1 /* $OpenBSD: encrypt.c,v 1.51 2021/07/12 15:09:19 beck Exp $ */ 2 3 /* 4 * Copyright (c) 1996, Jason Downs. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS 16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, 19 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 22 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/types.h> 29 #include <ctype.h> 30 #include <err.h> 31 #include <errno.h> 32 #include <pwd.h> 33 #include <stdio.h> 34 #include <stdlib.h> 35 #include <string.h> 36 #include <unistd.h> 37 #include <login_cap.h> 38 #include <limits.h> 39 #include <readpassphrase.h> 40 41 /* 42 * Very simple little program, for encrypting passwords from the command 43 * line. Useful for scripts and such. 44 */ 45 46 extern char *__progname; 47 48 static void __dead usage(void); 49 static void print_passwd(char *, int, char *); 50 51 #define DO_BLF 0 52 53 static void __dead 54 usage(void) 55 { 56 57 (void)fprintf(stderr, 58 "usage: %s [-b rounds] [-c class] [-p | string]\n", 59 __progname); 60 exit(1); 61 } 62 63 static void 64 print_passwd(char *string, int operation, char *extra) 65 { 66 char buffer[_PASSWORD_LEN]; 67 const char *pref; 68 char prefbuf[64]; 69 70 if (operation == DO_BLF) { 71 if (snprintf(prefbuf, sizeof(prefbuf), "blowfish,%s", extra) >= 72 sizeof(prefbuf)) 73 errx(1, "pref too long"); 74 pref = prefbuf; 75 } else { 76 login_cap_t *lc; 77 78 if ((lc = login_getclass(extra)) == NULL) 79 errx(1, "unable to get login class `%s'", 80 extra ? (char *)extra : "default"); 81 pref = login_getcapstr(lc, "localcipher", NULL, NULL); 82 } 83 if (crypt_newhash(string, pref, buffer, sizeof(buffer)) != 0) 84 err(1, "can't generate hash"); 85 86 fputs(buffer, stdout); 87 } 88 89 int 90 main(int argc, char **argv) 91 { 92 int opt; 93 int operation = -1; 94 int prompt = 0; 95 char *extra = NULL; /* Store login class or number of rounds */ 96 const char *errstr; 97 98 if (unveil(_PATH_LOGIN_CONF, "r") == -1) 99 err(1, "unveil %s", _PATH_LOGIN_CONF); 100 if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) 101 err(1, "unveil %s.db", _PATH_LOGIN_CONF); 102 if (pledge("stdio rpath tty", NULL) == -1) 103 err(1, "pledge"); 104 105 while ((opt = getopt(argc, argv, "pb:c:")) != -1) { 106 switch (opt) { 107 case 'p': 108 prompt = 1; 109 break; 110 case 'b': /* Blowfish password hash */ 111 if (operation != -1) 112 usage(); 113 operation = DO_BLF; 114 if (strcmp(optarg, "a") != 0) { 115 (void)strtonum(optarg, 4, 31, &errstr); 116 if (errstr != NULL) 117 errx(1, "rounds is %s: %s", errstr, 118 optarg); 119 } 120 extra = optarg; 121 break; 122 case 'c': /* user login class */ 123 extra = optarg; 124 operation = -1; 125 break; 126 default: 127 usage(); 128 } 129 } 130 131 if (((argc - optind) < 1)) { 132 char line[BUFSIZ]; 133 char string[1024]; 134 135 if (prompt) { 136 if (readpassphrase("Enter string: ", string, 137 sizeof(string), RPP_ECHO_OFF) == NULL) 138 err(1, "readpassphrase"); 139 print_passwd(string, operation, extra); 140 (void)fputc('\n', stdout); 141 explicit_bzero(string, sizeof(string)); 142 } else { 143 size_t len; 144 /* Encrypt stdin to stdout. */ 145 while (!feof(stdin) && 146 (fgets(line, sizeof(line), stdin) != NULL)) { 147 len = strlen(line); 148 if (len == 0 || line[0] == '\n') 149 continue; 150 if (line[len - 1] == '\n') 151 line[len - 1] = '\0'; 152 153 print_passwd(line, operation, extra); 154 155 (void)fputc('\n', stdout); 156 } 157 } 158 } else { 159 char *string; 160 161 /* can't combine -p with a supplied string */ 162 if (prompt) 163 usage(); 164 165 /* Perhaps it isn't worth worrying about, but... */ 166 if ((string = strdup(argv[optind])) == NULL) 167 err(1, NULL); 168 /* Wipe the argument. */ 169 explicit_bzero(argv[optind], strlen(argv[optind])); 170 171 print_passwd(string, operation, extra); 172 173 (void)fputc('\n', stdout); 174 175 /* Wipe our copy, before we free it. */ 176 freezero(string, strlen(string)); 177 } 178 return 0; 179 } 180