crypt/md5-crypt.c

   1 /* One way encryption based on MD5 sum.
   2    Copyright (C) 1996,1997,1999,2000,2001,2002 Free Software Foundation, Inc.
   3    This file is part of the GNU C Library.
   4    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
   5
   6    The GNU C Library is free software; you can redistribute it and/or
   7    modify it under the terms of the GNU Lesser General Public
   8    License as published by the Free Software Foundation; either
   9    version 2.1 of the License, or (at your option) any later version.
  10
  11    The GNU C Library is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14    Lesser General Public License for more details.
  15
  16    You should have received a copy of the GNU Lesser General Public
  17    License along with the GNU C Library; if not, write to the Free
  18    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
  19    02111-1307 USA.  */
  20
  21 #include <assert.h>
  22 #include <errno.h>
  23 #include <stdlib.h>
  24 #include <string.h>
  25 #include <sys/param.h>
  26
  27 #include "md5.h"
  28
  29
  30 /* Define our magic string to mark salt for MD5 "encryption"
  31    replacement.  This is meant to be the same as for other MD5 based
  32    encryption implementations.  */
  33 static const char md5_salt_prefix[] = "$1$";
  34
  35 /* Table with characters for base64 transformation.  */
  36 static const char b64t[64] =
  37 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
  38
  39
  40 /* Prototypes for local functions.  */
  41 extern char *__md5_crypt_r (const char *key, const char *salt,
  42                             char *buffer, int buflen);
  43 extern char *__md5_crypt (const char *key, const char *salt);
  44
  45
  46 /* This entry point is equivalent to the `crypt' function in Unix
  47    libcs.  */
  48 char *
  49 __md5_crypt_r (key, salt, buffer, buflen)
  50      const char *key;
  51      const char *salt;
  52      char *buffer;
  53      int buflen;
  54 {
  55   unsigned char alt_result[16]
  56     __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
  57   struct md5_ctx ctx;
  58   struct md5_ctx alt_ctx;
  59   size_t salt_len;
  60   size_t key_len;
  61   size_t cnt;
  62   char *cp;
  63   char *copied_key = NULL;
  64   char *copied_salt = NULL;
  65
  66   /* Find beginning of salt string.  The prefix should normally always
  67      be present.  Just in case it is not.  */
  68   if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
  69     /* Skip salt prefix.  */
  70     salt += sizeof (md5_salt_prefix) - 1;
  71
  72   salt_len = MIN (strcspn (salt, "$"), 8);
  73   key_len = strlen (key);
  74
  75   if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0)
  76     {
  77       char *tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
  78       key = copied_key =
  79         memcpy (tmp + __alignof__ (md5_uint32)
  80                 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
  81                 key, key_len);
  82       assert ((key - (char *) 0) % __alignof__ (md5_uint32) == 0);
  83     }
  84
  85   if ((salt - (char *) 0) % __alignof__ (md5_uint32) != 0)
  86     {
  87       char *tmp = (char *) alloca (salt_len + __alignof__ (md5_uint32));
  88       salt = copied_salt =
  89         memcpy (tmp + __alignof__ (md5_uint32)
  90                 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
  91                 salt, salt_len);
  92       assert ((salt - (char *) 0) % __alignof__ (md5_uint32) == 0);
  93     }
  94
  95   /* Prepare for the real work.  */
  96   __md5_init_ctx (&ctx);
  97
  98   /* Add the key string.  */
  99   __md5_process_bytes (key, key_len, &ctx);
 100
 101   /* Because the SALT argument need not always have the salt prefix we
 102      add it separately.  */
 103   __md5_process_bytes (md5_salt_prefix, sizeof (md5_salt_prefix) - 1, &ctx);
 104
 105   /* The last part is the salt string.  This must be at most 8
 106      characters and it ends at the first `$' character (for
 107      compatibility which existing solutions).  */
 108   __md5_process_bytes (salt, salt_len, &ctx);
 109
 110
 111   /* Compute alternate MD5 sum with input KEY, SALT, and KEY.  The
 112      final result will be added to the first context.  */
 113   __md5_init_ctx (&alt_ctx);
 114
 115   /* Add key.  */
 116   __md5_process_bytes (key, key_len, &alt_ctx);
 117
 118   /* Add salt.  */
 119   __md5_process_bytes (salt, salt_len, &alt_ctx);
 120
 121   /* Add key again.  */
 122   __md5_process_bytes (key, key_len, &alt_ctx);
 123
 124   /* Now get result of this (16 bytes) and add it to the other
 125      context.  */
 126   __md5_finish_ctx (&alt_ctx, alt_result);
 127
 128   /* Add for any character in the key one byte of the alternate sum.  */
 129   for (cnt = key_len; cnt > 16; cnt -= 16)
 130     __md5_process_bytes (alt_result, 16, &ctx);
 131   __md5_process_bytes (alt_result, cnt, &ctx);
 132
 133   /* For the following code we need a NUL byte.  */
 134   *alt_result = '\0';
 135
 136   /* The original implementation now does something weird: for every 1
