diff options
Diffstat (limited to 'lib/libcrypt')
| -rw-r--r-- | lib/libcrypt/Makefile | 53 | ||||
| -rw-r--r-- | lib/libcrypt/Makefile.depend | 16 | ||||
| -rw-r--r-- | lib/libcrypt/crypt-md5.c | 147 | ||||
| -rw-r--r-- | lib/libcrypt/crypt-nthash.c | 80 | ||||
| -rw-r--r-- | lib/libcrypt/crypt-sha256.c | 423 | ||||
| -rw-r--r-- | lib/libcrypt/crypt-sha512.c | 446 | ||||
| -rw-r--r-- | lib/libcrypt/crypt.3 | 325 | ||||
| -rw-r--r-- | lib/libcrypt/crypt.c | 138 | ||||
| -rw-r--r-- | lib/libcrypt/crypt.h | 43 | ||||
| -rw-r--r-- | lib/libcrypt/libcrypt.aldscript | 1 | ||||
| -rw-r--r-- | lib/libcrypt/libcrypt.ldscript | 1 | ||||
| -rw-r--r-- | lib/libcrypt/misc.c | 60 | ||||
| -rw-r--r-- | lib/libcrypt/tests/Makefile | 10 | ||||
| -rw-r--r-- | lib/libcrypt/tests/Makefile.depend | 19 | ||||
| -rw-r--r-- | lib/libcrypt/tests/crypt_tests.c | 52 |
15 files changed, 1814 insertions, 0 deletions
diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile new file mode 100644 index 000000000000..2580c398155e --- /dev/null +++ b/lib/libcrypt/Makefile @@ -0,0 +1,53 @@ +SHLIBDIR?= /lib + +.include <src.opts.mk> + +PACKAGE= runtime + +SHLIB_MAJOR= 5 +LIB= crypt + +SRCS= crypt.c misc.c \ + crypt-md5.c \ + crypt-nthash.c \ + crypt-sha256.c \ + crypt-sha512.c +MAN= crypt.3 +MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_r.3 \ + crypt.3 crypt_set_format.3 +CFLAGS+= -I${SRCTOP}/lib/libmd \ + -I${SRCTOP}/sys/crypto/sha2 + +# Pull in the strong crypto, if it is present. +.if exists(${SRCTOP}/secure/lib/libcrypt) && ${MK_CRYPT} != "no" +.PATH: ${SRCTOP}/secure/lib/libcrypt +SRCS+= crypt-des.c crypt-blowfish.c blowfish.c +CFLAGS+= -I${.CURDIR} -DHAS_DES -DHAS_BLOWFISH +.endif + +WARNS?= 2 + +PRECIOUSLIB= + +HAS_TESTS= +SUBDIR.${MK_TESTS}+= tests + +LIBADD+= md +SHLIB_LDSCRIPT= libcrypt.ldscript +STATIC_LDSCRIPT= libcrypt.aldscript +CLEANFILES+= libcrypt.ald + +libcrypt.ald: ${.CURDIR}/${STATIC_LDSCRIPT} + sed -e 's,@@LIB@@,${LIB},g' \ + -e 's,@@STATICLIB_SUFFIX@@,${_STATICLIB_SUFFIX},g' \ + ${.ALLSRC} > ${.TARGET} + +all: ${STATIC_LDSCRIPT} libcrypt.ald + +install-libcrypt.a: libcrypt.ald + ${INSTALL} ${DEV_TAG_ARGS} -S -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ + ${_INSTALLFLAGS} libcrypt.ald ${DESTDIR}${_LIBDIR}/lib${LIB}.a + +realinstall: install-libcrypt.a + +.include <bsd.lib.mk> diff --git a/lib/libcrypt/Makefile.depend b/lib/libcrypt/Makefile.depend new file mode 100644 index 000000000000..344a5d0e9310 --- /dev/null +++ b/lib/libcrypt/Makefile.depend @@ -0,0 +1,16 @@ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + include \ + include/arpa \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/libc \ + lib/libcompiler_rt \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/lib/libcrypt/crypt-md5.c b/lib/libcrypt/crypt-md5.c new file mode 100644 index 000000000000..609fbbf67b77 --- /dev/null +++ b/lib/libcrypt/crypt-md5.c @@ -0,0 +1,147 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2003 Poul-Henning Kamp + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/types.h> + +#include <err.h> +#include <md5.h> +#include <stdio.h> +#include <string.h> +#include <strings.h> +#include <unistd.h> + +#include "crypt.h" + +/* + * UNIX password + */ + +int +crypt_md5(const char *pw, const char *salt, char *buffer) +{ + MD5_CTX ctx,ctx1; + unsigned long l; + int sl, pl; + u_int i; + u_char final[MD5_SIZE]; + const char *ep; + static const char *magic = "$1$"; + + /* If the salt starts with the magic string, skip that. */ + if (!strncmp(salt, magic, strlen(magic))) + salt += strlen(magic); + + /* It stops at the first '$', max 8 chars */ + for (ep = salt; *ep && *ep != '$' && ep < salt + 8; ep++) + continue; + + /* get the length of the true salt */ + sl = ep - salt; + + MD5Init(&ctx); + + /* The