]>
Commit | Line | Data |
---|---|---|
63f791d3 GK |
1 | /* |
2 | * UFC-crypt: ultra fast crypt(3) implementation | |
3 | * | |
b168057a | 4 | * Copyright (C) 1991-2015 Free Software Foundation, Inc. |
63f791d3 | 5 | * |
a1b36134 AJ |
6 | * The GNU C Library is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU Lesser General Public | |
63f791d3 | 8 | * License as published by the Free Software Foundation; either |
a1b36134 | 9 | * version 2.1 of the License, or (at your option) any later version. |
63f791d3 | 10 | * |
a1b36134 | 11 | * The GNU C Library is distributed in the hope that it will be useful, |
63f791d3 GK |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
a1b36134 | 14 | * Lesser General Public License for more details. |
63f791d3 | 15 | * |
a1b36134 | 16 | * You should have received a copy of the GNU Lesser General Public |
59ba27a6 PE |
17 | * License along with the GNU C Library; if not, see |
18 | * <http://www.gnu.org/licenses/>. | |
63f791d3 GK |
19 | * |
20 | * crypt entry points | |
21 | * | |
22 | * @(#)crypt-entry.c 1.2 12/20/96 | |
23 | * | |
24 | */ | |
25 | ||
26 | #ifdef DEBUG | |
27 | #include <stdio.h> | |
28 | #endif | |
29 | #include <string.h> | |
4ba74a35 | 30 | #include <errno.h> |
e7451425 | 31 | #include <fips-private.h> |
63f791d3 GK |
32 | |
33 | #ifndef STATIC | |
34 | #define STATIC static | |
35 | #endif | |
36 | ||
63f791d3 GK |
37 | #include "crypt-private.h" |
38 | ||
39 | /* Prototypes for local functions. */ | |
63f791d3 GK |
40 | #ifndef __GNU_LIBRARY__ |
41 | void _ufc_clearmem (char *start, int cnt); | |
42 | #else | |
43 | #define _ufc_clearmem(start, cnt) memset(start, 0, cnt) | |
44 | #endif | |
45 | extern char *__md5_crypt_r (const char *key, const char *salt, char *buffer, | |
46 | int buflen); | |
47 | extern char *__md5_crypt (const char *key, const char *salt); | |
c3266dc0 UD |
48 | extern char *__sha256_crypt_r (const char *key, const char *salt, |
49 | char *buffer, int buflen); | |
50 | extern char *__sha256_crypt (const char *key, const char *salt); | |
51 | extern char *__sha512_crypt_r (const char *key, const char *salt, | |
52 | char *buffer, int buflen); | |
53 | extern char *__sha512_crypt (const char *key, const char *salt); | |
63f791d3 GK |
54 | |
55 | /* Define our magic string to mark salt for MD5 encryption | |
56 | replacement. This is meant to be the same as for other MD5 based | |
57 | encryption implementations. */ | |
58 | static const char md5_salt_prefix[] = "$1$"; | |
59 | ||
c3266dc0 UD |
60 | /* Magic string for SHA256 encryption. */ |
61 | static const char sha256_salt_prefix[] = "$5$"; | |
62 | ||
63 | /* Magic string for SHA512 encryption. */ | |
64 | static const char sha512_salt_prefix[] = "$6$"; | |
65 | ||
63f791d3 GK |
66 | /* For use by the old, non-reentrant routines (crypt/encrypt/setkey) */ |
67 | extern struct crypt_data _ufc_foobar; | |
68 | ||
69 | /* | |
70 | * UNIX crypt function | |
71 | */ | |
72 | ||
73 | char * | |
74 | __crypt_r (key, salt, data) | |
75 | const char *key; | |
76 | const char *salt; | |
77 | struct crypt_data * __restrict data; | |
78 | { | |
79 | ufc_long res[4]; | |
80 | char ktab[9]; | |
81 | ufc_long xx = 25; /* to cope with GCC long long compiler bugs */ | |
82 | ||
83 | #ifdef _LIBC | |
84 | /* Try to find out whether we have to use MD5 encryption replacement. */ | |
85 | if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0) | |
