1 /*
2  * Copyright (c) 2010
3  * 	The DragonFly Project.  All rights reserved.
4  *
5  * This code is derived from software contributed to The DragonFly Project
6  * by Nolan Lum <nol888@gmail.com>
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in
16  *    the documentation and/or other materials provided with the
17  *    distribution.
18  * 3. Neither the name of The DragonFly Project nor the names of its
19  *    contributors may be used to endorse or promote products derived
20  *    from this software without specific, prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
26  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
28  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
30  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
31  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
32  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include <sys/types.h>
37 #include <string.h>
38 
39 #include "crypt.h"
40 #include "local.h"
41 
42 /*
43  * New password crypt.
44  */
45 
46 #define SHA256_SIZE 32
47 
48 char*
49 crypt_deprecated_sha256(const char *pw, const char *salt)
50 {
51         /*
52          * Magic constant (prefix) used to run over the password data.
53          *
54          * XXX:
55          *
56          * A bug below (sizeof instead of strlen) mandates the extra data after
57          * the closing $. This data is what just happened to be (consistently
58          * miraculously) on the stack following magic on 64-bit.
59          */
60 	static const char *magic = "$3$\0sha5";
61 
62 	static char         passwd[120], *p;
63 	static const char *sp, *ep;
64 	unsigned char final[SHA256_SIZE];
65 	int sl;
66 	struct sha256_ctx ctx;
67 	unsigned long l;
68 
69 	/* Refine the salt. */
70 	sp = salt;
71 
72 	/* If it starts with the magic string, then skip that. */
73 	if (!strncmp(sp, magic, strlen(magic)))
74 		sp += strlen(magic);
75 
76 	/* Stop at the first '$', max 8 chars. */
77 	for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
78 		continue;
79 
80 	/* Get the actual salt length. */
81 	sl = ep - sp;
82 
83 	__crypt__sha256_init_ctx(&ctx);
84 
85 	/* Hash in the password first. */
86 	__crypt__sha256_process_bytes(pw, strlen(pw), &ctx);
87 
88         /*
89          * Then the magic string
90          *
91          * XXX: sizeof instead of strlen, must retain
92          */
93 	__crypt__sha256_process_bytes(magic, sizeof(magic), &ctx);
94 
95 	/* Then the raw salt. */
96 	__crypt__sha256_process_bytes(sp, sl, &ctx);
97 
98 	/* Finish and create the output string. */
99 	__crypt__sha256_finish_ctx(&ctx, final);
100 	strcpy(passwd, magic);
101 	strncat(passwd, sp, sl);
102 	strcat(passwd, "$");
103 
104 	p = passwd + strlen(passwd);
105 
106 	l = (final[ 0] << 16) | (final[11] << 8) | final[21];
107 	_crypt_to64(p, l, 4); p += 4;
108 	l = (final[ 1] << 16) | (final[12] << 8) | final[22];
109 	_crypt_to64(p, l, 4); p += 4;
110 	l = (final[ 2] << 16) | (final[13] << 8) | final[23];
111 	_crypt_to64(p, l, 4); p += 4;
112 	l = (final[ 3] << 16) | (final[14] << 8) | final[24];
113 	_crypt_to64(p, l, 4); p += 4;
114 	l = (final[ 4] << 16) | (final[15] << 8) | final[25];
115 	_crypt_to64(p, l, 4); p += 4;
116 	l = (final[ 5] << 16) | (final[16] << 8) | final[26];
117 	_crypt_to64(p, l, 4); p += 4;
118 	l = (final[ 6] << 16) | (final[17] << 8) | final[27];
119 	_crypt_to64(p, l, 4); p += 4;
120 	l = (final[ 7] << 16) | (final[18] << 8) | final[28];
121 	_crypt_to64(p, l, 4); p += 4;
122 	l = (final[ 8] << 16) | (final[19] << 8) | final[29];
123 	_crypt_to64(p, l, 4); p += 4;
124 	l = (final[ 9] << 16) | (final[20] << 8) | final[30];
125 	_crypt_to64(p, l, 4); p += 4;
126 	l = (final[10] << 16) | (final[31] << 8);
127 	_crypt_to64(p, l, 4); p += 4;
128 	*p = '\0';
129 
130 	/* Clear memory. */
131 	memset(final, 0, sizeof(final));
132 
133 	return (passwd);
134 }
135