password first, since that is what is most unknown */ + MD5Update(&ctx, (const u_char *)pw, strlen(pw)); + + /* Then our magic string */ + MD5Update(&ctx, (const u_char *)magic, strlen(magic)); + + /* Then the raw salt */ + MD5Update(&ctx, (const u_char *)salt, (u_int)sl); + + /* Then just as many characters of the MD5(pw,salt,pw) */ + MD5Init(&ctx1); + MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); + MD5Update(&ctx1, (const u_char *)salt, (u_int)sl); + MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); + MD5Final(final, &ctx1); + for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE) + MD5Update(&ctx, (const u_char *)final, + (u_int)(pl > MD5_SIZE ? MD5_SIZE : pl)); + + /* Don't leave anything around in vm they could use. */ + explicit_bzero(final, sizeof(final)); + + /* Then something really weird... */ + for (i = strlen(pw); i; i >>= 1) + if(i & 1) + MD5Update(&ctx, (const u_char *)final, 1); + else + MD5Update(&ctx, (const u_char *)pw, 1); + + /* Now make the output string */ + buffer = stpcpy(buffer, magic); + buffer = stpncpy(buffer, salt, (u_int)sl); + *buffer++ = '$'; + + MD5Final(final, &ctx); + + /* + * and now, just to make sure things don't run too fast + * On a 60 Mhz Pentium this takes 34 msec, so you would + * need 30 seconds to build a 1000 entry dictionary... + */ + for(i = 0; i < 1000; i++) { + MD5Init(&ctx1); + if(i & 1) + MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); + else + MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); + + if(i % 3) + MD5Update(&ctx1, (const u_char *)salt, (u_int)sl); + + if(i % 7) + MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); + + if(i & 1) + MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); + else + MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); + MD5Final(final, &ctx1); + } + + l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; + _crypt_to64(buffer, l, 4); buffer += 4; + l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; + _crypt_to64(buffer, l, 4); buffer += 4; + l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; + _crypt_to64(buffer, l, 4); buffer += 4; + l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; + _crypt_to64(buffer, l, 4); buffer += 4; + l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; + _crypt_to64(buffer, l, 4); buffer += 4; + l = final[11]; + _crypt_to64(buffer, l, 2); buffer += 2; + *buffer = '\0'; + + /* Don't leave anything around in vm they could use. */ + explicit_bzero(final, sizeof(final)); + + return (0); +} diff --git a/lib/libcrypt/crypt-nthash.c b/lib/libcrypt/crypt-nthash.c new file mode 100644 index 000000000000..774fe3437c25 --- /dev/null +++ b/lib/libcrypt/crypt-nthash.c @@ -0,0 +1,80 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2003 Michael Bretterklieber + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/types.h> + +#include <netinet/in.h> + +#include <ctype.h> +#include <err.h> +#include <md4.h> +#include <stdarg.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> + +#include "crypt.h" + +/* + * NT HASH = md4(str2unicode(pw)) + */ + +/* ARGSUSED */ +int +crypt_nthash(const char *pw, const char *salt __unused, char *buffer) +{ + size_t unipwLen; + int i; + static const char hexconvtab[] = "0123456789abcdef"; + static const char *magic = "$3$"; + u_int16_t unipw[128]; + u_char hash[MD4_SIZE]; + const char *s; + MD4_CTX ctx; + + bzero(unipw, sizeof(unipw)); + /* convert to unicode (thanx Archie) */ + unipwLen = 0; + for (s = pw; unipwLen < sizeof(unipw) / 2 && *s; s++) + unipw[unipwLen++] = htons(*s << 8); + + /* Compute MD4 of Unicode password */ + MD4Init(&ctx); + MD4Update(&ctx, (u_char *)unipw, unipwLen*sizeof(u_int16_t)); + MD4Final(hash, &ctx); + + buffer = stpcpy(buffer, magic); + *buffer++ = '$'; + for (i = 0; i < MD4_SIZE; i++) { + *buffer++ = hexconvtab[hash[i] >> 4]; + *buffer++ = hexconvtab[hash[i] & 15]; + } + *buffer = '\0'; + + return (0); +} diff --git a/lib/libcrypt/crypt-sha256.c b/lib/libcrypt/crypt-sha256.c new file mode 100644 index 000000000000..6da1d518b12d --- /dev/null +++ b/lib/libcrypt/crypt-sha256.c @@ -0,0 +1,423 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2011 The FreeBSD Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* Based on: + * SHA256-based Unix crypt implementation. Released into the Public Domain by + * Ulrich Drepper <drepper@redhat.com>. */ + +#include <sys/cdefs.h> +#include <sys/endian.h> +#include <sys/param.h> + +#include <errno.h> +#include <limits.h> +#include <sha256.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <strings.h> + +#include "crypt.h" + +/* Define our magic string to mark salt for SHA256 "encryption" replacement. */ +static const char sha256_salt_prefix[] = "$5$"; + +/* Prefix for optional rounds specification. */ +static const char sha256_rounds_prefix[] = "rounds="; + +/* Maximum salt string length. */ +#define SALT_LEN_MAX 16 +/* Default number of rounds if not explicitly specified. */ +#define ROUNDS_DEFAULT 5000 +/* Minimum number of rounds. */ +#define ROUNDS_MIN 1000 +/* Maximum number of rounds. */ +#define ROUNDS_MAX 999999999 + +int +crypt_sha256(const char *key, const char *salt, char *buffer) +{ + u_long srounds; + uint8_t alt_result[32], temp_result[32]; + SHA256_CTX ctx, alt_ctx; + size_t salt_len, key_len, cnt, rounds; + char *cp, *p_bytes, *s_bytes, *endp; + const char *num; + bool rounds_custom; + + /* Default number of rounds. */ + rounds = ROUNDS_DEFAULT; + rounds_custom = false; + + /* Find beginning of salt string. The prefix should normally always + * be present. Just in case it is not. */ + if (strncmp(sha256_salt_prefix, salt, sizeof(sha256_salt_prefix) - 1) == 0) + /* Skip salt prefix. */ + salt += sizeof(sha256_salt_prefix) - 1; + + if (strncmp(salt, sha256_rounds_prefix, sizeof(sha256_rounds_prefix) - 1) + == 0) { + num = salt + sizeof(sha256_rounds_prefix) - 1; + srounds = strtoul(num, &endp, 10); + + if (*endp == '$') { + salt = endp + 1; + rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX)); + rounds_custom = true; + } + } + + salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX); + key_len = strlen(key); + + /* Prepare for the real work. */ + SHA256_Init(&ctx); + + /* Add the key string. */ + SHA256_Update(&ctx, key, key_len); + + /* The last part is the salt string. This must be at most 8 + * characters and it ends at the first `$' character (for + * compatibility with existing implementations). */ + SHA256_Update(&ctx, salt, salt_len); + + /* Compute alternate SHA256 sum with input KEY, SALT, and KEY. The + * final result will be added to the first context. */ + SHA256_Init(&alt_ctx); + + /* Add key. */ + SHA256_Update(&alt_ctx, key, key_len); + + /* Add salt. */ + SHA256_Update(&alt_ctx, salt, salt_len); + + /* Add key again. */ + SHA256_Update(&alt_ctx, key, key_len); + + /* Now get result of this (32 bytes) and add it to the other context. */ + SHA256_Final(alt_result, &alt_ctx); + + /* Add for any character in the key one byte of the alternate sum. */ + for (cnt = key_len; cnt > 32; cnt -= 32) + SHA256_Update(&ctx, alt_result, 32); + SHA256_Update(&ctx, alt_result, cnt); + + /* Take the binary representation of the length of the key and for + * every 1 add the alternate sum, for every 0 the key. */ + for (cnt = key_len; cnt > 0; cnt >>= 1) + if ((cnt & 1) != 0) + SHA256_Update(&ctx, alt_result, 32); + else + SHA256_Update(&ctx, key, key_len); + + /* Create intermediate result. */ + SHA256_Final(alt_result, &ctx); + + /* Start computation of P