NSData+Crypto: add password verification function
This will allow for using specific verification, depending on the scheme.pull/272/head
parent
c3a4f4aeb4
commit
789b55c274
|
@ -35,6 +35,10 @@
|
||||||
withSalt: (NSData *) theSalt
|
withSalt: (NSData *) theSalt
|
||||||
keyPath: (NSString *) theKeyPath;
|
keyPath: (NSString *) theKeyPath;
|
||||||
|
|
||||||
|
- (BOOL) verifyUsingScheme: (NSString *) passwordScheme
|
||||||
|
withPassword: (NSData *) thePassword
|
||||||
|
keyPath: (NSString *) theKeyPath;
|
||||||
|
|
||||||
- (NSData *) asLM;
|
- (NSData *) asLM;
|
||||||
- (NSData *) asMD4;
|
- (NSData *) asMD4;
|
||||||
- (NSData *) asMD5;
|
- (NSData *) asMD5;
|
||||||
|
|
|
@ -299,6 +299,35 @@ static const char salt_chars[] =
|
||||||
return nil;
|
return nil;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Verify the given password data is equivalent with the
|
||||||
|
* clear text password using the passed encryption scheme
|
||||||
|
*
|
||||||
|
* @param passwordScheme The password scheme to use for comparison
|
||||||
|
* @param thePassword
|
||||||
|
*/
|
||||||
|
- (BOOL) verifyUsingScheme: (NSString *) passwordScheme
|
||||||
|
withPassword: (NSData *) thePassword
|
||||||
|
keyPath: (NSString *) theKeyPath
|
||||||
|
{
|
||||||
|
NSData *passwordCrypted;
|
||||||
|
NSData *salt;
|
||||||
|
|
||||||
|
salt = [self extractSalt: passwordScheme];
|
||||||
|
if (salt == nil)
|
||||||
|
return NO;
|
||||||
|
// encrypt self with the salt an compare the results
|
||||||
|
passwordCrypted = [thePassword asCryptedPassUsingScheme: passwordScheme
|
||||||
|
withSalt: salt
|
||||||
|
keyPath: theKeyPath];
|
||||||
|
|
||||||
|
// return always false when there was a problem
|
||||||
|
if (passwordCrypted == nil)
|
||||||
|
return NO;
|
||||||
|
|
||||||
|
return [self isEqual: passwordCrypted];
|
||||||
|
}
|
||||||
|
|
||||||
- (NSData *) asLM
|
- (NSData *) asLM
|
||||||
{
|
{
|
||||||
NSData *out;
|
NSData *out;
|
||||||
|
|
|
@ -41,17 +41,17 @@
|
||||||
{
|
{
|
||||||
NSRange r;
|
NSRange r;
|
||||||
int len;
|
int len;
|
||||||
|
|
||||||
len = [self length];
|
len = [self length];
|
||||||
if (len == 0)
|
if (len == 0)
|
||||||
return @"";
|
return @"";
|
||||||
if ([self characterAtIndex:0] != '{')
|
if ([self characterAtIndex:0] != '{')
|
||||||
return @"";
|
return @"";
|
||||||
|
|
||||||
r = [self rangeOfString:@"}" options:(NSLiteralSearch)];
|
r = [self rangeOfString:@"}" options:(NSLiteralSearch)];
|
||||||
if (r.length == 0)
|
if (r.length == 0)
|
||||||
return @"";
|
return @"";
|
||||||
|
|
||||||
r.length = (r.location - 1);
|
r.length = (r.location - 1);
|
||||||
r.location = 1;
|
r.location = 1;
|
||||||
return [[self substringWithRange:r] lowercaseString];
|
return [[self substringWithRange:r] lowercaseString];
|
||||||
|
@ -73,7 +73,7 @@
|
||||||
NSString *scheme;
|
NSString *scheme;
|
||||||
NSString *pass;
|
NSString *pass;
|
||||||
NSArray *encodingAndScheme;
|
NSArray *encodingAndScheme;
|
||||||
|
|
||||||
NSRange range;
|
NSRange range;
|
||||||
int selflen, len;
|
int selflen, len;
|
||||||
|
|
||||||
|
@ -91,7 +91,7 @@
|
||||||
encodingAndScheme = [NSString getDefaultEncodingForScheme: scheme];
|
encodingAndScheme = [NSString getDefaultEncodingForScheme: scheme];
|
||||||
|
|
||||||
