From ba641c22baad3c77f6c6164ef23af993a61d6e3d Mon Sep 17 00:00:00 2001
From: "H. Peter Anvin" <hpa@zytor.com>
Date: Sun, 10 Feb 2008 22:53:07 -0800
Subject: [PATCH] simple menu: support sha256 and sha512 passwords

Add support for sha256 and sha512 passwords in the simple menu system.
---
 com32/menu/passwd.c | 43 +++++++++++++++++++++++++++++++++++--------
 1 file changed, 35 insertions(+), 8 deletions(-)

diff --git a/com32/menu/passwd.c b/com32/menu/passwd.c
index 0016a0d..b3bb70a 100644
--- a/com32/menu/passwd.c
+++ b/com32/menu/passwd.c
@@ -11,8 +11,8 @@
  * ----------------------------------------------------------------------- */
 
 #include <string.h>
+#include <xcrypt.h>
 #include <sha1.h>
-#include <md5.h>
 #include <base64.h>
 
 #include "menu.h"
@@ -50,14 +50,41 @@ static int passwd_compare_md5(const char *passwd, const char *entry)
     (passwd[len] == '\0' || passwd[len] == '$');
 }
 
+static int passwd_compare_sha256(const char *passwd, const char *entry)
+{
+  const char *crypted = sha256_crypt(entry, passwd+3);
+  int len = strlen(crypted);
+
+  return !strncmp(crypted, passwd, len) &&
+    (passwd[len] == '\0' || passwd[len] == '$');
+}
+
+static int passwd_compare_sha512(const char *passwd, const char *entry)
+{
+  const char *crypted = sha512_crypt(entry, passwd+3);
+  int len = strlen(crypted);
+
+  return !strncmp(crypted, passwd, len) &&
+    (passwd[len] == '\0' || passwd[len] == '$');
+}
+
 int passwd_compare(const char *passwd, const char *entry)
 {
-  if ( passwd[0] != '$' )	/* Plaintext passwd, yuck! */
+  if ( passwd[0] != '$' || !passwd[1] || passwd[2] != '$' ) {
+    /* Plaintext passwd, yuck! */
     return !strcmp(entry, passwd);
-  else if ( !strncmp(passwd, "$4$", 3) )
-    return passwd_compare_sha1(passwd, entry);
-  else if ( !strncmp(passwd, "$1$", 3) )
-    return passwd_compare_md5(passwd, entry);
-  else
-    return 0;			/* Invalid encryption algorithm */
+  } else {
+    switch (passwd[1]) {
+    case '1':
+      return passwd_compare_md5(passwd, entry);
+    case '4':
+      return passwd_compare_sha1(passwd, entry);
+    case '5':
+      return passwd_compare_sha256(passwd, entry);
+    case '6':
+      return passwd_compare_sha512(passwd, entry);
+    default:
+      return 0;			/* Unknown encryption algorithm -> false */
+    }
+  }
 }
-- 
2.7.4