Merge pull request #53 from Galfurian/add-password-decryption

Add password encrypt using SHA256
mentos-team · Mar 11, 2024 · 66d94dc · 66d94dc
2 parents 2390afb + fde6c1a
commit 66d94dc
Show file tree

Hide file tree

Showing 8 changed files with 295 additions and 13 deletions.
diff --git a/files/etc/shadow b/files/etc/shadow
@@ -1,2 +1,2 @@
-root:root:::::::
-user:user:::::::
+root:33ba1bde6222ff5836cfe0123c71e594238e675a5a5b6fbfd2ad69ae7d580a40:::::::
+user:35047cb1b06dabc31ce3f11b3cd0f83f7c2ed4d52851e62585906d44775a70a6:::::::
diff --git a/libc/CMakeLists.txt b/libc/CMakeLists.txt
@@ -26,6 +26,7 @@ add_library(
     ${CMAKE_SOURCE_DIR}/libc/src/setenv.c
     ${CMAKE_SOURCE_DIR}/libc/src/assert.c
     ${CMAKE_SOURCE_DIR}/libc/src/abort.c
+    ${CMAKE_SOURCE_DIR}/libc/src/crypt/sha256.c
     ${CMAKE_SOURCE_DIR}/libc/src/io/mm_io.c
     ${CMAKE_SOURCE_DIR}/libc/src/io/debug.c
     ${CMAKE_SOURCE_DIR}/libc/src/sys/ipc.c

diff --git a/libc/inc/crypt/sha256.h b/libc/inc/crypt/sha256.h
@@ -0,0 +1,32 @@
+/// @file sha256.c
+/// @author Enrico Fraccaroli ([email protected])
+/// @brief Implementation of the SHA-256 hashing algorithm.
+/// @details The original code was written by Brad Conte, and is available at:
+///     https://github.com/B-Con/crypto-algorithms
+/// 
+/// SHA-256 is one of the three algorithms in the SHA2
+/// specification. The others, SHA-384 and SHA-512, are not
+/// offered in this implementation.
+/// Algorithm specification can be found here:
+///     http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
+/// This implementation uses little endian byte order.
+
+#pragma once
+
+#include <stdint.h>
+#include <stddef.h>
+
+/// @brief SHA256 outputs a 32 byte digest.
+#define SHA256_BLOCK_SIZE 32
+
+typedef struct {
+    uint8_t data[64];
+    uint32_t datalen;
+    unsigned long long bitlen;
+    uint32_t state[8];
+} SHA256_ctx_t;
+
+void sha256_init(SHA256_ctx_t *ctx);
+void sha256_update(SHA256_ctx_t *ctx, const uint8_t data[], size_t len);
+void sha256_final(SHA256_ctx_t *ctx, uint8_t hash[]);
+void sha256_bytes_to_hex(uint8_t *src, size_t src_length, char *out, size_t out_length);
diff --git a/libc/inc/shadow.h b/libc/inc/shadow.h
@@ -7,15 +7,15 @@
 #define SHADOW "/etc/shadow"
 
 struct spwd {
-	char *sp_namp;
-	char *sp_pwdp;
-	long sp_lstchg;
-	long sp_min;
-	long sp_max;
-	long sp_warn;
-	long sp_inact;
-	long sp_expire;
-	unsigned long sp_flag;
+    char *sp_namp;             ///< user login name.
+    char *sp_pwdp;             ///< encrypted password.
+    long int sp_lstchg;        ///< last password change.
+    long int sp_min;           ///< days until change allowed.
+    long int sp_max;           ///< days before change required.
+    long int sp_warn;          ///< days warning for expiration.
+    long int sp_inact;         ///< days before account inactive.
+    long int sp_expire;        ///< date when account expires.
+    unsigned long int sp_flag; ///< reserved for future use.
 };
 
 struct spwd *getspnam(const char *);

diff --git a/libc/src/crypt/sha256.c b/libc/src/crypt/sha256.c
@@ -0,0 +1,183 @@
+/// @file sha256.c
+/// @author Enrico Fraccaroli ([email protected])
+/// @brief Implementation of the SHA-256 hashing algorithm.
+/// @details The original code was written by Brad Conte, and is available at:
+///     https://github.com/B-Con/crypto-algorithms
+///
+/// SHA-256 is one of the three algorithms in the SHA2
+/// specification. The others, SHA-384 and SHA-512, are not
+/// offered in this implementation.
+/// Algorithm specification can be found here:
+///     http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
+/// This implementation uses little endian byte order.
+
+#include "crypt/sha256.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+/****************************** MACROS ******************************/
+#define ROTLEFT(a, b)  (((a) << (b)) | ((a) >> (32 - (b))))
+#define ROTRIGHT(a, b) (((a) >> (b)) | ((a) << (32 - (b))))
+
+#define CH(x, y, z)  (((x) & (y)) ^ (~(x) & (z)))
+#define MAJ(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define EP0(x)       (ROTRIGHT(x, 2) ^ ROTRIGHT(x, 13) ^ ROTRIGHT(x, 22))
+#define EP1(x)       (ROTRIGHT(x, 6) ^ ROTRIGHT(x, 11) ^ ROTRIGHT(x, 25))
+#define SIG0(x)      (ROTRIGHT(x, 7) ^ ROTRIGHT(x, 18) ^ ((x) >> 3))
+#define SIG1(x)      (ROTRIGHT(x, 17) ^ ROTRIGHT(x, 19) ^ ((x) >> 10))
+
+#define SHA256_MAX_DATA_LENGTH (SHA256_BLOCK_SIZE * 2)
+
+/**************************** VARIABLES *****************************/
+static const uint32_t k[SHA256_MAX_DATA_LENGTH] = {
+    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
+    0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
+    0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
+    0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
+    0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a,
+    0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+};
+
+/*********************** FUNCTION DEFINITIONS ***********************/
+
+void sha256_bytes_to_hex(uint8_t *src, size_t src_length, char *out, size_t out_length)
+{
+    if (out_length >= (src_length * 2 + 1)) {
+        static const char look_up[] = "0123456789abcdef";
+        for (size_t i = 0; i < src_length; ++i) {
+            *out++ = look_up[*src >> 4];
+            *out++ = look_up[*src & 0x0F];
+            src++;
+        }
+        *out = 0;
+    }
+}
+
+void sha256_transform(SHA256_ctx_t *ctx, const uint8_t data[])
+{
+    uint32_t a, b, c, d, e, f, g, h, i, j, t1, t2, m[SHA256_MAX_DATA_LENGTH];
+
+    for (i = 0, j = 0; i < 16; ++i, j += 4) {
+        m[i] = (uint32_t)(data[j] << 24) |
+               (uint32_t)(data[j + 1] << 16) |
+               (uint32_t)(data[j + 2] << 8) |
+               (uint32_t)(data[j + 3]);
+    }
+    for (; i < SHA256_MAX_DATA_LENGTH; ++i) {
+        m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16];
+    }
+
+    a = ctx->state[0];
+    b = ctx->state[1];
+    c = ctx->state[2];
+    d = ctx->state[3];
+    e = ctx->state[4];
+    f = ctx->state[5];
+    g = ctx->state[6];
+    h = ctx->state[7];
+
+    for (i = 0; i < SHA256_MAX_DATA_LENGTH; ++i) {
+        t1 = h + EP1(e) + CH(e, f, g) + k[i] + m[i];
+        t2 = EP0(a) + MAJ(a, b, c);
+        h  = g;
+        g  = f;
+        f  = e;
+        e  = d + t1;
+        d  = c;
+        c  = b;
+        b  = a;
+        a  = t1 + t2;
+    }
+
+    ctx->state[0] += a;
+    ctx->state[1] += b;
+    ctx->state[2] += c;
+    ctx->state[3] += d;
+    ctx->state[4] += e;
+    ctx->state[5] += f;
+    ctx->state[6] += g;
+    ctx->state[7] += h;
+}
+
+void sha256_init(SHA256_ctx_t *ctx)
+{
+    ctx->datalen  = 0;
+    ctx->bitlen   = 0;
+    ctx->state[0] = 0x6a09e667;
+    ctx->state[1] = 0xbb67ae85;
+    ctx->state[2] = 0x3c6ef372;
+    ctx->state[3] = 0xa54ff53a;
+    ctx->state[4] = 0x510e527f;
+    ctx->state[5] = 0x9b05688c;
+    ctx->state[6] = 0x1f83d9ab;
+    ctx->state[7] = 0x5be0cd19;
+}
+
+void sha256_update(SHA256_ctx_t *ctx, const uint8_t data[], size_t len)
+{
+    uint32_t i;
+
+    for (i = 0; i < len; ++i) {
+        ctx->data[ctx->datalen] = data[i];
+        ctx->datalen++;
+        if (ctx->datalen == SHA256_MAX_DATA_LENGTH) {
+            sha256_transform(ctx, ctx->data);
+            ctx->bitlen += 512;
+            ctx->datalen = 0;
+        }
+    }
+}
+
+void sha256_final(SHA256_ctx_t *ctx, uint8_t hash[])
+{
+    uint32_t i;
+
+    i = ctx->datalen;
+
+    // Pad whatever data is left in the buffer.
+    if (ctx->datalen < 56) {
+        ctx->data[i++] = 0x80;
+        while (i < 56) {
+            ctx->data[i++] = 0x00;
+        }
+    } else {
+        ctx->data[i++] = 0x80;
+        while (i < SHA256_MAX_DATA_LENGTH) {
+            ctx->data[i++] = 0x00;
+        }
+        sha256_transform(ctx, ctx->data);
+        memset(ctx->data, 0, 56);
+    }
+
+    // Append to the padding the total message's length in bits and transform.
+    ctx->bitlen += ctx->datalen * 8;
+    ctx->data[63] = ctx->bitlen;
+    ctx->data[62] = ctx->bitlen >> 8;
+    ctx->data[61] = ctx->bitlen >> 16;
+    ctx->data[60] = ctx->bitlen >> 24;
+    ctx->data[59] = ctx->bitlen >> 32;
+    ctx->data[58] = ctx->bitlen >> 40;
+    ctx->data[57] = ctx->bitlen >> 48;
+    ctx->data[56] = ctx->bitlen >> 56;
+    sha256_transform(ctx, ctx->data);
+
+    // Since this implementation uses little endian byte ordering and SHA uses big
+    // endian, reverse all the bytes when copying the final state to the output
+    // hash.
+    for (i = 0; i < 4; ++i) {
+        hash[i]      = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 4]  = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 8]  = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff;
+    }
+}
diff --git a/programs/login.c b/programs/login.c
@@ -21,6 +21,8 @@
 #include <sys/mman.h>
 #include <sys/wait.h>
 
