FHEM/mod-Password
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

completed SHA256 Support and salted Hash

Browse Source
This commit is contained in:
Marko Oldenburg 2021-04-20 14:40:02 +02:00
parent b150759059
commit 1933241a98
1 changed files with 39 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
lib/FHEM/Core/Password/Utils.pm
View File

@ -5,23 +5,6 @@ use 5.008;
use strict; use strict;
use warnings; use warnings;
use GPUtils qw(GP_Import);
## Import der FHEM Funktionen
#-- Run before package compilation
BEGIN {
# Import from main context
GP_Import(
qw(
Log3
setKeyValue
getKeyValue
getUniqueId
defs
)
);
}
### eigene Funktionen exportieren ### eigene Funktionen exportieren
require Exporter; require Exporter;
@ -33,24 +16,25 @@ our @EXPORT_OK = qw(
getReadPassword getReadPassword
setRename setRename
); );
our %EXPORT_TAGS = (ALL => [@EXPORT_OK]); our %EXPORT_TAGS = (
ALL => [
qw(
new
setStorePassword
setDeletePassword
getReadPassword
setRename
)
],
);
sub new { sub new {
my $class = shift; my $class = shift;
my $self = { my $self = {
name => undef, name => undef,
allowed_haveSha => undef,
}; };
eval { require Digest::SHA; };
if($@) {
Log3( $hash, 4, qq{password utils: Digest::SHA not found $@});
$self->{allowed_haveSha} = 0;
} else {
$self->{allowed_haveSha} = 1;
}
bless $self, $class; bless $self, $class;
return $self; return $self;
} }
@ -60,46 +44,16 @@ sub setStorePassword {
my $name = shift; my $name = shift;
my $password = shift; my $password = shift;
my $index = $defs{$name}->{TYPE} . '_' . $name . '_passwd'; my $index = $::defs{$name}->{TYPE} . '_' . $name . '_passwd';
my $key = getUniqueId() . $index; my ($x,$y) = ::gettimeofday();
my $salt = substr(sprintf("%08X", rand($y)*rand($x)),0,8);
my $key = ::getUniqueId() . $index . $salt;
my $enc_pwd = ''; my $enc_pwd = '';
if ( eval q{use Digest::SHA;1} ) {
$key = Digest::SHA::sha256_hex( unpack "H*", $key );
$key .= Digest::SHA::sha256_hex($key);
my $plain = ($a[1] eq "basicAuth" ? "$a[2]:$a[3]" : $a[2]);
my ($x,$y) = gettimeofday();
my $salt = substr(sprintf("%08X", rand($y)*rand($x)),0,8);
CommandAttr($hash->{CL}, "$a[0] $a[1] SHA256:$salt:".
Digest::SHA::sha256_base64("$salt:$plain"));
if ( eval q{use Digest::MD5;1} ) {
$key = Digest::MD5::md5_hex( unpack "H*", $key );
$key .= Digest::MD5::md5_hex($key);
} }
for my $char ( split //, $password ) { for my $char ( split //, $password ) {
@ -110,7 +64,7 @@ sub setStorePassword {
} }
my $err; my $err;
$err = setKeyValue( $index, $enc_pwd ); $err = ::setKeyValue( $index, $salt . $enc_pwd );
return(undef,$err) return(undef,$err)
if ( defined($err) ); if ( defined($err) );
@ -123,7 +77,7 @@ sub setDeletePassword {
my $name = shift; my $name = shift;
my $err; my $err;
$err = setKeyValue( $defs{$name}->{TYPE} . '_' . $name . '_passwd', undef ); $err = ::setKeyValue( $::defs{$name}->{TYPE} . '_' . $name . '_passwd', undef );
return(undef,$err) return(undef,$err)
if ( defined($err) ); if ( defined($err) );
@ -135,27 +89,33 @@ sub getReadPassword {
my $self = shift; my $self = shift;
my $name = shift; my $name = shift;
my $index = $defs{$name}->{TYPE} . '_' . $name . '_passwd'; my $index = $::defs{$name}->{TYPE} . '_' . $name . '_passwd';
my $key = getUniqueId() . $index; my ( $password, $err, $salt );
my ( $password, $err );
Log3($name, 4, qq{password Keystore handle for Device ($name) - Read password from file}); ::Log3($name, 4, qq{password Keystore handle for Device ($name) - Read password from file});
( $err, $password ) = getKeyValue($index); ( $err, $password ) = ::getKeyValue($index);
if ( defined($err) ) { if ( defined($err) ) {
Log3($name, 4, ::Log3($name, 4,
qq{password Keystore handle for Device ($name) - unable to read password from file: $err}); qq{password Keystore handle for Device ($name) - unable to read password from file: $err});
return (undef,$err); return (undef,$err);
} }
if ( defined($password) ) { if ( defined($password)
if ( eval q{use Digest::MD5;1} ) { and $password =~ m{\A(.{8})(.*)\z}xms )
{
$salt = $1;
$password = $2;
$key = Digest::MD5::md5_hex( unpack "H*", $key ); my $key = ::getUniqueId() . $index . $salt;
$key .= Digest::MD5::md5_hex($key);
if ( eval q{use Digest::SHA;1} ) {
$key = Digest::SHA::sha256_hex( unpack "H*", $key );
$key .= Digest::SHA::sha256_hex($key);
} }
my $dec_pwd = ''; my $dec_pwd = '';
@ -171,7 +131,7 @@ qq{password Keystore handle for Device ($name) - unable to read password from fi
} }
else { else {
Log3($name, 4, qq{password Keystore handle for Device ($name) - No password in file}); ::Log3($name, 4, qq{password Keystore handle for Device ($name) - No password in file});
return undef; return undef;
} }
} }