mirror of
https://github.com/3proxy/3proxy.git
synced 2026-05-13 13:30:12 +08:00
295 lines
7.1 KiB
C
295 lines
7.1 KiB
C
/*
|
|
3APA3A simplest proxy server
|
|
(c) 2002-2026 by Vladimir Dubrovin <vlad@3proxy.org>
|
|
|
|
please read License Agreement
|
|
|
|
*/
|
|
#include "libs/blake2.h"
|
|
#ifdef WITH_SSL
|
|
#include <openssl/evp.h>
|
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
#include <openssl/params.h>
|
|
#include <openssl/core_names.h>
|
|
#endif
|
|
#endif
|
|
#include <string.h>
|
|
|
|
#define MD5_SIZE 16
|
|
|
|
#ifdef _WIN32
|
|
#pragma warning (disable : 4996)
|
|
#endif
|
|
|
|
|
|
void tohex(unsigned char *in, unsigned char *out, int len);
|
|
|
|
static unsigned char itoa64[] =
|
|
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
|
|
|
|
|
#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
EVP_MD *md4_hash = NULL;
|
|
EVP_MD *md5_hash = NULL;
|
|
#endif
|
|
|
|
void
|
|
_crypt_to64(unsigned char *s, unsigned long v, int n)
|
|
{
|
|
while (--n >= 0) {
|
|
*s++ = itoa64[v&0x3f];
|
|
v >>= 6;
|
|
}
|
|
}
|
|
|
|
|
|
#ifdef WITH_SSL
|
|
unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPassword, int ctohex)
|
|
{
|
|
unsigned char szUnicodePass[513];
|
|
unsigned int nPasswordLen;
|
|
EVP_MD_CTX *ctx;
|
|
unsigned int len=sizeof(szUnicodePass);
|
|
unsigned int i;
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
const EVP_MD *md4 = md4_hash;
|
|
#else
|
|
const EVP_MD *md4 = EVP_md4();
|
|
#endif
|
|
if(md4 == NULL) return NULL;
|
|
|
|
/*
|
|
* NT passwords are unicode. Convert plain text password
|
|
* to unicode by inserting a zero every other byte
|
|
*/
|
|
nPasswordLen = (int)strlen((char *)szPassword);
|
|
if(nPasswordLen > 255)nPasswordLen = 255;
|
|
for (i = 0; i < nPasswordLen; i++) {
|
|
szUnicodePass[i << 1] = szPassword[i];
|
|
szUnicodePass[(i << 1) + 1] = 0;
|
|
}
|
|
|
|
/* Encrypt Unicode password to a 16-byte MD4 hash */
|
|
ctx = EVP_MD_CTX_new();
|
|
if(!ctx) return NULL;
|
|
if(!EVP_DigestInit_ex(ctx, md4, NULL)){
|
|
EVP_MD_CTX_free(ctx);
|
|
return NULL;
|
|
}
|
|
EVP_DigestUpdate(ctx, szUnicodePass, (nPasswordLen<<1));
|
|
EVP_DigestFinal_ex(ctx, szUnicodePass, &len);
|
|
EVP_MD_CTX_free(ctx);
|
|
if (ctohex){
|
|
tohex(szUnicodePass, szHash, 16);
|
|
}
|
|
else memcpy(szHash, szUnicodePass, 16);
|
|
memset(szUnicodePass, 0, sizeof szUnicodePass);
|
|
return szHash;
|
|
}
|
|
#endif
|
|
|
|
|
|
unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsigned char *passwd){
|
|
|
|
const unsigned char *ep;
|
|
unsigned char *magic;
|
|
unsigned char *p;
|
|
const unsigned char *sp;
|
|
unsigned char final[MD5_SIZE] = {0};
|
|
int sl;
|
|
unsigned long l;
|
|
|
|
#if defined(WITH_SSL)
|
|
#ifndef WITHMAIN
|
|
if(salt[0] == '$' && salt[1] == '1' && salt[2] == '$' && (ep = (unsigned char *)strchr((char *)salt+3, '$'))) {
|
|
EVP_MD_CTX *ctx, *ctx1;
|
|
unsigned int len;
|
|
int pl, i;
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
const EVP_MD *md5 = md5_hash;
|
|
#else
|
|
const EVP_MD *md5 = EVP_md5();
|
|
#endif
|
|
if(md5 == NULL) {
|
|
*passwd = 0;
|
|
return NULL;
|
|
}
|
|
|
|
sp = salt +3;
|
|
sl = (int)(ep - sp);
|
|
magic = (unsigned char *)"$1$";
|
|
|
|
ctx = EVP_MD_CTX_new();
|
|
if(!ctx) {
|
|
*passwd = 0;
|
|
return NULL;
|
|
}
|
|
EVP_DigestInit_ex(ctx, md5, NULL);
|
|
|
|
/* The password first, since that is what is most unknown */
|
|
EVP_DigestUpdate(ctx,pw,strlen((char *)pw));
|
|
|
|
/* Then our magic string */
|
|
EVP_DigestUpdate(ctx,magic,strlen((char *)magic));
|
|
|
|
/* Then the raw salt */
|
|
EVP_DigestUpdate(ctx,sp,sl);
|
|
|
|
/* Then just as many unsigned characters of the MD5(pw,salt,pw) */
|
|
ctx1 = EVP_MD_CTX_new();
|
|
if(!ctx1) {
|
|
EVP_MD_CTX_free(ctx);
|
|
*passwd = 0;
|
|
return NULL;
|
|
}
|
|
EVP_DigestInit_ex(ctx1, md5, NULL);
|
|
EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
|
|
EVP_DigestUpdate(ctx1,sp,sl);
|
|
EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
|
|
EVP_DigestFinal_ex(ctx1,final,&len);
|
|
for(pl = (int)strlen((char *)pw); pl > 0; pl -= MD5_SIZE)
|
|
EVP_DigestUpdate(ctx,final,pl>MD5_SIZE ? MD5_SIZE : pl);
|
|
|
|
/* Don't leave anything around in vm they could use. */
|
|
memset(final,0,sizeof final);
|
|
|
|
/* Then something really weird... */
|
|
for (i = (int)strlen((char *)pw); i ; i >>= 1)
|
|
if(i&1)
|
|
EVP_DigestUpdate(ctx, final, 1);
|
|
else
|
|
EVP_DigestUpdate(ctx, pw, 1);
|
|
|
|
|
|
EVP_DigestFinal_ex(ctx,final,&len);
|
|
EVP_MD_CTX_free(ctx);
|
|
|
|
/*
|
|
* and now, just to make sure things don't run too fast
|
|
* On a 60 Mhz Pentium this takes 34 msec, so you would
|
|
* need 30 seconds to build a 1000 entry dictionary...