pass = [self substringWithRange: range];
|
pass = [self substringWithRange: range];
|
||||||
|
|
||||||
// Returns an array with [scheme, password, encoding]
|
// Returns an array with [scheme, password, encoding]
|
||||||
return [NSArray arrayWithObjects: [encodingAndScheme objectAtIndex: 1], pass, [encodingAndScheme objectAtIndex: 0], nil];
|
return [NSArray arrayWithObjects: [encodingAndScheme objectAtIndex: 1], pass, [encodingAndScheme objectAtIndex: 0], nil];
|
||||||
}
|
}
|
||||||
|
@ -109,11 +109,10 @@
|
||||||
keyPath: (NSString *) theKeyPath
|
keyPath: (NSString *) theKeyPath
|
||||||
{
|
{
|
||||||
NSArray *passInfo;
|
NSArray *passInfo;
|
||||||
NSString *selfCrypted;
|
|
||||||
NSString *pass;
|
NSString *pass;
|
||||||
NSString *scheme;
|
NSString *scheme;
|
||||||
NSData *salt;
|
|
||||||
NSData *decodedData;
|
NSData *decodedData;
|
||||||
|
NSData *passwordData;
|
||||||
keyEncoding encoding;
|
keyEncoding encoding;
|
||||||
|
|
||||||
// split scheme and pass
|
// split scheme and pass
|
||||||
|
@ -152,29 +151,17 @@
|
||||||
decodedData = [pass dataUsingEncoding: NSUTF8StringEncoding];
|
decodedData = [pass dataUsingEncoding: NSUTF8StringEncoding];
|
||||||
}
|
}
|
||||||
|
|
||||||
salt = [decodedData extractSalt: scheme];
|
passwordData = [self dataUsingEncoding: NSUTF8StringEncoding];
|
||||||
|
return [decodedData verifyUsingScheme: scheme
|
||||||
// encrypt self with the salt an compare the results
|
withPassword: passwordData
|
||||||
selfCrypted = [self asCryptedPassUsingScheme: scheme
|
keyPath: theKeyPath];
|
||||||
withSalt: salt
|
|
||||||
andEncoding: encoding
|
|
||||||
keyPath: theKeyPath];
|
|
||||||
|
|
||||||
// return always false when there was a problem
|
|
||||||
if (selfCrypted == nil)
|
|
||||||
return NO;
|
|
||||||
|
|
||||||
if ([selfCrypted isEqualToString: pass] == YES)
|
|
||||||
return YES;
|
|
||||||
|
|
||||||
return NO;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Calls asCryptedPassUsingScheme:withSalt:andEncoding: with an empty salt and uses
|
* Calls asCryptedPassUsingScheme:withSalt:andEncoding: with an empty salt and uses
|
||||||
* the default encoding.
|
* the default encoding.
|
||||||
*
|
*
|
||||||
* @param passwordScheme
|
* @param passwordScheme: The password scheme to hash the cleartext password.
|
||||||
* @return If successful, the encrypted and encoded NSString of the format {scheme}pass, or nil if the scheme did not exists or an error occured
|
* @return If successful, the encrypted and encoded NSString of the format {scheme}pass, or nil if the scheme did not exists or an error occured
|
||||||
*/
|
*/
|
||||||
- (NSString *) asCryptedPassUsingScheme: (NSString *) passwordScheme
|
- (NSString *) asCryptedPassUsingScheme: (NSString *) passwordScheme
|
||||||
|
@ -358,7 +345,7 @@
|
||||||
|
|
||||||
// See http://en.wikipedia.org/wiki/LM_hash#Algorithm
|
// See http://en.wikipedia.org/wiki/LM_hash#Algorithm
|
||||||
d = [[self uppercaseString] dataUsingEncoding: NSWindowsCP1252StringEncoding];
|
d = [[self uppercaseString] dataUsingEncoding: NSWindowsCP1252StringEncoding];
|
||||||
|
|
||||||
return [[NSData encodeDataAsHexString: [d asLM]] uppercaseString];
|
return [[NSData encodeDataAsHexString: [d asLM]] uppercaseString];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue