prosody
d8e645b4d195
util-src/hashes.c

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

util-src/hashes.c @ 9965:d8e645b4d195

util.hashes: Use PBKDF2 from libcrypto
author Kim Alvefur <zash@zash.se>
date Sun, 13 Jan 2019 13:57:14 +0100
parent 9963:90a3cd25f2ae
child 9966:9f1c5ae8d70b
comparison
equal deleted inserted replaced
9964:f299d4917dd8 9965:d8e645b4d195
24 #include "lua.h" 24 #include "lua.h"
25 #include "lauxlib.h" 25 #include "lauxlib.h"
26 #include <openssl/sha.h> 26 #include <openssl/sha.h>
27 #include <openssl/md5.h> 27 #include <openssl/md5.h>
28 #include <openssl/hmac.h> 28 #include <openssl/hmac.h>
29 #include <openssl/evp.h>
29 30
30 #if (LUA_VERSION_NUM == 501) 31 #if (LUA_VERSION_NUM == 501)
31 #define luaL_setfuncs(L, R, N) luaL_register(L, NULL, R) 32 #define luaL_setfuncs(L, R, N) luaL_register(L, NULL, R)
32 #endif 33 #endif
33 34
135 MAKE_HMAC_FUNCTION(Lhmac_sha256, EVP_sha256, SHA256_DIGEST_LENGTH, SHA256_CTX) 136 MAKE_HMAC_FUNCTION(Lhmac_sha256, EVP_sha256, SHA256_DIGEST_LENGTH, SHA256_CTX)
136 MAKE_HMAC_FUNCTION(Lhmac_sha512, EVP_sha512, SHA512_DIGEST_LENGTH, SHA512_CTX) 137 MAKE_HMAC_FUNCTION(Lhmac_sha512, EVP_sha512, SHA512_DIGEST_LENGTH, SHA512_CTX)
137 MAKE_HMAC_FUNCTION(Lhmac_md5, EVP_md5, MD5_DIGEST_LENGTH, MD5_CTX) 138 MAKE_HMAC_FUNCTION(Lhmac_md5, EVP_md5, MD5_DIGEST_LENGTH, MD5_CTX)
138 139
139 static int LscramHi(lua_State *L) { 140 static int LscramHi(lua_State *L) {
140 union xory { 141 unsigned char out[SHA_DIGEST_LENGTH];
141 unsigned char bytes[SHA_DIGEST_LENGTH]; 142
142 uint32_t quadbytes[SHA_DIGEST_LENGTH / 4]; 143 size_t pass_len, salt_len;
143 }; 144 const char *pass = luaL_checklstring(L, 1, &pass_len);
144 int i; 145 const unsigned char *salt = (unsigned char *)luaL_checklstring(L, 2, &salt_len);
145 SHA_CTX ctx, ctxo;
146 unsigned char Ust[SHA_DIGEST_LENGTH];
147 union xory Und;
148 union xory res;
149 size_t str_len, salt_len;
150 struct hash_desc desc;
151 const char *str = luaL_checklstring(L, 1, &str_len);
152 const char *salt = luaL_checklstring(L, 2, &salt_len);
153 char *salt2;
154 const int iter = luaL_checkinteger(L, 3); 146 const int iter = luaL_checkinteger(L, 3);
155 147
156 desc.Init = (int (*)(void *))SHA1_Init; 148 if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha1(), SHA_DIGEST_LENGTH, out) == 0) {
157 desc.Update = (int (*)(void *, const void *, size_t))SHA1_Update; 149 return luaL_error(L, "PKCS5_PBKDF2_HMAC() failed");
158 desc.Final = (int (*)(unsigned char *, void *))SHA1_Final;
159 desc.digestLength = SHA_DIGEST_LENGTH;
160 desc.ctx = &ctx;
161 desc.ctxo = &ctxo;
162
163 salt2 = malloc(salt_len + 4);
164
165 if(salt2 == NULL) {
166 return luaL_error(L, "Out of memory in scramHi");
167 } 150 }
168 151
169 memcpy(salt2, salt, salt_len); 152 lua_pushlstring(L, (char *)out, SHA_DIGEST_LENGTH);
170 memcpy(salt2 + salt_len, "\0\0\0\1", 4);
171 hmac(&desc, str, str_len, salt2, salt_len + 4, Ust);
172 free(salt2);
173
174 memcpy(res.bytes, Ust, sizeof(res));
175
176 for(i = 1; i < iter; i++) {
177 int j;
178 hmac(&desc, str, str_len, (char *)Ust, sizeof(Ust), Und.bytes);
179
180 for(j = 0; j < SHA_DIGEST_LENGTH / 4; j++) {
181 res.quadbytes[j] ^= Und.quadbytes[j];
182 }
183
184 memcpy(Ust, Und.bytes, sizeof(Ust));
185 }
186
187 lua_pushlstring(L, (char *)res.bytes, SHA_DIGEST_LENGTH);
188 153
189 return 1; 154 return 1;
190 } 155 }
191 156
192 static const luaL_Reg Reg[] = { 157 static const luaL_Reg Reg[] = {