| blob | 7412b75a4d2a79ba417dde4baa8edb267acafbb1 |
1 /* $OpenBSD: bcrypt.c,v 1.57 2016/08/26 08:25:02 guenther Exp $ */
3 /*
4 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
5 * Copyright (c) 1997 Niels Provos <provos@umich.edu>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19 /* This password hashing algorithm was designed by David Mazieres
20 * <dm@lcs.mit.edu> and works as follows:
21 *
22 * 1. state := InitState ()
23 * 2. state := ExpandKey (state, salt, password)
24 * 3. REPEAT rounds:
25 * state := ExpandKey (state, 0, password)
26 * state := ExpandKey (state, 0, salt)
27 * 4. ctext := "OrpheanBeholderScryDoubt"
28 * 5. REPEAT 64:
29 * ctext := Encrypt_ECB (state, ctext);
30 * 6. RETURN Concatenate (salt, ctext);
31 *
32 */
34 #include <sys/types.h>
35 #include <blf.h>
36 #include <ctype.h>
37 #include <errno.h>
38 #include <pwd.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
44 #define _PASSWORD_LEN 256
47 /* This implementation is adaptable to current computing power.
48 * You can have up to 2^31 rounds which should be enough for some
49 * time to come.
50 */
57 #define BCRYPT_SALTSPACE (7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1)
58 #define BCRYPT_HASHSPACE 61
65 /*
66 * Generates a salt for this version of crypt.
67 */
68 static int
70 {
76 }
89 }
91 /*
92 * the core bcrypt function
93 */
94 static int
97 {
98 blf_ctx state;
110 /* Check and discard "$" identifier */
118 /* Check for minor versions */
124 /* strlen() returns a size_t, but the function calls
125 * below result in implicit casts to a narrower integer
126 * type, so cap key_len at the actual maximum supported
127 * length here to avoid integer wraparound */
135 }
138 /* Discard version + "$" identifier */
141 /* Check and parse num rounds */
148 /* Computer power doesn't increase linearly, 2^x should be fine */
151 /* Discard num rounds + "$" identifier */
157 /* We dont want the base64 salt but the raw data */
162 /* Setting up S-Boxes and Subkeys */
169 }
171 /* This can be precomputed later */
176 /* Now do the encryption */
188 }
200 inval:
203 }
205 /*
206 * user friendly functions
207 */
208 int
210 {
221 }
223 int
225 {
234 }
238 }
240 /*
241 * Measure this system's performance by measuring the time for 8 rounds.
242 * We are aiming for something that takes around 0.1s, but not too much over.
243 */
244 int
246 {
260 /* too quick? slow it down. */
264 }
265 /* too slow? speed it up. */
269 }
272 }
274 /*
275 * internal utilities
276 */
294 };
295 #define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)])
297 /*
298 * read buflen (after decoding) bytes of data from b64data
299 */
300 static int
302 {
309 /* Invalid data */
335 }
337 }
339 /*
340 * Turn len bytes of data into base64 encoded data.
341 * This works without = padding.
342 */
343 static int
345 {
357 }
365 }
370 }
373 }
375 /*
376 * classic interface
377 */
380 {
386 }
390 {
397 }