1 /* 2 * Copyright (c) 2010 3 * The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Nolan Lum <nol888@gmail.com> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 3. Neither the name of The DragonFly Project nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific, prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 28 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 30 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 31 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 32 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/types.h> 37 #include <string.h> 38 #include <sha512.h> 39 #include "crypt.h" 40 41 /* 42 * New password crypt. 43 */ 44 45 #define SHA512_SIZE 64 46 47 char* 48 crypt_deprecated_sha512(const char *pw, const char *salt) 49 { 50 /* 51 * Magic constant (prefix) used to run over the password data. 52 * 53 * XXX: 54 * 55 * A bug below (sizeof instead of strlen) mandates the extra data after 56 * the closing $. This data is what just happened to be (consistently 57 * miraculously) on the stack following magic on 64-bit. 58 */ 59 static const char *magic = "$4$\0/etc"; 60 61 static char passwd[120], *p; 62 static const char *sp, *ep; 63 unsigned char final[SHA512_SIZE]; 64 int sl, i; 65 SHA512_CTX ctx; 66 unsigned long l; 67 68 /* Refine the salt. */ 69 sp = salt; 70 71 /* If it starts with the magic string, then skip that. */ 72 if (!strncmp(sp, magic, strlen(magic))) 73 sp += strlen(magic); 74 75 /* Stop at the first '$', max 8 chars. */ 76 for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++) 77 continue; 78 79 /* Get the actual salt length. */ 80 sl = ep - sp; 81 82 SHA512_Init(&ctx); 83 84 /* Hash in the password first. */ 85 SHA512_Update(&ctx, pw, strlen(pw)); 86 87 /* 88 * Then the magic string 89 * 90 * XXX: sizeof instead of strlen, must retain 91 */ 92 SHA512_Update(&ctx, magic, sizeof(magic)); 93 94 /* Then the raw salt. */ 95 SHA512_Update(&ctx, sp, sl); 96 97 /* Finish and create the output string. */ 98 SHA512_Final(final, &ctx); 99 strcpy(passwd, magic); 100 strncat(passwd, sp, sl); 101 strcat(passwd, "$"); 102 103 p = passwd + strlen(passwd); 104 105 /* 106 * For-loop form of the algorithm in sha256.c; 107 * breaks the final output up into 3cols and then base64's each row. 108 */ 109 for (i = 0; i < 20; i++) { 110 l = (final[i] << 16) | (final[i + 21] << 8) | final[i + 42]; 111 _crypt_to64(p, l, 4); p += 4; 112 } 113 l = (final[20] << 16) | (final[41] << 8); 114 _crypt_to64(p, l, 4); p += 4; 115 *p = '\0'; 116 117 /* Clear memory. */ 118 memset(final, 0, sizeof(final)); 119 120 return (passwd); 121 } 122