xref: /freebsd/lib/libcrypt/crypt-md5.c (revision 23f6875a43f7ce365f2d52cf857da010c47fb03b)
1 /*-
2  * Copyright (c) 2003 Poul-Henning Kamp
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29 
30 #include <sys/types.h>
31 
32 #include <err.h>
33 #include <md5.h>
34 #include <stdio.h>
35 #include <string.h>
36 #include <unistd.h>
37 
38 #include "crypt.h"
39 
40 /*
41  * UNIX password
42  */
43 
44 int
45 crypt_md5(const char *pw, const char *salt, char *buffer)
46 {
47 	MD5_CTX	ctx,ctx1;
48 	unsigned long l;
49 	int sl, pl;
50 	u_int i;
51 	u_char final[MD5_SIZE];
52 	const char *ep;
53 	static const char *magic = "$1$";
54 
55 	/* If the salt starts with the magic string, skip that. */
56 	if (!strncmp(salt, magic, strlen(magic)))
57 		salt += strlen(magic);
58 
59 	/* It stops at the first '$', max 8 chars */
60 	for (ep = salt; *ep && *ep != '$' && ep < salt + 8; ep++)
61 		continue;
62 
63 	/* get the length of the true salt */
64 	sl = ep - salt;
65 
66 	MD5Init(&ctx);
67 
68 	/* The password first, since that is what is most unknown */
69 	MD5Update(&ctx, (const u_char *)pw, strlen(pw));
70 
71 	/* Then our magic string */
72 	MD5Update(&ctx, (const u_char *)magic, strlen(magic));
73 
74 	/* Then the raw salt */
75 	MD5Update(&ctx, (const u_char *)salt, (u_int)sl);
76 
77 	/* Then just as many characters of the MD5(pw,salt,pw) */
78 	MD5Init(&ctx1);
79 	MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
80 	MD5Update(&ctx1, (const u_char *)salt, (u_int)sl);
81 	MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
82 	MD5Final(final, &ctx1);
83 	for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE)
84 		MD5Update(&ctx, (const u_char *)final,
85 		    (u_int)(pl > MD5_SIZE ? MD5_SIZE : pl));
86 
87 	/* Don't leave anything around in vm they could use. */
88 	memset(final, 0, sizeof(final));
89 
90 	/* Then something really weird... */
91 	for (i = strlen(pw); i; i >>= 1)
92 		if(i & 1)
93 		    MD5Update(&ctx, (const u_char *)final, 1);
94 		else
95 		    MD5Update(&ctx, (const u_char *)pw, 1);
96 
97 	/* Now make the output string */
98 	buffer = stpcpy(buffer, magic);
99 	buffer = stpncpy(buffer, salt, (u_int)sl);
100 	*buffer++ = '$';
101 
102 	MD5Final(final, &ctx);
103 
104 	/*
105 	 * and now, just to make sure things don't run too fast
106 	 * On a 60 Mhz Pentium this takes 34 msec, so you would
107 	 * need 30 seconds to build a 1000 entry dictionary...
108 	 */
109 	for(i = 0; i < 1000; i++) {
110 		MD5Init(&ctx1);
111 		if(i & 1)
112 			MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
113 		else
114 			MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
115 
116 		if(i % 3)
117 			MD5Update(&ctx1, (const u_char *)salt, (u_int)sl);
118 
119 		if(i % 7)
120 			MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
121 
122 		if(i & 1)
123 			MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
124 		else
125 			MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
126 		MD5Final(final, &ctx1);
127 	}
128 
129 	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
130 	_crypt_to64(buffer, l, 4); buffer += 4;
131 	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
132 	_crypt_to64(buffer, l, 4); buffer += 4;
133 	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
134 	_crypt_to64(buffer, l, 4); buffer += 4;
135 	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
136 	_crypt_to64(buffer, l, 4); buffer += 4;
137 	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
138 	_crypt_to64(buffer, l, 4); buffer += 4;
139 	l = final[11];
140 	_crypt_to64(buffer, l, 2); buffer += 2;
141 	*buffer = '\0';
142 
143 	/* Don't leave anything around in vm they could use. */
144 	memset(final, 0, sizeof(final));
145 
146 	return (0);
147 }
148