search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[gnutls.git] / libextra / crypt_bcrypt.c
blob73cf342b01ae47c49179f68f76519ea55bd5f20c
1 /*
2 * Copyright (C) 2000,2001 Nikos Mavroyanopoulos
3 *
4 * This file is part of GNUTLS.
5 *
6 * GNUTLS-EXTRA is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * GNUTLS-EXTRA is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21 /*
22 * This is a modified version of the blowfish algorithm.
23 * It is an implementation of the bcrypt algorithm as described
24 * in a usenix paper by Niels Provos and David Mazieres.
25 * This is the encoding algorithm used in OpenBSD for passwords.
26 * (includes a modified version of b64.c)
27 */
28
29 /* The differences here from the original openbsd bcrypt algorithm are:
30 * 1. we use a different b64 hash function
31 * (the one used in SRP password files),
32 * 2. we use all the bytes from the encryption step (openbsd omited one byte),
33 * 3. we use the first 24 bytes of CONCAT(username,NULL,"Orphean...") as the
34 * encryption string.
35 */
36
37 #include "gnutls_int.h"
38
39 #ifdef ENABLE_SRP
40
41 #include "crypt_bcrypt.h"
42 #include "gnutls_random.h"
43 #include "auth_srp_passwd.h"
44 #include "gnutls_srp.h"
45 #include "gnutls_errors.h"
46 #include "debug.h"
47
48 typedef struct {
49 uint32 S[4][256], P[18];
50 } blf_ctx;
51
52 #define BF_N 16
53
54 #define F(bc, x) ( ((bc->S[0][(x >> 24) & 0xff] + bc->S[1][(x >> 16) & 0xff]) ^ bc->S[2][(x >> 8) & 0xff]) + bc->S[3][x & 0xff] )
55
56 /* x should be a 64 bit integer */
57 static void _blf_encrypt(blf_ctx * c, uint8 * x)
58 {
59 uint32 Xl;
60 uint32 Xr, temp;
61 short i;
62
63 Xl = x[0] << 24 | x[1] << 16 | x[2] << 8 | x[3];
64 Xr = x[4] << 24 | x[5] << 16 | x[6] << 8 | x[7];
65
66 for (i = 0; i < BF_N; ++i) {
67 Xl ^= c->P[i];
68 Xr ^= F(c, Xl);
69
70 temp = Xl;
71 Xl = Xr;
72 Xr = temp;
73 }
74
75 temp = Xl;
76 Xl = Xr;
77 Xr = temp;
78
79 Xr ^= c->P[BF_N];
80 Xl ^= c->P[BF_N + 1];
81
82 x[0] = (Xl >> 24) & 0xff;
83 x[1] = (Xl >> 16) & 0xff;
84 x[2] = (Xl >> 8) & 0xff;
85 x[3] = (Xl) & 0xff;
86 x[4] = (Xr >> 24) & 0xff;
87 x[5] = (Xr >> 16) & 0xff;
88 x[6] = (Xr >> 8) & 0xff;
89 x[7] = (Xr) & 0xff;
90 }
91
92 /* x should be a 64 bit integer */
93 static void enblf_noswap(blf_ctx * c, uint32 * x)
94 { /* Used internally */
95 uint32 Xl;
96 uint32 Xr, temp;
97 short i;
98
99 Xl = x[0];
100 Xr = x[1];
101
102 for (i = 0; i < BF_N; ++i) {
103 Xl ^= c->P[i];
104 Xr ^= F(c, Xl);
105
106 temp = Xl;
107 Xl = Xr;
108 Xr = temp;
109 }
110
111 temp = Xl;
112 Xl = Xr;
113 Xr = temp;
114
115 Xr ^= c->P[BF_N];
116 Xl ^= c->P[BF_N + 1];
117
118 x[0] = Xl;
119 x[1] = Xr;
120 }
121
122
123 /* salt is an 128 bit integer */
124 static short initialize_blowfish(blf_ctx * c)
125 {
126 short i;
127
128 uint32 ks0[] = {
129 0xd1310ba6UL, 0x98dfb5acUL, 0x2ffd72dbUL, 0xd01adfb7UL,
130 0xb8e1afedUL, 0x6a267e96UL,
131 0xba7c9045UL, 0xf12c7f99UL, 0x24a19947UL, 0xb3916cf7UL,
132 0x0801f2e2UL, 0x858efc16UL,
133 0x636920d8UL, 0x71574e69UL, 0xa458fea3UL, 0xf4933d7eUL,
134 0x0d95748fUL, 0x728eb658UL,
135 0x718bcd58UL, 0x82154aeeUL, 0x7b54a41dUL, 0xc25a59b5UL,
136 0x9c30d539UL, 0x2af26013UL,
137 0xc5d1b023UL, 0x286085f0UL, 0xca417918UL, 0xb8db38efUL,
138 0x8e79dcb0UL, 0x603a180eUL,
