diff options
| author | H. Peter Anvin <hpa@zytor.com> | 2008-02-10 22:53:07 -0800 |
|---|---|---|
| committer | H. Peter Anvin <hpa@zytor.com> | 2008-02-10 22:53:07 -0800 |
| commit | ba641c22baad3c77f6c6164ef23af993a61d6e3d (patch) | |
| tree | 79d3ffaa75a37b4319c75b31d47918ab8c8a873a | |
| parent | d3f3133b05c3b60c9bcd4463c7d42ea3cd981a57 (diff) | |
| download | syslinux-ba641c22baad3c77f6c6164ef23af993a61d6e3d.tar.gz | |
simple menu: support sha256 and sha512 passwords
Add support for sha256 and sha512 passwords in the simple menu system.
| -rw-r--r-- | com32/menu/passwd.c | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/com32/menu/passwd.c b/com32/menu/passwd.c index 0016a0d5..b3bb70a5 100644 --- a/com32/menu/passwd.c +++ b/com32/menu/passwd.c @@ -11,8 +11,8 @@ * ----------------------------------------------------------------------- */ #include <string.h> +#include <xcrypt.h> #include <sha1.h> -#include <md5.h> #include <base64.h> #include "menu.h" @@ -50,14 +50,41 @@ static int passwd_compare_md5(const char *passwd, const char *entry) (passwd[len] == '\0' || passwd[len] == '$'); } +static int passwd_compare_sha256(const char *passwd, const char *entry) +{ + const char *crypted = sha256_crypt(entry, passwd+3); + int len = strlen(crypted); + + return !strncmp(crypted, passwd, len) && + (passwd[len] == '\0' || passwd[len] == '$'); +} + +static int passwd_compare_sha512(const char *passwd, const char *entry) +{ + const char *crypted = sha512_crypt(entry, passwd+3); + int len = strlen(crypted); + + return !strncmp(crypted, passwd, len) && + (passwd[len] == '\0' || passwd[len] == '$'); +} + int passwd_compare(const char *passwd, const char *entry) { - if ( passwd[0] != '$' ) /* Plaintext passwd, yuck! */ + if ( passwd[0] != '$' || !passwd[1] || passwd[2] != '$' ) { + /* Plaintext passwd, yuck! */ return !strcmp(entry, passwd); - else if ( !strncmp(passwd, "$4$", 3) ) - return passwd_compare_sha1(passwd, entry); - else if ( !strncmp(passwd, "$1$", 3) ) - return passwd_compare_md5(passwd, entry); - else - return 0; /* Invalid encryption algorithm */ + } else { + switch (passwd[1]) { + case '1': + return passwd_compare_md5(passwd, entry); + case '4': + return passwd_compare_sha1(passwd, entry); + case '5': + return passwd_compare_sha256(passwd, entry); + case '6': + return passwd_compare_sha512(passwd, entry); + default: + return 0; /* Unknown encryption algorithm -> false */ + } + } } |