[openssh.git] / md5crypt.c

/*
 * ----------------------------------------------------------------------------
 * "THE BEER-WARE LICENSE" (Revision 42):
 * <phk@login.dknet.dk> wrote this file.  As long as you retain this
 * notice you can do whatever you want with this stuff. If we meet some
 * day, and you think this stuff is worth it, you can buy me a beer in
 * return.   Poul-Henning Kamp
 * ----------------------------------------------------------------------------
 */

#include "includes.h"

#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
#include <sys/types.h>

#include <string.h>

#include <openssl/md5.h>

/* 0 ... 63 => ascii - 64 */
static unsigned char itoa64[] =
    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

static char *magic = "$1$";

static char *
to64(unsigned long v, int n)
{
	static char buf[5];
	char *s = buf;

	if (n > 4)
		return (NULL);

	memset(buf, '\0', sizeof(buf));
	while (--n >= 0) {
		*s++ = itoa64[v&0x3f];
		v >>= 6;
	}

	return (buf);
}

int
is_md5_salt(const char *salt)
{
	return (strncmp(salt, magic, strlen(magic)) == 0);
}

char *
md5_crypt(const char *pw, const char *salt)
{
	static char passwd[120], salt_copy[9], *p;
	static const char *sp, *ep;
	unsigned char final[16];
	int sl, pl, i, j;
	MD5_CTX	ctx, ctx1;
	unsigned long l;

	/* Refine the Salt first */
	sp = salt;

	/* If it starts with the magic string, then skip that */
	if(strncmp(sp, magic, strlen(magic)) == 0)
		sp += strlen(magic);

	/* It stops at the first '$', max 8 chars */
	for (ep = sp; *ep != '$'; ep++) {
		if (*ep == '\0' || ep >= (sp + 8))
			return (NULL);
	}

	/* get the length of the true salt */
	sl = ep - sp;

	/* Stash the salt */
	memcpy(salt_copy, sp, sl);
	salt_copy[sl] = '\0';

	MD5_Init(&ctx);

	/* The password first, since that is what is most unknown */
	MD5_Update(&ctx, pw, strlen(pw));

	/* Then our magic string */
	MD5_Update(&ctx, magic, strlen(magic));

	/* Then the raw salt */
	MD5_Update(&ctx, sp, sl);

	/* Then just as many characters of the MD5(pw, salt, pw) */
	MD5_Init(&ctx1);
	MD5_Update(&ctx1, pw, strlen(pw));
	MD5_Update(&ctx1, sp, sl);
	MD5_Update(&ctx1, pw, strlen(pw));
	MD5_Final(final, &ctx1);

	for(pl = strlen(pw); pl > 0; pl -= 16)
		MD5_Update(&ctx, final, pl > 16 ? 16 : pl);

	/* Don't leave anything around in vm they could use. */
	memset(final, '\0', sizeof final);

	/* Then something really weird... */
	for (j = 0, i = strlen(pw); i != 0; i >>= 1)
		if (i & 1)
			MD5_Update(&ctx, final + j, 1);
		else
			MD5_Update(&ctx, pw + j, 1);

	/* Now make the output string */
	snprintf(passwd, sizeof(passwd), "%s%s$", magic, salt_copy);

	MD5_Final(final, &ctx);

	/*
	 * and now, just to make sure things don't run too fast
	 * On a 60 Mhz Pentium this takes 34 msec, so you would
	 * need 30 seconds to build a 1000 entry dictionary...
	 */
	for(i = 0; i < 1000; i++) {
		MD5_Init(&ctx1);
		if (i & 1)
			MD5_Update(&ctx1, pw, strlen(pw));
		else
			MD5_Update(&ctx1, final, 16);

		if (i % 3)
			MD5_Update(&ctx1, sp, sl);

		if (i % 7)
			MD5_Update(&ctx1, pw, strlen(pw));

		if (i & 1)
			MD5_Update(&ctx1, final, 16);
		else
			MD5_Update(&ctx1, pw, strlen(pw));

		MD5_Final(final, &ctx1);
	}

	p = passwd + strlen(passwd);

