-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathneoterm-auth.c
129 lines (105 loc) · 3.89 KB
/
neoterm-auth.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
//
// Password authentication utilities for NeoTerm
// Copyright (C) 2018-2020 Leonid Plyushch <[email protected]>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include "neoterm-auth.h"
static void erase_ptr(void *ptr, unsigned int len) {
volatile char *p = ptr;
if (ptr == NULL) {
return;
}
while (len--) {
*p++ = 0x0;
}
}
// Hash password using PBKDF function.
// Returns digest (in binary form) or NULL if failed.
unsigned char *neoterm_passwd_hash(const char *password) {
const unsigned char *salt = (const unsigned char *) "NeoTerm!";
unsigned char *pbkdf_digest;
if ((pbkdf_digest = (unsigned char *) malloc(SHA_DIGEST_LENGTH * sizeof(unsigned char))) == NULL) {
fprintf(stderr, "%s(): failed to allocate memory.\n", __func__);
return NULL;
}
if (!PKCS5_PBKDF2_HMAC_SHA1(password, strlen(password), salt,
strlen((const char *)salt), 65536, SHA_DIGEST_LENGTH, pbkdf_digest)) {
return NULL;
}
return pbkdf_digest;
}
// Update file that stores password hash
// Return true on success, false otherwise.
bool neoterm_change_passwd(const char *new_password) {
FILE *neoterm_auth_file;
bool is_password_changed = false;
unsigned char *hashed_password = neoterm_passwd_hash(new_password);
if (!hashed_password) {
return false;
}
if ((neoterm_auth_file = fopen(AUTH_HASH_FILE_PATH, "w")) != NULL) {
int n = fwrite(hashed_password, sizeof(unsigned char), SHA_DIGEST_LENGTH, neoterm_auth_file);
fflush(neoterm_auth_file);
fclose(neoterm_auth_file);
erase_ptr(hashed_password, n);
if (n == SHA_DIGEST_LENGTH) {
is_password_changed = true;
} else {
fprintf(stderr, "%s(): password hash is truncated.\n", __func__);
}
}
free(hashed_password);
return is_password_changed;
}
// Check validity of password (user name is ignored).
// Return true if password is ok, otherwise return false.
bool neoterm_auth(const char *user, const char *password) {
FILE *neoterm_auth_file;
unsigned char *auth_info;
unsigned char *hashed_password;
bool is_authenticated = false;
if ((auth_info = (unsigned char *)malloc(SHA_DIGEST_LENGTH * sizeof(unsigned char))) == NULL) {
fprintf(stderr, "%s(): failed to allocate memory.\n", __func__);
return false;
}
if ((hashed_password = neoterm_passwd_hash(password)) == NULL) {
free(auth_info);
return false;
}
if ((neoterm_auth_file = fopen(AUTH_HASH_FILE_PATH, "rb")) != NULL) {
int n = fread(auth_info, sizeof(unsigned char), SHA_DIGEST_LENGTH, neoterm_auth_file);
fclose(neoterm_auth_file);
if (n == SHA_DIGEST_LENGTH) {
if (memcmp(auth_info, hashed_password, SHA_DIGEST_LENGTH) == 0) {
is_authenticated = true;
}
} else {
fprintf(stderr, "%s(): password hash is truncated.\n", __func__);
}
}
erase_ptr(auth_info, SHA_DIGEST_LENGTH);
erase_ptr(hashed_password, SHA_DIGEST_LENGTH);
free(auth_info);
free(hashed_password);
return is_authenticated;
}