paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Add SSHA

master
andryyy 2020-12-07 07:58:50 +01:00
parent 3234550a5b
commit 02b10b0ed4
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
data/web/inc/functions.inc.php
View File

@ -89,6 +89,10 @@ function hash_password($password) {
global $default_pass_scheme;
$pw_hash = NULL;
switch (strtoupper($default_pass_scheme)) {
case "SSHA":
$salt_str = bin2hex(openssl_random_pseudo_bytes(8));
$pw_hash = "{SSHA}".base64_encode(hash('sha1', $password . $salt_str, true) . $salt_str);
break;
case "SSHA256":
$salt_str = bin2hex(openssl_random_pseudo_bytes(8));
$pw_hash = "{SSHA256}".base64_encode(hash('sha256', $password . $salt_str, true) . $salt_str);
@ -494,6 +498,20 @@ function verify_hash($hash, $password) {
return true;
}
}
elseif (preg_match('/^{SSHA}/i', $hash)) {
// Remove tag if any
$hash = preg_replace('/^{SSHA}/i', '', $hash);
// Decode hash
$dhash = base64_decode($hash);
// Get first 20 bytes of binary which equals a SSHA hash
$ohash = substr($dhash, 0, 20);
// Remove SSHA hash from decoded hash to get original salt string
$osalt = str_replace($ohash, '', $dhash);
// Check single salted SSHA hash against extracted hash
if (hash_equals(hash('sha1', $password . $osalt, true), $ohash)) {
return true;
}
}
elseif (preg_match('/^{PLAIN-MD5}/i', $hash)) {
$hash = preg_replace('/^{PLAIN-MD5}/i', '', $hash);
if (md5($password) == $hash) {