complete rewrite

README

@@ -1,19 +1,29 @@
-Written by omen23 -- David Schuster in 2012 (david [dot] schuster [at] kdemail [dot] net)
+Written by omen23 -- David Schuster © in 2012-2016 (david [dot] schuster [at] kdemail [dot] net)
 Open and free! (but please give me some credit =)
 
 This is an interface to a sqlite3 database which stores its keys hashed or in plain
 text. So it is designed for a login-procedure and was thought to be useful
 for CGI login handling. The hashing capabilities can be turnt off in case you
 are lazy enough to check your passwords or keys plain-text.
 
+	Friday, 14.10.2016 - COMPLETE REWRITE OF MODULAR HASHING SYSTEM
+	- ongoing rewrite of static functions that are only needed for one reason, made the login function easier (no more self supplied sql)
+	- this is a login interface, thats what it does - no more cost for database calls than needed (rewrite of callback code)
+	- future hopes: cgi interface to get this running on a web-server (reading the book atm)
+
+This software now produces the right digests. Sorry there is no test database but everything should be working now.
+Thanks, David
+
+p.s.: maybe try "user" as first program parameter and "test" as second - it should work (=
+
 OK enough -- this is what this package provides:
 login.c - login routine and sqlite3 callback (with an example main function)
 hash.c - the hashing function which is used in the login program 
 	 which can also be used on its own - demonstrated by the small "hashit" util
 hashit.c - a small utility that can generate digests of all implemented gcrypt
 	   hashing algorithms (e.g. for generation of your keys)
 ftm.c - feature test macros
-login.h - a header file where all the fun is defined :)
+login.h - a header file where all crossover fun is defined :)
 
 There is a Makefile for convenience - just type "make" and if you have a debian based
 system with "libgcrypt-dev" and "libsqlite3-dev" installed everything should work OOB.
@@ -35,7 +45,4 @@ all this is fixed now
 If you have problems setting this up - contact me! I cannot promise that I will answer
 because my inbox is always really full. The string macros supplied use GNU extensions
 or BSD versions of the standard implementation. (strlen, strcat, strcpy)
-
--Wno-pointer-sign -funsigned-char were used tho compile this with gcc before version
-4.5 I guess - the code was fixed or the compiler or both.
-(This code is under development since quite a while)
+

ftm.c

@@ -1,7 +1,20 @@
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
+/*
+ * feature testing software
+ * _POSIX_SOURCE defined
+ * _POSIX_C_SOURCE defined: 200809L
+ * _ISOC99_SOURCE defined
+ * _ISOC11_SOURCE defined
+ * _XOPEN_SOURCE defined: 700
+ * _XOPEN_SOURCE_EXTENDED defined
+ * _LARGEFILE64_SOURCE defined
+ * _DEFAULT_SOURCE defined
+ * _ATFILE_SOURCE defined
+ * _GNU_SOURCE defined
+ * _FORTIFY_SOURCE defined
+ */
 
+#define _GNU_SOURCE
+#include "login.h"
 
 int
 main(int argc, char *argv[])
@@ -18,6 +31,10 @@ main(int argc, char *argv[])
     printf("_ISOC99_SOURCE defined\n");
 #endif
 
+#ifdef _ISOC11_SOURCE
+    printf("_ISOC11_SOURCE defined\n");
+#endif
+
 #ifdef _XOPEN_SOURCE
     printf("_XOPEN_SOURCE defined: %d\n", _XOPEN_SOURCE);
 #endif
@@ -41,6 +58,10 @@ main(int argc, char *argv[])
 #ifdef _SVID_SOURCE
     printf("_SVID_SOURCE defined\n");
 #endif
+
+#ifdef _DEFAULT_SOURCE
+    printf("_DEFAULT_SOURCE defined\n");
+#endif
 