139 0x6c9e0e8bUL, 0xb01e8a3eUL, 0xd71577c1UL, 0xbd314b27UL,
140 0x78af2fdaUL, 0x55605c60UL,
141 0xe65525f3UL, 0xaa55ab94UL, 0x57489862UL, 0x63e81440UL,
142 0x55ca396aUL, 0x2aab10b6UL,
143 0xb4cc5c34UL, 0x1141e8ceUL, 0xa15486afUL, 0x7c72e993UL,
144 0xb3ee1411UL, 0x636fbc2aUL,
145 0x2ba9c55dUL, 0x741831f6UL, 0xce5c3e16UL, 0x9b87931eUL,
146 0xafd6ba33UL, 0x6c24cf5cUL,
147 0x7a325381UL, 0x28958677UL, 0x3b8f4898UL, 0x6b4bb9afUL,
148 0xc4bfe81bUL, 0x66282193UL,
149 0x61d809ccUL, 0xfb21a991UL, 0x487cac60UL, 0x5dec8032UL,
150 0xef845d5dUL, 0xe98575b1UL,
151 0xdc262302UL, 0xeb651b88UL, 0x23893e81UL, 0xd396acc5UL,
152 0x0f6d6ff3UL, 0x83f44239UL,
153 0x2e0b4482UL, 0xa4842004UL, 0x69c8f04aUL, 0x9e1f9b5eUL,
154 0x21c66842UL, 0xf6e96c9aUL,
155 0x670c9c61UL, 0xabd388f0UL, 0x6a51a0d2UL, 0xd8542f68UL,
156 0x960fa728UL, 0xab5133a3UL,
157 0x6eef0b6cUL, 0x137a3be4UL, 0xba3bf050UL, 0x7efb2a98UL,
158 0xa1f1651dUL, 0x39af0176UL,
159 0x66ca593eUL, 0x82430e88UL, 0x8cee8619UL, 0x456f9fb4UL,
160 0x7d84a5c3UL, 0x3b8b5ebeUL,
161 0xe06f75d8UL, 0x85c12073UL, 0x401a449fUL, 0x56c16aa6UL,
162 0x4ed3aa62UL, 0x363f7706UL,
163 0x1bfedf72UL, 0x429b023dUL, 0x37d0d724UL, 0xd00a1248UL,
164 0xdb0fead3UL, 0x49f1c09bUL,
165 0x075372c9UL, 0x80991b7bUL, 0x25d479d8UL, 0xf6e8def7UL,
166 0xe3fe501aUL, 0xb6794c3bUL,
167 0x976ce0bdUL, 0x04c006baUL, 0xc1a94fb6UL, 0x409f60c4UL,
168 0x5e5c9ec2UL, 0x196a2463UL,
169 0x68fb6fafUL, 0x3e6c53b5UL, 0x1339b2ebUL, 0x3b52ec6fUL,
170 0x6dfc511fUL, 0x9b30952cUL,
171 0xcc814544UL, 0xaf5ebd09UL, 0xbee3d004UL, 0xde334afdUL,
172 0x660f2807UL, 0x192e4bb3UL,
173 0xc0cba857UL, 0x45c8740fUL, 0xd20b5f39UL, 0xb9d3fbdbUL,
174 0x5579c0bdUL, 0x1a60320aUL,
175 0xd6a100c6UL, 0x402c7279UL, 0x679f25feUL, 0xfb1fa3ccUL,
176 0x8ea5e9f8UL, 0xdb3222f8UL,
177 0x3c7516dfUL, 0xfd616b15UL, 0x2f501ec8UL, 0xad0552abUL,
178 0x323db5faUL, 0xfd238760UL,
179 0x53317b48UL, 0x3e00df82UL, 0x9e5c57bbUL, 0xca6f8ca0UL,
180 0x1a87562eUL, 0xdf1769dbUL,
181 0xd542a8f6UL, 0x287effc3UL, 0xac6732c6UL, 0x8c4f5573UL,
182 0x695b27b0UL, 0xbbca58c8UL,
183 0xe1ffa35dUL, 0xb8f011a0UL, 0x10fa3d98UL, 0xfd2183b8UL,
184 0x4afcb56cUL, 0x2dd1d35bUL,
185 0x9a53e479UL, 0xb6f84565UL, 0xd28e49bcUL, 0x4bfb9790UL,
186 0xe1ddf2daUL, 0xa4cb7e33UL,
187 0x62fb1341UL, 0xcee4c6e8UL, 0xef20cadaUL, 0x36774c01UL,
188 0xd07e9efeUL, 0x2bf11fb4UL,
189 0x95dbda4dUL, 0xae909198UL, 0xeaad8e71UL, 0x6b93d5a0UL,
190 0xd08ed1d0UL, 0xafc725e0UL,
191 0x8e3c5b2fUL, 0x8e7594b7UL, 0x8ff6e2fbUL, 0xf2122b64UL,
192 0x8888b812UL, 0x900df01cUL,
193 0x4fad5ea0UL, 0x688fc31cUL, 0xd1cff191UL, 0xb3a8c1adUL,
194 0x2f2f2218UL, 0xbe0e1777UL,
195 0xea752dfeUL, 0x8b021fa1UL, 0xe5a0cc0fUL, 0xb56f74e8UL,
196 0x18acf3d6UL, 0xce89e299UL,
197 0xb4a84fe0UL, 0xfd13e0b7UL, 0x7cc43b81UL, 0xd2ada8d9UL,
198 0x165fa266UL, 0x80957705UL,
199 0x93cc7314UL, 0x211a1477UL, 0xe6ad2065UL, 0x77b5fa86UL,
200 0xc75442f5UL, 0xfb9d35cfUL,
201 0xebcdaf0cUL, 0x7b3e89a0UL, 0xd6411bd3UL, 0xae1e7e49UL,
202 0x00250e2dUL, 0x2071b35eUL,
203 0x226800bbUL, 0x57b8e0afUL, 0x2464369bUL, 0xf009b91eUL,
204 0x5563911dUL, 0x59dfa6aaUL,
205 0x78c14389UL, 0xd95a537fUL, 0x207d5ba2UL, 0x02e5b9c5UL,
206 0x83260376UL, 0x6295cfa9UL,
207 0x11c81968UL, 0x4e734a41UL, 0xb3472dcaUL, 0x7b14a94aUL,
208 0x1b510052UL, 0x9a532915UL,
