crypt/md5-crypt.c

   1 /* One way encryption based on MD5 sum.
   2    Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0.
   3    Copyright (C) 1996,1997,1999,2000,2001,2002 Free Software Foundation, Inc.
   4    This file is part of the GNU C Library.
   5    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
   6
   7    The GNU C Library is free software; you can redistribute it and/or
   8    modify it under the terms of the GNU Lesser General Public
   9    License as published by the Free Software Foundation; either
  10    version 2.1 of the License, or (at your option) any later version.
  11
  12    The GNU C Library is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15    Lesser General Public License for more details.
  16
  17    You should have received a copy of the GNU Lesser General Public
  18    License along with the GNU C Library; if not, write to the Free
  19    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
  20    02111-1307 USA.  */
  21
  22 #include <assert.h>
  23 #include <errno.h>
  24 #include <stdlib.h>
  25 #include <string.h>
  26 #include <sys/param.h>
  27
  28 #include "md5.h"
  29
  30
  31 /* Define our magic string to mark salt for MD5 "encryption"
  32    replacement.  This is meant to be the same as for other MD5 based
  33    encryption implementations.  */
  34 static const char md5_salt_prefix[] = "$1$";
  35
  36 /* Table with characters for base64 transformation.  */
  37 static const char b64t[64] =
  38 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
  39
  40
  41 /* Prototypes for local functions.  */
  42 extern char *__md5_crypt_r (const char *key, const char *salt,
  43                             char *buffer, int buflen);
  44 extern char *__md5_crypt (const char *key, const char *salt);
  45
  46
  47 /* This entry point is equivalent to the `crypt' function in Unix
  48    libcs.  */
  49 char *
  50 __md5_crypt_r (key, salt, buffer, buflen)
  51      const char *key;
  52      const char *salt;
  53      char *buffer;
  54      int buflen;
  55 {
  56   unsigned char alt_result[16]
  57     __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
  58   struct md5_ctx ctx;
  59   struct md5_ctx alt_ctx;
  60   size_t salt_len;
  61   size_t key_len;
  62   size_t cnt;
  63   char *cp;
  64   char *copied_key = NULL;
  65   char *copied_salt = NULL;
  66
  67   /* Find beginning of salt string.  The prefix should normally always
  68      be present.  Just in case it is not.  */
  69   if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
  70     /* Skip salt prefix.  */
  71     salt += sizeof (md5_salt_prefix) - 1;
  72
  73   salt_len = MIN (strcspn (salt, "$"), 8);
  74   key_len = strlen (key);
  75
  76   if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0)
  77     {
  78       char *tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
  79       key = copied_key =
  80         memcpy (tmp + __alignof__ (md5_uint32)
  81                 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
  82                 key, key_len);
  83       assert ((key - (char *) 0) % __alignof__ (md5_uint32) == 0);
  84     }
  85
  86   if ((salt - (char *) 0) % __alignof__ (md5_uint32) != 0)
  87     {
  88       char *tmp = (char *) alloca (salt_len + __alignof__ (md5_uint32));
  89       salt = copied_salt =
  90         memcpy (tmp + __alignof__ (md5_uint32)
  91                 - (tmp - (char *) 0) % __alignof__ (md5_uint32),
  92                 salt, salt_len);
  93       assert ((salt - (char *) 0) % __alignof__ (md5_uint32) == 0);
  94     }
  95
  96   /* Prepare for the real work.  */
  97   __md5_init_ctx (&ctx);
  98
  99   /* Add the key string.  */
 100   __md5_process_bytes (key, key_len, &ctx);
 101
 102   /* Because the SALT argument need not always have the salt prefix we
 103      add it separately.  */
 104   __md5_process_bytes (md5_salt_prefix, sizeof (md5_salt_prefix) - 1, &ctx);
 105
 106   /* The last part is the salt string.  This must be at most 8
 107      characters and it ends at the first `$' character (for
 108      compatibility which existing solutions).  */
 109   __md5_process_bytes (salt, salt_len, &ctx);
 110
 111
 112   /* Compute alternate MD5 sum with input KEY, SALT, and KEY.  The
 113      final result will be added to the first context.  */
 114   __md5_init_ctx (&alt_ctx);
 115
 116   /* Add key.  */
 117   __md5_process_bytes (key, key_len, &alt_ctx);
 118
 119   /* Add salt.  */
 120   __md5_process_bytes (salt, salt_len, &alt_ctx);
 121
 122   /* Add key again.  */
 123   __md5_process_bytes (key, key_len, &alt_ctx);
 124
 125   /* Now get result of this (16 bytes) and add it to the other
 126      context.  */
 127   __md5_finish_ctx (&alt_ctx, alt_result);
 128
 129   /* Add for any character in the key one byte of the alternate sum.  */
 130   for (cnt = key_len; cnt > 16; cnt -= 16)
 131     __md5_process_bytes (alt_result, 16, &ctx);
 132   __md5_process_bytes (alt_result, cnt, &ctx);
 133
 134   /* For the following code we need a NUL byte.  */
 135   *alt_result = '\0';
 136
 137   /* The original implementation now does something weird: for every 1
