busybox/libbb/pw_encrypt.c
Denys Vlasenko 12a432715f adduser: safe username passing to passwd/addgroup
passwd: support creating SHA passwords
random code shrink

function                                             old     new   delta
crypt_make_pw_salt                                     -      87     +87
adduser_main                                         883     904     +21
...
crypt_make_salt                                       99      89     -10
chpasswd_main                                        329     312     -17
packed_usage                                       28731   28691     -40
passwd_main                                         1070    1000     -70
cryptpw_main                                         310     224     -86
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 4/12 up/down: 154/-288)        Total: -134 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2011-05-13 03:19:01 +02:00

149 lines
3.2 KiB
C

/* vi: set sw=4 ts=4: */
/*
* Utility routines.
*
* Copyright (C) 1999-2004 by Erik Andersen <andersen@codepoet.org>
*
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
*/
#include "libbb.h"
/* static const uint8_t ascii64[] =
* "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
*/
static int i64c(int i)
{
i &= 0x3f;
if (i == 0)
return '.';
if (i == 1)
return '/';
if (i < 12)
return ('0' - 2 + i);
if (i < 38)
return ('A' - 12 + i);
return ('a' - 38 + i);
}
int FAST_FUNC crypt_make_salt(char *p, int cnt /*, int x */)
{
/* was: x += ... */
int x = getpid() + monotonic_us();
do {
/* x = (x*1664525 + 1013904223) % 2^32 generator is lame
* (low-order bit is not "random", etc...),
* but for our purposes it is good enough */
x = x*1664525 + 1013904223;
/* BTW, Park and Miller's "minimal standard generator" is
* x = x*16807 % ((2^31)-1)
* It has no problem with visibly alternating lowest bit
* but is also weak in cryptographic sense + needs div,
* which needs more code (and slower) on many CPUs */
*p++ = i64c(x >> 16);
*p++ = i64c(x >> 22);
} while (--cnt);
*p = '\0';
return x;
}
char* FAST_FUNC crypt_make_pw_salt(char salt[MAX_PW_SALT_LEN], const char *algo)
{
int len = 2/2;
char *salt_ptr = salt;
if (algo[0] != 'd') { /* not des */
len = 8/2; /* so far assuming md5 */
*salt_ptr++ = '$';
*salt_ptr++ = '1';
*salt_ptr++ = '$';
#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
if (algo[0] == 's') { /* sha */
salt[1] = '5' + (strcmp(algo, "sha512") == 0);
len = 16/2;
}
#endif
}
crypt_make_salt(salt_ptr, len);
return salt_ptr;
}
#if ENABLE_USE_BB_CRYPT
static char*
to64(char *s, unsigned v, int n)
{
while (--n >= 0) {
/* *s++ = ascii64[v & 0x3f]; */
*s++ = i64c(v);
v >>= 6;
}
return s;
}
/*
* DES and MD5 crypt implementations are taken from uclibc.
* They were modified to not use static buffers.
*/
#include "pw_encrypt_des.c"
#include "pw_encrypt_md5.c"
#if ENABLE_USE_BB_CRYPT_SHA
#include "pw_encrypt_sha.c"
#endif
/* Other advanced crypt ids (TODO?): */
/* $2$ or $2a$: Blowfish */
static struct const_des_ctx *des_cctx;
static struct des_ctx *des_ctx;
/* my_crypt returns malloc'ed data */
static char *my_crypt(const char *key, const char *salt)
{
/* MD5 or SHA? */
if (salt[0] == '$' && salt[1] && salt[2] == '$') {
if (salt[1] == '1')
return md5_crypt(xzalloc(MD5_OUT_BUFSIZE), (unsigned char*)key, (unsigned char*)salt);
#if ENABLE_USE_BB_CRYPT_SHA
if (salt[1] == '5' || salt[1] == '6')
return sha_crypt((char*)key, (char*)salt);
#endif
}
if (!des_cctx)
des_cctx = const_des_init();
des_ctx = des_init(des_ctx, des_cctx);
return des_crypt(des_ctx, xzalloc(DES_OUT_BUFSIZE), (unsigned char*)key, (unsigned char*)salt);
}
/* So far nobody wants to have it public */
static void my_crypt_cleanup(void)
{
free(des_cctx);
free(des_ctx);
des_cctx = NULL;
des_ctx = NULL;
}
char* FAST_FUNC pw_encrypt(const char *clear, const char *salt, int cleanup)
{
char *encrypted;
encrypted = my_crypt(clear, salt);
if (cleanup)
my_crypt_cleanup();
return encrypted;
}
#else /* if !ENABLE_USE_BB_CRYPT */
char* FAST_FUNC pw_encrypt(const char *clear, const char *salt, int cleanup)
{
return xstrdup(crypt(clear, salt));
}
#endif