|
Packit |
6c4009 |
/*
|
|
Packit |
6c4009 |
* UFC-crypt: ultra fast crypt(3) implementation
|
|
Packit |
6c4009 |
*
|
|
Packit |
6c4009 |
* Copyright (C) 1991-2018 Free Software Foundation, Inc.
|
|
Packit |
6c4009 |
*
|
|
Packit |
6c4009 |
* The GNU C Library is free software; you can redistribute it and/or
|
|
Packit |
6c4009 |
* modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6c4009 |
* License as published by the Free Software Foundation; either
|
|
Packit |
6c4009 |
* version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6c4009 |
*
|
|
Packit |
6c4009 |
* The GNU C Library is distributed in the hope that it will be useful,
|
|
Packit |
6c4009 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6c4009 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6c4009 |
* Lesser General Public License for more details.
|
|
Packit |
6c4009 |
*
|
|
Packit |
6c4009 |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6c4009 |
* License along with the GNU C Library; if not, see
|
|
Packit |
6c4009 |
* <http://www.gnu.org/licenses/>.
|
|
Packit |
6c4009 |
*
|
|
Packit |
6c4009 |
* crypt entry points
|
|
Packit |
6c4009 |
*
|
|
Packit |
6c4009 |
* @(#)crypt-entry.c 1.2 12/20/96
|
|
Packit |
6c4009 |
*
|
|
Packit |
6c4009 |
*/
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
#ifdef DEBUG
|
|
Packit |
6c4009 |
#include <stdio.h>
|
|
Packit |
6c4009 |
#endif
|
|
Packit |
6c4009 |
#include <string.h>
|
|
Packit |
6c4009 |
#include <errno.h>
|
|
Packit |
6c4009 |
#include <fips-private.h>
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
#ifndef STATIC
|
|
Packit |
6c4009 |
#define STATIC static
|
|
Packit |
6c4009 |
#endif
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
#include "crypt-private.h"
|
|
Packit |
6c4009 |
#include <shlib-compat.h>
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Prototypes for local functions. */
|
|
Packit |
6c4009 |
#ifndef __GNU_LIBRARY__
|
|
Packit |
6c4009 |
void _ufc_clearmem (char *start, int cnt);
|
|
Packit |
6c4009 |
#else
|
|
Packit |
6c4009 |
#define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
|
|
Packit |
6c4009 |
#endif
|
|
Packit |
6c4009 |
extern char *__md5_crypt_r (const char *key, const char *salt, char *buffer,
|
|
Packit |
6c4009 |
int buflen);
|
|
Packit |
6c4009 |
extern char *__md5_crypt (const char *key, const char *salt);
|
|
Packit |
6c4009 |
extern char *__sha256_crypt_r (const char *key, const char *salt,
|
|
Packit |
6c4009 |
char *buffer, int buflen);
|
|
Packit |
6c4009 |
extern char *__sha256_crypt (const char *key, const char *salt);
|
|
Packit |
6c4009 |
extern char *__sha512_crypt_r (const char *key, const char *salt,
|
|
Packit |
6c4009 |
char *buffer, int buflen);
|
|
Packit |
6c4009 |
extern char *__sha512_crypt (const char *key, const char *salt);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Define our magic string to mark salt for MD5 encryption
|
|
Packit |
6c4009 |
replacement. This is meant to be the same as for other MD5 based
|
|
Packit |
6c4009 |
encryption implementations. */
|
|
Packit |
6c4009 |
static const char md5_salt_prefix[] = "$1$";
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Magic string for SHA256 encryption. */
|
|
Packit |
6c4009 |
static const char sha256_salt_prefix[] = "$5$";
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Magic string for SHA512 encryption. */
|
|
Packit |
6c4009 |
static const char sha512_salt_prefix[] = "$6$";
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* For use by the old, non-reentrant routines (crypt/encrypt/setkey) */
|
|
Packit |
6c4009 |
extern struct crypt_data _ufc_foobar;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/*
|
|
Packit |
6c4009 |
* UNIX crypt function
|
|
Packit |
6c4009 |
*/
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
char *
|
|
Packit |
6c4009 |
__crypt_r (const char *key, const char *salt,
|
|
Packit |
6c4009 |
struct crypt_data * __restrict data)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
ufc_long res[4];
|
|
Packit |
6c4009 |
char ktab[9];
|
|
Packit |
6c4009 |
ufc_long xx = 25; /* to cope with GCC long long compiler bugs */
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
#ifdef _LIBC
|
|
Packit |
6c4009 |
/* Try to find out whether we have to use MD5 encryption replacement. */
|
|
Packit |
6c4009 |
if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* FIPS rules out MD5 password encryption. */
|
|
Packit |
6c4009 |
if (fips_enabled_p ())
