|
|
#include "stdafx.h"
#include "password.h"
#include <strsafe.h>
// password categories
enum {STRONG_PWD_UPPER=0,STRONG_PWD_LOWER,STRONG_PWD_NUM,STRONG_PWD_PUNC};#define STRONG_PWD_CATS (STRONG_PWD_PUNC + 1)
#define NUM_LETTERS 26
#define NUM_NUMBERS 10
#define MIN_PWD_LEN 8
// password must contain at least one each of:
// uppercase, lowercase, punctuation and numbers
DWORD CreateGoodPassword(BYTE *szPwd, DWORD dwLen) { if (dwLen-1 < MIN_PWD_LEN) { return ERROR_PASSWORD_RESTRICTION; }
HCRYPTPROV hProv; DWORD dwErr = 0;
if (CryptAcquireContext(&hProv,NULL,NULL,PROV_RSA_FULL,CRYPT_VERIFYCONTEXT) == FALSE) { return GetLastError(); }
// zero it out and decrement the size to allow for trailing '\0'
SecureZeroMemory(szPwd,dwLen); dwLen--;
// generate a pwd pattern, each byte is in the range
// (0..255) mod STRONG_PWD_CATS
// this indicates which character pool to take a char from
BYTE *pPwdPattern = new BYTE[dwLen]; BOOL fFound[STRONG_PWD_CATS]; do { // bug!bug! does CGR() ever fail?
CryptGenRandom(hProv,dwLen,pPwdPattern);
fFound[STRONG_PWD_UPPER] = fFound[STRONG_PWD_LOWER] = fFound[STRONG_PWD_PUNC] = fFound[STRONG_PWD_NUM] = FALSE;
for (DWORD i=0; i < dwLen; i++) { fFound[pPwdPattern[i] % STRONG_PWD_CATS] = TRUE; } // check that each character category is in the pattern
} while (!fFound[STRONG_PWD_UPPER] || !fFound[STRONG_PWD_LOWER] || !fFound[STRONG_PWD_PUNC] || !fFound[STRONG_PWD_NUM]);
// populate password with random data
// this, in conjunction with pPwdPattern, is
// used to determine the actual data
CryptGenRandom(hProv,dwLen,szPwd);
for (DWORD i=0; i < dwLen; i++) { BYTE bChar = 0;
// there is a bias in each character pool because of the % function
switch (pPwdPattern[i] % STRONG_PWD_CATS) { case STRONG_PWD_UPPER : bChar = 'A' + szPwd[i] % NUM_LETTERS; break; case STRONG_PWD_LOWER : bChar = 'a' + szPwd[i] % NUM_LETTERS; break; case STRONG_PWD_NUM : bChar = '0' + szPwd[i] % NUM_NUMBERS; break; case STRONG_PWD_PUNC : default: char *szPunc="!@#$%^&*()_-+=[{]};:\'\"<>,./?\\|~`"; DWORD dwLenPunc = lstrlenA(szPunc); bChar = szPunc[szPwd[i] % dwLenPunc]; break; } szPwd[i] = bChar; }
if (pPwdPattern) { delete [] pPwdPattern; }
if (hProv != NULL) { CryptReleaseContext(hProv,0); } return dwErr;}
// Creates a secure password
// caller must LocalFree Return pointer
// iSize = size of password to create
LPTSTR CreatePassword(int iSize){ LPTSTR pszPassword = NULL; BYTE *szPwd = new BYTE[iSize]; DWORD dwPwdLen = iSize; int i = 0;
// use the new secure password generator
// unfortunately this baby doesn't use unicode.
// so we'll call it and then convert it to unicode afterwards.
if (0 == CreateGoodPassword(szPwd,dwPwdLen)) {#if defined(UNICODE) || defined(_UNICODE)
// convert it to unicode and copy it back into our unicode buffer.
// compute the length
i = MultiByteToWideChar(CP_ACP, 0, (LPSTR) szPwd, -1, NULL, 0); if (i <= 0) {goto CreatePassword_Exit;} pszPassword = (LPTSTR) LocalAlloc(LPTR, i * sizeof(TCHAR)); if (!pszPassword) {goto CreatePassword_Exit;} i = MultiByteToWideChar(CP_ACP, 0, (LPSTR) szPwd, -1, pszPassword, i); if (i <= 0) { LocalFree(pszPassword); pszPassword = NULL; goto CreatePassword_Exit; } // make sure ends with null
pszPassword[i - 1] = 0;#else
pszPassword = (LPSTR) LocalAlloc(GPTR, _tcslen((LPTSTR) szPwd) * sizeof(TCHAR));#endif
}
CreatePassword_Exit: if (szPwd){delete [] szPwd;szPwd=NULL;} return pszPassword;}
|
