1 | /*- |
---|
2 | * SPDX-License-Identifier: BSD-2-Clause-FreeBSD |
---|
3 | * |
---|
4 | * Copyright (c) 2003 Poul-Henning Kamp |
---|
5 | * All rights reserved. |
---|
6 | * |
---|
7 | * Redistribution and use in source and binary forms, with or without |
---|
8 | * modification, are permitted provided that the following conditions |
---|
9 | * are met: |
---|
10 | * 1. Redistributions of source code must retain the above copyright |
---|
11 | * notice, this list of conditions and the following disclaimer. |
---|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
13 | * notice, this list of conditions and the following disclaimer in the |
---|
14 | * documentation and/or other materials provided with the distribution. |
---|
15 | * |
---|
16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
---|
17 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
---|
20 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
22 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
23 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
24 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
25 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
26 | * SUCH DAMAGE. |
---|
27 | */ |
---|
28 | |
---|
29 | #include <sys/cdefs.h> |
---|
30 | __FBSDID("$FreeBSD$"); |
---|
31 | |
---|
32 | #include <sys/types.h> |
---|
33 | |
---|
34 | #include <md5.h> |
---|
35 | #include <stdio.h> |
---|
36 | #include <string.h> |
---|
37 | #include <unistd.h> |
---|
38 | |
---|
39 | #include <crypt.h> |
---|
40 | |
---|
41 | #define MD5_SIZE 16 |
---|
42 | |
---|
43 | /* |
---|
44 | * UNIX password |
---|
45 | */ |
---|
46 | |
---|
47 | char * |
---|
48 | crypt_md5_r(const char *pw, const char *salt, struct crypt_data *data) |
---|
49 | { |
---|
50 | MD5_CTX ctx,ctx1; |
---|
51 | unsigned long l; |
---|
52 | int sl, pl; |
---|
53 | u_int i; |
---|
54 | u_char final[MD5_SIZE]; |
---|
55 | const char *sp, *ep; |
---|
56 | char *passwd = &data->buffer[0], *p; |
---|
57 | static const char magic[] = "$1$"; |
---|
58 | |
---|
59 | /* Refine the Salt first */ |
---|
60 | sp = salt; |
---|
61 | |
---|
62 | /* If it starts with the magic string, then skip that */ |
---|
63 | if(!strncmp(sp, magic, strlen(magic))) |
---|
64 | sp += strlen(magic); |
---|
65 | |
---|
66 | /* It stops at the first '$', max 8 chars */ |
---|
67 | for(ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++) |
---|
68 | continue; |
---|
69 | |
---|
70 | /* get the length of the true salt */ |
---|
71 | sl = ep - sp; |
---|
72 | |
---|
73 | MD5Init(&ctx); |
---|
74 | |
---|
75 | /* The password first, since that is what is most unknown */ |
---|
76 | MD5Update(&ctx, (const u_char *)pw, strlen(pw)); |
---|
77 | |
---|
78 | /* Then our magic string */ |
---|
79 | MD5Update(&ctx, (const u_char *)magic, strlen(magic)); |
---|
80 | |
---|
81 | /* Then the raw salt */ |
---|
82 | MD5Update(&ctx, (const u_char *)sp, (u_int)sl); |
---|
83 | |
---|
84 | /* Then just as many characters of the MD5(pw,salt,pw) */ |
---|
85 | MD5Init(&ctx1); |
---|
86 | MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); |
---|
87 | MD5Update(&ctx1, (const u_char *)sp, (u_int)sl); |
---|
88 | MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); |
---|
89 | MD5Final(final, &ctx1); |
---|
90 | for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE) |
---|
91 | MD5Update(&ctx, (const u_char *)final, |
---|
92 | (u_int)(pl > MD5_SIZE ? MD5_SIZE : pl)); |
---|
93 | |
---|
94 | /* Don't leave anything around in vm they could use. */ |
---|
95 | memset(final, 0, sizeof(final)); |
---|
96 | |
---|
97 | /* Then something really weird... */ |
---|
98 | for (i = strlen(pw); i; i >>= 1) |
---|
99 | if(i & 1) |
---|
100 | MD5Update(&ctx, (const u_char *)final, 1); |
---|
101 | else |
---|
102 | MD5Update(&ctx, (const u_char *)pw, 1); |
---|
103 | |
---|
104 | /* Now make the output string */ |
---|
105 | strcpy(passwd, magic); |
---|
106 | strncat(passwd, sp, (u_int)sl); |
---|
107 | strcat(passwd, "$"); |
---|
108 | |
---|
109 | MD5Final(final, &ctx); |
---|
110 | |
---|
111 | /* |
---|
112 | * and now, just to make sure things don't run too fast |
---|
113 | * On a 60 Mhz Pentium this takes 34 msec, so you would |
---|
114 | * need 30 seconds to build a 1000 entry dictionary... |
---|
115 | */ |
---|
116 | for(i = 0; i < 1000; i++) { |
---|
117 | MD5Init(&ctx1); |
---|
118 | if(i & 1) |
---|
119 | MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); |
---|
120 | else |
---|
121 | MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); |
---|
122 | |
---|
123 | if(i % 3) |
---|
124 | MD5Update(&ctx1, (const u_char *)sp, (u_int)sl); |
---|
125 | |
---|
126 | if(i % 7) |
---|
127 | MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); |
---|
128 | |
---|
129 | if(i & 1) |
---|
130 | MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); |
---|
131 | else |
---|
132 | MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); |
---|
133 | MD5Final(final, &ctx1); |
---|
134 | } |
---|
135 | |
---|
136 | p = passwd + strlen(passwd); |
---|
137 | |
---|
138 | l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; |
---|
139 | _crypt_to64(p, l, 4); p += 4; |
---|
140 | l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; |
---|
141 | _crypt_to64(p, l, 4); p += 4; |
---|
142 | l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; |
---|
143 | _crypt_to64(p, l, 4); p += 4; |
---|
144 | l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; |
---|
145 | _crypt_to64(p, l, 4); p += 4; |
---|
146 | l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; |
---|
147 | _crypt_to64(p, l, 4); p += 4; |
---|
148 | l = final[11]; |
---|
149 | _crypt_to64(p, l, 2); p += 2; |
---|
150 | *p = '\0'; |
---|
151 | |
---|
152 | /* Don't leave anything around in vm they could use. */ |
---|
153 | memset(final, 0, sizeof(final)); |
---|
154 | |
---|
155 | return (passwd); |
---|
156 | } |
---|
157 | |
---|
158 | struct crypt_format crypt_md5_format = |
---|
159 | CRYPT_FORMAT_INITIALIZER(crypt_md5_r, "$1$"); |
---|