
Encryption::IV GetDefaultIV() anope_override
{
Encryption::IV iv;
iv.first = sha1_iv;
iv.second = sizeof(sha1_iv) / sizeof(uint32_t);
return iv;
}
};
class ESHA1 : public Module
{
SHA1Provider sha1provider;
public:
ESHA1(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, ENCRYPTION)
ESHA1(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, ENCRYPTION),
sha1provider(this)
{
this->SetAuthor("Anope");
@@ -178,15 +208,15 @@ class ESHA1 : public Module
EventReturn OnEncrypt(const Anope::string &src, Anope::string &dest) anope_override
{
SHA1_CTX context;
char digest[21] = "";
Anope::string buf = "sha1:";
SHA1Context context;
SHA1Init(&context);
SHA1Update(&context, reinterpret_cast<const unsigned char *>(src.c_str()), src.length());
SHA1Final(reinterpret_cast<unsigned char *>(digest), &context);
context.Update(reinterpret_cast<const unsigned char *>(src.c_str()), src.length());
context.Finalize();
Encryption::Hash hash = context.GetFinalizedHash();
Anope::string buf = "sha1:" + Anope::Hex(reinterpret_cast<const char *>(hash.first), hash.second);
buf += Anope::Hex(digest, 20);
Log(LOG_DEBUG_2) << "(enc_sha1) hashed password from [" << src << "] to [" << buf << "]";
dest = buf;
return EVENT_ALLOW;
+148 -120
View File
@@ -1,9 +1,4 @@
/* This module generates and compares password hashes using SHA256 algorithms.
* To help reduce the risk of dictionary attacks, the code appends random bytes
* (so-called "salt") to the original plain text before generating hashes and
* stores this salt appended to the result. To verify another plain text value
* against the given hash, this module will retrieve the salt value from the
* password string and use it when computing a new hash of the plain text.
*
* If an intruder gets access to your system or uses a brute force attack,
* salt will not provide much value.
@@ -53,21 +48,11 @@
*/
#include "module.h"
#include "encryption.h"
static const unsigned SHA256_DIGEST_SIZE = 256 / 8;
static const unsigned SHA256_BLOCK_SIZE = 512 / 8;
/** An sha256 context
*/
class SHA256Context
{
public:
unsigned tot_len;
unsigned len;
unsigned char block[2 * SHA256_BLOCK_SIZE];
uint32_t h[8];
};
inline static uint32_t SHFR(uint32_t x, uint32_t n) { return x >> n; }
inline static uint32_t ROTR(uint32_t x, uint32_t n) { return (x >> n) | (x << ((sizeof(x) << 3) - n)); }
inline static uint32_t ROTL(uint32_t x, uint32_t n) { return (x << n) | (x >> ((sizeof(x) << 3) - n)); }
@@ -99,7 +84,13 @@ inline static void SHA256_SCR(uint32_t w[64], int i)
w[i] = SHA256_F4(w[i - 2]) + w[i - 7] + SHA256_F3(w[i - 15]) + w[i - 16];
}
uint32_t sha256_k[64] =
static const uint32_t sha256_h0[8] =
{
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
};
static const uint32_t sha256_k[64] =
{
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
@@ -119,8 +110,137 @@ uint32_t sha256_k[64] =
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
/** An sha256 context
*/
class SHA256Context : public Encryption::Context
{
void Transform(unsigned char *message, unsigned block_nb)
{
uint32_t w[64], wv[8];
unsigned char *sub_block;
for (unsigned i = 1; i <= block_nb; ++i)
{
int j;
sub_block = message + ((i - 1) << 6);
for (j = 0; j < 16; ++j)
PACK32(&sub_block[j << 2], w[j]);
for (j = 16; j < 64; ++j)
SHA256_SCR(w, j);
for (j = 0; j < 8; ++j)
wv[j] = this->h[j];
for (j = 0; j < 64; ++j)
{
uint32_t t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6]) + sha256_k[j] + w[j];
uint32_t t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
wv[7] = wv[6];
wv[6] = wv[5];
wv[5] = wv[4];
wv[4] = wv[3] + t1;
wv[3] = wv[2];