	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
	strlcat(passwd, to64(l, 4), sizeof(passwd));
	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
	strlcat(passwd, to64(l, 4), sizeof(passwd));
	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
	strlcat(passwd, to64(l, 4), sizeof(passwd));
	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
	strlcat(passwd, to64(l, 4), sizeof(passwd));
	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
	strlcat(passwd, to64(l, 4), sizeof(passwd));
	l =                    final[11]                ;
	strlcat(passwd, to64(l, 2), sizeof(passwd));

	/* Don't leave anything around in vm they could use. */
	memset(final, 0, sizeof(final));
	memset(salt_copy, 0, sizeof(salt_copy));
	memset(&ctx, 0, sizeof(ctx));
	memset(&ctx1, 0, sizeof(ctx1));
	(void)to64(0, 4);

	return (passwd);
}

#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
Commit	Line	Data
caf3bc51	1	/*
	2	* ----------------------------------------------------------------------------
	3	* "THE BEER-WARE LICENSE" (Revision 42):
aff51935	4	* <phk@login.dknet.dk> wrote this file. As long as you retain this
	5	* notice you can do whatever you want with this stuff. If we meet some
	6	* day, and you think this stuff is worth it, you can buy me a beer in
1bbcb4cd	7	* return. Poul-Henning Kamp
caf3bc51	8	* ----------------------------------------------------------------------------
	9	*/
	10
0b202697	11	#include "includes.h"
0b202697	12
d94aa2ae	13	#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
24436b92	14	#include <sys/types.h>
	15
	16	#include <string.h>
	17
caf3bc51	18	#include <openssl/md5.h>
caf3bc51	19
1bbcb4cd	20	/* 0 ... 63 => ascii - 64 */
	21	static unsigned char itoa64[] =
	22	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
caf3bc51	23
1bbcb4cd	24	static char *magic = "$1$";
caf3bc51	25
1bbcb4cd	26	static char *
1bbcb4cd	27	to64(unsigned long v, int n)
caf3bc51	28	{
1bbcb4cd	29	static char buf[5];
	30	char *s = buf;
	31
	32	if (n > 4)
	33	return (NULL);
	34
	35	memset(buf, '\0', sizeof(buf));
caf3bc51	36	while (--n >= 0) {
	37	*s++ = itoa64[v&0x3f];
	38	v >>= 6;
	39	}
b6453d99	40
1bbcb4cd	41	return (buf);
caf3bc51	42	}
	43
	44	int
	45	is_md5_salt(const char *salt)
	46	{
1bbcb4cd	47	return (strncmp(salt, magic, strlen(magic)) == 0);
caf3bc51	48	}
caf3bc51	49
caf3bc51	50	char *
	51	md5_crypt(const char pw, const char salt)
	52	{
1bbcb4cd	53	static char passwd[120], salt_copy[9], *p;
	54	static const char sp, ep;
	55	unsigned char final[16];
	56	int sl, pl, i, j;
	57	MD5_CTX ctx, ctx1;
caf3bc51	58	unsigned long l;
	59
	60	/* Refine the Salt first */
	61	sp = salt;
	62
	63	/* If it starts with the magic string, then skip that */
1bbcb4cd	64	if(strncmp(sp, magic, strlen(magic)) == 0)
caf3bc51	65	sp += strlen(magic);
	66
	67	/* It stops at the first '$', max 8 chars */
1bbcb4cd	68	for (ep = sp; *ep != '$'; ep++) {
	69	if (*ep == '\0' \|\| ep >= (sp + 8))
	70	return (NULL);
	71	}
caf3bc51	72
	73	/* get the length of the true salt */
	74	sl = ep - sp;
	75
1bbcb4cd	76	/* Stash the salt */
	77	memcpy(salt_copy, sp, sl);
	78	salt_copy[sl] = '\0';
