2020-03-03 04:12:47 +01:00
|
|
|
#!/usr/bin/env perl
|
|
|
|
|
|
|
|
##
|
|
|
|
## Author......: See docs/credits.txt
|
|
|
|
## License.....: MIT
|
|
|
|
##
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
use Crypt::PBKDF2;
|
|
|
|
use MIME::Base64;
|
|
|
|
|
|
|
|
sub module_constraints { [[0, 256], [64, 64], [-1, -1], [-1, -1], [-1, -1]] }
|
|
|
|
|
|
|
|
sub module_generate_hash
|
|
|
|
{
|
|
|
|
my $word = shift;
|
|
|
|
my $salt = shift;
|
2020-03-03 09:55:13 +01:00
|
|
|
my $iter = shift // 8192; ## https://pagure.io/389-ds-base/blob/master/f/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
|
2020-03-03 04:12:47 +01:00
|
|
|
|
|
|
|
if (length $salt == 0)
|
|
|
|
{
|
|
|
|
$salt = random_bytes (16);
|
|
|
|
}
|
|
|
|
|
|
|
|
my $pbkdf2 = Crypt::PBKDF2->new(
|
|
|
|
hash_class => 'HMACSHA2',
|
|
|
|
iterations => $iter,
|
|
|
|
output_len => 256,
|
|
|
|
salt_len => 64,
|
|
|
|
);
|
2020-03-03 09:55:13 +01:00
|
|
|
|
2020-03-03 04:12:47 +01:00
|
|
|
my $p = $pbkdf2->generate($word, $salt);
|
|
|
|
|
|
|
|
my $decoded_hash = $pbkdf2->decode_string($p);
|
|
|
|
|
|
|
|
my $diter = $decoded_hash->{"iterations"};
|
|
|
|
|
|
|
|
my $iterbytes = pack('I', unpack('N*', pack('L*', $diter)));
|
|
|
|
|
|
|
|
my $dsalt = $decoded_hash->{"salt"};
|
|
|
|
|
|
|
|
my $dhash = $decoded_hash->{"hash"};
|
|
|
|
|
|
|
|
my $tmp = $iterbytes . $dsalt . $dhash;
|
|
|
|
|
|
|
|
my $hash = "{PBKDF2_SHA256}" . encode_base64($tmp, '');
|
|
|
|
|
|
|
|
return $hash;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub module_verify_hash
|
|
|
|
{
|
|
|
|
my $line = shift;
|
|
|
|
|
|
|
|
my ($hash, $word) = split (':', $line);
|
|
|
|
|
|
|
|
return unless (substr ($hash, 0, 15) eq '{PBKDF2_SHA256}');
|
|
|
|
|
|
|
|
my $hashbytes = decode_base64(substr ($hash, 15, length $hash));
|
|
|
|
|
|
|
|
my $iterbytes = substr $hashbytes, 0, 4;
|
|
|
|
|
|
|
|
my $iter = unpack('N*', pack('L*', unpack("I",$iterbytes)));
|
|
|
|
|
|
|
|
my $salt = substr $hashbytes, 4, 64;
|
|
|
|
|
|
|
|
return unless defined $salt;
|
|
|
|
return unless defined $iter;
|
|
|
|
return unless defined $word;
|
|
|
|
|
|
|
|
my $new_hash = module_generate_hash ($word, $salt, $iter);
|
|
|
|
|
|
|
|
return ($new_hash, $word);
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|
|
|
|
|