|
|
*/
|
|
for(i=0;i<1000;i++) {
|
|
EVP_MD_CTX_reset(ctx1);
|
|
EVP_DigestInit_ex(ctx1, md5, NULL);
|
|
if(i & 1)
|
|
EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
|
|
else
|
|
EVP_DigestUpdate(ctx1,final,MD5_SIZE);
|
|
|
|
if(i % 3)
|
|
EVP_DigestUpdate(ctx1,sp,sl);
|
|
|
|
if(i % 7)
|
|
EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
|
|
|
|
if(i & 1)
|
|
EVP_DigestUpdate(ctx1,final,MD5_SIZE);
|
|
else
|
|
EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
|
|
EVP_DigestFinal_ex(ctx1,final,&len);
|
|
}
|
|
EVP_MD_CTX_free(ctx1);
|
|
}
|
|
else
|
|
#endif
|
|
#endif
|
|
if(salt[0] == '$' && salt[1] == '3' && salt[2] == '$' && (ep = (unsigned char *)strchr((char *)salt+3, '$'))) {
|
|
sp = salt +3;
|
|
sl = (int)(ep - sp);
|
|
magic = (unsigned char *)"$3$";
|
|
{
|
|
blake2b_state S;
|
|
if(blake2b_init(&S, MD5_SIZE) != 0 ||
|
|
blake2b_update(&S, pw, strlen((char *)pw) + 1) != 0 ||
|
|
blake2b_update(&S, sp, sl) != 0 ||
|
|
blake2b_final(&S, final, MD5_SIZE) != 0) {
|
|
*passwd = 0;
|
|
return NULL;
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
*passwd = 0;
|
|
return passwd;
|
|
}
|
|
|
|
strcpy((char *)passwd,(char *)magic);
|
|
strncat((char *)passwd,(char *)sp,sl);
|
|
strcat((char *)passwd,"$");
|
|
p = passwd + strlen((char *)passwd);
|
|
|
|
l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
|
|
_crypt_to64(p,l,4); p += 4;
|
|
l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
|
|
_crypt_to64(p,l,4); p += 4;
|
|
l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
|
|
_crypt_to64(p,l,4); p += 4;
|
|
l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
|
|
_crypt_to64(p,l,4); p += 4;
|
|
l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
|
|
_crypt_to64(p,l,4); p += 4;
|
|
l = final[11] ;
|
|
_crypt_to64(p,l,2); p += 2;
|
|
*p = '\0';
|
|
return passwd;
|
|
}
|
|
|
|
#ifdef WITHMAIN
|
|
#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
#include <openssl/provider.h>
|
|
#endif
|
|
#include <stdio.h>
|
|
int main(int argc, char* argv[]){
|
|
unsigned char buf1[128];
|
|
unsigned char buf2[128];
|
|
unsigned i;
|
|
if(argc < 2 || argc > 3) {
|
|
fprintf(stderr, "usage: \n"
|
|
#ifdef WITH_SSL
|
|
"\t%s <password>\n"
|
|
#endif
|
|
"\t%s <salt> <password>\n"
|
|
#ifdef WITH_SSL
|
|
"Performs NT crypt if no salt specified, BLAKE2 crypt with salt\n"
|
|
#else
|
|
"Performs BLAKE2 crypt with salt\n"
|
|
#endif
|
|
,
|
|
#ifdef WITH_SSL
|
|
argv[0],
|
|
#endif
|
|
argv[0]);
|
|
return 1;
|
|
}
|
|
#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
OSSL_PROVIDER_load(NULL, "legacy");
|
|
OSSL_PROVIDER_load(NULL, "default");
|
|
md4_hash = EVP_MD_fetch(NULL, "MD4", NULL);
|
|
if (md4_hash == NULL) {
|
|
fprintf(stderr, "Error fetching MD4\n");
|
|
}
|
|
#endif
|
|
if(argc == 2) {
|
|
#ifdef WITH_SSL
|
|
{ unsigned char *nt = ntpwdhash(buf1, (unsigned char *)argv[1], 1);
|
|
if(nt) printf("NT:%s\n", nt); }
|
|
#else
|
|
fprintf(stderr, "NT crypt not available (compiled without OpenSSL)\n");
|
|
#endif
|
|
}
|
|
else {
|
|
unsigned char *cr;
|
|
i = (int)strlen((char *)argv[1]);
|
|
if (i > 64) argv[1][64] = 0;
|
|
sprintf((char *)buf1, "$3$%.64s$", argv[1]);
|
|
cr = mycrypt((unsigned char *)argv[2], buf1, buf2);
|
|
if(cr) printf("CR:%s\n", cr);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
#endif
|