Damien Miller | dd1c7ba | 1999-11-19 15:53:20 +1100 | [diff] [blame] | 1 | /* |
| 2 | * ---------------------------------------------------------------------------- |
| 3 | * "THE BEER-WARE LICENSE" (Revision 42): |
| 4 | * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you |
| 5 | * can do whatever you want with this stuff. If we meet some day, and you think |
| 6 | * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp |
| 7 | * ---------------------------------------------------------------------------- |
| 8 | */ |
| 9 | |
| 10 | /* |
| 11 | * Ported from FreeBSD to Linux, only minimal changes. --marekm |
| 12 | */ |
| 13 | |
| 14 | /* |
| 15 | * Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu |
| 16 | */ |
| 17 | |
| 18 | #include "config.h" |
| 19 | |
Damien Miller | beb4ba5 | 1999-12-28 15:09:35 +1100 | [diff] [blame] | 20 | #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) |
Damien Miller | dd1c7ba | 1999-11-19 15:53:20 +1100 | [diff] [blame] | 21 | |
| 22 | #include <unistd.h> |
| 23 | #include <string.h> |
| 24 | |
| 25 | #ifdef HAVE_OPENSSL |
| 26 | #include <openssl/md5.h> |
| 27 | #endif |
| 28 | |
| 29 | #ifdef HAVE_SSL |
| 30 | #include <ssl/md5.h> |
| 31 | #endif |
| 32 | |
| 33 | static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ |
| 34 | "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
| 35 | |
| 36 | static char *magic = "$1$"; /* |
| 37 | * This string is magic for |
| 38 | * this algorithm. Having |
| 39 | * it this way, we can get |
| 40 | * get better later on |
| 41 | */ |
| 42 | |
| 43 | static void |
| 44 | to64(char *s, unsigned long v, int n) |
| 45 | { |
| 46 | while (--n >= 0) { |
| 47 | *s++ = itoa64[v&0x3f]; |
| 48 | v >>= 6; |
| 49 | } |
| 50 | } |
| 51 | |
| 52 | int |
| 53 | is_md5_salt(const char *salt) |
| 54 | { |
| 55 | return (!strncmp(salt, magic, strlen(magic))); |
| 56 | } |
| 57 | |
| 58 | /* |
| 59 | * UNIX password |
| 60 | * |
| 61 | * Use MD5 for what it is best at... |
| 62 | */ |
| 63 | |
| 64 | char * |
| 65 | md5_crypt(const char *pw, const char *salt) |
| 66 | { |
| 67 | static char passwd[120], *p; |
| 68 | static const char *sp,*ep; |
| 69 | unsigned char final[16]; |
| 70 | int sl,pl,i,j; |
| 71 | MD5_CTX ctx,ctx1; |
| 72 | unsigned long l; |
| 73 | |
| 74 | /* Refine the Salt first */ |
| 75 | sp = salt; |
| 76 | |
| 77 | /* If it starts with the magic string, then skip that */ |
| 78 | if(!strncmp(sp,magic,strlen(magic))) |
| 79 | sp += strlen(magic); |
| 80 | |
| 81 | /* It stops at the first '$', max 8 chars */ |
| 82 | for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++) |
| 83 | continue; |
| 84 | |
| 85 | /* get the length of the true salt */ |
| 86 | sl = ep - sp; |
| 87 | |
| 88 | MD5_Init(&ctx); |
| 89 | |
| 90 | /* The password first, since that is what is most unknown */ |
| 91 | MD5_Update(&ctx,pw,strlen(pw)); |
| 92 | |
| 93 | /* Then our magic string */ |
| 94 | MD5_Update(&ctx,magic,strlen(magic)); |
| 95 | |
| 96 | /* Then the raw salt */ |
| 97 | MD5_Update(&ctx,sp,sl); |
| 98 | |
| 99 | /* Then just as many characters of the MD5(pw,salt,pw) */ |
| 100 | MD5_Init(&ctx1); |
| 101 | MD5_Update(&ctx1,pw,strlen(pw)); |
| 102 | MD5_Update(&ctx1,sp,sl); |
| 103 | MD5_Update(&ctx1,pw,strlen(pw)); |
| 104 | MD5_Final(final,&ctx1); |
| 105 | for(pl = strlen(pw); pl > 0; pl -= 16) |
| 106 | MD5_Update(&ctx,final,pl>16 ? 16 : pl); |
| 107 | |
| 108 | /* Don't leave anything around in vm they could use. */ |
| 109 | memset(final,0,sizeof final); |
| 110 | |
| 111 | /* Then something really weird... */ |
| 112 | for (j=0,i = strlen(pw); i ; i >>= 1) |
| 113 | if(i&1) |
| 114 | MD5_Update(&ctx, final+j, 1); |
| 115 | else |
| 116 | MD5_Update(&ctx, pw+j, 1); |
| 117 | |
| 118 | /* Now make the output string */ |
| 119 | strcpy(passwd,magic); |
| 120 | strncat(passwd,sp,sl); |
| 121 | strcat(passwd,"$"); |
| 122 | |
| 123 | MD5_Final(final,&ctx); |
| 124 | |
| 125 | /* |
| 126 | * and now, just to make sure things don't run too fast |
| 127 | * On a 60 Mhz Pentium this takes 34 msec, so you would |
| 128 | * need 30 seconds to build a 1000 entry dictionary... |
| 129 | */ |
| 130 | for(i=0;i<1000;i++) { |
| 131 | MD5_Init(&ctx1); |
| 132 | if(i & 1) |
| 133 | MD5_Update(&ctx1,pw,strlen(pw)); |
| 134 | else |
| 135 | MD5_Update(&ctx1,final,16); |
| 136 | |
| 137 | if(i % 3) |
| 138 | MD5_Update(&ctx1,sp,sl); |
| 139 | |
| 140 | if(i % 7) |
| 141 | MD5_Update(&ctx1,pw,strlen(pw)); |
| 142 | |
| 143 | if(i & 1) |
| 144 | MD5_Update(&ctx1,final,16); |
| 145 | else |
| 146 | MD5_Update(&ctx1,pw,strlen(pw)); |
| 147 | MD5_Final(final,&ctx1); |
| 148 | } |
| 149 | |
| 150 | p = passwd + strlen(passwd); |
| 151 | |
| 152 | l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4; |
| 153 | l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4; |
| 154 | l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4; |
| 155 | l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4; |
| 156 | l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4; |
| 157 | l = final[11] ; to64(p,l,2); p += 2; |
| 158 | *p = '\0'; |
| 159 | |
| 160 | /* Don't leave anything around in vm they could use. */ |
| 161 | memset(final,0,sizeof final); |
| 162 | |
| 163 | return passwd; |
| 164 | } |
| 165 | |
Damien Miller | beb4ba5 | 1999-12-28 15:09:35 +1100 | [diff] [blame] | 166 | #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ |