1*84d9c625SLionel Sambuc /* $NetBSD: md5crypt.c,v 1.14 2013/08/28 17:47:07 riastradh Exp $ */
2ebffaa42SBen Gras
3ebffaa42SBen Gras /*
4ebffaa42SBen Gras * ----------------------------------------------------------------------------
5ebffaa42SBen Gras * "THE BEER-WARE LICENSE" (Revision 42):
6ebffaa42SBen Gras * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
7ebffaa42SBen Gras * can do whatever you want with this stuff. If we meet some day, and you think
8ebffaa42SBen Gras * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
9ebffaa42SBen Gras * ----------------------------------------------------------------------------
10ebffaa42SBen Gras *
11ebffaa42SBen Gras * from FreeBSD: crypt.c,v 1.5 1996/10/14 08:34:02 phk Exp
12ebffaa42SBen Gras * via OpenBSD: md5crypt.c,v 1.9 1997/07/23 20:58:27 kstailey Exp
13ebffaa42SBen Gras *
14ebffaa42SBen Gras */
15ebffaa42SBen Gras
16ebffaa42SBen Gras #include <sys/cdefs.h>
17ebffaa42SBen Gras #if !defined(lint)
18*84d9c625SLionel Sambuc __RCSID("$NetBSD: md5crypt.c,v 1.14 2013/08/28 17:47:07 riastradh Exp $");
19ebffaa42SBen Gras #endif /* not lint */
20ebffaa42SBen Gras
21ebffaa42SBen Gras #include <unistd.h>
22ebffaa42SBen Gras #include <stdio.h>
23ebffaa42SBen Gras #include <string.h>
24ebffaa42SBen Gras #include <md5.h>
25ebffaa42SBen Gras
26ebffaa42SBen Gras #include "crypt.h"
27ebffaa42SBen Gras
28ebffaa42SBen Gras #define MD5_MAGIC "$1$"
29ebffaa42SBen Gras #define MD5_MAGIC_LEN 3
30ebffaa42SBen Gras
31ebffaa42SBen Gras #define INIT(x) MD5Init((x))
32ebffaa42SBen Gras #define UPDATE(x, b, l) MD5Update((x), (b), (l))
33ebffaa42SBen Gras #define FINAL(v, x) MD5Final((v), (x))
34ebffaa42SBen Gras
35ebffaa42SBen Gras
36ebffaa42SBen Gras /*
37ebffaa42SBen Gras * MD5 password encryption.
38ebffaa42SBen Gras */
39ebffaa42SBen Gras char *
__md5crypt(const char * pw,const char * salt)40ebffaa42SBen Gras __md5crypt(const char *pw, const char *salt)
41ebffaa42SBen Gras {
42ebffaa42SBen Gras static char passwd[120], *p;
43ebffaa42SBen Gras const char *sp, *ep;
44ebffaa42SBen Gras unsigned char final[16];
45ebffaa42SBen Gras unsigned int i, sl, pwl;
46ebffaa42SBen Gras MD5_CTX ctx, ctx1;
47ebffaa42SBen Gras u_int32_t l;
48ebffaa42SBen Gras int pl;
49ebffaa42SBen Gras
50ebffaa42SBen Gras pwl = strlen(pw);
51ebffaa42SBen Gras
52ebffaa42SBen Gras /* Refine the salt first */
53ebffaa42SBen Gras sp = salt;
54ebffaa42SBen Gras
55ebffaa42SBen Gras /* If it starts with the magic string, then skip that */
56ebffaa42SBen Gras if (strncmp(sp, MD5_MAGIC, MD5_MAGIC_LEN) == 0)
57ebffaa42SBen Gras sp += MD5_MAGIC_LEN;
58ebffaa42SBen Gras
59ebffaa42SBen Gras /* It stops at the first '$', max 8 chars */
60ebffaa42SBen Gras for (ep = sp; *ep != '\0' && *ep != '$' && ep < (sp + 8); ep++)
61ebffaa42SBen Gras continue;
62ebffaa42SBen Gras
63ebffaa42SBen Gras /* get the length of the true salt */
64ebffaa42SBen Gras sl = ep - sp;
65ebffaa42SBen Gras
66ebffaa42SBen Gras INIT(&ctx);
67ebffaa42SBen Gras
68ebffaa42SBen Gras /* The password first, since that is what is most unknown */
69ebffaa42SBen Gras UPDATE(&ctx, (const unsigned char *)pw, pwl);
70ebffaa42SBen Gras
71ebffaa42SBen Gras /* Then our magic string */
72ebffaa42SBen Gras UPDATE(&ctx, (const unsigned char *)MD5_MAGIC, MD5_MAGIC_LEN);
73ebffaa42SBen Gras
74ebffaa42SBen Gras /* Then the raw salt */
75ebffaa42SBen Gras UPDATE(&ctx, (const unsigned char *)sp, sl);
76ebffaa42SBen Gras
77ebffaa42SBen Gras /* Then just as many characters of the MD5(pw,salt,pw) */
