/// <summary>Encrypts password using IBM's flavor of DES algorithm as defined in RFC2877</summary>
/// <param name="userName">User name in ASCII</param>
/// <param name="password">Password in ASCII</param>
/// <param name="serverSeed">Server's seed</param>
/// <param name="clientSeed">Client's seed</param>
/// <returns>Encrypted password as EBCDIC byte stream</returns>
public static byte[] EncryptPasswordDES(string userName, string password, ulong serverSeed, ulong clientSeed)
{
byte[] passwordToken = new byte[8];
if (password.Length > 8)
{
byte[] passwordTokenA = GenerateToken(userName, password.Substring(0, 8));
byte[] passwordTokenB = GenerateToken(userName, password.Substring(8));
passwordToken = Converters.UInt64ToBigEndian(Converters.BigEndianToUInt64(passwordTokenA) ^ Converters.BigEndianToUInt64(passwordTokenB));
}
else
{
passwordToken = GenerateToken(userName, password);
}
byte[] usernameEBCDIC_A;
byte[] usernameEBCDIC_B;
if (userName.Length <= 8)
{
usernameEBCDIC_A = Converters.AsciiToEbcdic(userName.ToUpper().PadRight(8));
usernameEBCDIC_B = Converters.UInt64ToBigEndian(0x4040404040404040);
}
else
{
usernameEBCDIC_A = Converters.AsciiToEbcdic(userName.Substring(0, 8).ToUpper().PadRight(8));
usernameEBCDIC_B = Converters.AsciiToEbcdic(userName.Substring(8).ToUpper().PadRight(8));
}
byte[] firstEncryptionRound = EncryptDES(Converters.UInt64ToBigEndian(serverSeed + 1), passwordToken);
byte[] secondEncryptionRound = EncryptDES(Converters.UInt64ToBigEndian(Converters.BigEndianToUInt64(firstEncryptionRound) ^ clientSeed), passwordToken);
byte[] thirdEncryptionRound = EncryptDES(Converters.UInt64ToBigEndian(Converters.BigEndianToUInt64(usernameEBCDIC_A) ^ (serverSeed + 1) ^ Converters.BigEndianToUInt64(secondEncryptionRound)), passwordToken);
byte[] fourthEncryptionRound = EncryptDES(Converters.UInt64ToBigEndian(Converters.BigEndianToUInt64(usernameEBCDIC_B) ^ (serverSeed + 1) ^ Converters.BigEndianToUInt64(thirdEncryptionRound)), passwordToken);
return(EncryptDES(Converters.UInt64ToBigEndian(Converters.BigEndianToUInt64(fourthEncryptionRound) ^ 0x0000000000000001), passwordToken));
}
/// <summary>Encrypts password using IBM's flavor of SHA1 algorithm</summary>
/// <param name="userName">User name in ASCII</param>
/// <param name="password">Password in ASCII</param>
/// <param name="serverSeed">Server's seed</param>
/// <param name="clientSeed">Client's seed</param>
/// <returns>Encrypted password as EBCDIC byte stream</returns>
public static byte[] EncryptPasswordSHA1(string userName, string password, ulong serverSeed, ulong clientSeed)
{
SHA1 sha = new SHA1CryptoServiceProvider();
byte[] token = sha.ComputeHash(Encoding.BigEndianUnicode.GetBytes(userName.ToUpper().PadRight(10) + password));
byte[] serverSeedBytes = Converters.UInt64ToBigEndian(serverSeed);
byte[] clientSeedBytes = Converters.UInt64ToBigEndian(clientSeed);
byte[] userNameUnicodeBytes = Encoding.BigEndianUnicode.GetBytes(userName.ToUpper().PadRight(10));
byte[] sequenceBytes = Converters.UInt64ToBigEndian(1);
sha = new SHA1CryptoServiceProvider();
sha.TransformBlock(token, 0, token.Length, token, 0);
sha.TransformBlock(serverSeedBytes, 0, serverSeedBytes.Length, serverSeedBytes, 0);
sha.TransformBlock(clientSeedBytes, 0, clientSeedBytes.Length, clientSeedBytes, 0);
sha.TransformBlock(userNameUnicodeBytes, 0, userNameUnicodeBytes.Length, userNameUnicodeBytes, 0);
sha.TransformFinalBlock(sequenceBytes, 0, sequenceBytes.Length);
return(sha.Hash);
}
/// <summary>Creates an intermediary password token using DES algorithm</summary>
/// <param name="userName">User name in ASCII</param>
/// <param name="password">Password in ASCII</param>
/// <returns>Encrypted password token as EBCDIC byte stream</returns>
private static byte[] GenerateToken(string userName, string password)
{
if (password.Length > 8)
