Annotation of /trunk/mkinitrd-magellan/busybox/libbb/pw_encrypt_sha.c
Parent Directory
| 
Revision Log
Revision 1000 -
(hide annotations)
(download)
Sun May 30 12:27:29 2010 UTC (13 years, 11 months ago) by niro
File MIME type: text/plain
File size: 9430 byte(s)
Sun May 30 12:27:29 2010 UTC (13 years, 11 months ago) by niro
File MIME type: text/plain
File size: 9430 byte(s)
-added missing files
| 1 | niro | 1000 | /* SHA256 and SHA512-based Unix crypt implementation. |
| 2 | * Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. | ||
| 3 | */ | ||
| 4 | |||
| 5 | /* Prefix for optional rounds specification. */ | ||
| 6 | static const char str_rounds[] = "rounds=%u$"; | ||
| 7 | |||
| 8 | /* Maximum salt string length. */ | ||
| 9 | #define SALT_LEN_MAX 16 | ||
| 10 | /* Default number of rounds if not explicitly specified. */ | ||
| 11 | #define ROUNDS_DEFAULT 5000 | ||
| 12 | /* Minimum number of rounds. */ | ||
| 13 | #define ROUNDS_MIN 1000 | ||
| 14 | /* Maximum number of rounds. */ | ||
| 15 | #define ROUNDS_MAX 999999999 | ||
| 16 | |||
| 17 | static char * | ||
| 18 | NOINLINE | ||
| 19 | sha_crypt(/*const*/ char *key_data, /*const*/ char *salt_data) | ||
| 20 | { | ||
| 21 | void (*sha_begin)(void *ctx) FAST_FUNC; | ||
| 22 | void (*sha_hash)(const void *buffer, size_t len, void *ctx) FAST_FUNC; | ||
| 23 | void (*sha_end)(void *resbuf, void *ctx) FAST_FUNC; | ||
| 24 | int _32or64; | ||
| 25 | |||
| 26 | char *result, *resptr; | ||
| 27 | |||
| 28 | /* btw, sha256 needs [32] and uint32_t only */ | ||
| 29 | struct { | ||
| 30 | unsigned char alt_result[64]; | ||
| 31 | unsigned char temp_result[64]; | ||
| 32 | union { | ||
| 33 | sha256_ctx_t x; | ||
| 34 | sha512_ctx_t y; | ||
| 35 | } ctx; | ||
| 36 | union { | ||
| 37 | sha256_ctx_t x; | ||
| 38 | sha512_ctx_t y; | ||
| 39 | } alt_ctx; | ||
| 40 | } L __attribute__((__aligned__(__alignof__(uint64_t)))); | ||
| 41 | #define alt_result (L.alt_result ) | ||
| 42 | #define temp_result (L.temp_result) | ||
| 43 | #define ctx (L.ctx ) | ||
| 44 | #define alt_ctx (L.alt_ctx ) | ||
| 45 | unsigned salt_len; | ||
| 46 | unsigned key_len; | ||
| 47 | unsigned cnt; | ||
| 48 | unsigned rounds; | ||
| 49 | char *cp; | ||
| 50 | char is_sha512; | ||
| 51 | |||
| 52 | /* Analyze salt, construct already known part of result */ | ||
| 53 | cnt = strlen(salt_data) + 1 + 43 + 1; | ||
| 54 | is_sha512 = salt_data[1]; | ||
| 55 | if (is_sha512 == '6') | ||
| 56 | cnt += 43; | ||
| 57 | result = resptr = xzalloc(cnt); /* will provide NUL terminator */ | ||
| 58 | *resptr++ = '$'; | ||
| 59 | *resptr++ = is_sha512; | ||
| 60 | *resptr++ = '$'; | ||
| 61 | rounds = ROUNDS_DEFAULT; | ||
| 62 | salt_data += 3; | ||
| 63 | if (strncmp(salt_data, str_rounds, 7) == 0) { | ||
| 64 | /* 7 == strlen("rounds=") */ | ||
| 65 | char *endp; | ||
| 66 | cnt = bb_strtou(salt_data + 7, &endp, 10); | ||
| 67 | if (*endp == '$') { | ||
| 68 | salt_data = endp + 1; | ||
| 69 | rounds = cnt; | ||
| 70 | if (rounds < ROUNDS_MIN) | ||
| 71 | rounds = ROUNDS_MIN; | ||
| 72 | if (rounds > ROUNDS_MAX) | ||
| 73 | rounds = ROUNDS_MAX; | ||
| 74 | /* add "rounds=NNNNN$" to result */ | ||
| 75 | resptr += sprintf(resptr, str_rounds, rounds); | ||