 138      bit in the key the first 0 is added to the buffer, for every 0
 139      bit the first character of the key.  This does not seem to be
 140      what was intended but we have to follow this to be compatible.  */
 141   for (cnt = key_len; cnt > 0; cnt >>= 1)
 142     __md5_process_bytes ((cnt & 1) != 0 ? (const char *) alt_result : key, 1,
 143                          &ctx);
 144
 145   /* Create intermediate result.  */
 146   __md5_finish_ctx (&ctx, alt_result);
 147
 148   /* Now comes another weirdness.  In fear of password crackers here
 149      comes a quite long loop which just processes the output of the
 150      previous round again.  We cannot ignore this here.  */
 151   for (cnt = 0; cnt < 1000; ++cnt)
 152     {
 153       /* New context.  */
 154       __md5_init_ctx (&ctx);
 155
 156       /* Add key or last result.  */
 157       if ((cnt & 1) != 0)
 158         __md5_process_bytes (key, key_len, &ctx);
 159       else
 160         __md5_process_bytes (alt_result, 16, &ctx);
 161
 162       /* Add salt for numbers not divisible by 3.  */
 163       if (cnt % 3 != 0)
 164         __md5_process_bytes (salt, salt_len, &ctx);
 165
 166       /* Add key for numbers not divisible by 7.  */
 167       if (cnt % 7 != 0)
 168         __md5_process_bytes (key, key_len, &ctx);
 169
 170       /* Add key or last result.  */
 171       if ((cnt & 1) != 0)
 172         __md5_process_bytes (alt_result, 16, &ctx);
 173       else
 174         __md5_process_bytes (key, key_len, &ctx);
 175
 176       /* Create intermediate result.  */
 177       __md5_finish_ctx (&ctx, alt_result);
 178     }
 179
 180   /* Now we can construct the result string.  It consists of three
 181      parts.  */
 182   cp = __stpncpy (buffer, md5_salt_prefix, MAX (0, buflen));
 183   buflen -= sizeof (md5_salt_prefix) - 1;
 184
 185   cp = __stpncpy (cp, salt, MIN ((size_t) MAX (0, buflen), salt_len));
 186   buflen -= MIN ((size_t) MAX (0, buflen), salt_len);
 187
 188   if (buflen > 0)
 189     {
 190       *cp++ = '$';
 191       --buflen;
 192     }
 193
 194 #define b64_from_24bit(B2, B1, B0, N)                                         \
 195   do {                                                                        \
 196     unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0);                       \
 197     int n = (N);                                                              \
 198     while (n-- > 0 && buflen > 0)                                             \
 199       {                                                                       \
 200         *cp++ = b64t[w & 0x3f];                                               \
 201         --buflen;                                                             \
 202         w >>= 6;                                                              \
 203       }                                                                       \
 204   } while (0)
 205
 206
 207   b64_from_24bit (alt_result[0], alt_result[6], alt_result[12], 4);
 208   b64_from_24bit (alt_result[1], alt_result[7], alt_result[13], 4);
 209   b64_from_24bit (alt_result[2], alt_result[8], alt_result[14], 4);
 210   b64_from_24bit (alt_result[3], alt_result[9], alt_result[15], 4);
 211   b64_from_24bit (alt_result[4], alt_result[10], alt_result[5], 4);
 212   b64_from_24bit (0, 0, alt_result[11], 2);
 213   if (buflen <= 0)
 214     {
 215       __set_errno (ERANGE);
 216       buffer = NULL;
 217     }
 218   else
 219     *cp = '\0';         /* Terminate the string.  */
 220
 221   /* Clear the buffer for the intermediate result so that people
 222      attaching to processes or reading core dumps cannot get any
 223      information.  We do it in this way to clear correct_words[]
 224      inside the MD5 implementation as well.  */
 225   __md5_init_ctx (&ctx);
 226   __md5_finish_ctx (&ctx, alt_result);
 227   memset (&ctx, '\0', sizeof (ctx));
 228   memset (&alt_ctx, '\0', sizeof (alt_ctx));
 229   if (copied_key != NULL)
 230     memset (copied_key, '\0', key_len);
 231   if (copied_salt != NULL)
 232     memset (copied_salt, '\0', salt_len);
 233
 234   return buffer;
 235 }
 236
 237 #ifndef _LIBC
 238 # define libc_freeres_ptr(decl) decl
 239 #endif
 240 libc_freeres_ptr (static char *buffer);
 241
 242 char *
 243 __md5_crypt (const char *key, const char *salt)
 244 {
 245   /* We don't want to have an arbitrary limit in the size of the
 246      password.  We can compute the size of the result in advance and
 247      so we can prepare the buffer we pass to `md5_crypt_r'.  */
 248   static int buflen;
 249   int needed = 3 + strlen (salt) + 1 + 26 + 1;
 250
 251   if (buflen < needed)
 252     {
 253       char *new_buffer;
 254
 255       buflen = needed;
 256
 257       new_buffer = (char *) realloc (buffer, buflen);
 258       if (new_buffer == NULL)
 259         return NULL;
 260
 261       buffer = new_buffer;
 262     }
 263
 264   return __md5_crypt_r (key, salt, buffer, buflen);
 265 }
 266
 267 #ifndef _LIBC
 268 static void
 269 __attribute__ ((__destructor__))
 270 free_mem (void)
 271 {
 272   free (buffer);
 273 }
 274 #endif