Crypto: Use new hashing API

This commit is contained in:
Peter Keresztes Schmidt 2021-05-30 22:44:02 +02:00
parent 9a983bb321
commit 5d93555d9f
3 changed files with 13 additions and 48 deletions

View File

@ -1,6 +1,7 @@
#include "zm_crypt.h"
#include "zm_logger.h"
#include "zm_utils.h"
#include "BCrypt.hpp"
#include <algorithm>
#include <cstring>
@ -11,13 +12,6 @@
#include <jwt-cpp/jwt.h>
#endif
#if HAVE_LIBCRYPTO
#include <openssl/sha.h>
#elif HAVE_GNUTLS_GNUTLS_H
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
#endif
// returns username if valid, "" if not
#if HAVE_LIBJWT
std::pair <std::string, unsigned int> verifyToken(std::string jwt_token_str, std::string key) {
@ -135,6 +129,8 @@ std::pair <std::string, unsigned int> verifyToken(std::string jwt_token_str, std
#endif // HAVE_LIBJWT
bool verifyPassword(const char *username, const char *input_password, const char *db_password_hash) {
using namespace zm::crypto;
bool password_correct = false;
if ( strlen(db_password_hash) < 4 ) {
// actually, shoud be more, but this is min. for next code
@ -143,47 +139,13 @@ bool verifyPassword(const char *username, const char *input_password, const char
}
if ( db_password_hash[0] == '*' ) {
// MYSQL PASSWORD
Debug(1, "%s is using an MD5 encoded password", username);
Debug(1, "%s is using an SHA1 encoded password", username);
#ifndef SHA_DIGEST_LENGTH
#define SHA_DIGEST_LENGTH 20
#endif
SHA1::Digest digest = SHA1::GetDigestOf(SHA1::GetDigestOf(input_password));
std::string hex_digest = '*' + StringToUpper(ByteArrayToHexString(digest));
#if HAVE_LIBCRYPTO
unsigned char digest_interim[SHA_DIGEST_LENGTH];
unsigned char digest_final[SHA_DIGEST_LENGTH];
SHA_CTX ctx1, ctx2;
//get first iteration
SHA1_Init(&ctx1);
SHA1_Update(&ctx1, input_password, strlen(input_password));
SHA1_Final(digest_interim, &ctx1);
//2nd iteration
SHA1_Init(&ctx2);
SHA1_Update(&ctx2, digest_interim,SHA_DIGEST_LENGTH);
SHA1_Final(digest_final, &ctx2);
#elif HAVE_GNUTLS_GNUTLS_H
unsigned char digest_interim[SHA_DIGEST_LENGTH];
unsigned char digest_final[SHA_DIGEST_LENGTH];
//get first iteration
gnutls_hash_fast(GNUTLS_DIG_SHA1, input_password, strlen(input_password), digest_interim);
//2nd iteration
gnutls_hash_fast(GNUTLS_DIG_SHA1, digest_interim, SHA_DIGEST_LENGTH, digest_final);
#else
Error("Authentication Error. ZoneMinder not built with GnuTLS or Openssl");
return false;
#endif
char final_hash[SHA_DIGEST_LENGTH * 2 +2];
final_hash[0] = '*';
//convert to hex
for ( int i = 0; i < SHA_DIGEST_LENGTH; i++ )
sprintf(&final_hash[i*2]+1, "%02X", (unsigned int)digest_final[i]);
final_hash[SHA_DIGEST_LENGTH *2 + 1] = 0;
Debug(1, "Computed password_hash:%s, stored password_hash:%s", final_hash, db_password_hash);
password_correct = (strcmp(db_password_hash, final_hash)==0);
Debug(1, "Computed password_hash: %s, stored password_hash: %s", hex_digest.c_str(), db_password_hash);
password_correct = (strcmp(db_password_hash, hex_digest.c_str()) == 0);
} else if (
(db_password_hash[0] == '$')
&&

View File

@ -285,7 +285,7 @@ int FfmpegCamera::OpenFfmpeg() {
// Set transport method as specified by method field, rtpUni is default
std::string protocol = mPath.substr(0, 4);
StringToUpper(protocol);
protocol = StringToUpper(protocol);
if ( protocol == "RTSP" ) {
const std::string method = Method();
if ( method == "rtpMulti" ) {

View File

@ -46,7 +46,10 @@ typedef std::vector<std::string> StringVector;
std::string Trim(const std::string &str, const std::string &char_set);
inline std::string TrimSpaces(const std::string &str) { return Trim(str, " \t"); }
std::string ReplaceAll(std::string str, const std::string &old_value, const std::string &new_value);
inline void StringToUpper(std::string &str) { std::transform(str.begin(), str.end(), str.begin(), ::toupper); }
inline std::string StringToUpper(std::string str) {
std::transform(str.begin(), str.end(), str.begin(), ::toupper);
return str;
}
StringVector Split(const std::string &str, char delim);
StringVector Split(const std::string &str, const std::string &delim, size_t limit = 0);