src/auth/password-scheme.c

	password-scheme.c revision 69293bd0b4ceb47c7f12c4a01254f4cddf700470
02c335c23bf5fa225a467c19f2c063fb0dc7b8c3Timo Sirainen/* Copyright (C) 2003-2007 Timo Sirainen */
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "lib.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "array.h"
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen#include "base64.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "hex-binary.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "md4.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "md5.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "hmac-md5.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "ntlm.h"
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang#include "mycrypt.h"
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang#include "randgen.h"
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang#include "sha1.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "sha2.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "otp.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "str.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen#include "password-scheme.h"
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wangstatic const char salt_chars[] =
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo SirainenARRAY_TYPE(password_scheme_p) password_schemes;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wangstatic const struct password_scheme *
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wangpassword_scheme_lookup_name(const char *name)
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang{
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    const struct password_scheme *const *schemes;
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    unsigned int i, count;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    schemes = array_get(&password_schemes, &count);
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    for (i = 0; i < count; i++) {
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang        if (strcasecmp(schemes[i]->name, name) == 0)
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang            return schemes[i];
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    }
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    return NULL;
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang}
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang/* Lookup scheme and encoding by given name. The encoding is taken from
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang   ".base64", ".b64" or ".hex" suffix if it exists, otherwise the default
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen   encoding is used. */
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainenstatic const struct password_scheme *
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainenpassword_scheme_lookup(const char *name, enum password_encoding *encoding_r)
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen{
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    const struct password_scheme *scheme;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    const char *encoding = NULL;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    unsigned int scheme_len;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    *encoding_r = PW_ENCODING_NONE;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    for (scheme_len = 0; name[scheme_len] != '\0'; scheme_len++) {
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        if (name[scheme_len] == '.') {
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen            encoding = name + scheme_len + 1;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen            name = t_strndup(name, scheme_len);
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen            break;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        }
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    }
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    scheme = password_scheme_lookup_name(name);
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    if (scheme == NULL)
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang        return NULL;
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    if (encoding == NULL)
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang        *encoding_r = scheme->default_encoding;
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    else if (strcasecmp(encoding, "b64") == 0 ||
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang         strcasecmp(encoding, "base64") == 0)
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang        *encoding_r = PW_ENCODING_BASE64;
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    else if (strcasecmp(encoding, "hex") == 0)
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        *encoding_r = PW_ENCODING_HEX;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    else {
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        /* unknown encoding. treat as invalid scheme. */
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        return NULL;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    }
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    return scheme;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen}
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainenint password_verify(const char *plaintext, const char *user, const char *scheme,
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen            const unsigned char *raw_password, size_t size)
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen{
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    const struct password_scheme *s;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    enum password_encoding encoding;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    const unsigned char *generated;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    size_t generated_size;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    s = password_scheme_lookup(scheme, &encoding);
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    if (s == NULL)
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        return -1;
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    if (s->password_verify != NULL)
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        return s->password_verify(plaintext, user, raw_password, size);
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    /* generic verification handler: generate the password and compare it
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen       to the one in database */
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    s->password_generate(plaintext, user, &generated, &generated_size);
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    return size != generated_size ? 0 :
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        memcmp(generated, raw_password, size) == 0;
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang}
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainenconst char *password_get_scheme(const char **password)
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen{
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    const char *p, *scheme;
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    if (*password == NULL)
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        return NULL;
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    if (strncmp(*password, "$1$", 3) == 0) {
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        /* $1$<salt>$<password>[$<ignored>] */
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        p = strchr(*password + 3, '$');
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        if (p != NULL) {
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen            /* stop at next '$' after password */
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen            p = strchr(p+1, '$');
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen            if (p != NULL)
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen                *password = t_strdup_until(*password, p);
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen            return "MD5-CRYPT";
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        }
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    }
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    if (**password != '{')
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        return NULL;
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    p = strchr(*password, '}');
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    if (p == NULL)
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        return NULL;
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    scheme = t_strdup_until(*password + 1, p);
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    *password = p + 1;
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    return scheme;
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen}
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen
76e5f0fe5e9e8bdee24d0e047378a665e01b808dTimo Sirainenint password_decode(const char *password, const char *scheme,
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen            const unsigned char **raw_password_r, size_t *size_r)
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen{
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    const struct password_scheme *s;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    enum password_encoding encoding;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    buffer_t *buf;
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    unsigned int len;
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    s = password_scheme_lookup(scheme, &encoding);
76e5f0fe5e9e8bdee24d0e047378a665e01b808dTimo Sirainen    if (s == NULL)
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        return 0;
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    len = strlen(password);
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen    if (encoding != PW_ENCODING_NONE && s->raw_password_len != 0 &&
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        strchr(scheme, '.') == NULL) {
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        /* encoding not specified. we can autodetect between
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen           base64 and hex encodings. */
25866546f1e8aabce4118c0690d76de49223e6a8Timo Sirainen        encoding = len == s->raw_password_len * 2 ? PW_ENCODING_HEX :
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang            PW_ENCODING_BASE64;
8f0503ea115c4bb1eb1857023cc5051cf4bed807Baofeng Wang    }
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    switch (encoding) {
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    case PW_ENCODING_NONE:
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        *raw_password_r = (const unsigned char *)password;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        *size_r = len;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        break;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen    case PW_ENCODING_BASE64:
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        buf = buffer_create_static_hard(pool_datastack_create(),
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen                        MAX_BASE64_DECODED_SIZE(len));
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        if (base64_decode(password, len, NULL, buf) < 0)
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen            return -1;
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen
1ae5d61ec366fdb2f3c5b150ca378d6141b0f4bdTimo Sirainen        *raw_password_r = buf->data;
        *size_r = buf->used;
        break;
    case PW_ENCODING_HEX:
        buf = buffer_create_static_hard(pool_datastack_create(),
                        len / 2 + 1);
        if (hex_to_binary(password, buf) < 0)
            return -1;

        *raw_password_r = buf->data;
        *size_r = buf->used;
        break;
    }
    if (s->raw_password_len != *size_r && s->raw_password_len != 0) {
        /* password has invalid length */
        return -1;
    }
    return 1;
}

bool password_generate(const char *plaintext, const char *user,
               const char *scheme,
               const unsigned char **raw_password_r, size_t *size_r)
{
    const struct password_scheme *s;
    enum password_encoding encoding;

    s = password_scheme_lookup(scheme, &encoding);
    if (s == NULL)
        return FALSE;

    s->password_generate(plaintext, user, raw_password_r, size_r);
    return TRUE;
}

bool password_generate_encoded(const char *plaintext, const char *user,
                   const char *scheme, const char **password_r)
{
    const struct password_scheme *s;
    const unsigned char *raw_password;
    enum password_encoding encoding;
    string_t *str;
    size_t size;

    s = password_scheme_lookup(scheme, &encoding);
    if (s == NULL)
        return FALSE;

    s->password_generate(plaintext, user, &raw_password, &size);
    switch (encoding) {
    case PW_ENCODING_NONE:
        *password_r = t_strndup(raw_password, size);
        break;
    case PW_ENCODING_BASE64:
        str = t_str_new(MAX_BASE64_ENCODED_SIZE(size) + 1);
        base64_encode(raw_password, size, str);
        *password_r = str_c(str);
        break;
    case PW_ENCODING_HEX:
        *password_r = binary_to_hex(raw_password, size);
        break;
    }
    return TRUE;
}

bool password_scheme_is_alias(const char *scheme1, const char *scheme2)
{
    const struct password_scheme *const *schemes, *s1 = NULL, *s2 = NULL;
    unsigned int i, count;

    scheme1 = t_strcut(scheme1, '.');
    scheme2 = t_strcut(scheme2, '.');

    if (strcasecmp(scheme1, scheme2) == 0)
        return TRUE;

    schemes = array_get(&password_schemes, &count);
    for (i = 0; i < count; i++) {
        if (strcasecmp(schemes[i]->name, scheme1) == 0)
            s1 = schemes[i];
        else if (strcasecmp(schemes[i]->name, scheme2) == 0)
            s2 = schemes[i];
    }

