diff --git a/crypto b/crypto index 7101b264c..93dc9200f 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 7101b264c8150c513d454421b1b263345ff90f66 +Subproject commit 93dc9200fa4cb6bfa3883b19f6d33fd416ca43da diff --git a/src/bind_faction.c b/src/bind_faction.c index 03a75281a..c6b747416 100644 --- a/src/bind_faction.c +++ b/src/bind_faction.c @@ -392,7 +392,7 @@ static int tolua_faction_set_password(lua_State * L) { faction *self = (faction *)tolua_tousertype(L, 1, 0); const char * passw = tolua_tostring(L, 2, 0); - faction_setpassword(self, password_hash(passw, 0, PASSWORD_DEFAULT)); + faction_setpassword(self, password_encode(passw, PASSWORD_DEFAULT)); return 0; } diff --git a/src/kernel/faction.c b/src/kernel/faction.c index cf1372950..86830c451 100755 --- a/src/kernel/faction.c +++ b/src/kernel/faction.c @@ -252,7 +252,7 @@ faction *addfaction(const char *email, const char *password, } if (!password) password = itoa36(rng_int()); - faction_setpassword(f, password_hash(password, 0, PASSWORD_DEFAULT)); + faction_setpassword(f, password_encode(password, PASSWORD_DEFAULT)); ADDMSG(&f->msgs, msg_message("changepasswd", "value", password)); f->alliance_joindate = turn; diff --git a/src/kernel/faction.test.c b/src/kernel/faction.test.c index c5a1236b3..19b4da883 100644 --- a/src/kernel/faction.test.c +++ b/src/kernel/faction.test.c @@ -124,7 +124,7 @@ static void test_check_passwd(CuTest *tc) { faction *f; f = test_create_faction(0); - faction_setpassword(f, password_hash("password", 0, PASSWORD_DEFAULT)); + faction_setpassword(f, password_encode("password", PASSWORD_DEFAULT)); CuAssertTrue(tc, checkpasswd(f, "password")); CuAssertTrue(tc, !checkpasswd(f, "assword")); CuAssertTrue(tc, !checkpasswd(f, "PASSWORD")); diff --git a/src/kernel/save.c b/src/kernel/save.c index 9623aaefd..5d0e3b22c 100644 --- a/src/kernel/save.c +++ b/src/kernel/save.c @@ -1181,7 +1181,7 @@ static void read_password(gamedata *data, faction *f) { if (data->version == BADCRYPT_VERSION) { char * pass = getpasswd(f->no); if (pass) { - faction_setpassword(f, password_hash(pass, 0, PASSWORD_DEFAULT)); + faction_setpassword(f, password_encode(pass, PASSWORD_DEFAULT)); free(pass); // TODO: remove this allocation! } else { @@ -1190,7 +1190,7 @@ static void read_password(gamedata *data, faction *f) { } } else { - faction_setpassword(f, (data->version >= CRYPT_VERSION) ? name : password_hash(name, 0, PASSWORD_DEFAULT)); + faction_setpassword(f, (data->version >= CRYPT_VERSION) ? name : password_encode(name, PASSWORD_DEFAULT)); } } diff --git a/src/laws.c b/src/laws.c index eb079b8ac..1e1fc33ad 100755 --- a/src/laws.c +++ b/src/laws.c @@ -2172,7 +2172,7 @@ int password_cmd(unit * u, struct order *ord) cmistake(u, ord, 283, MSG_EVENT); strlcpy(pwbuf, itoa36(rng_int()), sizeof(pwbuf)); } - faction_setpassword(u->faction, password_hash(pwbuf, 0, PASSWORD_DEFAULT)); + faction_setpassword(u->faction, password_encode(pwbuf, PASSWORD_DEFAULT)); ADDMSG(&u->faction->msgs, msg_message("changepasswd", "value", pwbuf)); return 0; diff --git a/src/util/password.c b/src/util/password.c index 1b6a52cdf..b7880b8e6 100644 --- a/src/util/password.c +++ b/src/util/password.c @@ -91,10 +91,10 @@ static const char * password_hash_i(const char * passwd, const char *input, int return NULL; } -const char * password_hash(const char * passwd, const char * salt, int algo) { +const char * password_encode(const char * passwd, int algo) { static char result[64]; // TODO: static result buffers are bad mojo! if (algo < 0) algo = PASSWORD_DEFAULT; - return password_hash_i(passwd, salt, algo, result, sizeof(result)); + return password_hash_i(passwd, 0, algo, result, sizeof(result)); } int password_verify(const char * pwhash, const char * passwd) { @@ -106,6 +106,9 @@ int password_verify(const char * pwhash, const char * passwd) { assert(pwhash); assert(pwhash[0] == '$'); algo = pwhash[1]; + if (!password_is_implemented(algo)) { + return VERIFY_UNKNOWN; + } if (algo == PASSWORD_BCRYPT) { char sample[200]; _crypt_blowfish_rn(passwd, pwhash, sample, sizeof(sample)); @@ -115,9 +118,6 @@ int password_verify(const char * pwhash, const char * passwd) { assert(pos && pos[0] == '$'); pos = strchr(pos, '$')+1; result = password_hash_i(passwd, pos, algo, hash, sizeof(hash)); - if (!password_is_implemented(algo)) { - return VERIFY_UNKNOWN; - } if (strcmp(pwhash, result) == 0) { return VERIFY_OK; } diff --git a/src/util/password.h b/src/util/password.h index 0bdd9d4ff..ec7ab6bbc 100644 --- a/src/util/password.h +++ b/src/util/password.h @@ -12,4 +12,4 @@ #define VERIFY_FAIL 1 // password is wrong #define VERIFY_UNKNOWN 2 // hashing algorithm not supported int password_verify(const char *hash, const char *passwd); -const char * password_hash(const char *passwd, const char *salt, int algo); +const char * password_encode(const char *passwd, int algo); diff --git a/src/util/password.test.c b/src/util/password.test.c index cb3838774..eb7bcbc69 100644 --- a/src/util/password.test.c +++ b/src/util/password.test.c @@ -9,25 +9,28 @@ static void test_passwords(CuTest *tc) { expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660"; CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor")); - hash = password_hash("Hodor", "FqQLkl8g", PASSWORD_APACHE_MD5); + hash = password_encode("Hodor", PASSWORD_APACHE_MD5); CuAssertPtrNotNull(tc, hash); - CuAssertStrEquals(tc, expect, hash); + CuAssertIntEquals(tc, 0, strncmp(hash, expect, 6)); expect = "$1$ZouUn04i$yNnT1Oy8azJ5V.UM9ppP5/"; CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "jollygood")); - hash = password_hash("jollygood", "ZouUn04i", PASSWORD_MD5); + hash = password_encode("jollygood", PASSWORD_MD5); CuAssertPtrNotNull(tc, hash); - CuAssertStrEquals(tc, expect, hash); + CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3)); expect = "$0$password"; CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password")); CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword")); - hash = password_hash("password", "hodor", PASSWORD_PLAIN); + hash = password_encode("password", PASSWORD_PLAIN); CuAssertPtrNotNull(tc, hash); CuAssertStrEquals(tc, expect, hash); expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm"; CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor")); + hash = password_encode("Hodor", PASSWORD_BCRYPT); + CuAssertPtrNotNull(tc, hash); + CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7)); } CuSuite *get_password_suite(void) {