{
throw new System.InvalidOperationException("Wrong method invocation: password cannot be longer than 8");
}
if (userName.Length > 10)
{
throw new System.InvalidOperationException("Wrong method invocation: user name cannot be longer than 10");
}
byte[] passwordEBCDIC = Converters.AsciiToEbcdic(password.ToUpper().PadRight(8));
byte[] encryptionKey = Converters.UInt64ToBigEndian((Converters.BigEndianToUInt64(passwordEBCDIC) ^ 0x5555555555555555) << 1);
byte[] usernameEBCDIC = PrepareUserNameDES(userName);
return(EncryptDES(usernameEBCDIC, encryptionKey));
}
//-----------------------------------------------------------------------
// Class methods
//-----------------------------------------------------------------------
/// <summary>Returns password hash of the specified user, in specified format</summary>
/// <param name="system">System to be connected to</param>
/// <param name="userName">User name</param>
/// <param name="hashType">Predefined password hash type (see documentation for details)</param>
/// <returns>Password hash as a hex string</returns>
public string GetEncryptedPassword(string userName, int hashType)
{
/*
* http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=%2Fapis%2Fqsyrupwd.htm
*
* Required Parameter Group:
*
* 1 Receiver variable Output Char(*) - 2000B
* 2 Length of receiver variable Input Binary(4)
* 3 Format Input Char(8) - "UPWD0100"
* 4 User profile name Input Char(10) - userName
* 5 Error code I/O Char(*)
*/
ProgramCallParameters qsyrupwdCallParameters =
new ProgramCallParameters(5)
{
[0] = new ProgramCallParameter(
ProgramCallParameter.ParameterTypeOutput,
null,
2000),
[1] = new ProgramCallParameter(
ProgramCallParameter.ParameterTypeInput,
Converters.UInt32ToBigEndian(2000)),
[2] = new ProgramCallParameter(
ProgramCallParameter.ParameterTypeInput,
Converters.AsciiToEbcdic("UPWD0100")),
[3] = new ProgramCallParameter(
ProgramCallParameter.ParameterTypeInput,
Converters.AsciiToEbcdic(userName.ToUpper().PadRight(10))),
[4] = new ProgramCallParameter(
ProgramCallParameter.ParameterTypeInputOutput,
null,
500)
};
CallMessages qsyrupwdCallMessages = new CallMessages();
if (CallProgram("QSYRUPWD", "QSYS", ref qsyrupwdCallParameters, ref qsyrupwdCallMessages) != 0)
{
foreach (CallMessage outputMessage in qsyrupwdCallMessages)
{
Debug.WriteLine(outputMessage.MessageText);
}
throw new System.InvalidOperationException("The method GetEncryptedPassword failed. Check debug information.");
}
switch (hashType)
{
case PASSWORD_HASH_ALLDATA: // All data
return(Converters.BigEndianToHexString(qsyrupwdCallParameters[0].ParameterValue, 1, 269));
case PASSWORD_HASH_UNKNOWNHASH: // Unknown (hash?) data
return(Converters.BigEndianToHexString(qsyrupwdCallParameters[0].ParameterValue, 78, 192));
case PASSWORD_HASH_HMACSHA1MC: // HMAC-SHA1 password (mixed case)
return(Converters.BigEndianToHexString(qsyrupwdCallParameters[0].ParameterValue, 35, 20));
case PASSWORD_HASH_HMACSHA1UC: // HMAC-SHA1 password (uppercase)
return(Converters.BigEndianToHexString(qsyrupwdCallParameters[0].ParameterValue, 55, 20));
case PASSWORD_HASH_LMHASH: // LM hash
return(Converters.BigEndianToHexString(qsyrupwdCallParameters[0].ParameterValue, 17, 16));
case PASSWORD_HASH_DES: // Composed DES hash (PW_TOKENa XOR PW_TOKENb):
return(Converters.BigEndianToHexString(Converters.UInt64ToBigEndian(Converters.BigEndianToUInt64(qsyrupwdCallParameters[0].ParameterValue, 1, 8) ^ Converters.BigEndianToUInt64(qsyrupwdCallParameters[0].ParameterValue, 9, 8))));
case PASSWORD_HASH_SECONDDES: // Second DES password token (PW_TOKENb)
return(Converters.BigEndianToHexString(qsyrupwdCallParameters[0].ParameterValue, 9, 8));
case PASSWORD_HASH_FIRSTDES: // First DES password (PW_TOKENa)
default:
return(Converters.BigEndianToHexString(qsyrupwdCallParameters[0].ParameterValue, 1, 8));
}
}