 137      bit in the key the first 0 is added to the buffer, for every 0
 138      bit the first character of the key.  This does not seem to be
 139      what was intended but we have to follow this to be compatible.  */
 140   for (cnt = key_len; cnt > 0; cnt >>= 1)
 141     __md5_process_bytes ((cnt & 1) != 0 ? (const char *) alt_result : key, 1,
 142                          &ctx);
 143
 144   /* Create intermediate result.  */
 145   __md5_finish_ctx (&ctx, alt_result);
 146
 147   /* Now comes another weirdness.  In fear of password crackers here
 148      comes a quite long loop which just processes the output of the
 149      previous round again.  We cannot ignore this here.  */
 150   for (cnt = 0; cnt < 1000; ++cnt)
 151     {
 152       /* New context.  */
 153       __md5_init_ctx (&ctx);
 154
 155       /* Add key or last result.  */
 156       if ((cnt & 1) != 0)
 157         __md5_process_bytes (key, key_len, &ctx);
 158       else
 159         __md5_process_bytes (alt_result, 16, &ctx);
 160
 161       /* Add salt for numbers not divisible by 3.  */
 162       if (cnt % 3 != 0)
 163         __md5_process_bytes (salt, salt_len, &ctx);
 164
 165       /* Add key for numbers not divisible by 7.  */
 166       if (cnt % 7 != 0)
 167         __md5_process_bytes (key, key_len, &ctx);
 168
 169       /* Add key or last result.  */
 170       if ((cnt & 1) != 0)
 171         __md5_process_bytes (alt_result, 16, &ctx);
 172       else
 173         __md5_process_bytes (key, key_len, &ctx);
 174
 175       /* Create intermediate result.  */
 176       __md5_finish_ctx (&ctx, alt_result);
 177     }
 178
 179   /* Now we can construct the result string.  It consists of three
 180      parts.  */
 181   cp = __stpncpy (buffer, md5_salt_prefix, MAX (0, buflen));
 182   buflen -= sizeof (md5_salt_prefix) - 1;
 183
 184   cp = __stpncpy (cp, salt, MIN ((size_t) MAX (0, buflen), salt_len));
 185   buflen -= MIN ((size_t) MAX (0, buflen), salt_len);
 186
 187   if (buflen > 0)
 188     {
 189       *cp++ = '$';
 190       --buflen;
 191     }
 192
 193 #define b64_from_24bit(B2, B1, B0, N)                                         \
 194   do {                                                                        \
 195     unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0);                       \
 196     int n = (N);                                                              \
 197     while (n-- > 0 && buflen > 0)                                             \
 198       {                                                                       \
 199         *cp++ = b64t[w & 0x3f];                                               \
 200         --buflen;                                                             \
 201         w >>= 6;                                                              \
 202       }                                                                       \
 203   } while (0)
 204
 205
 206   b64_from_24bit (alt_result[0], alt_result[6], alt_result[12], 4);
 207   b64_from_24bit (alt_result[1], alt_result[7], alt_result[13], 4);
 208   b64_from_24bit (alt_result[2], alt_result[8], alt_result[14], 4);
 209   b64_from_24bit (alt_result[3], alt_result[9], alt_result[15], 4);
 210   b64_from_24bit (alt_result[4], alt_result[10], alt_result[5], 4);
 211   b64_from_24bit (0, 0, alt_result[11], 2);
 212   if (buflen <= 0)
 213     {
 214       __set_errno (ERANGE);
 215       buffer = NULL;
 216     }
 217   else
 218     *cp = '\0';         /* Terminate the string.  */
 219
 220   /* Clear the buffer for the intermediate result so that people
 221      attaching to processes or reading core dumps cannot get any
 222      information.  We do it in this way to clear correct_words[]
 223      inside the MD5 implementation as well.  */
 224   __md5_init_ctx (&ctx);
 225   __md5_finish_ctx (&ctx, alt_result);
 226   memset (&ctx, '\0', sizeof (ctx));
 227   memset (&alt_ctx, '\0', sizeof (alt_ctx));
 228   if (copied_key != NULL)
 229     memset (copied_key, '\0', key_len);
 230   if (copied_salt != NULL)
 231     memset (copied_salt, '\0', salt_len);
 232
 233   return buffer;
 234 }
 235
 236 #ifndef _LIBC
 237 # define libc_freeres_ptr(decl) decl
 238 #endif
 239 libc_freeres_ptr (static char *buffer);
 240
 241 char *
 242 __md5_crypt (const char *key, const char *salt)
 243 {
 244   /* We don't want to have an arbitrary limit in the size of the
 245      password.  We can compute the size of the result in advance and
 246      so we can prepare the buffer we pass to `md5_crypt_r'.  */
 247   static int buflen;
 248   int needed = 3 + strlen (salt) + 1 + 26 + 1;
 249
 250   if (buflen < needed)
 251     {
 252       char *new_buffer;
 253
 254       buflen = needed;
 255
 256       new_buffer = (char *) realloc (buffer, buflen);
 257       if (new_buffer == NULL)
 258         return NULL;
 259
 260       buffer = new_buffer;
 261     }
 262
 263   return __md5_crypt_r (key, salt, buffer, buflen);
 264 }
 265
 266 #ifndef _LIBC
 267 static void
 268 __attribute__ ((__destructor__))
 269 free_mem (void)
 270 {
 271   free (buffer);
 272 }
 273 #endif