    /* if they've the same generate function, they're equivalent */
    return s1 != NULL && s2 != NULL &&
        s1->password_generate == s2->password_generate;
}

static bool
crypt_verify(const char *plaintext, const char *user __attr_unused__,
         const unsigned char *raw_password, size_t size)
{
    const char *password;

    if (size == 0) {
        /* the default mycrypt() handler would return match */
        return FALSE;
    }

    password = t_strndup(raw_password, size);
    return strcmp(mycrypt(plaintext, password), password) == 0;
}

static void
crypt_generate(const char *plaintext, const char *user __attr_unused__,
           const unsigned char **raw_password_r, size_t *size_r)
{
    char salt[3];
    const char *password;

    random_fill(salt, sizeof(salt)-1);
    salt[0] = salt_chars[salt[0] % (sizeof(salt_chars)-1)];
    salt[1] = salt_chars[salt[1] % (sizeof(salt_chars)-1)];
    salt[2] = '\0';

    password = t_strdup(mycrypt(plaintext, salt));
    *raw_password_r = (const unsigned char *)password;
    *size_r = strlen(password);
}

static bool
md5_crypt_verify(const char *plaintext, const char *user __attr_unused__,
         const unsigned char *raw_password, size_t size)
{
    const char *password, *str;

    password = t_strndup(raw_password, size);
    str = password_generate_md5_crypt(plaintext, password);
    return strcmp(str, password) == 0;
}

static void
md5_crypt_generate(const char *plaintext, const char *user __attr_unused__,
           const unsigned char **raw_password_r, size_t *size_r)
{
    const char *password;
    char salt[9];
    unsigned int i;

    random_fill(salt, sizeof(salt)-1);
    for (i = 0; i < sizeof(salt)-1; i++)
        salt[i] = salt_chars[salt[i] % (sizeof(salt_chars)-1)];
    salt[sizeof(salt)-1] = '\0';

    password = password_generate_md5_crypt(plaintext, salt);
    *raw_password_r = (const unsigned char *)password;
    *size_r = strlen(password);
}

static void
sha1_generate(const char *plaintext, const char *user __attr_unused__,
          const unsigned char **raw_password_r, size_t *size_r)
{
    unsigned char *digest;

    digest = t_malloc(SHA1_RESULTLEN);
    sha1_get_digest(plaintext, strlen(plaintext), digest);

    *raw_password_r = digest;
    *size_r = SHA1_RESULTLEN;
}

static void
sha256_generate(const char *plaintext, const char *user __attr_unused__,
        const unsigned char **raw_password_r, size_t *size_r)
{
    unsigned char *digest;

    digest = t_malloc(SHA256_RESULTLEN);
    sha256_get_digest(plaintext, strlen(plaintext), digest);

    *raw_password_r = digest;
    *size_r = SHA256_RESULTLEN;
}

static void
ssha_generate(const char *plaintext, const char *user __attr_unused__,
          const unsigned char **raw_password_r, size_t *size_r)
{
#define SSHA_SALT_LEN 4
    unsigned char *digest, *salt;
    struct sha1_ctxt ctx;

    digest = t_malloc(SHA1_RESULTLEN + SSHA_SALT_LEN);
    salt = digest + SHA1_RESULTLEN;
    random_fill(salt, SSHA_SALT_LEN);

    sha1_init(&ctx);
    sha1_loop(&ctx, plaintext, strlen(plaintext));
    sha1_loop(&ctx, salt, SSHA_SALT_LEN);
    sha1_result(&ctx, digest);

    *raw_password_r = digest;
    *size_r = SHA1_RESULTLEN + SSHA_SALT_LEN;
}

static bool ssha_verify(const char *plaintext, const char *user,
            const unsigned char *raw_password, size_t size)
{
    unsigned char sha1_digest[SHA1_RESULTLEN];
    struct sha1_ctxt ctx;

    /* format: <SHA1 hash><salt> */
    if (size <= SHA1_RESULTLEN) {
        i_error("ssha_verify(%s): SSHA password too short", user);
        return FALSE;
    }

    sha1_init(&ctx);
    sha1_loop(&ctx, plaintext, strlen(plaintext));
    sha1_loop(&ctx, raw_password + SHA1_RESULTLEN, size - SHA1_RESULTLEN);
    sha1_result(&ctx, sha1_digest);
    return memcmp(sha1_digest, raw_password, SHA1_RESULTLEN) == 0;
}

static void
smd5_generate(const char *plaintext, const char *user __attr_unused__,
          const unsigned char **raw_password_r, size_t *size_r)
{
#define SMD5_SALT_LEN 4
    unsigned char *digest, *salt;
    struct md5_context ctx;

    digest = t_malloc(MD5_RESULTLEN + SMD5_SALT_LEN);
    salt = digest + MD5_RESULTLEN;
    random_fill(salt, SMD5_SALT_LEN);

    md5_init(&ctx);
    md5_update(&ctx, plaintext, strlen(plaintext));
    md5_update(&ctx, salt, SMD5_SALT_LEN);
    md5_final(&ctx, digest);