wv[2] = wv[1];
wv[1] = wv[0];
wv[0] = t1 + t2;
}
for (j = 0; j < 8; ++j)
this->h[j] += wv[j];
}
}
unsigned tot_len;
unsigned len;
unsigned char block[2 * SHA256_BLOCK_SIZE];
uint32_t h[8];
unsigned char digest[SHA256_DIGEST_SIZE + 1];
public:
SHA256Context(Encryption::IV *iv)
{
if (iv != NULL)
{
if (iv->second != 8)
throw CoreException("Invalid IV size");
for (int i = 0; i < 8; ++i)
this->h[i] = iv->first[i];
}
else
for (int i = 0; i < 8; ++i)
this->h[i] = sha256_h0[i];
this->tot_len = 0;
this->len = 0;
memset(this->block, 0, sizeof(this->block));
memset(this->digest, 0, sizeof(this->digest));
}
void Update(const unsigned char *message, size_t mlen) anope_override
{
unsigned tmp_len = SHA256_BLOCK_SIZE - this->len, rem_len = mlen < tmp_len ? mlen : tmp_len;
memcpy(&this->block[this->len], message, rem_len);
if (this->len + mlen < SHA256_BLOCK_SIZE)
{
this->len += mlen;
return;
}
unsigned new_len = mlen - rem_len, block_nb = new_len / SHA256_BLOCK_SIZE;
unsigned char *shifted_message = new unsigned char[mlen - rem_len];
memcpy(shifted_message, message + rem_len, mlen - rem_len);
this->Transform(this->block, 1);
this->Transform(shifted_message, block_nb);
rem_len = new_len % SHA256_BLOCK_SIZE;
memcpy(this->block, &shifted_message[block_nb << 6], rem_len);
delete [] shifted_message;
this->len = rem_len;
this->tot_len += (block_nb + 1) << 6;
}
void Finalize() anope_override
{
unsigned block_nb = 1 + ((SHA256_BLOCK_SIZE - 9) < (this->len % SHA256_BLOCK_SIZE));
unsigned len_b = (this->tot_len + this->len) << 3;
unsigned pm_len = block_nb << 6;
memset(this->block + this->len, 0, pm_len - this->len);
this->block[this->len] = 0x80;
UNPACK32(len_b, this->block + pm_len - 4);
this->Transform(this->block, block_nb);
for (int i = 0 ; i < 8; ++i)
UNPACK32(this->h[i], &this->digest[i << 2]);
this->digest[SHA256_BLOCK_SIZE] = 0;
}
Encryption::Hash GetFinalizedHash() anope_override
{
Encryption::Hash hash;
hash.first = this->digest;
hash.second = SHA256_BLOCK_SIZE;
return hash;
}
};
class SHA256Provider : public Encryption::Provider
{
public:
SHA256Provider(Module *creator) : Encryption::Provider(creator, "sha256") { }
Encryption::Context *CreateContext(Encryption::IV *iv) anope_override
{
return new SHA256Context(iv);
}
Encryption::IV GetDefaultIV() anope_override
{
Encryption::IV iv;
iv.first = sha256_h0;
iv.second = sizeof(sha256_h0) / sizeof(uint32_t);
return iv;
}
};
class ESHA256 : public Module
{
SHA256Provider sha256provider;
unsigned iv[8];
bool use_iv;
@@ -153,101 +273,9 @@ class ESHA256 : public Module
PACK32(reinterpret_cast<unsigned char *>(&buf2[i << 2]), iv[i]);
}
void SHA256Init(SHA256Context *ctx)
{
for (int i = 0; i < 8; ++i)
ctx->h[i] = iv[i];
ctx->len = 0;
ctx->tot_len = 0;
}
void SHA256Transform(SHA256Context *ctx, unsigned char *message, unsigned block_nb)
{
uint32_t w[64], wv[8];
unsigned char *sub_block;
for (unsigned i = 1; i <= block_nb; ++i)
{
int j;
sub_block = message + ((i - 1) << 6);
for (j = 0; j < 16; ++j)
PACK32(&sub_block[j << 2], w[j]);
for (j = 16; j < 64; ++j)
SHA256_SCR(w, j);
for (j = 0; j < 8; ++j)
wv[j] = ctx->h[j];
for (j = 0; j < 64; ++j)
{
uint32_t t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6]) + sha256_k[j] + w[j];
uint32_t t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
wv[7] = wv[6];
wv[6] = wv[5];
wv[5] = wv[4];
wv[4] = wv[3] + t1;
wv[3] = wv[2];
wv[2] = wv[1];
wv[1] = wv[0];
wv[0] = t1 + t2;
}
for (j = 0; j < 8; ++j)
ctx->h[j] += wv[j];
}
}
void SHA256Update(SHA256Context *ctx, const unsigned char *message, unsigned len)
{
/*
* XXX here be dragons!
