testing/fastcgi-approach/hashtest.c

   1 #include <openssl/sha.h>
   2 #include <stdio.h>
   3 #include <stdlib.h>
   4 #include <string.h>
   5 #define SALT_LENGTH 20
   6
   7 int ReadBytes(char *str, unsigned char *buffer, size_t buffer_length) {
   8         unsigned i, val;
   9         if (strlen(str) != buffer_length * 2)
  10                 return 0;
  11         for (i = 0; i < buffer_length; i++) {
  12                 sscanf(str + i*2, "%2x", &val);
  13                 buffer[i] = (unsigned char) val;
  14         }
  15         return 1;
  16 }
  17
  18 unsigned char *HashPass(const char *pass, unsigned char salt[SALT_LENGTH]) {
  19         unsigned char *buffer, *result;
  20         size_t pass_length = strlen(pass);
  21         size_t buffer_length = pass_length + SALT_LENGTH;
  22         buffer = malloc(buffer_length * sizeof(unsigned char));
  23         if (!buffer)
  24                 return NULL;
  25
  26         memcpy(buffer, pass, pass_length);
  27         memcpy(buffer + pass_length, salt, SALT_LENGTH);
  28         result = SHA1(buffer, buffer_length, NULL);
  29         free(buffer);
  30
  31         return result;
  32 }
  33
  34 int WriteUserPass(FILE *fp, const char *user, const char *pass) {
  35         unsigned char salt[SALT_LENGTH], *sha1;
  36         size_t i;
  37
  38         FILE *fpr = fopen("/dev/urandom", "r");
  39         if (!fpr)
  40                 return 0;
  41         fread(salt, sizeof(unsigned char), SALT_LENGTH, fpr);
  42         fclose(fpr);
  43
  44         if (!fp)
  45                 return 0;
  46
  47         sha1 = HashPass(pass, salt);
  48         if (!sha1)
  49                 return 0;
  50
  51         fprintf(fp, "%s:", user);
  52         for (i = 0; i < SALT_LENGTH; i++) {
  53                 fprintf(fp, "%02x", salt[i]);
  54         }
  55         fprintf(fp, "$");
  56         for (i = 0; i < 20; i++) {
  57                 fprintf(fp, "%02x", sha1[i]);
  58         }
  59         fprintf(fp, "\n");
  60
  61         return 1;
  62 }
  63
  64 int CheckUserPass(const char *passfile, const char *cuser, const char *cpass) {
  65         FILE *fp = fopen(passfile, "r");
  66         char buffer[BUFSIZ];
  67         int ret = 0;
  68         if (!fp)
  69                 return 0;
  70
  71         while (fgets(buffer, BUFSIZ, fp)) {
  72                 char *user, *salt, *hash, *ptr;
  73
  74                 user = buffer;
  75                 ptr = strchr(buffer, ':');
  76                 if (ptr) {
  77                         *ptr++ = 0;
  78                         salt = ptr;
  79                         ptr = strchr(ptr, '$');
  80                         if (ptr) {
  81                                 *ptr++ = 0;
  82                                 hash = ptr;
  83                                 ptr = strchr(ptr, '\n');
  84                                 if (ptr)
  85                                         *ptr = 0;
  86
  87                                 if (strlen(hash) != 20 * 2) {
  88                                         printf("Invalid SHA-1 hash: %s\n", hash);
  89                                         continue;
  90                                 } else if (strlen(salt) != SALT_LENGTH * 2) {
  91                                         printf("Invalid salt length: %s\n", salt);
  92                                         continue;
  93                                 } else if (strcmp(user, cuser)) {
  94                                         continue;
  95                                 }
  96
  97                                 unsigned char saltbytes[SALT_LENGTH], hashbytes[20];
  98                                 ReadBytes(salt, saltbytes, SALT_LENGTH);
  99                                 ReadBytes(hash, hashbytes, 20);
 100                                 if (!memcmp(HashPass(cpass, saltbytes), hashbytes, 20)) {
 101                                         printf("Matched with user: %s\n", cuser);
 102                                         ret = 1;
 103                                         break;
 104                                 }
 105
 106                         }
 107                 }
 108         }
 109
 110         fclose(fp);
 111         return ret;
 112 }
 113
 114 int main(int argc, char *argv[]) {
 115         if (argc != 4) {
 116                 printf("Usage: %s user pass fname\n", argv[0]);
 117                 return 1;
 118         }
 119
 120         FILE *fp = fopen(argv[3], "w");
 121
 122         if (!WriteUserPass(fp, argv[1], argv[2])) {
 123                 fprintf(stderr, "Failed to hash: %s:%s\n", argv[1], argv[2]);
 124                 return 1;
 125         }
 126         fclose(fp);
 127
 128         CheckUserPass(argv[3], argv[1], argv[2]);
 129         return 0;
 130 }