 #ifdef _ATFILE_SOURCE
     printf("_ATFILE_SOURCE defined\n");
@@ -57,9 +78,10 @@ main(int argc, char *argv[])
 #ifdef _THREAD_SAFE
     printf("_THREAD_SAFE defined\n");
 #endif
+
 #ifdef _FORTIFY_SOURCE
     printf("_FORTIFY_SOURCE defined\n");
 #endif
-
     exit(EXIT_SUCCESS);
 }
+

hash.c

@@ -1,113 +1,26 @@
-/* C to sqlite DB interface (for logins)
- * with hashing mechanisms using gcrypt
- * written by oMeN23 in 2011-2012
- * If you think this is useful, use it!
- * copyleft, open and free!
- * file: hash.c (hashing)
+/*
+ * new modular hash function for the sqlite3 interface
+ * by David Schuster © 2016   
  */
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-#include <sqlite3.h>
-#include <stdbool.h>
-#include <gcrypt.h>
-#include <errno.h>
+
+#define _GNU_SOURCE
 #include "login.h"
 
-/* this function calculates a hex-string which represents
- * the hash of the user's password or any value
- * arg1 = the value
- * arg2 = the destination (caller has to allocate dynamic or automatic memory and free it eventually after) - min. (gcry_md_get_algo_dlen(algo)*4) for hex notation
- * arg3 = the algorithm (see libgcrypt docs)
- * arg4 = some flags (see below)
- * 0 = none, 
- * GCRY_MGCRY_MD_FLAG_SECURE = 1,   Allocate all buffers in "secure" memory.  
- * GCRY_MD_FLAG_HMAC = 2,   Make an HMAC out of this algorithm.  
- */
-void hash_func(const char* value, char* dest, int algo, unsigned int flags) {
+void hash_func(int algo, char* digest, const void* value, size_t len)
+{
+  size_t algolen  = gcry_md_get_algo_dlen(algo);
+  char* rawResult = gcry_malloc_secure(algolen);
 