* After many hours of pouring over this, I think I've found the problem.
* When Special created our module from the reference one, he used:
*
* unsigned rem_len = SHA256_BLOCK_SIZE - ctx->len;
*
* instead of the reference's version of:
*
* unsigned tmp_len = SHA256_BLOCK_SIZE - ctx->len;
* unsigned rem_len = len < tmp_len ? len : tmp_len;
*
* I've changed back to the reference version of this code, and it seems to work with no errors.
* So I'm inclined to believe this was the problem..
* -- w00t (January 06, 2008)
*/
unsigned tmp_len = SHA256_BLOCK_SIZE - ctx->len, rem_len = len < tmp_len ? len : tmp_len;
memcpy(&ctx->block[ctx->len], message, rem_len);
if (ctx->len + len < SHA256_BLOCK_SIZE)
{
ctx->len += len;
return;
}
unsigned new_len = len - rem_len, block_nb = new_len / SHA256_BLOCK_SIZE;
unsigned char *shifted_message = new unsigned char[len - rem_len];
memcpy(shifted_message, message + rem_len, len - rem_len);
SHA256Transform(ctx, ctx->block, 1);
SHA256Transform(ctx, shifted_message, block_nb);
rem_len = new_len % SHA256_BLOCK_SIZE;
memcpy(ctx->block, &shifted_message[block_nb << 6], rem_len);
delete [] shifted_message;
ctx->len = rem_len;
ctx->tot_len += (block_nb + 1) << 6;
}
void SHA256Final(SHA256Context *ctx, unsigned char *digest)
{
unsigned block_nb = 1 + ((SHA256_BLOCK_SIZE - 9) < (ctx->len % SHA256_BLOCK_SIZE));
unsigned len_b = (ctx->tot_len + ctx->len) << 3;
unsigned pm_len = block_nb << 6;
memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
ctx->block[ctx->len] = 0x80;
UNPACK32(len_b, ctx->block + pm_len - 4);
SHA256Transform(ctx, ctx->block, block_nb);
for (int i = 0 ; i < 8; ++i)
UNPACK32(ctx->h[i], &digest[i << 2]);
}
/********** ANOPE ******/
public:
ESHA256(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, ENCRYPTION)
ESHA256(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, ENCRYPTION),
sha256provider(this)
{
this->SetAuthor("Anope");
@@ -259,20 +287,20 @@ class ESHA256 : public Module
EventReturn OnEncrypt(const Anope::string &src, Anope::string &dest) anope_override
{
char digest[SHA256_DIGEST_SIZE + 1];
SHA256Context ctx;
std::stringstream buf;
if (!use_iv)
NewRandomIV();
else
use_iv = false;
SHA256Init(&ctx);
SHA256Update(&ctx, reinterpret_cast<const unsigned char *>(src.c_str()), src.length());
SHA256Final(&ctx, reinterpret_cast<unsigned char *>(digest));
digest[SHA256_DIGEST_SIZE] = '\0';
buf << "sha256:" << Anope::Hex(digest, SHA256_DIGEST_SIZE) << ":" << GetIVString();
Encryption::IV initilization(this->iv, 8);
SHA256Context ctx(&initilization);
ctx.Update(reinterpret_cast<const unsigned char *>(src.c_str()), src.length());
ctx.Finalize();
Encryption::Hash hash = ctx.GetFinalizedHash();
std::stringstream buf;
buf << "sha256:" << Anope::Hex(reinterpret_cast<const char *>(hash.first), hash.second) << ":" << GetIVString();
Log(LOG_DEBUG_2) << "(enc_sha256) hashed password from [" << src << "] to [" << buf.str() << " ]";
dest = buf.str();
return EVENT_ALLOW;
+37
View File
@@ -0,0 +1,37 @@
/*
*
* (C) 2003-2012 Anope Team
* Contact us at team@anope.org
*
* Please read COPYING and README for further details.
*
* Based on the original code of Epona by Lara.
* Based on the original code of Services by Andy Church.
*
*/
namespace Encryption
{
typedef std::pair<const unsigned char *, size_t> Hash;
typedef std::pair<const uint32_t *, size_t> IV;
class Context
{
public:
virtual ~Context() { }
virtual void Update(const unsigned char *data, size_t len) = 0;
virtual void Finalize() = 0;
virtual Hash GetFinalizedHash() = 0;
};
class Provider : public Service
{
public:
Provider(Module *creator, const Anope::string &sname) : Service(creator, "Encryption::Provider", sname) { }
virtual ~Provider() { }
virtual Context *CreateContext(IV * = NULL) = 0;
virtual IV GetDefaultIV() = 0;
};
}
+1 -1
View File
@@ -256,7 +256,7 @@ class InspIRCdProto : public IRCDProto
SendServer(Me);
UplinkSocket::Message() << "BURST";
Module *enc = ModuleManager::FindFirstOf(ENCRYPTION);
UplinkSocket::Message(Me) << "VERSION :Anope-" << Anope::Version() << " " << Me->GetName() << " :" << this->GetProtocolName() << " - (" << (enc ? enc->name : "unknown") << ") -- " << Anope::VersionBuildString();
UplinkSocket::Message(Me) << "VERSION :Anope-" << Anope::Version() << " " << Me->GetName() << " :" << this->GetProtocolName() << " - (" << (enc ? enc->name : "none") << ") -- " << Anope::VersionBuildString();
}
/* SVSHOLD - set */
+1 -1
View File
@@ -279,7 +279,7 @@ class InspIRCd12Proto : public IRCDProto
SendServer(Me);
UplinkSocket::Message(Me) << "BURST";
Module *enc = ModuleManager::FindFirstOf(ENCRYPTION);
UplinkSocket::Message(Me) << "VERSION :Anope-" << Anope::Version() << " " << Config->ServerName << " :" << IRCD->GetProtocolName() << " - (" << (enc ? enc->name : "unknown") << ") -- " << Anope::VersionBuildString();
UplinkSocket::Message(Me) << "VERSION :Anope-" << Anope::Version() << " " << Config->ServerName << " :" << IRCD->GetProtocolName() << " - (" << (enc ? enc->name : "none") << ") -- " << Anope::VersionBuildString();
}
/* SVSHOLD - set */
-50
View File
@@ -1,50 +0,0 @@
/*
*
* (C) 2003-2012 Anope Team
* Contact us at team@anope.org
*
* Please read COPYING and README for further details.
*
* Based on the original code of Epona by Lara.
* Based on the original code of Services by Andy Church.