209 0xd60f573fUL, 0xbc9bc6e4UL, 0x2b60a476UL, 0x81e67400UL,
210 0x08ba6fb5UL, 0x571be91fUL,
211 0xf296ec6bUL, 0x2a0dd915UL, 0xb6636521UL, 0xe7b9f9b6UL,
212 0xff34052eUL, 0xc5855664UL,
213 0x53b02d5dUL, 0xa99f8fa1UL, 0x08ba4799UL, 0x6e85076aUL
214 };
215
216 uint32 ks1[] = {
217 0x4b7a70e9UL, 0xb5b32944UL, 0xdb75092eUL, 0xc4192623UL,
218 0xad6ea6b0UL, 0x49a7df7dUL,
219 0x9cee60b8UL, 0x8fedb266UL, 0xecaa8c71UL, 0x699a17ffUL,
220 0x5664526cUL, 0xc2b19ee1UL,
221 0x193602a5UL, 0x75094c29UL, 0xa0591340UL, 0xe4183a3eUL,
222 0x3f54989aUL, 0x5b429d65UL,
223 0x6b8fe4d6UL, 0x99f73fd6UL, 0xa1d29c07UL, 0xefe830f5UL,
224 0x4d2d38e6UL, 0xf0255dc1UL,
225 0x4cdd2086UL, 0x8470eb26UL, 0x6382e9c6UL, 0x021ecc5eUL,
226 0x09686b3fUL, 0x3ebaefc9UL,
227 0x3c971814UL, 0x6b6a70a1UL, 0x687f3584UL, 0x52a0e286UL,
228 0xb79c5305UL, 0xaa500737UL,
229 0x3e07841cUL, 0x7fdeae5cUL, 0x8e7d44ecUL, 0x5716f2b8UL,
230 0xb03ada37UL, 0xf0500c0dUL,
231 0xf01c1f04UL, 0x0200b3ffUL, 0xae0cf51aUL, 0x3cb574b2UL,
232 0x25837a58UL, 0xdc0921bdUL,
233 0xd19113f9UL, 0x7ca92ff6UL, 0x94324773UL, 0x22f54701UL,
234 0x3ae5e581UL, 0x37c2dadcUL,
235 0xc8b57634UL, 0x9af3dda7UL, 0xa9446146UL, 0x0fd0030eUL,
236 0xecc8c73eUL, 0xa4751e41UL,
237 0xe238cd99UL, 0x3bea0e2fUL, 0x3280bba1UL, 0x183eb331UL,
238 0x4e548b38UL, 0x4f6db908UL,
239 0x6f420d03UL, 0xf60a04bfUL, 0x2cb81290UL, 0x24977c79UL,
240 0x5679b072UL, 0xbcaf89afUL,
241 0xde9a771fUL, 0xd9930810UL, 0xb38bae12UL, 0xdccf3f2eUL,
242 0x5512721fUL, 0x2e6b7124UL,
243 0x501adde6UL, 0x9f84cd87UL, 0x7a584718UL, 0x7408da17UL,
244 0xbc9f9abcUL, 0xe94b7d8cUL,
245 0xec7aec3aUL, 0xdb851dfaUL, 0x63094366UL, 0xc464c3d2UL,
246 0xef1c1847UL, 0x3215d908UL,
247 0xdd433b37UL, 0x24c2ba16UL, 0x12a14d43UL, 0x2a65c451UL,
248 0x50940002UL, 0x133ae4ddUL,
249 0x71dff89eUL, 0x10314e55UL, 0x81ac77d6UL, 0x5f11199bUL,
250 0x043556f1UL, 0xd7a3c76bUL,
251 0x3c11183bUL, 0x5924a509UL, 0xf28fe6edUL, 0x97f1fbfaUL,
252 0x9ebabf2cUL, 0x1e153c6eUL,
253 0x86e34570UL, 0xeae96fb1UL, 0x860e5e0aUL, 0x5a3e2ab3UL,
254 0x771fe71cUL, 0x4e3d06faUL,
255 0x2965dcb9UL, 0x99e71d0fUL, 0x803e89d6UL, 0x5266c825UL,
256 0x2e4cc978UL, 0x9c10b36aUL,
257 0xc6150ebaUL, 0x94e2ea78UL, 0xa5fc3c53UL, 0x1e0a2df4UL,
258 0xf2f74ea7UL, 0x361d2b3dUL,
259 0x1939260fUL, 0x19c27960UL, 0x5223a708UL, 0xf71312b6UL,
260 0xebadfe6eUL, 0xeac31f66UL,
261 0xe3bc4595UL, 0xa67bc883UL, 0xb17f37d1UL, 0x018cff28UL,
262 0xc332ddefUL, 0xbe6c5aa5UL,
263 0x65582185UL, 0x68ab9802UL, 0xeecea50fUL, 0xdb2f953bUL,
264 0x2aef7dadUL, 0x5b6e2f84UL,
265 0x1521b628UL, 0x29076170UL, 0xecdd4775UL, 0x619f1510UL,
266 0x13cca830UL, 0xeb61bd96UL,
267 0x0334fe1eUL, 0xaa0363cfUL, 0xb5735c90UL, 0x4c70a239UL,
268 0xd59e9e0bUL, 0xcbaade14UL,
269 0xeecc86bcUL, 0x60622ca7UL, 0x9cab5cabUL, 0xb2f3846eUL,
270 0x648b1eafUL, 0x19bdf0caUL,
271 0xa02369b9UL, 0x655abb50UL, 0x40685a32UL, 0x3c2ab4b3UL,
272 0x319ee9d5UL, 0xc021b8f7UL,
273 0x9b540b19UL, 0x875fa099UL, 0x95f7997eUL, 0x623d7da8UL,
274 0xf837889aUL, 0x97e32d77UL,
275 0x11ed935fUL, 0x16681281UL, 0x0e358829UL, 0xc7e61fd6UL,
276 0x96dedfa1UL, 0x7858ba99UL,
277 0x57f584a5UL, 0x1b227263UL, 0x9b83c3ffUL, 0x1ac24696UL,
278 0xcdb30aebUL, 0x532e3054UL,
279 0x8fd948e4UL, 0x6dbc3128UL, 0x58ebf2efUL, 0x34c6ffeaUL,
280 0xfe28ed61UL, 0xee7c3c73UL,
281 0x5d4a14d9UL, 0xe864b7e3UL, 0x42105d14UL, 0x203e13e0UL,
282 0x45eee2b6UL, 0xa3aaabeaUL,
283 0xdb6c4f15UL, 0xfacb4fd0UL, 0xc742f442UL, 0xef6abbb5UL,
284 0x654f3b1dUL, 0x41cd2105UL,
285 0xd81e799eUL, 0x86854dc7UL, 0xe44b476aUL, 0x3d816250UL,
286 0xcf62a1f2UL, 0x5b8d2646UL,
287 0xfc8883a0UL, 0xc1c7b6a3UL, 0x7f1524c3UL, 0x69cb7492UL,
288 0x47848a0bUL, 0x5692b285UL,
289 0x095bbf00UL, 0xad19489dUL, 0x1462b174UL, 0x23820e00UL,
290 0x58428d2aUL, 0x0c55f5eaUL,
291 0x1dadf43eUL, 0x233f7061UL, 0x3372f092UL, 0x8d937e41UL,
292 0xd65fecf1UL, 0x6c223bdbUL,
293 0x7cde3759UL, 0xcbee7460UL, 0x4085f2a7UL, 0xce77326eUL,
294 0xa6078084UL, 0x19f8509eUL,
295 0xe8efd855UL, 0x61d99735UL, 0xa969a7aaUL, 0xc50c06c2UL,
296 0x5a04abfcUL, 0x800bcadcUL,
297 0x9e447a2eUL, 0xc3453484UL, 0xfdd56705UL, 0x0e1e9ec9UL,
298 0xdb73dbd3UL, 0x105588cdUL,
299 0x675fda79UL, 0xe3674340UL, 0xc5c43465UL, 0x713e38d8UL,
300 0x3d28f89eUL, 0xf16dff20UL,
301 0x153e21e7UL, 0x8fb03d4aUL, 0xe6e39f2bUL, 0xdb83adf7UL
302 };
303
304 uint32 ks2[] = {
305 0xe93d5a68UL, 0x948140f7UL, 0xf64c261cUL, 0x94692934UL,
306 0x411520f7UL, 0x7602d4f7UL,
307 0xbcf46b2eUL, 0xd4a20068UL, 0xd4082471UL, 0x3320f46aUL,
308 0x43b7d4b7UL, 0x500061afUL,
309 0x1e39f62eUL, 0x97244546UL, 0x14214f74UL, 0xbf8b8840UL,
310 0x4d95fc1dUL, 0x96b591afUL,
311 0x70f4ddd3UL, 0x66a02f45UL, 0xbfbc09ecUL, 0x03bd9785UL,
312 0x7fac6dd0UL, 0x31cb8504UL,
313 0x96eb27b3UL, 0x55fd3941UL, 0xda2547e6UL, 0xabca0a9aUL,
314 0x28507825UL, 0x530429f4UL,
315 0x0a2c86daUL, 0xe9b66dfbUL, 0x68dc1462UL, 0xd7486900UL,
316 0x680ec0a4UL, 0x27a18deeUL,
317 0x4f3ffea2UL, 0xe887ad8cUL, 0xb58ce006UL, 0x7af4d6b6UL,
318 0xaace1e7cUL, 0xd3375fecUL,
319 0xce78a399UL, 0x406b2a42UL, 0x20fe9e35UL, 0xd9f385b9UL,
320 0xee39d7abUL, 0x3b124e8bUL,
321 0x1dc9faf7UL, 0x4b6d1856UL, 0x26a36631UL, 0xeae397b2UL,
322 0x3a6efa74UL, 0xdd5b4332UL,
323 0x6841e7f7UL, 0xca7820fbUL, 0xfb0af54eUL, 0xd8feb397UL,
324 0x454056acUL, 0xba489527UL,
325 0x55533a3aUL, 0x20838d87UL, 0xfe6ba9b7UL, 0xd096954bUL,
326 0x55a867bcUL, 0xa1159a58UL,
327 0xcca92963UL, 0x99e1db33UL, 0xa62a4a56UL, 0x3f3125f9UL,
328 0x5ef47e1cUL, 0x9029317cUL,
329 0xfdf8e802UL, 0x04272f70UL, 0x80bb155cUL, 0x05282ce3UL,
330 0x95c11548UL, 0xe4c66d22UL,
331 0x48c1133fUL, 0xc70f86dcUL, 0x07f9c9eeUL, 0x41041f0fUL,
332 0x404779a4UL, 0x5d886e17UL,
333 0x325f51ebUL, 0xd59bc0d1UL, 0xf2bcc18fUL, 0x41113564UL,
334 0x257b7834UL, 0x602a9c60UL,
335 0xdff8e8a3UL, 0x1f636c1bUL, 0x0e12b4c2UL, 0x02e1329eUL,
336 0xaf664fd1UL, 0xcad18115UL,
337 0x6b2395e0UL, 0x333e92e1UL, 0x3b240b62UL, 0xeebeb922UL,
338 0x85b2a20eUL, 0xe6ba0d99UL,
339 0xde720c8cUL, 0x2da2f728UL, 0xd0127845UL, 0x95b794fdUL,
340 0x647d0862UL, 0xe7ccf5f0UL,
341 0x5449a36fUL, 0x877d48faUL, 0xc39dfd27UL, 0xf33e8d1eUL,
342 0x0a476341UL, 0x992eff74UL,
343 0x3a6f6eabUL, 0xf4f8fd37UL, 0xa812dc60UL, 0xa1ebddf8UL,
344 0x991be14cUL, 0xdb6e6b0dUL,
345 0xc67b5510UL, 0x6d672c37UL, 0x2765d43bUL, 0xdcd0e804UL,
346 0xf1290dc7UL, 0xcc00ffa3UL,
347 0xb5390f92UL, 0x690fed0bUL, 0x667b9ffbUL, 0xcedb7d9cUL,
348 0xa091cf0bUL, 0xd9155ea3UL,
349 0xbb132f88UL, 0x515bad24UL, 0x7b9479bfUL, 0x763bd6ebUL,
350 0x37392eb3UL, 0xcc115979UL,
351 0x8026e297UL, 0xf42e312dUL, 0x6842ada7UL, 0xc66a2b3bUL,
352 0x12754cccUL, 0x782ef11cUL,
353 0x6a124237UL, 0xb79251e7UL, 0x06a1bbe6UL, 0x4bfb6350UL,
354 0x1a6b1018UL, 0x11caedfaUL,
355 0x3d25bdd8UL, 0xe2e1c3c9UL, 0x44421659UL, 0x0a121386UL,
356 0xd90cec6eUL, 0xd5abea2aUL,
357 0x64af674eUL, 0xda86a85fUL, 0xbebfe988UL, 0x64e4c3feUL,
358 0x9dbc8057UL, 0xf0f7c086UL,
359 0x60787bf8UL, 0x6003604dUL, 0xd1fd8346UL, 0xf6381fb0UL,
360 0x7745ae04UL, 0xd736fcccUL,
361 0x83426b33UL, 0xf01eab71UL, 0xb0804187UL, 0x3c005e5fUL,
362 0x77a057beUL, 0xbde8ae24UL,
363 0x55464299UL, 0xbf582e61UL, 0x4e58f48fUL, 0xf2ddfda2UL,
364 0xf474ef38UL, 0x8789bdc2UL,
365 0x5366f9c3UL, 0xc8b38e74UL, 0xb475f255UL, 0x46fcd9b9UL,
366 0x7aeb2661UL, 0x8b1ddf84UL,
367 0x846a0e79UL, 0x915f95e2UL, 0x466e598eUL, 0x20b45770UL,
368 0x8cd55591UL, 0xc902de4cUL,
369 0xb90bace1UL, 0xbb8205d0UL, 0x11a86248UL, 0x7574a99eUL,
370 0xb77f19b6UL, 0xe0a9dc09UL,
371 0x662d09a1UL, 0xc4324633UL, 0xe85a1f02UL, 0x09f0be8cUL,
372 0x4a99a025UL, 0x1d6efe10UL,
373 0x1ab93d1dUL, 0x0ba5a4dfUL, 0xa186f20fUL, 0x2868f169UL,
374 0xdcb7da83UL, 0x573906feUL,
375 0xa1e2ce9bUL, 0x4fcd7f52UL, 0x50115e01UL, 0xa70683faUL,
376 0xa002b5c4UL, 0x0de6d027UL,
377 0x9af88c27UL, 0x773f8641UL, 0xc3604c06UL, 0x61a806b5UL,
378 0xf0177a28UL, 0xc0f586e0UL,
379 0x006058aaUL, 0x30dc7d62UL, 0x11e69ed7UL, 0x2338ea63UL,
380 0x53c2dd94UL, 0xc2c21634UL,
381 0xbbcbee56UL, 0x90bcb6deUL, 0xebfc7da1UL, 0xce591d76UL,
382 0x6f05e409UL, 0x4b7c0188UL,
383 0x39720a3dUL, 0x7c927c24UL, 0x86e3725fUL, 0x724d9db9UL,
384 0x1ac15bb4UL, 0xd39eb8fcUL,
385 0xed545578UL, 0x08fca5b5UL, 0xd83d7cd3UL, 0x4dad0fc4UL,
386 0x1e50ef5eUL, 0xb161e6f8UL,
387 0xa28514d9UL, 0x6c51133cUL, 0x6fd5c7e7UL, 0x56e14ec4UL,
388 0x362abfceUL, 0xddc6c837UL,
389 0xd79a3234UL, 0x92638212UL, 0x670efa8eUL, 0x406000e0UL
390 };
391
392 uint32 ks3[] = {
393 0x3a39ce37UL, 0xd3faf5cfUL, 0xabc27737UL, 0x5ac52d1bUL,
394 0x5cb0679eUL, 0x4fa33742UL,
395 0xd3822740UL, 0x99bc9bbeUL, 0xd5118e9dUL, 0xbf0f7315UL,
396 0xd62d1c7eUL, 0xc700c47bUL,
397 0xb78c1b6bUL, 0x21a19045UL, 0xb26eb1beUL, 0x6a366eb4UL,
398 0x5748ab2fUL, 0xbc946e79UL,
399 0xc6a376d2UL, 0x6549c2c8UL, 0x530ff8eeUL, 0x468dde7dUL,
400 0xd5730a1dUL, 0x4cd04dc6UL,
401 0x2939bbdbUL, 0xa9ba4650UL, 0xac9526e8UL, 0xbe5ee304UL,
402 0xa1fad5f0UL, 0x6a2d519aUL,
403 0x63ef8ce2UL, 0x9a86ee22UL, 0xc089c2b8UL, 0x43242ef6UL,
404 0xa51e03aaUL, 0x9cf2d0a4UL,
405 0x83c061baUL, 0x9be96a4dUL, 0x8fe51550UL, 0xba645bd6UL,
406 0x2826a2f9UL, 0xa73a3ae1UL,
407 0x4ba99586UL, 0xef5562e9UL, 0xc72fefd3UL, 0xf752f7daUL,
408 0x3f046f69UL, 0x77fa0a59UL,
409 0x80e4a915UL, 0x87b08601UL, 0x9b09e6adUL, 0x3b3ee593UL,
410 0xe990fd5aUL, 0x9e34d797UL,
411 0x2cf0b7d9UL, 0x022b8b51UL, 0x96d5ac3aUL, 0x017da67dUL,
412 0xd1cf3ed6UL, 0x7c7d2d28UL,
413 0x1f9f25cfUL, 0xadf2b89bUL, 0x5ad6b472UL, 0x5a88f54cUL,
414 0xe029ac71UL, 0xe019a5e6UL,
415 0x47b0acfdUL, 0xed93fa9bUL, 0xe8d3c48dUL, 0x283b57ccUL,
416 0xf8d56629UL, 0x79132e28UL,
417 0x785f0191UL, 0xed756055UL, 0xf7960e44UL, 0xe3d35e8cUL,
418 0x15056dd4UL, 0x88f46dbaUL,
419 0x03a16125UL, 0x0564f0bdUL, 0xc3eb9e15UL, 0x3c9057a2UL,
420 0x97271aecUL, 0xa93a072aUL,
421 0x1b3f6d9bUL, 0x1e6321f5UL, 0xf59c66fbUL, 0x26dcf319UL,
422 0x7533d928UL, 0xb155fdf5UL,
423 0x03563482UL, 0x8aba3cbbUL, 0x28517711UL, 0xc20ad9f8UL,
424 0xabcc5167UL, 0xccad925fUL,
425 0x4de81751UL, 0x3830dc8eUL, 0x379d5862UL, 0x9320f991UL,
426 0xea7a90c2UL, 0xfb3e7bceUL,
427 0x5121ce64UL, 0x774fbe32UL, 0xa8b6e37eUL, 0xc3293d46UL,
428 0x48de5369UL, 0x6413e680UL,
429 0xa2ae0810UL, 0xdd6db224UL, 0x69852dfdUL, 0x09072166UL,
430 0xb39a460aUL, 0x6445c0ddUL,
431 0x586cdecfUL, 0x1c20c8aeUL, 0x5bbef7ddUL, 0x1b588d40UL,
432 0xccd2017fUL, 0x6bb4e3bbUL,
433 0xdda26a7eUL, 0x3a59ff45UL, 0x3e350a44UL, 0xbcb4cdd5UL,
434 0x72eacea8UL, 0xfa6484bbUL,
435 0x8d6612aeUL, 0xbf3c6f47UL, 0xd29be463UL, 0x542f5d9eUL,
436 0xaec2771bUL, 0xf64e6370UL,
437 0x740e0d8dUL, 0xe75b1357UL, 0xf8721671UL, 0xaf537d5dUL,
438 0x4040cb08UL, 0x4eb4e2ccUL,
439 0x34d2466aUL, 0x0115af84UL, 0xe1b00428UL, 0x95983a1dUL,
440 0x06b89fb4UL, 0xce6ea048UL,
441 0x6f3f3b82UL, 0x3520ab82UL, 0x011a1d4bUL, 0x277227f8UL,
442 0x611560b1UL, 0xe7933fdcUL,
443 0xbb3a792bUL, 0x344525bdUL, 0xa08839e1UL, 0x51ce794bUL,
444 0x2f32c9b7UL, 0xa01fbac9UL,
445 0xe01cc87eUL, 0xbcc7d1f6UL, 0xcf0111c3UL, 0xa1e8aac7UL,
446 0x1a908749UL, 0xd44fbd9aUL,
447 0xd0dadecbUL, 0xd50ada38UL, 0x0339c32aUL, 0xc6913667UL,
448 0x8df9317cUL, 0xe0b12b4fUL,
449 0xf79e59b7UL, 0x43f5bb3aUL, 0xf2d519ffUL, 0x27d9459cUL,
450 0xbf97222cUL, 0x15e6fc2aUL,
451 0x0f91fc71UL, 0x9b941525UL, 0xfae59361UL, 0xceb69cebUL,
452 0xc2a86459UL, 0x12baa8d1UL,
453 0xb6c1075eUL, 0xe3056a0cUL, 0x10d25065UL, 0xcb03a442UL,
454 0xe0ec6e0eUL, 0x1698db3bUL,
455 0x4c98a0beUL, 0x3278e964UL, 0x9f1f9532UL, 0xe0d392dfUL,
456 0xd3a0342bUL, 0x8971f21eUL,
457 0x1b0a7441UL, 0x4ba3348cUL, 0xc5be7120UL, 0xc37632d8UL,
458 0xdf359f8dUL, 0x9b992f2eUL,
459 0xe60b6f47UL, 0x0fe3f11dUL, 0xe54cda54UL, 0x1edad891UL,
460 0xce6279cfUL, 0xcd3e7e6fUL,
461 0x1618b166UL, 0xfd2c1d05UL, 0x848fd2c5UL, 0xf6fb2299UL,
462 0xf523f357UL, 0xa6327623UL,
463 0x93a83531UL, 0x56cccd02UL, 0xacf08162UL, 0x5a75ebb5UL,
464 0x6e163697UL, 0x88d273ccUL,
465 0xde966292UL, 0x81b949d0UL, 0x4c50901bUL, 0x71c65614UL,
466 0xe6c6c7bdUL, 0x327a140aUL,
467 0x45e1d006UL, 0xc3f27b9aUL, 0xc9aa53fdUL, 0x62a80f00UL,
468 0xbb25bfe2UL, 0x35bdd2f6UL,
469 0x71126905UL, 0xb2040222UL, 0xb6cbcf7cUL, 0xcd769c2bUL,
470 0x53113ec0UL, 0x1640e3d3UL,
471 0x38abbd60UL, 0x2547adf0UL, 0xba38209cUL, 0xf746ce76UL,
472 0x77afa1c5UL, 0x20756060UL,
473 0x85cbfe4eUL, 0x8ae88dd8UL, 0x7aaaf9b0UL, 0x4cf9aa7eUL,
474 0x1948c25cUL, 0x02fb8a8cUL,
475 0x01c36ae4UL, 0xd6ebe1f9UL, 0x90d4f869UL, 0xa65cdea0UL,
476 0x3f09252dUL, 0xc208e69fUL,
477 0xb74e6132UL, 0xce77e25bUL, 0x578fdfe3UL, 0x3ac372e6UL
478 };
479
480
481 uint32 pi[] = {
482 0x243f6a88UL, 0x85a308d3UL, 0x13198a2eUL, 0x03707344UL,
483 0xa4093822UL, 0x299f31d0UL,
484 0x082efa98UL, 0xec4e6c89UL, 0x452821e6UL, 0x38d01377UL,
485 0xbe5466cfUL, 0x34e90c6cUL,
486 0xc0ac29b7UL, 0xc97c50ddUL, 0x3f84d5b5UL, 0xb5470917UL,
487 0x9216d5d9UL, 0x8979fb1bUL
488 };
489
490
491 /* Initialize s-boxes without file read. */
492 for (i = 0; i < 256; i++) {
493 c->S[0][i] = ks0[i];
494 c->S[1][i] = ks1[i];
495 c->S[2][i] = ks2[i];
496 c->S[3][i] = ks3[i];
497 }
498
499 /* P-boxes */
500 for (i = 0; i < 18; i++) {
501 c->P[i] = pi[i];
502 }
503 return 0;
504 }
505
506 static short _blf_ExpandKey(blf_ctx * c, const uint8 * key, short keybytes,
507 const uint8 * bsalt)
508 {
509 short i, j;
510 int k;
511 uint32 data, temp[2];
512 uint32 wsalt[4];
513
514 if (bsalt != NULL) {
515 wsalt[0] = 0x00000000;