	79
caf3bc51	80	MD5_Init(&ctx);
	81
	82	/* The password first, since that is what is most unknown */
1bbcb4cd	83	MD5_Update(&ctx, pw, strlen(pw));
caf3bc51	84
caf3bc51	85	/* Then our magic string */
1bbcb4cd	86	MD5_Update(&ctx, magic, strlen(magic));
caf3bc51	87
caf3bc51	88	/* Then the raw salt */
1bbcb4cd	89	MD5_Update(&ctx, sp, sl);
caf3bc51	90
1bbcb4cd	91	/* Then just as many characters of the MD5(pw, salt, pw) */
caf3bc51	92	MD5_Init(&ctx1);
1bbcb4cd	93	MD5_Update(&ctx1, pw, strlen(pw));
	94	MD5_Update(&ctx1, sp, sl);
	95	MD5_Update(&ctx1, pw, strlen(pw));
	96	MD5_Final(final, &ctx1);
	97
caf3bc51	98	for(pl = strlen(pw); pl > 0; pl -= 16)
1bbcb4cd	99	MD5_Update(&ctx, final, pl > 16 ? 16 : pl);
caf3bc51	100
caf3bc51	101	/* Don't leave anything around in vm they could use. */
1bbcb4cd	102	memset(final, '\0', sizeof final);
caf3bc51	103
caf3bc51	104	/* Then something really weird... */
1bbcb4cd	105	for (j = 0, i = strlen(pw); i != 0; i >>= 1)
	106	if (i & 1)
	107	MD5_Update(&ctx, final + j, 1);
caf3bc51	108	else
1bbcb4cd	109	MD5_Update(&ctx, pw + j, 1);
caf3bc51	110
caf3bc51	111	/* Now make the output string */
1bbcb4cd	112	snprintf(passwd, sizeof(passwd), "%s%s$", magic, salt_copy);
caf3bc51	113
1bbcb4cd	114	MD5_Final(final, &ctx);
caf3bc51	115
	116	/*
	117	* and now, just to make sure things don't run too fast
	118	* On a 60 Mhz Pentium this takes 34 msec, so you would
	119	* need 30 seconds to build a 1000 entry dictionary...
	120	*/
1bbcb4cd	121	for(i = 0; i < 1000; i++) {
caf3bc51	122	MD5_Init(&ctx1);
1bbcb4cd	123	if (i & 1)
1bbcb4cd	124	MD5_Update(&ctx1, pw, strlen(pw));
caf3bc51	125	else
1bbcb4cd	126	MD5_Update(&ctx1, final, 16);
caf3bc51	127
1bbcb4cd	128	if (i % 3)
1bbcb4cd	129	MD5_Update(&ctx1, sp, sl);
caf3bc51	130
1bbcb4cd	131	if (i % 7)
1bbcb4cd	132	MD5_Update(&ctx1, pw, strlen(pw));
caf3bc51	133
1bbcb4cd	134	if (i & 1)
1bbcb4cd	135	MD5_Update(&ctx1, final, 16);
caf3bc51	136	else
1bbcb4cd	137	MD5_Update(&ctx1, pw, strlen(pw));
	138
	139	MD5_Final(final, &ctx1);
caf3bc51	140	}
	141
	142	p = passwd + strlen(passwd);
	143
1bbcb4cd	144	l = (final[ 0]<<16) \| (final[ 6]<<8) \| final[12];
	145	strlcat(passwd, to64(l, 4), sizeof(passwd));
	146	l = (final[ 1]<<16) \| (final[ 7]<<8) \| final[13];
	147	strlcat(passwd, to64(l, 4), sizeof(passwd));
	148	l = (final[ 2]<<16) \| (final[ 8]<<8) \| final[14];
	149	strlcat(passwd, to64(l, 4), sizeof(passwd));
	150	l = (final[ 3]<<16) \| (final[ 9]<<8) \| final[15];
	151	strlcat(passwd, to64(l, 4), sizeof(passwd));
	152	l = (final[ 4]<<16) \| (final[10]<<8) \| final[ 5];
	153	strlcat(passwd, to64(l, 4), sizeof(passwd));
	154	l = final[11] ;
	155	strlcat(passwd, to64(l, 2), sizeof(passwd));
caf3bc51	156
caf3bc51	157	/* Don't leave anything around in vm they could use. */
1bbcb4cd	158	memset(final, 0, sizeof(final));
	159	memset(salt_copy, 0, sizeof(salt_copy));
	160	memset(&ctx, 0, sizeof(ctx));
	161	memset(&ctx1, 0, sizeof(ctx1));
4f178be8	162	(void)to64(0, 4);
caf3bc51	163
1bbcb4cd	164	return (passwd);
caf3bc51	165	}
caf3bc51	166
d94aa2ae	167	#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */