1 /*
2 * Copyright (c) 2010
3 * The DragonFly Project. All rights reserved.
4 *
5 * This code is derived from software contributed to The DragonFly Project
6 * by Nolan Lum <nol888@gmail.com>
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 * 3. Neither the name of The DragonFly Project nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific, prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
28 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
30 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
31 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
32 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include <sys/types.h>
37 #include <string.h>
38
39 #include "crypt.h"
40 #include "local.h"
41
42 /*
43 * New password crypt.
44 */
45
46 #define SHA512_SIZE 64
47
48 char*
crypt_deprecated_sha512(const char * pw,const char * salt)49 crypt_deprecated_sha512(const char *pw, const char *salt)
50 {
51 /*
52 * Magic constant (prefix) used to run over the password data.
53 *
54 * XXX:
55 *
56 * A bug below (sizeof instead of strlen) mandates the extra data after
57 * the closing $. This data is what just happened to be (consistently
58 * miraculously) on the stack following magic on 64-bit.
59 */
60 static const char *magic = "$4$\0/etc";
61
62 static char passwd[120], *p;
63 static const char *sp, *ep;
64 unsigned char final[SHA512_SIZE];
65 int sl, i;
66 struct sha512_ctx ctx;
67 unsigned long l;
68
69 /* Refine the salt. */
70 sp = salt;
71
72 /* If it starts with the magic string, then skip that. */
73 if (!strncmp(sp, magic, strlen(magic)))
74 sp += strlen(magic);
75
76 /* Stop at the first '$', max 8 chars. */
77 for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
78 continue;
79
80 /* Get the actual salt length. */
81 sl = ep - sp;
82
83 __crypt__sha512_init_ctx(&ctx);
84
85 /* Hash in the password first. */
86 __crypt__sha512_process_bytes(pw, strlen(pw), &ctx);
87
88 /*
89 * Then the magic string
90 *
91 * XXX: sizeof instead of strlen, must retain
92 */
93 __crypt__sha512_process_bytes(magic, sizeof(magic), &ctx);
94
95 /* Then the raw salt. */
96 __crypt__sha512_process_bytes(sp, sl, &ctx);
97
98 /* Finish and create the output string. */
99 __crypt__sha512_finish_ctx(&ctx, final);
100 strcpy(passwd, magic);
101 strncat(passwd, sp, sl);
102 strcat(passwd, "$");
103
104 p = passwd + strlen(passwd);
105
106 /*
107 * For-loop form of the algorithm in sha256.c;
108 * breaks the final output up into 3cols and then base64's each row.
109 */
110 for (i = 0; i < 20; i++) {
111 l = (final[i] << 16) | (final[i + 21] << 8) | final[i + 42];
112 _crypt_to64(p, l, 4); p += 4;
113 }
114 l = (final[20] << 16) | (final[41] << 8);
115 _crypt_to64(p, l, 4); p += 4;
116 *p = '\0';
117
118 /* Clear memory. */
119 memset(final, 0, sizeof(final));
120
121 return (passwd);
122 }
123