ESAPI-C 1.0
The OWASP Enterprise Security API for C
|
00001 00007 #include <stdio.h> 00008 #include <stdlib.h> 00009 #include <ctype.h> 00010 #include <gcrypt.h> 00011 #include "authenticator.h" 00012 #include "base64.h" 00013 #include "esapi.h" 00014 00015 /* 00016 * Hashes the given password with a username as a salt. The third argument is 00017 * the hash algorithm to use. Passing zero means you get the default, SHA-256. 00018 */ 00019 char *esapi_hash_password(struct esapi_ctx *es_ctx, const char *real_pw) { 00020 00021 char *hash; 00022 char *out; 00023 int hash_len; 00024 gcry_md_hd_t ctx; 00025 int algo; 00026 00027 if (!es_ctx->hash_algo) { 00028 algo = GCRY_MD_SHA256; 00029 } else { 00030 algo = es_ctx->hash_algo; 00031 } 00032 00033 hash_len = gcry_md_get_algo_dlen(algo); 00034 00035 gcry_md_open(&ctx, algo, 0); 00036 gcry_md_write(ctx, es_ctx->master_salt, strlen(es_ctx->master_salt)); 00037 gcry_md_write(ctx, (char *) real_pw, strlen(real_pw)); 00038 hash = (char *) gcry_md_read(ctx, algo); 00039 00040 if (!hash) 00041 return NULL; 00042 00043 gcry_md_close(ctx); 00044 00045 free(hash); 00046 00047 size_t outlen = base64_encode_alloc(hash, hash_len, &out); 00048 00049 if (out == NULL && outlen == 0 && hash_len != 0) 00050 return NULL; 00051 00052 if (out == NULL) 00053 return NULL; 00054 00055 puts(out); 00056 00057 return out; 00058 } 00059 00060 /* 00061 * Checks to see if the supplied login is correct. 00062 */ 00063 int esapi_login(const char *user_name, const char *pw) { 00064 if (!user_name || !pw) { 00065 return -1; 00066 } 00067 00068 return 0; 00069 } 00070 00071 /* 00072 * Checks to see if a password is complex enough. 00073 */ 00074 int esapi_verify_password_strength(char *pw, int min, int max, int char_set_cnt) { 00075 int upper = 0; 00076 int lower = 0; 00077 int special = 0; 00078 char *p; 00079 00080 if ((!pw && min > 0) || (pw && min != 0 && strlen(pw) < min)) { 00081 return ES_PW_TOO_SHORT; 00082 } 00083 00084 if (max > 0 && strlen(pw) > max) { 00085 return ES_PW_TOO_LONG; 00086 } 00087 00088 if (char_set_cnt > 0) { 00089 for (p = pw; *p; p++) { 00090 if (isupper(*p)) { 00091 upper = 1; 00092 } else if (islower(*p)) { 00093 lower = 1; 00094 } else { 00095 special = 1; 00096 } 00097 } 00098 } 00099 00100 if (special + lower + upper < char_set_cnt) { 00101 return ES_PW_NOT_ENOUGH_CHAR_CLS; 00102 } 00103 00104 return 0; 00105 } 00106 00107 /* 00108 * Adds the given user to the persistence layer. 00109 */ 00110 int esapi_add_user(user *u) { 00111 00112 return 0; 00113 } 00114 00115 /* 00116 * Removes the given user from the persistence layer. 00117 */ 00118 int esapi_remove_user(user *u) { 00119 00120 return 0; 00121 }