16532Swyllys /* 26532Swyllys * CDDL HEADER START 36532Swyllys * 46532Swyllys * The contents of this file are subject to the terms of the 56532Swyllys * Common Development and Distribution License (the "License"). 66532Swyllys * You may not use this file except in compliance with the License. 76532Swyllys * 86532Swyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 96532Swyllys * or http://www.opensolaris.org/os/licensing. 106532Swyllys * See the License for the specific language governing permissions 116532Swyllys * and limitations under the License. 126532Swyllys * 136532Swyllys * When distributing Covered Code, include this CDDL HEADER in each 146532Swyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 156532Swyllys * If applicable, add the following below this CDDL HEADER, with the 166532Swyllys * fields enclosed by brackets "[]" replaced with your own identifying 176532Swyllys * information: Portions Copyright [yyyy] [name of copyright owner] 186532Swyllys * 196532Swyllys * CDDL HEADER END 206532Swyllys */ 216532Swyllys /* 226532Swyllys * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 236532Swyllys * Use is subject to license terms. 246532Swyllys */ 256532Swyllys 266532Swyllys /* 276532Swyllys * Portions of this code from crypt_bsdmd5.so (bsdmd5.c) : 286532Swyllys * ---------------------------------------------------------------------------- 296532Swyllys * "THE BEER-WARE LICENSE" (Revision 42): 306532Swyllys * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you 316532Swyllys * can do whatever you want with this stuff. If we meet some day, and you think 326532Swyllys * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 336532Swyllys * ---------------------------------------------------------------------------- 346532Swyllys * 356532Swyllys * $FreeBSD: crypt.c,v 1.5 1996/10/14 08:34:02 phk Exp $ 366532Swyllys * 376532Swyllys */ 386532Swyllys 396532Swyllys /* 406532Swyllys * Implements the specification from: 416532Swyllys * 426532Swyllys * From http://people.redhat.com/drepper/SHA-crypt.txt 436532Swyllys * 446532Swyllys * Portions of the code taken from inspired by or verified against the 456532Swyllys * source in the above document which is licensed as: 466532Swyllys * 476532Swyllys * "Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>." 486532Swyllys */ 496532Swyllys 506532Swyllys 516532Swyllys #include <sys/types.h> 526532Swyllys #include <sys/stat.h> 536532Swyllys #include <sys/sysmacros.h> 546532Swyllys #include <fcntl.h> 556532Swyllys #include <unistd.h> 566532Swyllys #include <string.h> 576532Swyllys #include <stdio.h> 586532Swyllys #include <errno.h> 596532Swyllys #include <stdlib.h> 606532Swyllys #include <alloca.h> 616532Swyllys 626532Swyllys #include <sha2.h> 636532Swyllys #include <crypt.h> 646532Swyllys 656532Swyllys #define MAX_SALT_LEN 16 666532Swyllys #define ROUNDS_DEFAULT 5000 676532Swyllys #define ROUNDS_MIN 1000 686532Swyllys #define ROUNDS_MAX 999999999 696532Swyllys 706532Swyllys #ifdef CRYPT_SHA256 716532Swyllys 726532Swyllys #define DIGEST_CTX SHA256_CTX 736532Swyllys #define DIGESTInit SHA256Init 746532Swyllys #define DIGESTUpdate SHA256Update 756532Swyllys #define DIGESTFinal SHA256Final 766532Swyllys #define DIGEST_LEN SHA256_DIGEST_LENGTH 776532Swyllys #define MIXCHARS 32 786532Swyllys static const char crypt_alg_magic[] = "$5$"; 796532Swyllys 806532Swyllys #elif CRYPT_SHA512 816532Swyllys 826532Swyllys #define DIGEST_CTX SHA512_CTX 836532Swyllys #define DIGESTInit SHA512Init 846532Swyllys #define DIGESTUpdate SHA512Update 856532Swyllys #define DIGESTFinal SHA512Final 866532Swyllys #define DIGEST_LEN SHA512_DIGEST_LENGTH 876532Swyllys #define MIXCHARS 64 886532Swyllys static const char crypt_alg_magic[] = "$6$"; 896532Swyllys 906532Swyllys #else 916532Swyllys #error "One of CRYPT_256 or CRYPT_512 must be defined" 926532Swyllys #endif 936532Swyllys 946532Swyllys static const int crypt_alg_magic_len = sizeof (crypt_alg_magic) - 1; 956532Swyllys static const char rounds_prefix[] = "rounds="; 966532Swyllys 976532Swyllys 986532Swyllys static uchar_t b64t[] = /* 0 ... 63 => ascii - 64 */ 996532Swyllys "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 1006532Swyllys 1016532Swyllys #define b64_from_24bit(B2, B1, B0, N) \ 1026532Swyllys { \ 1036532Swyllys uint_t w = ((B2) << 16) | ((B1) << 8) | (B0); \ 1046532Swyllys int n = (N); \ 1056532Swyllys while (--n >= 0 && ctbufflen > 0) { \ 1066532Swyllys *p++ = b64t[w & 0x3f]; \ 1076532Swyllys w >>= 6; \ 1086532Swyllys ctbufflen--; \ 1096532Swyllys } \ 1106532Swyllys } 1116532Swyllys 1126532Swyllys static void 1136532Swyllys to64(char *s, uint64_t v, int n) 1146532Swyllys { 1156532Swyllys while (--n >= 0) { 1166532Swyllys *s++ = b64t[v&0x3f]; 1176532Swyllys v >>= 6; 1186532Swyllys } 1196532Swyllys } 1206532Swyllys 1216532Swyllys char * 1226532Swyllys crypt_genhash_impl(char *ctbuffer, 1236532Swyllys size_t ctbufflen, 1246532Swyllys const char *plaintext, 1256532Swyllys const char *switchsalt, 1266532Swyllys const char **params) 1276532Swyllys { 1286532Swyllys int salt_len, plaintext_len, i; 1296532Swyllys char *salt; 1306532Swyllys uchar_t A[DIGEST_LEN]; 1316532Swyllys uchar_t B[DIGEST_LEN]; 1326532Swyllys uchar_t DP[DIGEST_LEN]; 1336532Swyllys uchar_t DS[DIGEST_LEN]; 1346532Swyllys DIGEST_CTX ctxA, ctxB, ctxC, ctxDP, ctxDS; 1356532Swyllys int rounds = ROUNDS_DEFAULT; 1366532Swyllys boolean_t custom_rounds = B_FALSE; 1376532Swyllys char *p; 1386532Swyllys char *P, *Pp; 1396532Swyllys char *S, *Sp; 1406532Swyllys 1416532Swyllys /* Refine the salt */ 1426532Swyllys salt = (char *)switchsalt; 1436532Swyllys 1446532Swyllys /* skip our magic string */ 1456532Swyllys if (strncmp((char *)salt, crypt_alg_magic, crypt_alg_magic_len) == 0) { 1466532Swyllys salt += crypt_alg_magic_len; 1476532Swyllys } 1486532Swyllys 1496532Swyllys if (strncmp(salt, rounds_prefix, sizeof (rounds_prefix) - 1) == 0) { 1506532Swyllys char *num = salt + sizeof (rounds_prefix) - 1; 1516532Swyllys char *endp; 1526532Swyllys ulong_t srounds = strtoul(num, &endp, 10); 1536532Swyllys if (*endp == '$') { 1546532Swyllys salt = endp + 1; 1556532Swyllys rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX)); 1566532Swyllys custom_rounds = B_TRUE; 1576532Swyllys } 1586532Swyllys } 1596532Swyllys 1606532Swyllys salt_len = MIN(strcspn(salt, "$"), MAX_SALT_LEN); 1616532Swyllys plaintext_len = strlen(plaintext); 1626532Swyllys 1636532Swyllys /* 1. */ 1646532Swyllys DIGESTInit(&ctxA); 1656532Swyllys 1666532Swyllys /* 2. The password first, since that is what is most unknown */ 1676532Swyllys DIGESTUpdate(&ctxA, plaintext, plaintext_len); 1686532Swyllys 1696532Swyllys /* 3. Then the raw salt */ 1706532Swyllys DIGESTUpdate(&ctxA, salt, salt_len); 1716532Swyllys 1726532Swyllys /* 4. - 8. */ 1736532Swyllys DIGESTInit(&ctxB); 1746532Swyllys DIGESTUpdate(&ctxB, plaintext, plaintext_len); 1756532Swyllys DIGESTUpdate(&ctxB, salt, salt_len); 1766532Swyllys DIGESTUpdate(&ctxB, plaintext, plaintext_len); 1776532Swyllys DIGESTFinal(B, &ctxB); 1786532Swyllys 1796532Swyllys /* 9. - 10. */ 1806532Swyllys for (i = plaintext_len; i > MIXCHARS; i -= MIXCHARS) 1816532Swyllys DIGESTUpdate(&ctxA, B, MIXCHARS); 1826532Swyllys DIGESTUpdate(&ctxA, B, i); 1836532Swyllys 1846532Swyllys /* 11. */ 1856532Swyllys for (i = plaintext_len; i > 0; i >>= 1) { 1866532Swyllys if ((i & 1) != 0) { 1876532Swyllys DIGESTUpdate(&ctxA, B, MIXCHARS); 1886532Swyllys } else { 1896532Swyllys DIGESTUpdate(&ctxA, plaintext, plaintext_len); 1906532Swyllys } 1916532Swyllys } 1926532Swyllys 1936532Swyllys /* 12. */ 1946532Swyllys DIGESTFinal(A, &ctxA); 1956532Swyllys 1966532Swyllys /* 13. - 15. */ 1976532Swyllys DIGESTInit(&ctxDP); 1986532Swyllys for (i = 0; i < plaintext_len; i++) 1996532Swyllys DIGESTUpdate(&ctxDP, plaintext, plaintext_len); 2006532Swyllys DIGESTFinal(DP, &ctxDP); 2016532Swyllys 2026532Swyllys /* 16. */ 2036532Swyllys Pp = P = alloca(plaintext_len); 2046532Swyllys for (i = plaintext_len; i >= MIXCHARS; i -= MIXCHARS) { 2056532Swyllys Pp = (char *)(memcpy(Pp, DP, MIXCHARS)) + MIXCHARS; 2066532Swyllys } 2076532Swyllys memcpy(Pp, DP, i); 2086532Swyllys 2096532Swyllys /* 17. - 19. */ 2106532Swyllys DIGESTInit(&ctxDS); 2116532Swyllys for (i = 0; i < 16 + (uint8_t)A[0]; i++) 2126532Swyllys DIGESTUpdate(&ctxDS, salt, salt_len); 2136532Swyllys DIGESTFinal(DS, &ctxDS); 2146532Swyllys 2156532Swyllys /* 20. */ 2166532Swyllys Sp = S = alloca(salt_len); 2176532Swyllys for (i = salt_len; i >= MIXCHARS; i -= MIXCHARS) { 2186532Swyllys Sp = (char *)(memcpy(Sp, DS, MIXCHARS)) + MIXCHARS; 2196532Swyllys } 2206532Swyllys memcpy(Sp, DS, i); 2216532Swyllys 2226532Swyllys /* 21. */ 2236532Swyllys for (i = 0; i < rounds; i++) { 2246532Swyllys DIGESTInit(&ctxC); 2256532Swyllys 2266532Swyllys if ((i & 1) != 0) { 2276532Swyllys DIGESTUpdate(&ctxC, P, plaintext_len); 2286532Swyllys } else { 2296532Swyllys if (i == 0) 2306532Swyllys DIGESTUpdate(&ctxC, A, MIXCHARS); 2316532Swyllys else 2326532Swyllys DIGESTUpdate(&ctxC, DP, MIXCHARS); 2336532Swyllys } 2346532Swyllys 2356532Swyllys if (i % 3 != 0) { 2366532Swyllys DIGESTUpdate(&ctxC, S, salt_len); 2376532Swyllys } 2386532Swyllys 2396532Swyllys if (i % 7 != 0) { 2406532Swyllys DIGESTUpdate(&ctxC, P, plaintext_len); 2416532Swyllys } 2426532Swyllys 2436532Swyllys if ((i & 1) != 0) { 2446532Swyllys if (i == 0) 2456532Swyllys DIGESTUpdate(&ctxC, A, MIXCHARS); 2466532Swyllys else 2476532Swyllys DIGESTUpdate(&ctxC, DP, MIXCHARS); 2486532Swyllys } else { 2496532Swyllys DIGESTUpdate(&ctxC, P, plaintext_len); 2506532Swyllys } 2516532Swyllys DIGESTFinal(DP, &ctxC); 2526532Swyllys } 2536532Swyllys 2546532Swyllys /* 22. Now make the output string */ 2556532Swyllys (void) strlcpy(ctbuffer, crypt_alg_magic, ctbufflen); 2566532Swyllys if (custom_rounds) { 2576532Swyllys (void) snprintf(ctbuffer, ctbufflen, 2586532Swyllys "%srounds=%zu$", ctbuffer, rounds); 2596532Swyllys } 2606532Swyllys 261*7314SWyllys.Ingersoll@Sun.COM (void) strncat(ctbuffer, (const char *)salt, salt_len); 2626532Swyllys (void) strlcat(ctbuffer, "$", ctbufflen); 2636532Swyllys p = ctbuffer + strlen(ctbuffer); 2646532Swyllys ctbufflen -= strlen(ctbuffer); 2656532Swyllys 2666532Swyllys #ifdef CRYPT_SHA256 2676532Swyllys b64_from_24bit(DP[ 0], DP[10], DP[20], 4); 2686532Swyllys b64_from_24bit(DP[21], DP[ 1], DP[11], 4); 2696532Swyllys b64_from_24bit(DP[12], DP[22], DP[ 2], 4); 2706532Swyllys b64_from_24bit(DP[ 3], DP[13], DP[23], 4); 2716532Swyllys b64_from_24bit(DP[24], DP[ 4], DP[14], 4); 2726532Swyllys b64_from_24bit(DP[15], DP[25], DP[ 5], 4); 2736532Swyllys b64_from_24bit(DP[ 6], DP[16], DP[26], 4); 2746532Swyllys b64_from_24bit(DP[27], DP[ 7], DP[17], 4); 2756532Swyllys b64_from_24bit(DP[18], DP[28], DP[ 8], 4); 2766532Swyllys b64_from_24bit(DP[ 9], DP[19], DP[29], 4); 2776532Swyllys b64_from_24bit(0, DP[31], DP[30], 3); 2786532Swyllys #elif CRYPT_SHA512 2796532Swyllys b64_from_24bit(DP[ 0], DP[21], DP[42], 4); 2806532Swyllys b64_from_24bit(DP[22], DP[43], DP[ 1], 4); 2816532Swyllys b64_from_24bit(DP[44], DP[ 2], DP[23], 4); 2826532Swyllys b64_from_24bit(DP[ 3], DP[24], DP[45], 4); 2836532Swyllys b64_from_24bit(DP[25], DP[46], DP[ 4], 4); 2846532Swyllys b64_from_24bit(DP[47], DP[ 5], DP[26], 4); 2856532Swyllys b64_from_24bit(DP[ 6], DP[27], DP[48], 4); 2866532Swyllys b64_from_24bit(DP[28], DP[49], DP[ 7], 4); 2876532Swyllys b64_from_24bit(DP[50], DP[ 8], DP[29], 4); 2886532Swyllys b64_from_24bit(DP[ 9], DP[30], DP[51], 4); 2896532Swyllys b64_from_24bit(DP[31], DP[52], DP[10], 4); 2906532Swyllys b64_from_24bit(DP[53], DP[11], DP[32], 4); 2916532Swyllys b64_from_24bit(DP[12], DP[33], DP[54], 4); 2926532Swyllys b64_from_24bit(DP[34], DP[55], DP[13], 4); 2936532Swyllys b64_from_24bit(DP[56], DP[14], DP[35], 4); 2946532Swyllys b64_from_24bit(DP[15], DP[36], DP[57], 4); 2956532Swyllys b64_from_24bit(DP[37], DP[58], DP[16], 4); 2966532Swyllys b64_from_24bit(DP[59], DP[17], DP[38], 4); 2976532Swyllys b64_from_24bit(DP[18], DP[39], DP[60], 4); 2986532Swyllys b64_from_24bit(DP[40], DP[61], DP[19], 4); 2996532Swyllys b64_from_24bit(DP[62], DP[20], DP[41], 4); 3006532Swyllys b64_from_24bit(0, 0, DP[63], 2); 3016532Swyllys #endif 3026532Swyllys *p = '\0'; 3036532Swyllys 3046532Swyllys (void) memset(A, 0, sizeof (A)); 3056532Swyllys (void) memset(B, 0, sizeof (B)); 3066532Swyllys (void) memset(DP, 0, sizeof (DP)); 3076532Swyllys (void) memset(DS, 0, sizeof (DS)); 3086532Swyllys 3096532Swyllys return (ctbuffer); 3106532Swyllys } 3116532Swyllys 3126532Swyllys char * 3136532Swyllys crypt_gensalt_impl(char *gsbuffer, 3146532Swyllys size_t gsbufflen, 3156532Swyllys const char *oldsalt, 3166532Swyllys const struct passwd *userinfo, 3176532Swyllys const char **params) 3186532Swyllys { 3196532Swyllys int fd; 3206532Swyllys int err; 3216532Swyllys ssize_t got; 3226532Swyllys uint64_t rndval; 3236532Swyllys 3246532Swyllys if ((fd = open("/dev/urandom", O_RDONLY)) == -1) { 3256532Swyllys return (NULL); 3266532Swyllys } 3276532Swyllys 3286532Swyllys (void) strlcpy(gsbuffer, crypt_alg_magic, gsbufflen); 3296532Swyllys 3306532Swyllys got = read(fd, &rndval, sizeof (rndval)); 3316532Swyllys if (got < sizeof (rndval)) { 3326532Swyllys err = errno; 3336532Swyllys (void) close(fd); 3346532Swyllys errno = err; 3356532Swyllys return (NULL); 3366532Swyllys } 3376532Swyllys 3386532Swyllys to64(&gsbuffer[strlen(crypt_alg_magic)], rndval, sizeof (rndval)); 3396532Swyllys 3406532Swyllys (void) close(fd); 3416532Swyllys 3426532Swyllys return (gsbuffer); 3436532Swyllys } 344