xref: /dragonfly/lib/libcrypt/deprecated-crypt-sha256.c (revision 0fe46dc6296951eb138485d8c6b580bac0488fd8) 
1 /*
2  * Copyright (c) 2010
3  *        The DragonFly Project.  All rights reserved.
4  *
5  * This code is derived from software contributed to The DragonFly Project
6  * by Nolan Lum <nol888@gmail.com>
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in
16  *    the documentation and/or other materials provided with the
17  *    distribution.
18  * 3. Neither the name of The DragonFly Project nor the names of its
19  *    contributors may be used to endorse or promote products derived
20  *    from this software without specific, prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
26  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
28  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
30  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
31  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
32  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include <sys/types.h>
37 #include <string.h>
38 
39 #include "crypt.h"
40 #include "local.h"
41 
42 /*
43  * New password crypt.
44  */
45 
46 #define SHA256_SIZE 32
47 
48 char*
crypt_deprecated_sha256(const char * pw,const char * salt)49 crypt_deprecated_sha256(const char *pw, const char *salt)
50 {
51         /*
52          * Magic constant (prefix) used to run over the password data.
53          *
54          * XXX:
55          *
56          * A bug below (sizeof instead of strlen) mandates the extra data after
57          * the closing $. This data is what just happened to be (consistently
58          * miraculously) on the stack following magic on 64-bit.
59          */
60           static const char *magic = "$3$\0sha5";
61 
62           static char         passwd[120], *p;
63           static const char *sp, *ep;
64           unsigned char final[SHA256_SIZE];
65           int sl;
66           struct sha256_ctx ctx;
67           unsigned long l;
68 
69           /* Refine the salt. */
70           sp = salt;
71 
72           /* If it starts with the magic string, then skip that. */
73           if (!strncmp(sp, magic, strlen(magic)))
74                     sp += strlen(magic);
75 
76           /* Stop at the first '$', max 8 chars. */
77           for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
78                     continue;
79 
80           /* Get the actual salt length. */
81           sl = ep - sp;
82 
83           __crypt__sha256_init_ctx(&ctx);
84 
85           /* Hash in the password first. */
86           __crypt__sha256_process_bytes(pw, strlen(pw), &ctx);
87 
88         /*
89          * Then the magic string
90          *
91          * XXX: sizeof instead of strlen, must retain
92          */
93           __crypt__sha256_process_bytes(magic, sizeof(magic), &ctx);
94 
95           /* Then the raw salt. */
96           __crypt__sha256_process_bytes(sp, sl, &ctx);
97 
98           /* Finish and create the output string. */
99           __crypt__sha256_finish_ctx(&ctx, final);
100           strcpy(passwd, magic);
101           strncat(passwd, sp, sl);
102           strcat(passwd, "$");
103 
104           p = passwd + strlen(passwd);
105 
106           l = (final[ 0] << 16) | (final[11] << 8) | final[21];
107           _crypt_to64(p, l, 4); p += 4;
108           l = (final[ 1] << 16) | (final[12] << 8) | final[22];
109           _crypt_to64(p, l, 4); p += 4;
110           l = (final[ 2] << 16) | (final[13] << 8) | final[23];
111           _crypt_to64(p, l, 4); p += 4;
112           l = (final[ 3] << 16) | (final[14] << 8) | final[24];
113           _crypt_to64(p, l, 4); p += 4;
114           l = (final[ 4] << 16) | (final[15] << 8) | final[25];
115           _crypt_to64(p, l, 4); p += 4;
116           l = (final[ 5] << 16) | (final[16] << 8) | final[26];
117           _crypt_to64(p, l, 4); p += 4;
118           l = (final[ 6] << 16) | (final[17] << 8) | final[27];
119           _crypt_to64(p, l, 4); p += 4;
120           l = (final[ 7] << 16) | (final[18] << 8) | final[28];
121           _crypt_to64(p, l, 4); p += 4;
122           l = (final[ 8] << 16) | (final[19] << 8) | final[29];
123           _crypt_to64(p, l, 4); p += 4;
124           l = (final[ 9] << 16) | (final[20] << 8) | final[30];
125           _crypt_to64(p, l, 4); p += 4;
126           l = (final[10] << 16) | (final[31] << 8);
127           _crypt_to64(p, l, 4); p += 4;
128           *p = '\0';
129 
130           /* Clear memory. */
131           memset(final, 0, sizeof(final));
132 
133           return (passwd);
134 }
135