*
*/
#include "services.h"
#include "modules.h"
/******************************************************************************/
/** Encrypt the string src into dest
* @param src The source string
* @param dest The destination strnig
*/
void Anope::Encrypt(const Anope::string &src, Anope::string &dest)
{
EventReturn MOD_RESULT;
FOREACH_RESULT(I_OnEncrypt, OnEncrypt(src, dest));
}
/** Decrypt the encrypted string src into dest
* @param src The encrypted string
* @param desc The destination string
* @return true on success
*/
bool Anope::Decrypt(const Anope::string &src, Anope::string &dest)
{
size_t pos = src.find(':');
if (pos == Anope::string::npos)
{
Log() << "Error: Anope::Decrypt() called with invalid password string (" << src << ")";
return false;
}
Anope::string hashm(src.begin(), src.begin() + pos);
EventReturn MOD_RESULT;
FOREACH_RESULT(I_OnDecrypt, OnDecrypt(hashm, src, dest));
if (MOD_RESULT == EVENT_ALLOW)
return true;
return false;
}
-2
View File
@@ -451,8 +451,6 @@ void Anope::Init(int ac, char **av)
Module *protocol = ModuleManager::FindFirstOf(PROTOCOL);
if (protocol == NULL)
throw CoreException("You must load a protocol module!");
else if (ModuleManager::FindFirstOf(ENCRYPTION) == NULL)
throw CoreException("You must load at least one encryption module");
Log() << "Using IRCd protocol " << protocol->name;
+2 -2
View File
@@ -326,7 +326,7 @@ void Privmsg::Run(MessageSource &source, const std::vector<Anope::string> &param
else if (message.substr(0, 9).equals_ci("\1VERSION\1"))
{
Module *enc = ModuleManager::FindFirstOf(ENCRYPTION);
IRCD->SendCTCP(bi, u->nick, "VERSION Anope-%s %s :%s - (%s) -- %s", Anope::Version().c_str(), Config->ServerName.c_str(), IRCD->GetProtocolName().c_str(), enc ? enc->name.c_str() : "unknown", Anope::VersionBuildString().c_str());
IRCD->SendCTCP(bi, u->nick, "VERSION Anope-%s %s :%s - (%s) -- %s", Anope::Version().c_str(), Config->ServerName.c_str(), IRCD->GetProtocolName().c_str(), enc ? enc->name.c_str() : "(none)", Anope::VersionBuildString().c_str());
}
return;
}
@@ -448,7 +448,7 @@ void Topic::Run(MessageSource &source, const std::vector<Anope::string> &params)
void Version::Run(MessageSource &source, const std::vector<Anope::string> &params)
{
Module *enc = ModuleManager::FindFirstOf(ENCRYPTION);
IRCD->SendNumeric(351, source.GetSource(), "Anope-%s %s :%s -(%s) -- %s", Anope::Version().c_str(), Config->ServerName.c_str(), IRCD->GetProtocolName().c_str(), enc ? enc->name.c_str() : "unknown", Anope::VersionBuildString().c_str());
IRCD->SendNumeric(351, source.GetSource(), "Anope-%s %s :%s -(%s) -- %s", Anope::Version().c_str(), Config->ServerName.c_str(), IRCD->GetProtocolName().c_str(), enc ? enc->name.c_str() : "(none)", Anope::VersionBuildString().c_str());
return;
}
+24
View File
@@ -450,6 +450,30 @@ bool Anope::Match(const Anope::string &str, const Anope::string &mask, bool case
return m == mask_len;
}
void Anope::Encrypt(const Anope::string &src, Anope::string &dest)
{
EventReturn MOD_RESULT;
FOREACH_RESULT(I_OnEncrypt, OnEncrypt(src, dest));
}
bool Anope::Decrypt(const Anope::string &src, Anope::string &dest)
{
size_t pos = src.find(':');
if (pos == Anope::string::npos)
{
Log() << "Error: Anope::Decrypt() called with invalid password string (" << src << ")";
return false;
}
Anope::string hashm(src.begin(), src.begin() + pos);
EventReturn MOD_RESULT;
FOREACH_RESULT(I_OnDecrypt, OnDecrypt(hashm, src, dest));
if (MOD_RESULT == EVENT_ALLOW)
return true;
return false;
}
Anope::string Anope::printf(const char *fmt, ...)
{
va_list args;