1 /* $OpenBSD: cryptutil.c,v 1.6 2014/12/24 22:10:34 tedu Exp $ */ 2 /* 3 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 #include <stdlib.h> 18 #include <unistd.h> 19 #include <string.h> 20 #include <pwd.h> 21 #include <login_cap.h> 22 #include <errno.h> 23 24 int 25 crypt_checkpass(const char *pass, const char *goodhash) 26 { 27 char dummy[_PASSWORD_LEN]; 28 char *res; 29 30 if (goodhash == NULL) { 31 /* fake it */ 32 goto fake; 33 } 34 35 /* empty password */ 36 if (strlen(goodhash) == 0 && strlen(pass) == 0) 37 return 0; 38 39 if (goodhash[0] == '$' && goodhash[1] == '2') { 40 if (bcrypt_checkpass(pass, goodhash)) 41 goto fail; 42 return 0; 43 } 44 45 /* unsupported. fake it. */ 46 fake: 47 bcrypt_newhash(pass, 8, dummy, sizeof(dummy)); 48 fail: 49 errno = EACCES; 50 return -1; 51 } 52 53 int 54 crypt_newhash(const char *pass, const char *pref, char *hash, size_t hashlen) 55 { 56 int rv = -1; 57 const char *defaultpref = "blowfish,8"; 58 const char *errstr; 59 int rounds; 60 61 if (pref == NULL) 62 pref = defaultpref; 63 if (strncmp(pref, "blowfish,", 9) != 0) { 64 errno = EINVAL; 65 goto err; 66 } 67 rounds = strtonum(pref + 9, 4, 31, &errstr); 68 if (errstr) 69 goto err; 70 rv = bcrypt_newhash(pass, rounds, hash, hashlen); 71 72 err: 73 return rv; 74 } 75