    *raw_password_r = digest;
    *size_r = MD5_RESULTLEN + SMD5_SALT_LEN;
}

static bool smd5_verify(const char *plaintext, const char *user,
            const unsigned char *raw_password, size_t size)
{
    unsigned char md5_digest[MD5_RESULTLEN];
    struct md5_context ctx;

    /* format: <MD5 hash><salt> */
    if (size <= MD5_RESULTLEN) {
        i_error("smd5_verify(%s): SMD5 password too short", user);
        return FALSE;
    }

    md5_init(&ctx);
    md5_update(&ctx, plaintext, strlen(plaintext));
    md5_update(&ctx, raw_password + MD5_RESULTLEN, size - MD5_RESULTLEN);
    md5_final(&ctx, md5_digest);
    return memcmp(md5_digest, raw_password, MD5_RESULTLEN) == 0;
}

static void
plain_generate(const char *plaintext, const char *user __attr_unused__,
           const unsigned char **raw_password_r, size_t *size_r)
{
    *raw_password_r = (const unsigned char *)plaintext,
    *size_r = strlen(plaintext);
}

static void
cram_md5_generate(const char *plaintext, const char *user __attr_unused__,
          const unsigned char **raw_password_r, size_t *size_r)
{
    struct hmac_md5_context ctx;
    unsigned char *context_digest;

    context_digest = t_malloc(CRAM_MD5_CONTEXTLEN);
    hmac_md5_init(&ctx, (const unsigned char *)plaintext,
              strlen(plaintext));
    hmac_md5_get_cram_context(&ctx, context_digest);

    *raw_password_r = context_digest;
    *size_r = CRAM_MD5_CONTEXTLEN;
}

static void
digest_md5_generate(const char *plaintext, const char *user,
            const unsigned char **raw_password_r, size_t *size_r)
{
    const char *realm, *str;
    unsigned char *digest;

    if (user == NULL)
        i_panic("digest_md5_generate(): username not given");

    /* user:realm:passwd */
    realm = strchr(user, '@');
    if (realm != NULL) realm++; else realm = "";

    digest = t_malloc(MD5_RESULTLEN);
    str = t_strdup_printf("%s:%s:%s", t_strcut(user, '@'),
                  realm, plaintext);
    md5_get_digest(str, strlen(str), digest);

    *raw_password_r = digest;
    *size_r = MD5_RESULTLEN;
}

static void
plain_md4_generate(const char *plaintext, const char *user __attr_unused__,
           const unsigned char **raw_password_r, size_t *size_r)
{
    unsigned char *digest;

    digest = t_malloc(MD4_RESULTLEN);
    md4_get_digest(plaintext, strlen(plaintext), digest);

    *raw_password_r = digest;
    *size_r = MD4_RESULTLEN;
}

static void
plain_md5_generate(const char *plaintext, const char *user __attr_unused__,
           const unsigned char **raw_password_r, size_t *size_r)
{
    unsigned char *digest;

    digest = t_malloc(MD5_RESULTLEN);
    md5_get_digest(plaintext, strlen(plaintext), digest);

    *raw_password_r = digest;
    *size_r = MD5_RESULTLEN;
}

static void
lm_generate(const char *plaintext, const char *user __attr_unused__,
        const unsigned char **raw_password_r, size_t *size_r)
{
    unsigned char *digest;

    digest = t_malloc(LM_HASH_SIZE);
    lm_hash(plaintext, digest);

    *raw_password_r = digest;
    *size_r = LM_HASH_SIZE;
}

static void
ntlm_generate(const char *plaintext, const char *user __attr_unused__,
          const unsigned char **raw_password_r, size_t *size_r)
{
    unsigned char *digest;

    digest = t_malloc(NTLMSSP_HASH_SIZE);
    ntlm_v1_hash(plaintext, digest);