78ebffaa42SBen Gras INIT(&ctx1);
79ebffaa42SBen Gras UPDATE(&ctx1, (const unsigned char *)pw, pwl);
80ebffaa42SBen Gras UPDATE(&ctx1, (const unsigned char *)sp, sl);
81ebffaa42SBen Gras UPDATE(&ctx1, (const unsigned char *)pw, pwl);
82ebffaa42SBen Gras FINAL(final, &ctx1);
83ebffaa42SBen Gras
84ebffaa42SBen Gras for (pl = pwl; pl > 0; pl -= 16)
85ebffaa42SBen Gras UPDATE(&ctx, final, (unsigned int)(pl > 16 ? 16 : pl));
86ebffaa42SBen Gras
87ebffaa42SBen Gras /* Don't leave anything around in vm they could use. */
88ebffaa42SBen Gras memset(final, 0, sizeof(final));
89ebffaa42SBen Gras
90ebffaa42SBen Gras /* Then something really weird... */
91ebffaa42SBen Gras for (i = pwl; i != 0; i >>= 1)
92ebffaa42SBen Gras if ((i & 1) != 0)
93ebffaa42SBen Gras UPDATE(&ctx, final, 1);
94ebffaa42SBen Gras else
95ebffaa42SBen Gras UPDATE(&ctx, (const unsigned char *)pw, 1);
96ebffaa42SBen Gras
97ebffaa42SBen Gras /* Now make the output string */
98ebffaa42SBen Gras memcpy(passwd, MD5_MAGIC, MD5_MAGIC_LEN);
99ebffaa42SBen Gras strlcpy(passwd + MD5_MAGIC_LEN, sp, sl + 1);
100ebffaa42SBen Gras strlcat(passwd, "$", sizeof(passwd));
101ebffaa42SBen Gras
102ebffaa42SBen Gras FINAL(final, &ctx);
103ebffaa42SBen Gras
104f5435c74SLionel Sambuc /* memset(&ctx, 0, sizeof(ctx)); done by MD5Final() */
105f5435c74SLionel Sambuc
106ebffaa42SBen Gras /*
107ebffaa42SBen Gras * And now, just to make sure things don't run too fast. On a 60 MHz
108ebffaa42SBen Gras * Pentium this takes 34 msec, so you would need 30 seconds to build
109ebffaa42SBen Gras * a 1000 entry dictionary...
110ebffaa42SBen Gras */
111ebffaa42SBen Gras for (i = 0; i < 1000; i++) {
112ebffaa42SBen Gras INIT(&ctx1);
113ebffaa42SBen Gras
114ebffaa42SBen Gras if ((i & 1) != 0)
115ebffaa42SBen Gras UPDATE(&ctx1, (const unsigned char *)pw, pwl);
116ebffaa42SBen Gras else
117ebffaa42SBen Gras UPDATE(&ctx1, final, 16);
118ebffaa42SBen Gras
119ebffaa42SBen Gras if ((i % 3) != 0)
120ebffaa42SBen Gras UPDATE(&ctx1, (const unsigned char *)sp, sl);
121ebffaa42SBen Gras
122ebffaa42SBen Gras if ((i % 7) != 0)
123ebffaa42SBen Gras UPDATE(&ctx1, (const unsigned char *)pw, pwl);
124ebffaa42SBen Gras
125ebffaa42SBen Gras if ((i & 1) != 0)
126ebffaa42SBen Gras UPDATE(&ctx1, final, 16);
127ebffaa42SBen Gras else
128ebffaa42SBen Gras UPDATE(&ctx1, (const unsigned char *)pw, pwl);
129ebffaa42SBen Gras
130ebffaa42SBen Gras FINAL(final, &ctx1);
131ebffaa42SBen Gras }
132ebffaa42SBen Gras
133f5435c74SLionel Sambuc /* memset(&ctx1, 0, sizeof(ctx1)); done by MD5Final() */
134f5435c74SLionel Sambuc
135ebffaa42SBen Gras p = passwd + sl + MD5_MAGIC_LEN + 1;
136ebffaa42SBen Gras
137ebffaa42SBen Gras l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; __crypt_to64(p,l,4); p += 4;
138ebffaa42SBen Gras l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; __crypt_to64(p,l,4); p += 4;
139ebffaa42SBen Gras l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; __crypt_to64(p,l,4); p += 4;
140ebffaa42SBen Gras l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; __crypt_to64(p,l,4); p += 4;
141ebffaa42SBen Gras l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; __crypt_to64(p,l,4); p += 4;
142ebffaa42SBen Gras l = final[11] ; __crypt_to64(p,l,2); p += 2;
143ebffaa42SBen Gras *p = '\0';
144ebffaa42SBen Gras
145ebffaa42SBen Gras /* Don't leave anything around in vm they could use. */
146*84d9c625SLionel Sambuc explicit_memset(final, 0, sizeof(final));
147ebffaa42SBen Gras return (passwd);
148ebffaa42SBen Gras }
149