e7451425 AO |
86 | { |
87 | /* FIPS rules out MD5 password encryption. */ | |
88 | if (fips_enabled_p ()) | |
89 | { | |
90 | __set_errno (EPERM); | |
91 | return NULL; | |
92 | } | |
93 | return __md5_crypt_r (key, salt, (char *) data, | |
94 | sizeof (struct crypt_data)); | |
95 | } | |
c3266dc0 UD |
96 | |
97 | /* Try to find out whether we have to use SHA256 encryption replacement. */ | |
98 | if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0) | |
99 | return __sha256_crypt_r (key, salt, (char *) data, | |
100 | sizeof (struct crypt_data)); | |
101 | ||
102 | /* Try to find out whether we have to use SHA512 encryption replacement. */ | |
103 | if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0) | |
104 | return __sha512_crypt_r (key, salt, (char *) data, | |
105 | sizeof (struct crypt_data)); | |
63f791d3 GK |
106 | #endif |
107 | ||
108 | /* | |
109 | * Hack DES tables according to salt | |
110 | */ | |
4ba74a35 AO |
111 | if (!_ufc_setup_salt_r (salt, data)) |
112 | { | |
113 | __set_errno (EINVAL); | |
114 | return NULL; | |
115 | } | |
63f791d3 | 116 | |
e7451425 AO |
117 | /* FIPS rules out DES password encryption. */ |
118 | if (fips_enabled_p ()) | |
119 | { | |
120 | __set_errno (EPERM); | |
121 | return NULL; | |
122 | } | |
123 | ||
63f791d3 GK |
124 | /* |
125 | * Setup key schedule | |
126 | */ | |
127 | _ufc_clearmem (ktab, (int) sizeof (ktab)); | |
128 | (void) strncpy (ktab, key, 8); | |
129 | _ufc_mk_keytab_r (ktab, data); | |
130 | ||
131 | /* | |
132 | * Go for the 25 DES encryptions | |
133 | */ | |
134 | _ufc_clearmem ((char*) res, (int) sizeof (res)); | |
135 | _ufc_doit_r (xx, data, &res[0]); | |
136 | ||
137 | /* | |
138 | * Do final permutations | |
139 | */ | |
140 | _ufc_dofinalperm_r (res, data); | |
141 | ||
142 | /* | |
143 | * And convert back to 6 bit ASCII | |
144 | */ | |
145 | _ufc_output_conversion_r (res[0], res[1], salt, data); | |
146 | return data->crypt_3_buf; | |
147 | } | |
148 | weak_alias (__crypt_r, crypt_r) | |
149 | ||
150 | char * | |
151 | crypt (key, salt) | |
152 | const char *key; | |
153 | const char *salt; | |
154 | { | |
155 | #ifdef _LIBC | |
156 | /* Try to find out whether we have to use MD5 encryption replacement. */ | |
e7451425 AO |
157 | if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0 |
158 | /* Let __crypt_r deal with the error code if FIPS is enabled. */ | |
159 | && !fips_enabled_p ()) | |
63f791d3 | 160 | return __md5_crypt (key, salt); |
c3266dc0 UD |
161 | |
162 | /* Try to find out whether we have to use SHA256 encryption replacement. */ | |
163 | if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0) | |
164 | return __sha256_crypt (key, salt); | |
165 | ||
166 | /* Try to find out whether we have to use SHA512 encryption replacement. */ | |
167 | if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0) | |
168 | return __sha512_crypt (key, salt); | |
63f791d3 GK |
169 | #endif |
170 | ||
171 | return __crypt_r (key, salt, &_ufc_foobar); | |
172 | } | |
173 | ||
174 | ||
175 | /* | |
176 | * To make fcrypt users happy. | |
177 | * They don't need to call init_des. | |
178 | */ | |
179 | #ifdef _LIBC | |
180 | weak_alias (crypt, fcrypt) | |
181 | #else | |
182 | char * | |
183 | __fcrypt (key, salt) | |
184 | const char *key; | |
185 | const char *salt; | |
186 | { | |
187 | return crypt (key, salt); | |
188 | } | |
189 | #endif |