1 /*
2 * Copyright (c) 2015, 2021, Oracle and/or its affiliates.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License, version 2.0,
6 * as published by the Free Software Foundation.
7 *
8 * This program is also distributed with certain software (including
9 * but not limited to OpenSSL) that is licensed under separate terms,
10 * as designated in a particular file or component or in included license
11 * documentation. The authors of MySQL hereby grant you an additional
12 * permission to link the program and your derivative works with the
13 * separately licensed software that they have included with MySQL.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License, version 2.0, for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
23 * 02110-1301 USA
24 */
25
26
27 #include <openssl/sha.h>
28 #include <openssl/rand.h>
29
30 #include <stdexcept>
31 #include <cstring>
32
33 #include "my_global.h"
34 #include "password_hasher.h"
35 #include "mysql41_hash.h"
36
37
38 #define PVERSION41_CHAR '*'
39 #define SCRAMBLE_LENGTH 20
40
41 const char *Password_hasher::_dig_vec_upper = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
42
char_val(uint8 X)43 static inline uint8_t char_val(uint8 X)
44 {
45 return (uint8_t) (X >= '0' && X <= '9' ? X - '0' :
46 X >= 'A' && X <= 'Z' ? X - 'A' + 10 : X - 'a' + 10);
47 }
48
compute_password_hash(const std::string & password)49 std::string Password_hasher::compute_password_hash(const std::string &password)
50 {
51 if (0 == password.length())
52 return "";
53
54 uint8 hash_stage1[MYSQL41_HASH_SIZE];
55 std::string hash_stage2(MYSQL41_HASH_SIZE, '\0');
56
57 compute_two_stage_mysql41_hash(password.c_str(),
58 password.length(),
59 hash_stage1,
60 (uint8*)&hash_stage2[0]);
61
62 return get_password_from_salt(hash_stage2);
63 }
64
65
get_password_from_salt(const std::string & hash_stage2)66 std::string Password_hasher::get_password_from_salt(const std::string &hash_stage2)
67 {
68 std::string result(2*MYSQL41_HASH_SIZE + 1, '\0');
69
70 if (hash_stage2.length() != MYSQL41_HASH_SIZE)
71 throw std::runtime_error("Wrong size of binary hash password");
72
73 result[0] = PVERSION41_CHAR;
74 octet2hex(&result[1], &hash_stage2[0], MYSQL41_HASH_SIZE);
75
76 return result;
77 }
78
79
get_salt_from_password(const std::string & password_hash)80 std::string Password_hasher::get_salt_from_password(const std::string &password_hash)
81 {
82 const int32_t hex_characters = MYSQL41_HASH_SIZE * 2;
83
84 if (password_hash.length() != hex_characters + 1)
85 throw std::runtime_error("Wrong size of hashed password");
86
87 std::string result(MYSQL41_HASH_SIZE + 1, '\0');
88 hex2octet(&result[0], &password_hash[1] /* skip '*' */, hex_characters);
89
90 return result;
91 }
92
93
hex2octet(char * to,const char * str,size_t len)94 void Password_hasher::hex2octet(char *to, const char *str, size_t len)
95 {
96 const char *str_end= str + len;
97 while (str < str_end)
98 {
99 char tmp= char_val(*str++);
100 *to++= (tmp << 4) | char_val(*str++);
101 }
102 }
103
104
octet2hex(char * to,const char * str,size_t len)105 char *Password_hasher::octet2hex(char *to, const char *str, size_t len)
106 {
107 const char *str_end= str + len;
108 for (; str != str_end; ++str)
