Google Git
Sign in
apache / nuttx / refs/heads/revert-17300-apache_6 / . / libs / libc / unistd / lib_crypt_r.c
blob: 91bf8ad73b8579e8daecc9ebb638b5d6c9dbd688 [file] [log] [blame]
/****************************************************************************
* libs/libc/unistd/lib_crypt_r.c
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership. The
* ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <crypto/cryptodev.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h>
#include <sys/ioctl.h>
#include <unistd.h>
/****************************************************************************
* Pre-processor Definitions
****************************************************************************/
#define KEY_MAX 30000
#define SALT_MAX 8
/****************************************************************************
* Private Types
****************************************************************************/
typedef struct cryptodev_context_s
{
int fd;
struct session_op session;
struct crypt_op crypt;
}cryptodev_context_t;
/****************************************************************************
* Private Data
****************************************************************************/
/* 0 ... 63 => ascii - 64 */
static const unsigned char g_md5_itoa64[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
/****************************************************************************
* Private Functions
****************************************************************************/
static FAR char *md5_to64(FAR char *s, unsigned long v, int n)
{
while (--n >= 0)
{
*s++ = g_md5_itoa64[v & 0x3f];
v >>= 6;
}
return s;
}
static int md5_init(FAR cryptodev_context_t *ctx)
{
int ret;
int fd;
memset(ctx, 0, sizeof(cryptodev_context_t));
fd = open("/dev/crypto", O_RDWR, 0);
if (fd < 0)
{
return -get_errno();
}
ret = ioctl(fd, CRIOGET, &ctx->fd);
close(fd);
if (ret < 0)
{
return -get_errno();
}
ctx->session.mac = CRYPTO_MD5;
ret = ioctl(ctx->fd, CIOCGSESSION, &ctx->session);
if (ret < 0)
{
return -get_errno();
}
ctx->crypt.ses = ctx->session.ses;
return ret;
}
static int md5_update(FAR cryptodev_context_t *ctx,
FAR const void *input, size_t ilen)
{
int ret;
ctx->crypt.op = COP_ENCRYPT;
ctx->crypt.flags |= COP_FLAG_UPDATE;
ctx->crypt.src = (caddr_t)input;
ctx->crypt.len = ilen;
ret = ioctl(ctx->fd, CIOCCRYPT, &ctx->crypt);
return ret < 0 ? -get_errno() : ret;
}
static int md5_finish(FAR cryptodev_context_t *ctx,
unsigned char output[16])
{
int ret;
ctx->crypt.op = COP_ENCRYPT;
ctx->crypt.flags = 0;
ctx->crypt.mac = (caddr_t)output;
ret = ioctl(ctx->fd, CIOCCRYPT, &ctx->crypt);
if (ret < 0)
{
return -get_errno();
}
ioctl(ctx->fd, CIOCFSESSION, &ctx->session.ses);
ctx->crypt.ses = 0;
close(ctx->fd);
memset(ctx, 0, sizeof(cryptodev_context_t));
return ret;
}
/* UNIX password
* Use MD5 for what it is best at...
*/
static FAR char *md5_crypt(FAR const char *key, FAR const char *setting,
FAR char *output)
{
cryptodev_context_t ctx;
unsigned char md[16];
unsigned int i;
unsigned int klen;
unsigned int slen;
FAR const char *salt;
FAR char *p;
static const unsigned char perm[][3] =
{
{
0, 6, 12
},
{
1, 7, 13
},
{
2, 8, 14
},
{
3, 9, 15
},
{
4, 10, 5
}
};
/* Reject large keys */
klen = strnlen(key, KEY_MAX + 1);
if (klen > KEY_MAX)
{
return 0;
}
/* Setting: $1$salt$ (closing $ is optional) */
salt = setting + 3;
for (i = 0; i < SALT_MAX && salt[i] && salt[i] != '$'; i++);
slen = i;
/* Md5(key salt key) */
md5_init(&ctx);
md5_update(&ctx, key, klen);
md5_update(&ctx, salt, slen);
md5_update(&ctx, key, klen);
md5_finish(&ctx, md);
/* Md5(key $1$ salt repeated-md weird-key[0]-0) */
md5_init(&ctx);
md5_update(&ctx, key, klen);
md5_update(&ctx, setting, 3 + slen);
for (i = klen; i > sizeof md; i -= sizeof md)
{
md5_update(&ctx, md, sizeof md);
}
md5_update(&ctx, md, i);
md[0] = 0;
for (i = klen; i; i >>= 1)
{
if (i & 1)
{
md5_update(&ctx, md, 1);
}
else
{
md5_update(&ctx, key, 1);
}
}
md5_finish(&ctx, md);
for (i = 0; i < 1000; i++)
{
md5_init(&ctx);
if (i % 2)
{
md5_update(&ctx, key, klen);
}
else
{
md5_update(&ctx, md, sizeof md);
}
if (i % 3)
{
md5_update(&ctx, salt, slen);
}
if (i % 7)
{
md5_update(&ctx, key, klen);
}
if (i % 2)
{
md5_update(&ctx, md, sizeof md);
}
else
{
md5_update(&ctx, key, klen);
}
md5_finish(&ctx, md);
}
/* Output is $1$salt$hash */
memcpy(output, setting, 3 + slen);
p = output + 3 + slen;
*p++ = '$';
for (i = 0; i < 5; i++)
{
p = md5_to64(p, (md[perm[i][0]] << 16) |
(md[perm[i][1]] << 8) | md[perm[i][2]], 4);
}
p = md5_to64(p, md[11], 2);
*p = 0;
return output;
}
/****************************************************************************
* Public Functions
****************************************************************************/
FAR char *crypt_r(FAR const char *key, FAR const char *salt,
FAR char *output)
{
/* First, check if we are supposed to be using the MD5
* not support DES...
*/
if (salt[0] == '$' && salt[1] == '1' && salt[2] == '$')
{
return md5_crypt(key, salt, output);
}
else
{
return NULL;
}
}