1 /*
2  * Copyright (c) 2010
3  * 	The DragonFly Project.  All rights reserved.
4  *
5  * This code is derived from software contributed to The DragonFly Project
6  * by Nolan Lum <nol888@gmail.com>
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in
16  *    the documentation and/or other materials provided with the
17  *    distribution.
18  * 3. Neither the name of The DragonFly Project nor the names of its
19  *    contributors may be used to endorse or promote products derived
20  *    from this software without specific, prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
26  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
28  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
30  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
31  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
32  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include <sys/types.h>
37 #include <string.h>
38 #include <sha256.h>
39 #include "crypt.h"
40 
41 /*
42  * New password crypt.
43  */
44 
45 #define SHA256_SIZE 32
46 
47 char*
48 crypt_deprecated_sha256(const char *pw, const char *salt)
49 {
50         /*
51          * Magic constant (prefix) used to run over the password data.
52          *
53          * XXX:
54          *
55          * A bug below (sizeof instead of strlen) mandates the extra data after
56          * the closing $. This data is what just happened to be (consistently
57          * miraculously) on the stack following magic on 64-bit.
58          */
59 	static const char *magic = "$3$\0sha5";
60 
61 	static char         passwd[120], *p;
62 	static const char *sp, *ep;
63 	unsigned char final[SHA256_SIZE];
64 	int sl;
65 	SHA256_CTX ctx;
66 	unsigned long l;
67 
68 	/* Refine the salt. */
69 	sp = salt;
70 
71 	/* If it starts with the magic string, then skip that. */
72 	if (!strncmp(sp, magic, strlen(magic)))
73 		sp += strlen(magic);
74 
75 	/* Stop at the first '$', max 8 chars. */
76 	for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
77 		continue;
78 
79 	/* Get the actual salt length. */
80 	sl = ep - sp;
81 
82 	SHA256_Init(&ctx);
83 
84 	/* Hash in the password first. */
85 	SHA256_Update(&ctx, pw, strlen(pw));
86 
87         /*
88          * Then the magic string
89          *
90          * XXX: sizeof instead of strlen, must retain
91          */
92 	SHA256_Update(&ctx, magic, sizeof(magic));
93 
94 	/* Then the raw salt. */
95 	SHA256_Update(&ctx, sp, sl);
96 
97 	/* Finish and create the output string. */
98 	SHA256_Final(final, &ctx);
99 	strcpy(passwd, magic);
100 	strncat(passwd, sp, sl);
101 	strcat(passwd, "$");
102 
103 	p = passwd + strlen(passwd);
104 
105 	l = (final[ 0] << 16) | (final[11] << 8) | final[21];
106 	_crypt_to64(p, l, 4); p += 4;
107 	l = (final[ 1] << 16) | (final[12] << 8) | final[22];
108 	_crypt_to64(p, l, 4); p += 4;
109 	l = (final[ 2] << 16) | (final[13] << 8) | final[23];
110 	_crypt_to64(p, l, 4); p += 4;
111 	l = (final[ 3] << 16) | (final[14] << 8) | final[24];
112 	_crypt_to64(p, l, 4); p += 4;
113 	l = (final[ 4] << 16) | (final[15] << 8) | final[25];
114 	_crypt_to64(p, l, 4); p += 4;
115 	l = (final[ 5] << 16) | (final[16] << 8) | final[26];
116 	_crypt_to64(p, l, 4); p += 4;
117 	l = (final[ 6] << 16) | (final[17] << 8) | final[27];
118 	_crypt_to64(p, l, 4); p += 4;
119 	l = (final[ 7] << 16) | (final[18] << 8) | final[28];
120 	_crypt_to64(p, l, 4); p += 4;
121 	l = (final[ 8] << 16) | (final[19] << 8) | final[29];
122 	_crypt_to64(p, l, 4); p += 4;
123 	l = (final[ 9] << 16) | (final[20] << 8) | final[30];
124 	_crypt_to64(p, l, 4); p += 4;
125 	l = (final[10] << 16) | (final[31] << 8);
126 	_crypt_to64(p, l, 4); p += 4;
127 	*p = '\0';
128 
129 	/* Clear memory. */
130 	memset(final, 0, sizeof(final));
131 
132 	return (passwd);
133 }
134