-    gcrypt_init();
-    gcry_md_hd_t	Crypto_handle; /* crypto context handle */
-    gcry_error_t	Crypto_error = 0;
-
-    /* determine pw length + 1 (macro handles it), max USERBUF , not overflowable MACRO USED */
-    size_t text_length = stringlength(value) + 1; /* terminating null, shouldnt make a diff, sys dependend,  this is correct */
-    /* check if the library is working as it should .. */
-    Crypto_error = gcry_md_open(&Crypto_handle, algo, flags);
-    if (Crypto_error || Crypto_handle == NULL)
-        fprintf(stderr, "Failure: %s\t/\t%s\n",
-                gcry_strsource(Crypto_error),
-                gcry_strerror(Crypto_error)
-               );
-    Crypto_error = gcry_md_enable(Crypto_handle, algo);
-    if (Crypto_error)
-        fprintf(stderr, "Failure: %s\t/\t%s\n",
-                gcry_strsource(Crypto_error),
-                gcry_strerror(Crypto_error)
-               );
-    if (Crypto_error || !gcry_md_is_enabled(Crypto_handle, algo)) {
-        fprintf(stderr, "Failure: %s\t/\t%s\n",
-                gcry_strsource(Crypto_error),
-                gcry_strerror(Crypto_error)
-               );
-        abort();
-    }
-    /* if algo works start the hashing */
-    if (gcry_md_test_algo(algo) == GPG_ERR_NO_ERROR) {
-
-        /* pass pw into hash function bytewise (unsigned char) */
-        for (int x = 0 ; x < text_length; x++) {
-            gcry_md_putc(Crypto_handle, (unsigned char)value[x]);
-        }
-        /* finalize calculation */
-        gcry_md_final(Crypto_handle);
-        /* allocate (secure) heap memory for the hash */
-        unsigned char* byte_result = gcry_malloc_secure(gcry_md_get_algo_dlen(algo)*4); // NOTE: we actually ran out of space here once
-        /* helpers to make them human readable and comparable */
-        unsigned char* helper = gcry_malloc_secure(16); /* actually only need 1 char */
-
-        if ( !gcry_is_secure(helper)|| !gcry_is_secure(byte_result)) {
-            fprintf(stderr, "Could not allocate in secure memory!\n");
-            abort();
-        }
-	// NOTE: 10.6.2012 fixed a strcpy issue - where digests with a value of zer0 [00] in the middle would be 
-	// cut off - using memcpy instead
-        /* copy hash into a RAW string */
-        memcpy(byte_result, gcry_md_read(Crypto_handle, algo), gcry_md_get_algo_dlen(algo)*2); /* read in the raw byte string - size times two for hex notation */
-
-	if (dest == NULL) { /* the caller has to allocate the destination memory */
-	  fprintf(stderr, "\t  Hashing-Function: destination memory adress is not valid!\n\
-	  The caller of this function is responsible for allocating a destination buffer that is large enough\n\
-	  for holding the digest value\n");
-	  abort(); 
-	}
-        memset((void*)dest, 0, sizeof(dest)); /* clear memory where hash is to be written */
-
-
-        /* format the raw string to hex notation and
-         * pass it piece by piece into our char *dest
-         * and concatenate */
-        for (int i = 0; i < gcry_md_get_algo_dlen(algo); i++)  {
-            sprintf((char*)helper, "%02x", (unsigned char)byte_result[i]);
-            stringconcat(dest, (const char*)helper);
-        }
-        dest[ strlen( dest ) ] = '\0';
-        /* generally clean up after ourselves ... */
-        gcry_md_close(Crypto_handle); /* releases all security relevant information */
-	gcry_free(Crypto_handle);	
-        gcry_free(byte_result);
-        gcry_free(helper);
-	Crypto_error = 0;
-	Crypto_handle = NULL;
-	byte_result = NULL;
-	helper = NULL;
-
-    } else	/* if the hash mechanism isnt working abort */
-        abort();
+  gcry_md_hash_buffer(algo, rawResult, value, len);
+
+  for (int i = 0; i < algolen; i++) {
+    sprintf(digest+(i*2), "%02x", (unsigned char)rawResult[i]); /* pointer magic */ 
+  }
+  gcry_free(rawResult);
 }
 
-void gcrypt_init() {
+void gcrypt_init()
+{
   static bool initialized = false;
   if (gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P) || initialized)
     return;
@@ -119,8 +32,8 @@ void gcrypt_init() {
   /* this is the actual library initialization
    * with a sec mem starting pool of 64k */
   gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN),
-  gcry_control(GCRYCTL_INIT_SECMEM, 16384*4, 0),
+  gcry_control(GCRYCTL_INIT_SECMEM, 65536, 0),
   gcry_control(GCRYCTL_RESUME_SECMEM_WARN),
-  gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+  gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0),
   initialized = true;
 }

hashit.c

@@ -1,66 +1,63 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-
-#include <stdbool.h>
-#include <gcrypt.h>
-#include <errno.h>
-#include <time.h>
+/* C to sqlite DB interface (for logins)
+ * with hashing mechanisms using gcrypt
+ * written by oMeN23 in 2011-2016
+ * If you think this is useful, use it!
+ * copyleft, open and free!
+ * file: hashit.c (hashing-utility)
+ */
 
+#define _GNU_SOURCE
 #include "login.h"
 