| 76 | } | ||
| 77 | } | ||
| 78 | salt_len = strchrnul(salt_data, '$') - salt_data; | ||
| 79 | if (salt_len > SALT_LEN_MAX) | ||
| 80 | salt_len = SALT_LEN_MAX; | ||
| 81 | /* xstrdup assures suitable alignment; also we will use it | ||
| 82 | as a scratch space later. */ | ||
| 83 | salt_data = xstrndup(salt_data, salt_len); | ||
| 84 | /* add "salt$" to result */ | ||
| 85 | strcpy(resptr, salt_data); | ||
| 86 | resptr += salt_len; | ||
| 87 | *resptr++ = '$'; | ||
| 88 | /* key data doesn't need much processing */ | ||
| 89 | key_len = strlen(key_data); | ||
| 90 | key_data = xstrdup(key_data); | ||
| 91 | |||
| 92 | /* Which flavor of SHAnnn ops to use? */ | ||
| 93 | sha_begin = (void*)sha256_begin; | ||
| 94 | sha_hash = (void*)sha256_hash; | ||
| 95 | sha_end = (void*)sha256_end; | ||
| 96 | _32or64 = 32; | ||
| 97 | if (is_sha512 == '6') { | ||
| 98 | sha_begin = (void*)sha512_begin; | ||
| 99 | sha_hash = (void*)sha512_hash; | ||
| 100 | sha_end = (void*)sha512_end; | ||
| 101 | _32or64 = 64; | ||
| 102 | } | ||
| 103 | |||
| 104 | /* Add KEY, SALT. */ | ||
| 105 | sha_begin(&ctx); | ||
| 106 | sha_hash(key_data, key_len, &ctx); | ||
| 107 | sha_hash(salt_data, salt_len, &ctx); | ||
| 108 | |||
| 109 | /* Compute alternate SHA sum with input KEY, SALT, and KEY. | ||
| 110 | The final result will be added to the first context. */ | ||
| 111 | sha_begin(&alt_ctx); | ||
| 112 | sha_hash(key_data, key_len, &alt_ctx); | ||
| 113 | sha_hash(salt_data, salt_len, &alt_ctx); | ||
| 114 | sha_hash(key_data, key_len, &alt_ctx); | ||
| 115 | sha_end(alt_result, &alt_ctx); | ||
| 116 | |||
| 117 | /* Add result of this to the other context. */ | ||
| 118 | /* Add for any character in the key one byte of the alternate sum. */ | ||
| 119 | for (cnt = key_len; cnt > _32or64; cnt -= _32or64) | ||
| 120 | sha_hash(alt_result, _32or64, &ctx); | ||
| 121 | sha_hash(alt_result, cnt, &ctx); | ||
| 122 | |||
| 123 | /* Take the binary representation of the length of the key and for every | ||
| 124 | 1 add the alternate sum, for every 0 the key. */ | ||
| 125 | for (cnt = key_len; cnt != 0; cnt >>= 1) | ||
| 126 | if ((cnt & 1) != 0) | ||
| 127 | sha_hash(alt_result, _32or64, &ctx); | ||
| 128 | else | ||
| 129 | sha_hash(key_data, key_len, &ctx); | ||
| 130 | |||
| 131 | /* Create intermediate result. */ | ||
| 132 | sha_end(alt_result, &ctx); | ||
| 133 | |||
| 134 | /* Start computation of P byte sequence. */ | ||
| 135 | /* For every character in the password add the entire password. */ | ||
| 136 | sha_begin(&alt_ctx); | ||
| 137 | for (cnt = 0; cnt < key_len; ++cnt) | ||
| 138 | sha_hash(key_data, key_len, &alt_ctx); | ||
| 139 | sha_end(temp_result, &alt_ctx); | ||
| 140 | |||
| 141 | /* NB: past this point, raw key_data is not used anymore */ | ||
| 142 | |||
| 143 | /* Create byte sequence P. */ | ||
| 144 | #define p_bytes key_data /* reuse the buffer as it is of the key_len size */ | ||
| 145 | cp = p_bytes; /* was: ... = alloca(key_len); */ | ||
| 146 | for (cnt = key_len; cnt >= _32or64; cnt -= _32or64) { | ||
| 147 | cp = memcpy(cp, temp_result, _32or64); | ||
| 148 | cp += _32or64; | ||
| 149 | } | ||
| 150 | memcpy(cp, temp_result, cnt); | ||