byte sequence. */ + SHA256_Init(&alt_ctx); + + /* For every character in the password add the entire password. */ + for (cnt = 0; cnt < key_len; ++cnt) + SHA256_Update(&alt_ctx, key, key_len); + + /* Finish the digest. */ + SHA256_Final(temp_result, &alt_ctx); + + /* Create byte sequence P. */ + cp = p_bytes = alloca(key_len); + for (cnt = key_len; cnt >= 32; cnt -= 32) { + memcpy(cp, temp_result, 32); + cp += 32; + } + memcpy(cp, temp_result, cnt); + + /* Start computation of S byte sequence. */ + SHA256_Init(&alt_ctx); + + /* For every character in the password add the entire password. */ + for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) + SHA256_Update(&alt_ctx, salt, salt_len); + + /* Finish the digest. */ + SHA256_Final(temp_result, &alt_ctx); + + /* Create byte sequence S. */ + cp = s_bytes = alloca(salt_len); + for (cnt = salt_len; cnt >= 32; cnt -= 32) { + memcpy(cp, temp_result, 32); + cp += 32; + } + memcpy(cp, temp_result, cnt); + + /* Repeatedly run the collected hash value through SHA256 to burn CPU + * cycles. */ + for (cnt = 0; cnt < rounds; ++cnt) { + /* New context. */ + SHA256_Init(&ctx); + + /* Add key or last result. */ + if ((cnt & 1) != 0) + SHA256_Update(&ctx, p_bytes, key_len); + else + SHA256_Update(&ctx, alt_result, 32); + + /* Add salt for numbers not divisible by 3. */ + if (cnt % 3 != 0) + SHA256_Update(&ctx, s_bytes, salt_len); + + /* Add key for numbers not divisible by 7. */ + if (cnt % 7 != 0) + SHA256_Update(&ctx, p_bytes, key_len); + + /* Add key or last result. */ + if ((cnt & 1) != 0) + SHA256_Update(&ctx, alt_result, 32); + else + SHA256_Update(&ctx, p_bytes, key_len); + + /* Create intermediate result. */ + SHA256_Final(alt_result, &ctx); + } + + /* Now we can construct the result string. It consists of three + * parts. */ + cp = stpcpy(buffer, sha256_salt_prefix); + + if (rounds_custom) + cp += sprintf(cp, "%s%zu$", sha256_rounds_prefix, rounds); + + cp = stpncpy(cp, salt, salt_len); + + *cp++ = '$'; + + b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4, &cp); + b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4, &cp); + b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4, &cp); + b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4, &cp); + b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4, &cp); + b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4, &cp); + b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4, &cp); + b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4, &cp); + b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4, &cp); + b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4, &cp); + b64_from_24bit(0, alt_result[31], alt_result[30], 3, &cp); + *cp = '\0'; /* Terminate the string. */ + + /* Clear the buffer for the intermediate result so that people + * attaching to processes or reading core dumps cannot get any + * information. We do it in this way to clear correct_words[] inside + * the SHA256 implementation as well. */ + SHA256_Init(&ctx); + SHA256_Final(alt_result, &ctx); + explicit_bzero(temp_result, sizeof(temp_result)); + explicit_bzero(p_bytes, key_len); + explicit_bzero(s_bytes, salt_len); + + return (0); +} + +#ifdef TEST + +static const struct { + const char *input; + const char result[32]; +} tests[] = +{ + /* Test vectors from FIPS 180-2: appendix B.1. */ + { + "abc", + "\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23" + "\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad" + }, + /* Test vectors from FIPS 180-2: appendix B.2. */ + { + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39" + "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1" + }, + /* Test vectors from the NESSIE project. */ + { + "", + "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24" + "\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52\xb8\x55" + }, + { + "a", + "\xca\x97\x81\x12\xca\x1b\xbd\xca\xfa\xc2\x31\xb3\x9a\x23\xdc\x4d" + "\xa7\x86\xef\xf8\x14\x7c\x4e\x72\xb9\x80\x77\x85\xaf\xee\x48\xbb" + }, + { + "message digest", + "\xf7\x84\x6f\x55\xcf\x23\xe1\x4e\xeb\xea\xb5\xb4\xe1\x55\x0c\xad" + "\x5b\x50\x9e\x33\x48\xfb\xc4\xef\xa3\xa1\x41\x3d\x39\x3c\xb6\x50" + }, + { + "abcdefghijklmnopqrstuvwxyz", + "\x71\xc4\x80\xdf\x93\xd6\xae\x2f\x1e\xfa\xd1\x44\x7c\x66\xc9\x52" + "\x5e\x31\x62\x18\xcf\x51\xfc\x8d\x9e\xd8\x32\xf2\xda\xf1\x8b\x73" + }, + { + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39" + "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1" + }, + { + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "\xdb\x4b\xfc\xbd\x4d\xa0\xcd\x85\xa6\x0c\x3c\x37\xd3\xfb\xd8\x80" + "\x5c\x77\xf1\x5f\xc6\xb1\xfd\xfe\x61\x4e\xe0\xa7\xc8\xfd\xb4\xc0" + }, + { + "123456789012345678901234567890123456789012345678901234567890" + "12345678901234567890", + "\xf3\x71\xbc\x4a\x31\x1f\x2b\x00\x9e\xef\x95\x2d\xd8\x3c\xa8\x0e" + "\x2b\x60\x02\x6c\x8e\x93\x55\x92\xd0\xf9\xc3\x08\x45\x3c\x81\x3e" + } +}; + +#define ntests (sizeof (tests) / sizeof (tests[0])) + +static const struct { + const char *salt; + const char *input; + const char *expected; +} tests2[] = +{ + { + "$5$saltstring", "Hello world!", + "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5" + }, + { + "$5$rounds=10000$saltstringsaltstring", "Hello world!", + "$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2." + "opqey6IcA" + }, + { + "$5$rounds=5000$toolongsaltstring", "This is just a test", + "$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8" + "mGRcvxa5" + }, + { + "$5$rounds=1400$anotherlongsaltstring", + "a very much longer text to encrypt. This one even stretches over more" + "than one line.", + "$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12" + "oP84Bnq1" + }, + { + "$5$rounds=77777$short", + "we have a short salt string but not a short password", + "$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/" + }, + { + "$5$rounds=123456$asaltof16chars..", "a short string", + "$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/" + "cZKmF/wJvD" + }, + { + "$5$rounds=10$roundstoolow", "the minimum number is still observed", + "$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL97" + "2bIC" + }, +}; + +#define ntests2 (sizeof (tests2) / sizeof (tests2[0])) + +int +main(void) +{ + SHA256_CTX ctx; + uint8_t sum[32]; + int result = 0; + int i, cnt; + + for (cnt = 0; cnt < (int)ntests; ++cnt) { + SHA256_Init(&ctx); + SHA256_Update(&ctx, tests[cnt].input, strlen(tests[cnt].input)); + SHA256_Final(sum, &ctx); + if (memcmp(tests[cnt].result, sum, 32) != 0) { + for (i = 0; i < 32; i++) + printf("%02X", tests[cnt].result[i]); + printf("\n"); + for (i = 0; i < 32; i++) + printf("%02X", sum[i]); + printf("\n"); + printf("test %d run %d failed\n", cnt, 1); + result = 1; + } + + SHA256_Init(&ctx); + for (i = 0; tests[cnt].input[i] != '\0'; ++i) + SHA256_Update(&ctx, &tests[cnt].input[i], 1); + SHA256_Final(sum, &ctx); + if (memcmp(tests[cnt].result, sum, 32) != 0) { + for (i = 0; i < 32; i++) + printf("%02X", tests[cnt].result[i]); + printf("\n"); + for (i = 0; i < 32; i++) + printf("%02X", sum[i]); + printf("\n"); + printf("test %d run %d failed\n", cnt, 2); + result = 1; + } + } + + /* Test vector from FIPS 180-2: appendix B.3. */ + char buf[1000]; + + memset(buf, 'a', sizeof(buf)); + SHA256_Init(&ctx); + for (i = 0; i < 1000; ++i) + SHA256_Update(&ctx, buf, sizeof(buf)); + SHA256_Final(sum, &ctx); + static const char expected[32] = + "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67" + "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0"; + + if (memcmp(expected, sum, 32) != 0) { + printf("test %d failed\n", cnt); + result = 1; + } + + for (cnt = 0; cnt < ntests2; ++cnt) { + char *cp = crypt_sha256(tests2[cnt].input, tests2[cnt].salt); + + if (strcmp(cp, tests2[cnt].expected) != 0) { + printf("test %d: expected \"%s\", got \"%s\"\n", + cnt, tests2[cnt].expected, cp); + result = 1; + } + } + + if (result == 0) + puts("all tests OK"); + + return result; +} + +#endif /* TEST */ diff --git a/lib/libcrypt/crypt-sha512.c b/lib/libcrypt/crypt-sha512.c new file mode 100644 index 000000000000..b760623b5d8d --- /dev/null +++ b/lib/libcrypt/crypt-sha512.c @@ -0,0 +1,446 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2011 The FreeBSD Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* Based on: + * SHA512-based Unix crypt implementation. Released into the Public Domain by + * Ulrich Drepper <drepper@redhat.com>. */ + +#include <sys/cdefs.h> +#include <sys/endian.h> +#include <sys/param.h> + +#include <errno.h> +#include <limits.h> +#include <sha512.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <strings.h> + +#include "crypt.h" + +/* Define our magic string to mark salt for SHA512 "encryption" replacement. */ +static const char sha512_salt_prefix[] = "$6$"; + +/* Prefix for optional rounds specification. */ +static const char sha512_rounds_prefix[] = "rounds="; + +/* Maximum salt string length. */ +#define SALT_LEN_MAX 16 +/* Default number of rounds if not explicitly specified. */ +#define ROUNDS_DEFAULT 5000 +/* Minimum number of rounds. */ +#define ROUNDS_MIN 1000 +/* Maximum number of rounds. */ +#define ROUNDS_MAX 999999999 + +int +crypt_sha512(const char *key, const char *salt, char *buffer) +{ + u_long srounds; + uint8_t alt_result[64], temp_result[64]; + SHA512_CTX ctx, alt_ctx; + size_t salt_len, key_len, cnt, rounds; + char *cp, *p_bytes, *s_bytes, *endp; + const char *num; + bool rounds_custom; + + /* Default number of rounds. */ + rounds = ROUNDS_DEFAULT; + rounds_custom = false; + + /* Find beginning of salt string. The prefix should normally always + * be present. Just in case it is not. */ + if (strncmp(sha512_salt_prefix, salt, sizeof(sha512_salt_prefix) - 1) == 0) + /* Skip salt prefix. */ + salt += sizeof(sha512_salt_prefix) - 1; + + if (strncmp(salt, sha512_rounds_prefix, sizeof(sha512_rounds_prefix) - 1) + == 0) { + num = salt + sizeof(sha512_rounds_prefix) - 1; + srounds = strtoul(num, &endp, 10); + + if (*endp == '$') { + salt = endp + 1; + rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX)); + rounds_custom = true; + } + } + + salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX); + key_len = strlen(key); + + /* Prepare for the real work. */ + SHA512_Init(&ctx); + + /* Add the key string. */ + SHA512_Update(&ctx, key, key_len); + + /* The last part is the salt string. This must be at most 8 + * characters and it ends at the first `$' character (for + * compatibility with existing implementations). */ + SHA512_Update(&ctx, salt, salt_len); + + /* Compute alternate SHA512 sum with input KEY, SALT, and KEY. The + * final result will be added to the first context. */ + SHA512_Init(&alt_ctx); + + /* Add key. */ + SHA512_Update(&alt_ctx, key, key_len); + + /* Add salt. */ + SHA512_Update(&alt_ctx, salt, salt_len); + + /* Add key again. */ + SHA512_Update(&alt_ctx, key, key_len); + + /* Now get result of this (64 bytes) and add it to the other context. */ + SHA512_Final(alt_result, &alt_ctx); + + /* Add for any character in the key one byte of the alternate sum. */ + for (cnt = key_len; cnt > 64; cnt -= 64) + SHA512_Update(&ctx, alt_result, 64); + SHA512_Update(&ctx, alt_result, cnt); + + /* Take the binary representation of the length of the key and for + * every 1 add the alternate sum, for every 0 the