-int main(int argc, char** argv) 
+int main(int argc, char* argv[]) 
 {
   time_t thetime = time(NULL);
-  printf("hashit v0.1 - %s", ctime(&thetime));  
-  clock_t start, end;
-  start = clock();
-  int algo;
-  char buffer[1<<12];
-  char final[1<<12];
+
+  printf("hashit v0.25 - %s", ctime(&thetime));  
   gcrypt_init();
+  int algo;
+
+start:
   printf("These are the available algorithms: \n\
-    GCRY_MD_MD5     = 1,\n\
-    GCRY_MD_SHA1    = 2,\n\
-    GCRY_MD_RMD160  = 3,\n\
-    GCRY_MD_TIGER   = 6,   /* TIGER/192 as used by gpg <= 1.3.2. */\n\
-    GCRY_MD_SHA256  = 8,\n\
-    GCRY_MD_SHA384  = 9,\n\
-    GCRY_MD_SHA512  = 10,\n\
-    GCRY_MD_SHA224  = 11,\n\
-    GCRY_MD_MD4     = 301,\n\
-    GCRY_MD_CRC32   = 302,\n\
-    GCRY_MD_CRC32_RFC1510 = 303,\n\
-    GCRY_MD_CRC24_RFC2440 = 304,\n\
-    GCRY_MD_WHIRLPOOL = 305,\n\
-    GCRY_MD_TIGER1  = 306, /* TIGER fixed.  */\n\
-    GCRY_MD_TIGER2  = 307  /* TIGER2 variant.   */\n");
+  GCRY_MD_MD5     = 1,\n\
+  GCRY_MD_SHA1    = 2,\n\
+  GCRY_MD_RMD160  = 3,\n\
+  GCRY_MD_TIGER   = 6,   /* TIGER/192 as used by gpg <= 1.3.2. */\n\
+  GCRY_MD_SHA256  = 8,\n\
+  GCRY_MD_SHA384  = 9,\n\
+  GCRY_MD_SHA512  = 10,\n\
+  GCRY_MD_SHA224  = 11,\n\
+  GCRY_MD_MD4     = 301,\n\
+  GCRY_MD_CRC32   = 302,\n\
+  GCRY_MD_CRC32_RFC1510 = 303,\n\
+  GCRY_MD_CRC24_RFC2440 = 304,\n\
+  GCRY_MD_WHIRLPOOL = 305,\n\
+  GCRY_MD_TIGER1  = 306, /* TIGER fixed.  */\n\
+  GCRY_MD_TIGER2  = 307  /* TIGER2 variant.   */\n");
 
   printf("Please enter the number of the desired algorithm: ");
-  scanf("%i", &algo);
+  scanf("%i", &algo),
+  getchar(); // fall thru without this call 
   bool rangeOk = false;
   if ((algo > 0 && algo < 12 && (algo != 4 && algo != 5 && algo != 7)) || (algo > 300 && algo < 308))
     rangeOk = true;
 
   if (!rangeOk) { 
-    printf("Select a valid algorithm please\n");
-    abort();   
+    printf("Select a valid algorithm please.\n");
+    goto start;   
   }
+  char* final = gcry_malloc_secure((gcry_md_get_algo_dlen(algo)*2)+1);
+  char* ptr = gcry_malloc_secure(4096);
 
-  char* ptr = buffer;
-  getchar(); // fall thru without this call 
   printf("What value do you want to hash? ");  
-  fgets(ptr, sizeof buffer, stdin);  
-  ptr[strlen(ptr)-1] = '\0'; // remove '\n' of fgets
-
-  char* hash = final;  
-  hash_func(ptr, hash, algo, GCRY_MD_FLAG_SECURE);    
-  printf("\"%s\" hashed is:\n%s\n", ptr, hash);
-  end = clock();
-  double execution_time = (double) ((end - start) / CLOCKS_PER_SEC);
-  printf("Execution of the program took %.12lf secs\n",execution_time); //(double) ((end - start) / CLOCKS_PER_SEC) );
-
-  return 0;  
+  fgets(ptr, 4096, stdin);  
+  ptr[ strlen(ptr) - 1 ] = '\0'; // remove '\n' of fgets    
 
-}
+  hash_func(algo, final, ptr, strlen(ptr));
+  printf("%s\n", final);
+
+  gcry_free(final);
+  gcry_free(ptr); 
+
+  return 0;    
+}