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
__set_errno (EPERM);
|
|
Packit |
6c4009 |
return NULL;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
return __md5_crypt_r (key, salt, (char *) data,
|
|
Packit |
6c4009 |
sizeof (struct crypt_data));
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Try to find out whether we have to use SHA256 encryption replacement. */
|
|
Packit |
6c4009 |
if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0)
|
|
Packit |
6c4009 |
return __sha256_crypt_r (key, salt, (char *) data,
|
|
Packit |
6c4009 |
sizeof (struct crypt_data));
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Try to find out whether we have to use SHA512 encryption replacement. */
|
|
Packit |
6c4009 |
if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0)
|
|
Packit |
6c4009 |
return __sha512_crypt_r (key, salt, (char *) data,
|
|
Packit |
6c4009 |
sizeof (struct crypt_data));
|
|
Packit |
6c4009 |
#endif
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/*
|
|
Packit |
6c4009 |
* Hack DES tables according to salt
|
|
Packit |
6c4009 |
*/
|
|
Packit |
6c4009 |
if (!_ufc_setup_salt_r (salt, data))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
__set_errno (EINVAL);
|
|
Packit |
6c4009 |
return NULL;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* FIPS rules out DES password encryption. */
|
|
Packit |
6c4009 |
if (fips_enabled_p ())
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
__set_errno (EPERM);
|
|
Packit |
6c4009 |
return NULL;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/*
|
|
Packit |
6c4009 |
* Setup key schedule
|
|
Packit |
6c4009 |
*/
|
|
Packit |
6c4009 |
_ufc_clearmem (ktab, (int) sizeof (ktab));
|
|
Packit |
6c4009 |
(void) strncpy (ktab, key, 8);
|
|
Packit |
6c4009 |
_ufc_mk_keytab_r (ktab, data);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/*
|
|
Packit |
6c4009 |
* Go for the 25 DES encryptions
|
|
Packit |
6c4009 |
*/
|
|
Packit |
6c4009 |
_ufc_clearmem ((char*) res, (int) sizeof (res));
|
|
Packit |
6c4009 |
_ufc_doit_r (xx, data, &res[0]);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/*
|
|
Packit |
6c4009 |
* Do final permutations
|
|
Packit |
6c4009 |
*/
|
|
Packit |
6c4009 |
_ufc_dofinalperm_r (res, data);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/*
|
|
Packit |
6c4009 |
* And convert back to 6 bit ASCII
|
|
Packit |
6c4009 |
*/
|
|
Packit |
6c4009 |
_ufc_output_conversion_r (res[0], res[1], salt, data);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/*
|
|
Packit |
6c4009 |
* Erase key-dependent intermediate data. Data dependent only on
|
|
Packit |
6c4009 |
* the salt is not considered sensitive.
|
|
Packit |
6c4009 |
*/
|
|
Packit |
6c4009 |
explicit_bzero (ktab, sizeof (ktab));
|
|
Packit |
6c4009 |
explicit_bzero (data->keysched, sizeof (data->keysched));
|
|
Packit |
6c4009 |
explicit_bzero (res, sizeof (res));
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
return data->crypt_3_buf;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
weak_alias (__crypt_r, crypt_r)
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
char *
|
|
Packit |
6c4009 |
crypt (const char *key, const char *salt)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
#ifdef _LIBC
|
|
Packit |
6c4009 |
/* Try to find out whether we have to use MD5 encryption replacement. */
|
|
Packit |
6c4009 |
if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0
|
|
Packit |
6c4009 |
/* Let __crypt_r deal with the error code if FIPS is enabled. */
|
|
Packit |
6c4009 |
&& !fips_enabled_p ())
|
|
Packit |
6c4009 |
return __md5_crypt (key, salt);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Try to find out whether we have to use SHA256 encryption replacement. */
|
|
Packit |
6c4009 |
if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0)
|
|
Packit |
6c4009 |
return __sha256_crypt (key, salt);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Try to find out whether we have to use SHA512 encryption replacement. */
|
|
Packit |
6c4009 |
if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0)
|
|
Packit |
6c4009 |
return __sha512_crypt (key, salt);
|
|
Packit |
6c4009 |
#endif
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
return __crypt_r (key, salt, &_ufc_foobar);
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
|
|
Packit |
6c4009 |
weak_alias (crypt, fcrypt)
|
|
Packit |
6c4009 |
compat_symbol (libcrypt, fcrypt, fcrypt, GLIBC_2_0);
|
|
Packit |
6c4009 |
#endif
|