1 /*- 2 * Copyright (c) 2003 Poul-Henning Kamp 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #include <sys/types.h> 31 32 #include <err.h> 33 #include <md5.h> 34 #include <stdio.h> 35 #include <string.h> 36 #include <unistd.h> 37 38 #include "crypt.h" 39 40 /* 41 * UNIX password 42 */ 43 44 int 45 crypt_md5(const char *pw, const char *salt, char *buffer) 46 { 47 MD5_CTX ctx,ctx1; 48 unsigned long l; 49 int sl, pl; 50 u_int i; 51 u_char final[MD5_SIZE]; 52 const char *ep; 53 static const char *magic = "$1$"; 54 55 /* If the salt starts with the magic string, skip that. */ 56 if (!strncmp(salt, magic, strlen(magic))) 57 salt += strlen(magic); 58 59 /* It stops at the first '$', max 8 chars */ 60 for (ep = salt; *ep && *ep != '$' && ep < salt + 8; ep++) 61 continue; 62 63 /* get the length of the true salt */ 64 sl = ep - salt; 65 66 MD5Init(&ctx); 67 68 /* The password first, since that is what is most unknown */ 69 MD5Update(&ctx, (const u_char *)pw, strlen(pw)); 70 71 /* Then our magic string */ 72 MD5Update(&ctx, (const u_char *)magic, strlen(magic)); 73 74 /* Then the raw salt */ 75 MD5Update(&ctx, (const u_char *)salt, (u_int)sl); 76 77 /* Then just as many characters of the MD5(pw,salt,pw) */ 78 MD5Init(&ctx1); 79 MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); 80 MD5Update(&ctx1, (const u_char *)salt, (u_int)sl); 81 MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); 82 MD5Final(final, &ctx1); 83 for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE) 84 MD5Update(&ctx, (const u_char *)final, 85 (u_int)(pl > MD5_SIZE ? MD5_SIZE : pl)); 86 87 /* Don't leave anything around in vm they could use. */ 88 memset(final, 0, sizeof(final)); 89 90 /* Then something really weird... */ 91 for (i = strlen(pw); i; i >>= 1) 92 if(i & 1) 93 MD5Update(&ctx, (const u_char *)final, 1); 94 else 95 MD5Update(&ctx, (const u_char *)pw, 1); 96 97 /* Now make the output string */ 98 buffer = stpcpy(buffer, magic); 99 buffer = stpncpy(buffer, salt, (u_int)sl); 100 *buffer++ = '$'; 101 102 MD5Final(final, &ctx); 103 104 /* 105 * and now, just to make sure things don't run too fast 106 * On a 60 Mhz Pentium this takes 34 msec, so you would 107 * need 30 seconds to build a 1000 entry dictionary... 108 */ 109 for(i = 0; i < 1000; i++) { 110 MD5Init(&ctx1); 111 if(i & 1) 112 MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); 113 else 114 MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); 115 116 if(i % 3) 117 MD5Update(&ctx1, (const u_char *)salt, (u_int)sl); 118 119 if(i % 7) 120 MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); 121 122 if(i & 1) 123 MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); 124 else 125 MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); 126 MD5Final(final, &ctx1); 127 } 128 129 l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; 130 _crypt_to64(buffer, l, 4); buffer += 4; 131 l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; 132 _crypt_to64(buffer, l, 4); buffer += 4; 133 l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; 134 _crypt_to64(buffer, l, 4); buffer += 4; 135 l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; 136 _crypt_to64(buffer, l, 4); buffer += 4; 137 l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; 138 _crypt_to64(buffer, l, 4); buffer += 4; 139 l = final[11]; 140 _crypt_to64(buffer, l, 2); buffer += 2; 141 *buffer = '\0'; 142 143 /* Don't leave anything around in vm they could use. */ 144 memset(final, 0, sizeof(final)); 145 146 return (0); 147 } 148