| 151 | |||
| 152 | /* Start computation of S byte sequence. */ | ||
| 153 | /* For every character in the password add the entire password. */ | ||
| 154 | sha_begin(&alt_ctx); | ||
| 155 | for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) | ||
| 156 | sha_hash(salt_data, salt_len, &alt_ctx); | ||
| 157 | sha_end(temp_result, &alt_ctx); | ||
| 158 | |||
| 159 | /* NB: past this point, raw salt_data is not used anymore */ | ||
| 160 | |||
| 161 | /* Create byte sequence S. */ | ||
| 162 | #define s_bytes salt_data /* reuse the buffer as it is of the salt_len size */ | ||
| 163 | cp = s_bytes; /* was: ... = alloca(salt_len); */ | ||
| 164 | for (cnt = salt_len; cnt >= _32or64; cnt -= _32or64) { | ||
| 165 | cp = memcpy(cp, temp_result, _32or64); | ||
| 166 | cp += _32or64; | ||
| 167 | } | ||
| 168 | memcpy(cp, temp_result, cnt); | ||
| 169 | |||
| 170 | /* Repeatedly run the collected hash value through SHA to burn | ||
| 171 | CPU cycles. */ | ||
| 172 | for (cnt = 0; cnt < rounds; ++cnt) { | ||
| 173 | sha_begin(&ctx); | ||
| 174 | |||
| 175 | /* Add key or last result. */ | ||
| 176 | if ((cnt & 1) != 0) | ||
| 177 | sha_hash(p_bytes, key_len, &ctx); | ||
| 178 | else | ||
| 179 | sha_hash(alt_result, _32or64, &ctx); | ||
| 180 | /* Add salt for numbers not divisible by 3. */ | ||
| 181 | if (cnt % 3 != 0) | ||
| 182 | sha_hash(s_bytes, salt_len, &ctx); | ||
| 183 | /* Add key for numbers not divisible by 7. */ | ||
| 184 | if (cnt % 7 != 0) | ||
| 185 | sha_hash(p_bytes, key_len, &ctx); | ||
| 186 | /* Add key or last result. */ | ||
| 187 | if ((cnt & 1) != 0) | ||
| 188 | sha_hash(alt_result, _32or64, &ctx); | ||
| 189 | else | ||
| 190 | sha_hash(p_bytes, key_len, &ctx); | ||
| 191 | |||
| 192 | sha_end(alt_result, &ctx); | ||
| 193 | } | ||
| 194 | |||
| 195 | /* Append encrypted password to result buffer */ | ||
| 196 | //TODO: replace with something like | ||
| 197 | // bb_uuencode(cp, src, length, bb_uuenc_tbl_XXXbase64); | ||
| 198 | #define b64_from_24bit(B2, B1, B0, N) \ | ||
| 199 | do { \ | ||
| 200 | unsigned w = ((B2) << 16) | ((B1) << 8) | (B0); \ | ||
| 201 | resptr = to64(resptr, w, N); \ | ||
| 202 | } while (0) | ||
| 203 | if (is_sha512 == '5') { | ||
| 204 | unsigned i = 0; | ||
| 205 | while (1) { | ||
| 206 | unsigned j = i + 10; | ||
| 207 | unsigned k = i + 20; | ||
| 208 | if (j >= 30) j -= 30; | ||
| 209 | if (k >= 30) k -= 30; | ||
| 210 | b64_from_24bit(alt_result[i], alt_result[j], alt_result[k], 4); | ||
| 211 | if (k == 29) | ||
| 212 | break; | ||
| 213 | i = k + 1; | ||
| 214 | } | ||
| 215 | b64_from_24bit(0, alt_result[31], alt_result[30], 3); | ||
| 216 | /* was: | ||
| 217 | b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4); | ||
| 218 | b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4); | ||
| 219 | b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4); | ||
| 220 | b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4); | ||
| 221 | b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4); | ||
| 222 | b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4); | ||
| 223 | b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4); | ||
| 224 | b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4); | ||
