| blob | 421d91fc369aeedf0616db77c5ca97dbc2337b57 |
1 /* $NetBSD: bcrypt.c,v 1.9 2006/10/27 19:39:11 drochner Exp $ */
2 /* $OpenBSD: bcrypt.c,v 1.16 2002/02/19 19:39:36 millert Exp $ */
4 /*
5 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 * must display the following acknowledgement:
18 * This product includes software developed by Niels Provos.
19 * 4. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
34 /* This password hashing algorithm was designed by David Mazieres
35 * <dm@lcs.mit.edu> and works as follows:
36 *
37 * 1. state := InitState ()
38 * 2. state := ExpandKey (state, salt, password) 3.
39 * REPEAT rounds:
40 * state := ExpandKey (state, 0, salt)
41 * state := ExpandKey(state, 0, password)
42 * 4. ctext := "OrpheanBeholderScryDoubt"
43 * 5. REPEAT 64:
44 * ctext := Encrypt_ECB (state, ctext);
45 * 6. RETURN Concatenate (salt, ctext);
46 *
47 */
48 #include <sys/cdefs.h>
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <sys/types.h>
54 #include <string.h>
55 #include <pwd.h>
56 #include <errno.h>
57 #include <limits.h>
62 /* This implementation is adaptable to current computing power.
63 * You can have up to 2^31 rounds which should be enough for some
64 * time to come.
65 */
69 #define BCRYPT_MAXSALTLEN (BCRYPT_MAXSALT * 4 / 3 + 1)
88 {
102 };
103 #define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)])
105 static void
107 {
115 /* Invalid data */
137 }
138 }
140 static void
142 {
151 }
153 int
155 {
165 }
169 }
174 }
181 }
191 }
194 }
196 /* Generates a salt for this version of crypt.
197 Since versions may change. Keeping this here
198 seems sensible.
199 XXX: compat.
200 */
203 {
211 }
213 /* We handle $Vers$log2(NumRounds)$salt+passwd$
214 i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */
220 {
221 blf_ctx state;
223 u_int16_t j;
229 /* Discard "$" identifier */
230 salt++;
233 /* How do I handle errors ? Return ':' */
235 }
237 /* Check for minor versions */
241 /* 'ab' should not yield the same as 'abab' */
243 salt++;
247 }
251 /* Discard version + "$" identifier */
255 /* Out of sync with passwd entry */
258 /* Computer power doesn't increase linear, 2^x should be fine */
262 /* Discard num rounds + "$" identifier */
268 /* We dont want the base64 salt but the raw data */
273 /* Setting up S-Boxes and Subkeys */
280 }
282 /* This can be precomputed later */
287 /* Now do the encryption */
299 }
315 }
317 static void
319 {
330 }
338 }
343 }
345 }
346 #if 0
347 void
349 {
374 }
375 #endif