516 wsalt[1] = 0x00000000;
517 wsalt[2] = 0x00000000;
518 wsalt[3] = 0x00000000;
519 for (i = 0; i < 4; i++) {
520 wsalt[0] = (wsalt[0] << 8) | bsalt[i];
521 wsalt[1] = (wsalt[1] << 8) | bsalt[i + 4];
522 wsalt[2] = (wsalt[2] << 8) | bsalt[i + 8];
523 wsalt[3] = (wsalt[3] << 8) | bsalt[i + 12];
524 }
525 }
526
527 temp[0] = temp[1] = 0x00000000;
528
529 j = 0;
530 /* Step 1: XOR the Pbox with the key */
531 for (i = 0; i < BF_N + 2; i++) {
532 data = 0x00000000;
533 data = (data << 8) | key[(j) % keybytes];
534 data = (data << 8) | key[(j + 1) % keybytes];
535 data = (data << 8) | key[(j + 2) % keybytes];
536 data = (data << 8) | key[(j + 3) % keybytes];
537
538 c->P[i] ^= data;
539 j = (j + 4) % keybytes;
540 }
541
542 k = 2; /* This should be 0 ??? */
543 /* Step 2: Use the salt on Pbox */
544 for (i = 0; i < BF_N + 2; i += 2) {
545 if (bsalt != NULL) {
546 temp[0] ^= wsalt[(k + 2) % 4];
547 temp[1] ^= wsalt[(k + 3) % 4];
548 k = (k + 2) % 4;
549 }
550 enblf_noswap(c, temp);
551 c->P[i] = temp[0];
552 c->P[i + 1] = temp[1];
553 }
554
555 for (i = 0; i < 4; i++) {
556 for (j = 0; j < 256; j += 2) {
557 if (bsalt != NULL) {
558 temp[0] ^= wsalt[(k + 2) % 4];
559 temp[1] ^= wsalt[(k + 3) % 4];
560 k = (k + 2) % 4;
561 }
562 enblf_noswap(c, temp);
563 c->S[i][j] = temp[0];
564 c->S[i][j + 1] = temp[1];
565
566 }
567 }
568 return 0;
569 }
570
571
572
573
574 static blf_ctx *_blf_init(uint8 * salt, const char *key, int key_len,
575 int cost)
576 {
577 blf_ctx *state = gnutls_malloc(sizeof(blf_ctx));
578 uint32 i, rcost;
579
580 if (state==NULL)
581 return NULL;
582
583 rcost = (uint32) 1 << cost; /* 2^cost */
584
585 initialize_blowfish(state);
586 _blf_ExpandKey(state, (uint8 *) key, key_len, salt);
587 for (i = 0; i < rcost; i++) {
588 /* these should have been in reverse order */
589 _blf_ExpandKey(state, (uint8 *) key, key_len, NULL);
590 _blf_ExpandKey(state, salt, 16, NULL);
591 }
592 return state;
593 }
594
595 static void _blf_deinit(blf_ctx * ctx)
596 {
597 gnutls_free(ctx);
598 }
599 static const char magic[] = "$2$";
600
601 #define B64TEXT "OrpheanBeholderScryDoubt"
602
603 char *crypt_bcrypt(const char* username, const char *passwd, const char *salt, GNUTLS_MPI g, GNUTLS_MPI n)
604 {
605 unsigned char *sp, *spe;
606 blf_ctx *ctx;
607 unsigned char text[24];
608 uint8 *csalt;
609 uint8 *rtext;
610 uint8 cost;
611 int i, salt_size = strlen(salt);
612 size_t len;
613 unsigned char *local_salt, *v;
614 int passwd_len, vsize, tmpsize;
615 opaque *tmp;
616
617 /* copy username+null+B64TEXT to text */
618 strncpy( text, username, sizeof(text));
619 if ( ( sizeof(text)-strlen(username) - 1 ) > 0)
620 strncpy( &text[strlen(username)+1], B64TEXT, sizeof(text)-strlen(username)-1);
621
622 passwd_len = strlen(passwd) + 1; /* we want the null also */
623 if (passwd_len > 56)
624 passwd_len = 56;
625
626 local_salt = gnutls_malloc(salt_size + 1);
627 if (local_salt==NULL) {
628 gnutls_assert();
629 return NULL;
630 }
631 strcpy((char *) local_salt, salt); /* Flawfinder: ignore */
632
633 sp = index( local_salt, ':'); /* move to salt - after verifier */
634 if (sp==NULL) {
635 gnutls_assert();
636 return NULL;
637 }
638 sp++;
639
640 spe = rindex(sp, ':');
641 if (spe == NULL) { /* no ':' was found */