| 225 | b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4); | ||
| 226 | b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4); | ||
| 227 | b64_from_24bit(0, alt_result[31], alt_result[30], 3); | ||
| 228 | */ | ||
| 229 | } else { | ||
| 230 | unsigned i = 0; | ||
| 231 | while (1) { | ||
| 232 | unsigned j = i + 21; | ||
| 233 | unsigned k = i + 42; | ||
| 234 | if (j >= 63) j -= 63; | ||
| 235 | if (k >= 63) k -= 63; | ||
| 236 | b64_from_24bit(alt_result[i], alt_result[j], alt_result[k], 4); | ||
| 237 | if (j == 20) | ||
| 238 | break; | ||
| 239 | i = j + 1; | ||
| 240 | } | ||
| 241 | b64_from_24bit(0, 0, alt_result[63], 2); | ||
| 242 | /* was: | ||
| 243 | b64_from_24bit(alt_result[0], alt_result[21], alt_result[42], 4); | ||
| 244 | b64_from_24bit(alt_result[22], alt_result[43], alt_result[1], 4); | ||
| 245 | b64_from_24bit(alt_result[44], alt_result[2], alt_result[23], 4); | ||
| 246 | b64_from_24bit(alt_result[3], alt_result[24], alt_result[45], 4); | ||
| 247 | b64_from_24bit(alt_result[25], alt_result[46], alt_result[4], 4); | ||
| 248 | b64_from_24bit(alt_result[47], alt_result[5], alt_result[26], 4); | ||
| 249 | b64_from_24bit(alt_result[6], alt_result[27], alt_result[48], 4); | ||
| 250 | b64_from_24bit(alt_result[28], alt_result[49], alt_result[7], 4); | ||
| 251 | b64_from_24bit(alt_result[50], alt_result[8], alt_result[29], 4); | ||
| 252 | b64_from_24bit(alt_result[9], alt_result[30], alt_result[51], 4); | ||
| 253 | b64_from_24bit(alt_result[31], alt_result[52], alt_result[10], 4); | ||
| 254 | b64_from_24bit(alt_result[53], alt_result[11], alt_result[32], 4); | ||
| 255 | b64_from_24bit(alt_result[12], alt_result[33], alt_result[54], 4); | ||
| 256 | b64_from_24bit(alt_result[34], alt_result[55], alt_result[13], 4); | ||
| 257 | b64_from_24bit(alt_result[56], alt_result[14], alt_result[35], 4); | ||
| 258 | b64_from_24bit(alt_result[15], alt_result[36], alt_result[57], 4); | ||
| 259 | b64_from_24bit(alt_result[37], alt_result[58], alt_result[16], 4); | ||
| 260 | b64_from_24bit(alt_result[59], alt_result[17], alt_result[38], 4); | ||
| 261 | b64_from_24bit(alt_result[18], alt_result[39], alt_result[60], 4); | ||
| 262 | b64_from_24bit(alt_result[40], alt_result[61], alt_result[19], 4); | ||
| 263 | b64_from_24bit(alt_result[62], alt_result[20], alt_result[41], 4); | ||
| 264 | b64_from_24bit(0, 0, alt_result[63], 2); | ||
| 265 | */ | ||
| 266 | } | ||
| 267 | /* *resptr = '\0'; - xzalloc did it */ | ||
| 268 | #undef b64_from_24bit | ||
| 269 | |||
| 270 | /* Clear the buffer for the intermediate result so that people | ||
| 271 | attaching to processes or reading core dumps cannot get any | ||
| 272 | information. */ | ||
| 273 | memset(&L, 0, sizeof(L)); /* [alt]_ctx and XXX_result buffers */ | ||
| 274 | memset(key_data, 0, key_len); /* also p_bytes */ | ||
| 275 | memset(salt_data, 0, salt_len); /* also s_bytes */ | ||
| 276 | free(key_data); | ||
| 277 | free(salt_data); | ||
| 278 | #undef p_bytes | ||
| 279 | #undef s_bytes | ||
| 280 | |||
| 281 | return result; | ||
| 282 | #undef alt_result | ||
| 283 | #undef temp_result | ||
| 284 | #undef ctx | ||
| 285 | #undef alt_ctx | ||
| 286 | } |