key. */ + for (cnt = key_len; cnt > 0; cnt >>= 1) + if ((cnt & 1) != 0) + SHA512_Update(&ctx, alt_result, 64); + else + SHA512_Update(&ctx, key, key_len); + + /* Create intermediate result. */ + SHA512_Final(alt_result, &ctx); + + /* Start computation of P byte sequence. */ + SHA512_Init(&alt_ctx); + + /* For every character in the password add the entire password. */ + for (cnt = 0; cnt < key_len; ++cnt) + SHA512_Update(&alt_ctx, key, key_len); + + /* Finish the digest. */ + SHA512_Final(temp_result, &alt_ctx); + + /* Create byte sequence P. */ + cp = p_bytes = alloca(key_len); + for (cnt = key_len; cnt >= 64; cnt -= 64) { + memcpy(cp, temp_result, 64); + cp += 64; + } + memcpy(cp, temp_result, cnt); + + /* Start computation of S byte sequence. */ + SHA512_Init(&alt_ctx); + + /* For every character in the password add the entire password. */ + for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) + SHA512_Update(&alt_ctx, salt, salt_len); + + /* Finish the digest. */ + SHA512_Final(temp_result, &alt_ctx); + + /* Create byte sequence S. */ + cp = s_bytes = alloca(salt_len); + for (cnt = salt_len; cnt >= 64; cnt -= 64) { + memcpy(cp, temp_result, 64); + cp += 64; + } + memcpy(cp, temp_result, cnt); + + /* Repeatedly run the collected hash value through SHA512 to burn CPU + * cycles. */ + for (cnt = 0; cnt < rounds; ++cnt) { + /* New context. */ + SHA512_Init(&ctx); + + /* Add key or last result. */ + if ((cnt & 1) != 0) + SHA512_Update(&ctx, p_bytes, key_len); + else + SHA512_Update(&ctx, alt_result, 64); + + /* Add salt for numbers not divisible by 3. */ + if (cnt % 3 != 0) + SHA512_Update(&ctx, s_bytes, salt_len); + + /* Add key for numbers not divisible by 7. */ + if (cnt % 7 != 0) + SHA512_Update(&ctx, p_bytes, key_len); + + /* Add key or last result. */ + if ((cnt & 1) != 0) + SHA512_Update(&ctx, alt_result, 64); + else + SHA512_Update(&ctx, p_bytes, key_len); + + /* Create intermediate result. */ + SHA512_Final(alt_result, &ctx); + } + + /* Now we can construct the result string. It consists of three + * parts. */ + cp = stpcpy(buffer, sha512_salt_prefix); + + if (rounds_custom) + cp += sprintf(cp, "%s%zu$", sha512_rounds_prefix, rounds); + + cp = stpncpy(cp, salt, salt_len); + + *cp++ = '$'; + + b64_from_24bit(alt_result[0], alt_result[21], alt_result[42], 4, &cp); + b64_from_24bit(alt_result[22], alt_result[43], alt_result[1], 4, &cp); + b64_from_24bit(alt_result[44], alt_result[2], alt_result[23], 4, &cp); + b64_from_24bit(alt_result[3], alt_result[24], alt_result[45], 4, &cp); + b64_from_24bit(alt_result[25], alt_result[46], alt_result[4], 4, &cp); + b64_from_24bit(alt_result[47], alt_result[5], alt_result[26], 4, &cp); + b64_from_24bit(alt_result[6], alt_result[27], alt_result[48], 4, &cp); + b64_from_24bit(alt_result[28], alt_result[49], alt_result[7], 4, &cp); + b64_from_24bit(alt_result[50], alt_result[8], alt_result[29], 4, &cp); + b64_from_24bit(alt_result[9], alt_result[30], alt_result[51], 4, &cp); + b64_from_24bit(alt_result[31], alt_result[52], alt_result[10], 4, &cp); + b64_from_24bit(alt_result[53], alt_result[11], alt_result[32], 4, &cp); + b64_from_24bit(alt_result[12], alt_result[33], alt_result[54], 4, &cp); + b64_from_24bit(alt_result[34], alt_result[55], alt_result[13], 4, &cp); + b64_from_24bit(alt_result[56], alt_result[14], alt_result[35], 4, &cp); + b64_from_24bit(alt_result[15], alt_result[36], alt_result[57], 4, &cp); + b64_from_24bit(alt_result[37], alt_result[58], alt_result[16], 4, &cp); + b64_from_24bit(alt_result[59], alt_result[17], alt_result[38], 4, &cp); + b64_from_24bit(alt_result[18], alt_result[39], alt_result[60], 4, &cp); + b64_from_24bit(alt_result[40], alt_result[61], alt_result[19], 4, &cp); + b64_from_24bit(alt_result[62], alt_result[20], alt_result[41], 