109 {
110 *to++= _dig_vec_upper[((uchar) *str) >> 4];
111 *to++= _dig_vec_upper[((uchar) *str) & 0x0F];
112 }
113 *to= '\0';
114 return to;
115 }
116
117
compute_two_stage_mysql41_hash(const char * password,size_t pass_len,uint8_t * hash_stage1,uint8_t * hash_stage2)118 void Password_hasher::compute_two_stage_mysql41_hash(const char *password, size_t pass_len,
119 uint8_t *hash_stage1, uint8_t *hash_stage2)
120 {
121 /* Stage 1: hash pwd */
122 compute_mysql41_hash(hash_stage1, password, pass_len);
123
124 /* Stage 2 : hash first stage's output. */
125 compute_mysql41_hash(hash_stage2, (const char *) hash_stage1, MYSQL41_HASH_SIZE);
126 }
127
128
generate_user_salt()129 std::string Password_hasher::generate_user_salt()
130 {
131 std::string result(SCRAMBLE_LENGTH, '\0');
132 char *buffer = &result[0];
133 char *end = buffer + result.length() - 1;
134
135 RAND_bytes((unsigned char *) buffer, SCRAMBLE_LENGTH);
136
137 /* Sequence must be a legal UTF8 string */
138 for (; buffer < end; buffer++)
139 {
140 *buffer &= 0x7f;
141 if (*buffer == '\0' || *buffer == '$')
142 *buffer= *buffer + 1;
143 }
144
145 return result;
146 }
147
148
check_scramble_mysql41_hash(const char * scramble_arg,const char * message,const uint8_t * hash_stage2)149 bool Password_hasher::check_scramble_mysql41_hash(const char *scramble_arg, const char *message, const uint8_t *hash_stage2)
150 {
151 char buf[MYSQL41_HASH_SIZE];
152 uint8_t hash_stage2_reassured[MYSQL41_HASH_SIZE];
153
154 assert(MYSQL41_HASH_SIZE == SCRAMBLE_LENGTH);
155 /* create key to encrypt scramble */
156 compute_mysql41_hash_multi((uint8_t *)buf, message, SCRAMBLE_LENGTH, (const char *) hash_stage2, MYSQL41_HASH_SIZE);
157
158 /* encrypt scramble */
159 my_crypt(buf, (const uint8_t*)buf, (const uint8_t*)scramble_arg, SCRAMBLE_LENGTH);
160
161 /* now buf supposedly contains hash_stage1: so we can get hash_stage2 */
162 compute_mysql41_hash((uint8_t *)hash_stage2_reassured, (const char *) buf, MYSQL41_HASH_SIZE);
163
164 return 0 == memcmp(hash_stage2, hash_stage2_reassured, MYSQL41_HASH_SIZE);
165 }
166
167
my_crypt(char * to,const uint8_t * s1,const uint8_t * s2,size_t len)168 void Password_hasher::my_crypt(char *to, const uint8_t *s1, const uint8_t *s2, size_t len)
169 {
170 const uint8_t *s1_end = s1 + len;
171
172 while (s1 < s1_end)
173 *to++= *s1++ ^ *s2++;
174 }
175
176
scramble(const char * message,const char * password)177 std::string Password_hasher::scramble(const char *message, const char *password)
178 {
179 uint8_t hash_stage1[MYSQL41_HASH_SIZE];
180 uint8_t hash_stage2[MYSQL41_HASH_SIZE];
181 std::string result(SCRAMBLE_LENGTH, '\0');
182
183 result.at(SCRAMBLE_LENGTH - 1) = '\0';
184
185 assert(MYSQL41_HASH_SIZE == SCRAMBLE_LENGTH);
186
187 /* Two stage SHA1 hash of the pwd */
188 compute_two_stage_mysql41_hash(password, strlen(password),
189 (uint8_t*)hash_stage1,
190 (uint8_t*)hash_stage2);
191
192 /* create crypt string as sha1(message, hash_stage2) */;
193 compute_mysql41_hash_multi((uint8_t*)&result[0], message, SCRAMBLE_LENGTH,
194 (const char *)hash_stage2, MYSQL41_HASH_SIZE);
195 my_crypt(&result[0], (const uint8_t*)&result[0], hash_stage1, SCRAMBLE_LENGTH);
196
197 return result;
198 }
199