    *raw_password_r = digest;
    *size_r = NTLMSSP_HASH_SIZE;
}

static bool otp_verify(const char *plaintext, const char *user __attr_unused__,
               const unsigned char *raw_password, size_t size)
{
    const char *password;

    password = t_strndup(raw_password, size);
    return strcasecmp(password,
        password_generate_otp(plaintext, password, -1)) == 0;
}

static void
otp_generate(const char *plaintext, const char *user __attr_unused__,
         const unsigned char **raw_password_r, size_t *size_r)
{
    const char *password;

    password = password_generate_otp(plaintext, NULL, OTP_HASH_SHA1);
    *raw_password_r = (const unsigned char *)password;
    *size_r = strlen(password);
}

static void
skey_generate(const char *plaintext, const char *user __attr_unused__,
          const unsigned char **raw_password_r, size_t *size_r)
{
    const char *password;

    password = password_generate_otp(plaintext, NULL, OTP_HASH_MD4);
    *raw_password_r = (const unsigned char *)password;
    *size_r = strlen(password);
}

static void
rpa_generate(const char *plaintext, const char *user __attr_unused__,
         const unsigned char **raw_password_r, size_t *size_r)
{
    unsigned char *digest;

    digest = t_malloc(MD5_RESULTLEN);
    password_generate_rpa(plaintext, digest);

    *raw_password_r = digest;
    *size_r = MD5_RESULTLEN;
}

static const struct password_scheme builtin_schemes[] = {
    { "CRYPT", PW_ENCODING_NONE, 0, crypt_verify, crypt_generate },
    { "MD5", PW_ENCODING_NONE, 0, md5_crypt_verify, md5_crypt_generate },
    { "MD5-CRYPT", PW_ENCODING_NONE, 0,
      md5_crypt_verify, md5_crypt_generate },
    { "SHA", PW_ENCODING_BASE64, SHA1_RESULTLEN, NULL, sha1_generate },
    { "SHA1", PW_ENCODING_BASE64, SHA1_RESULTLEN, NULL, sha1_generate },
    { "SHA256", PW_ENCODING_BASE64, SHA256_RESULTLEN,
      NULL, sha256_generate },
    { "SMD5", PW_ENCODING_BASE64, 0, smd5_verify, smd5_generate },
    { "SSHA", PW_ENCODING_BASE64, 0, ssha_verify, ssha_generate },
    { "PLAIN", PW_ENCODING_NONE, 0, NULL, plain_generate },
    { "CLEARTEXT", PW_ENCODING_NONE, 0, NULL, plain_generate },
    { "CRAM-MD5", PW_ENCODING_HEX, 0, NULL, cram_md5_generate },
    { "HMAC-MD5", PW_ENCODING_HEX, CRAM_MD5_CONTEXTLEN,
      NULL, cram_md5_generate },
    { "DIGEST-MD5", PW_ENCODING_HEX, MD5_RESULTLEN,
      NULL, digest_md5_generate },
    { "PLAIN-MD4", PW_ENCODING_HEX, MD4_RESULTLEN,
      NULL, plain_md4_generate },
    { "PLAIN-MD5", PW_ENCODING_HEX, MD5_RESULTLEN,
      NULL, plain_md5_generate },
    { "LDAP-MD5", PW_ENCODING_BASE64, MD5_RESULTLEN,
      NULL, plain_md5_generate },
    { "LANMAN", PW_ENCODING_HEX, LM_HASH_SIZE, NULL, lm_generate },
    { "NTLM", PW_ENCODING_HEX, NTLMSSP_HASH_SIZE, NULL, ntlm_generate },
    { "OTP", PW_ENCODING_NONE, 0, otp_verify, otp_generate },
    { "SKEY", PW_ENCODING_NONE, 0, otp_verify, skey_generate },
    { "RPA", PW_ENCODING_HEX, MD5_RESULTLEN, NULL, rpa_generate }
};

void password_scheme_register(const struct password_scheme *scheme)
{
    if (password_scheme_lookup_name(scheme->name) != NULL) {
        i_panic("password_scheme_register(%s): Already registered",
            scheme->name);
    }
    array_append(&password_schemes, &scheme, 1);
}

void password_scheme_unregister(const struct password_scheme *scheme)
{
    const struct password_scheme *const *schemes;
    unsigned int i, count;

    schemes = array_get(&password_schemes, &count);
    for (i = 0; i < count; i++) {
        if (strcasecmp(schemes[i]->name, scheme->name) == 0) {
            array_delete(&password_schemes, i, 1);
            return;
        }
    }
    i_panic("password_scheme_unregister(%s): Not registered", scheme->name);
}

void password_schemes_init(void)
{
    unsigned int i;

    i_array_init(&password_schemes, N_ELEMENTS(builtin_schemes) + 4);
    for (i = 0; i < N_ELEMENTS(builtin_schemes); i++)
        password_scheme_register(&builtin_schemes[i]);
}

void password_schemes_deinit(void)
{
    array_free(&password_schemes);
}