642 len = strlen(sp);
643 } else
644 len = (unsigned long int)spe - (unsigned long int)sp;
645
646 if (_gnutls_sbase64_decode(sp, len, &csalt) < 0) {
647 gnutls_assert();
648 return NULL;
649 }
650
651 cost = (int) csalt[0];
652 ctx = _blf_init(&csalt[1], passwd, passwd_len, cost);
653 gnutls_free(csalt);
654
655 if (ctx==NULL) {
656 return NULL;
657 }
658
659 for (i = 0; i < 64; i++) {
660 _blf_encrypt(ctx, (uint8 *) text);
661 _blf_encrypt(ctx, (uint8 *) & text[8]);
662 _blf_encrypt(ctx, (uint8 *) & text[16]);
663 }
664
665 /* v = g^x mod n */
666 vsize = _gnutls_srp_gx(text, 8 * 3, &v, g, n);
667 if (vsize == -1 || v == NULL) {
668 gnutls_assert();
669 return NULL;
670 }
671
672 if (_gnutls_sbase64_encode(v, vsize, &rtext) < 0) {
673 gnutls_free(v);
674 gnutls_assert();
675 return NULL;
676 }
677 gnutls_free(v);
678
679 tmpsize = strlen(magic) + 3 + strlen(sp) + 1 + strlen(rtext) + 1;
680 tmp =
681 gnutls_malloc( tmpsize);
682 if (tmp==NULL) {
683 gnutls_assert();
684 return NULL;
685 }
686
687 sprintf(tmp, "%s%s:%s", magic, rtext, sp); /* Flawfinder: ignore */
688
689 gnutls_free(local_salt);
690 gnutls_free(rtext);
691
692 _blf_deinit(ctx);
693 return tmp;
694 }
695
696 /* cost is stored as the first byte in salt (thus < 255) which is
697 * just fine!
698 */
699 char *crypt_bcrypt_wrapper(const char* username, const char *pass_new, int cost, GNUTLS_MPI g, GNUTLS_MPI n)
700 {
701 opaque *result;
702 char *tcp;
703 uint8 rand[17];
704 char *e = NULL;
705 int result_size;
706
707 if (_gnutls_get_random(&rand[1], 17, GNUTLS_WEAK_RANDOM) < 0 ) {
708 gnutls_assert();
709 return NULL;
710 }
711 /* cost should be <32 and >6 */
712 if (cost >= 32)
713 cost = 31;
714 if (cost < 1)
715 cost = 1;
716
717 rand[0] = (uint8) cost;
718 result_size = _gnutls_sbase64_encode( rand, 17, &result);
719
720 if (result_size < 0) {
721 gnutls_assert();
722 return NULL;
723 }
724
725 tcp = gnutls_calloc(1, 1 + result_size + 1);
726 sprintf(tcp, ":%s", result); /* Flawfinder: ignore */
727
728 gnutls_free(result);
729
730
731 e = crypt_bcrypt(username, pass_new, (const char *) tcp, g, n);
732 gnutls_free(tcp);
733
734 return e;
735 }
736
737 #define BCRYPT_SIZE 24
738 int _gnutls_calc_srp_bcrypt(const char* username, const char *passwd, opaque * salt, int salt_size, int* size, void* digest)
739 {
740 blf_ctx *ctx;
741 opaque text[BCRYPT_SIZE];
742 int passwd_len, i;
743
744 strncpy( text, username, sizeof(text));
745 if ( (sizeof(text)-strlen(username)-1) > 0)
746 strncpy( &text[strlen(username)+1], B64TEXT, sizeof(text)-strlen(username)-1);
747
748 *size = sizeof(text);
749
750 /* we need 16 + cost */
751 if (salt_size < 17) return -1;
752
753 passwd_len = strlen(passwd) + 1; /* we want the null also */
754 if (passwd_len > 56)
755 passwd_len = 56;
756
757 ctx = _blf_init(&salt[1], passwd, passwd_len, (int)(salt[0]));
758 if (ctx==NULL) {
759 return GNUTLS_E_MEMORY_ERROR;
760 }
761
762 for (i = 0; i < 64; i++) {
763 _blf_encrypt(ctx, (uint8 *) text);
764 _blf_encrypt(ctx, (uint8 *) & text[8]);
765 _blf_encrypt(ctx, (uint8 *) & text[16]);
766 }
767
768 _blf_deinit(ctx);
769
770 memcpy( digest, text, BCRYPT_SIZE);
771 return 0;
772 }
773
774 #endif /* ENABLE_SRP */
Implementation of the SSL/TLS protocol