+#include <crypt/sha256.h>
+
 /// Maximum length of credentials.
 #define CREDENTIALS_LENGTH 50
 
@@ -62,10 +64,13 @@ static inline void __print_message_file(const char *file)
     int fd;
 
     // Try to open the file.
-    if ((fd = open(file, O_RDONLY, 0600)) == -1)
+    if ((fd = open(file, O_RDONLY, 0600)) == -1) {
         return;
+    }
     // Read the lines of the file.
     while ((nbytes = read(fd, buffer, sizeof(char) * 256)) > 0) {
+        // Tap the string.
+        buffer[nbytes] = 0;
         // TODO: Parsing message files for special characters (such as `\t` for time).
         printf("%s\n", buffer);
         total += nbytes;
@@ -203,8 +208,17 @@ int main(int argc, char **argv)
             continue;
         }
 
+        unsigned char hash[SHA256_BLOCK_SIZE]       = { 0 };
+        char hash_string[SHA256_BLOCK_SIZE * 2 + 1] = { 0 };
+        SHA256_ctx_t ctx;
+        sha256_init(&ctx);
+        for (unsigned i = 0; i < 100000; ++i)
+            sha256_update(&ctx, (unsigned char *)password, strlen(password));
+        sha256_final(&ctx, hash);
+        sha256_bytes_to_hex(hash, SHA256_BLOCK_SIZE, hash_string, SHA256_BLOCK_SIZE * 2 + 1);
+
         // Check if the password is correct.
-        if (strcmp(spwd->sp_pwdp, password) != 0) {
+        if (strcmp(spwd->sp_pwdp, hash_string) != 0) {
             printf("Wrong password.\n");
             continue;
         }

diff --git a/programs/tests/CMakeLists.txt b/programs/tests/CMakeLists.txt
@@ -32,6 +32,7 @@ set(TEST_LIST
     t_shm_write.c
     t_mem.c
     t_shm_read.c
+    t_spwd.c
     t_big_write.c
 )
 

diff --git a/programs/tests/t_spwd.c b/programs/tests/t_spwd.c
@@ -0,0 +1,51 @@
+/// @file t_spwd.c
+/// @author Enrico Fraccaroli ([email protected])
+/// @brief
+
+#include <shadow.h>
+#include <string.h>
+#include <stdio.h>
+#include <math.h>
+#include <time.h>
+
+#include <crypt/sha256.h>
+
+int main(int argc, char *argv[])
+{
+    if (argc != 3) {
+        printf("You can either:\n");
+        printf("    -g, --generate <key> : prints the hashed key.\n");
+        printf("    -l, --load <user>    : prints the hashed key stored for the given user.\n");
+        return 1;
+    }
+    if (!strcmp(argv[1], "--generate") || !strcmp(argv[1], "-g")) {
+        unsigned char buffer[SHA256_BLOCK_SIZE] = { 0 };
+        char output[SHA256_BLOCK_SIZE * 2 + 1]  = { 0 };
+        SHA256_ctx_t ctx;
+
+        sha256_init(&ctx);
+        for (unsigned i = 0; i < 100000; ++i)
+            sha256_update(&ctx, (unsigned char *)argv[2], strlen(argv[2]));
+        sha256_final(&ctx, buffer);
+
+        sha256_bytes_to_hex(buffer, SHA256_BLOCK_SIZE, output, SHA256_BLOCK_SIZE * 2 + 1);
+        printf("%s\n", output);
+
+    } else if (!strcmp(argv[1], "--load") || !strcmp(argv[1], "-l")) {
+        struct spwd *spbuf = getspnam(argv[2]);
+        tm_t *tm;
+        if (spbuf) {
+            time_t lstchg = (time_t)spbuf->sp_lstchg;
+            tm            = localtime(&lstchg);
+            printf("name         : %s\n", spbuf->sp_namp);
+            printf("password     :\n%s\n", spbuf->sp_pwdp);
+            printf("lastchange   : %02d/%02d %02d:%02d\n", tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min);
+            printf("days allowed : %d\n", spbuf->sp_min);
+            printf("days req.    : %d\n", spbuf->sp_max);
+            printf("days warning : %d\n", spbuf->sp_warn);
+            printf("days inact   : %d\n", spbuf->sp_inact);
+            printf("days expire  : %d\n", spbuf->sp_expire);
+        }
+    }
+    return 0;
+}