xref: /freebsd/lib/libcrypt/crypt.c (revision d8a0fe102c0cfdfcd5b818f850eff09d8536c9bc)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 1999 Mark Murray
5  * Copyright (c) 2014 Dag-Erling Smørgrav
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL MARK MURRAY OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
32 
33 #include <sys/types.h>
34 
35 #include <libutil.h>
36 #include <string.h>
37 #include <unistd.h>
38 
39 #include "crypt.h"
40 
41 /*
42  * List of supported crypt(3) formats.
43  *
44  * The default algorithm is the last entry in the list (second-to-last
45  * array element since the last is a sentinel).  The reason for placing
46  * the default last rather than first is that DES needs to be at the
47  * bottom for the algorithm guessing logic in crypt(3) to work correctly,
48  * and it needs to be the default for backward compatibility.
49  */
50 static const struct crypt_format {
51 	const char *name;
52 	int (*func)(const char *, const char *, char *);
53 	const char *magic;
54 } crypt_formats[] = {
55 	{ "md5",	crypt_md5,		"$1$"	},
56 #ifdef HAS_BLOWFISH
57 	{ "blf",	crypt_blowfish,		"$2"	},
58 #endif
59 	{ "nth",	crypt_nthash,		"$3$"	},
60 	{ "sha256",	crypt_sha256,		"$5$"	},
61 	{ "sha512",	crypt_sha512,		"$6$"	},
62 #ifdef HAS_DES
63 	{ "des",	crypt_des,		"_"	},
64 #endif
65 
66 	/* sentinel */
67 	{ NULL,		NULL,			NULL	}
68 };
69 
70 static const struct crypt_format *crypt_format =
71     &crypt_formats[(sizeof crypt_formats / sizeof *crypt_formats) - 2];
72 
73 #define DES_SALT_ALPHABET \
74 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
75 
76 /*
77  * Returns the name of the currently selected format.
78  */
79 const char *
80 crypt_get_format(void)
81 {
82 
83 	return (crypt_format->name);
84 }
85 
86 /*
87  * Selects the format to use for subsequent crypt(3) invocations.
88  */
89 int
90 crypt_set_format(const char *format)
91 {
92 	const struct crypt_format *cf;
93 
94 	for (cf = crypt_formats; cf->name != NULL; ++cf) {
95 		if (strcasecmp(cf->name, format) == 0) {
96 			crypt_format = cf;
97 			return (1);
98 		}
99 	}
100 	return (0);
101 }
102 
103 /*
104  * Hash the given password with the given salt.  If the salt begins with a
105  * magic string (e.g. "$6$" for sha512), the corresponding format is used;
106  * otherwise, the currently selected format is used.
107  */
108 char *
109 crypt_r(const char *passwd, const char *salt, struct crypt_data *data)
110 {
111 	const struct crypt_format *cf;
112 	int (*func)(const char *, const char *, char *);
113 #ifdef HAS_DES
114 	int len;
115 #endif
116 
117 	for (cf = crypt_formats; cf->name != NULL; ++cf)
118 		if (cf->magic != NULL && strstr(salt, cf->magic) == salt) {
119 			func = cf->func;
120 			goto match;
121 		}
122 #ifdef HAS_DES
123 	len = strlen(salt);
124 	if ((len == 13 || len == 2) && strspn(salt, DES_SALT_ALPHABET) == len) {
125 		func = crypt_des;
126 		goto match;
127 	}
128 #endif
129 	func = crypt_format->func;
130 match:
131 	if (func(passwd, salt, data->__buf) != 0)
132 		return (NULL);
133 	return (data->__buf);
134 }
135 
136 char *
137 crypt(const char *passwd, const char *salt)
138 {
139 	static struct crypt_data data;
140 
141 	return (crypt_r(passwd, salt, &data));
142 }
143