4, &cp); + b64_from_24bit(0, 0, alt_result[63], 2, &cp); + + *cp = '\0'; /* Terminate the string. */ + + /* Clear the buffer for the intermediate result so that people + * attaching to processes or reading core dumps cannot get any + * information. We do it in this way to clear correct_words[] inside + * the SHA512 implementation as well. */ + SHA512_Init(&ctx); + SHA512_Final(alt_result, &ctx); + explicit_bzero(temp_result, sizeof(temp_result)); + explicit_bzero(p_bytes, key_len); + explicit_bzero(s_bytes, salt_len); + + return (0); +} + +#ifdef TEST + +static const struct { + const char *input; + const char result[64]; +} tests[] = +{ + /* Test vectors from FIPS 180-2: appendix C.1. */ + { + "abc", + "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41\x31" + "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a" + "\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3\xfe\xeb\xbd" + "\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f" + }, + /* Test vectors from FIPS 180-2: appendix C.2. */ + { + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", + "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14\x3f" + "\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88\x90\x18" + "\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4\xb5\x43\x3a" + "\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b\x87\x4b\xe9\x09" + }, + /* Test vectors from the NESSIE project. */ + { + "", + "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80\x07" + "\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c\xe9\xce" + "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87\x7e\xec\x2f" + "\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a\xf9\x27\xda\x3e" + }, + { + "a", + "\x1f\x40\xfc\x92\xda\x24\x16\x94\x75\x09\x79\xee\x6c\xf5\x82\xf2" + "\xd5\xd7\xd2\x8e\x18\x33\x5d\xe0\x5a\xbc\x54\xd0\x56\x0e\x0f\x53" + "\x02\x86\x0c\x65\x2b\xf0\x8d\x56\x02\x52\xaa\x5e\x74\x21\x05\x46" + "\xf3\x69\xfb\xbb\xce\x8c\x12\xcf\xc7\x95\x7b\x26\x52\xfe\x9a\x75" + }, + { + "message digest", + "\x10\x7d\xbf\x38\x9d\x9e\x9f\x71\xa3\xa9\x5f\x6c\x05\x5b\x92\x51" + "\xbc\x52\x68\xc2\xbe\x16\xd6\xc1\x34\x92\xea\x45\xb0\x19\x9f\x33" + "\x09\xe1\x64\x55\xab\x1e\x96\x11\x8e\x8a\x90\x5d\x55\x97\xb7\x20" + "\x38\xdd\xb3\x72\xa8\x98\x26\x04\x6d\xe6\x66\x87\xbb\x42\x0e\x7c" + }, + { + "abcdefghijklmnopqrstuvwxyz", + "\x4d\xbf\xf8\x6c\xc2\xca\x1b\xae\x1e\x16\x46\x8a\x05\xcb\x98\x81" + "\xc9\x7f\x17\x53\xbc\xe3\x61\x90\x34\x89\x8f\xaa\x1a\xab\xe4\x29" + "\x95\x5a\x1b\xf8\xec\x48\x3d\x74\x21\xfe\x3c\x16\x46\x61\x3a\x59" + "\xed\x54\x41\xfb\x0f\x32\x13\x89\xf7\x7f\x48\xa8\x79\xc7\xb1\xf1" + }, + { + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "\x20\x4a\x8f\xc6\xdd\xa8\x2f\x0a\x0c\xed\x7b\xeb\x8e\x08\xa4\x16" + "\x57\xc1\x6e\xf4\x68\xb2\x28\xa8\x27\x9b\xe3\x31\xa7\x03\xc3\x35" + "\x96\xfd\x15\xc1\x3b\x1b\x07\xf9\xaa\x1d\x3b\xea\x57\x78\x9c\xa0" + "\x31\xad\x85\xc7\xa7\x1d\xd7\x03\x54\xec\x63\x12\x38\xca\x34\x45" + }, + { + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "\x1e\x07\xbe\x23\xc2\x6a\x86\xea\x37\xea\x81\x0c\x8e\xc7\x80\x93" + "\x52\x51\x5a\x97\x0e\x92\x53\xc2\x6f\x53\x6c\xfc\x7a\x99\x96\xc4" + "\x5c\x83\x70\x58\x3e\x0a\x78\xfa\x4a\x90\x04\x1d\x71\xa4\xce\xab" + "\x74\x23\xf1\x9c\x71\xb9\xd5\xa3\xe0\x12\x49\xf0\xbe\xbd\x58\x94" + }, + { + "123456789012345678901234567890123456789012345678901234567890" + "12345678901234567890", + "\x72\xec\x1e\xf1\x12\x4a\x45\xb0\x47\xe8\xb7\xc7\x5a\x93\x21\x95" + "\x13\x5b\xb6\x1d\xe2\x4e\xc0\xd1\x91\x40\x42\x24\x6e\x0a\xec\x3a" + "\x23\x54\xe0\x93\xd7\x6f\x30\x48\xb4\x56\x76\x43\x46\x90\x0c\xb1" + "\x30\xd2\xa4\xfd\x5d\xd1\x6a\xbb\x5e\x30\xbc\xb8\x50\xde\xe8\x43" + } +}; + +#define ntests (sizeof (tests) / sizeof (tests[0])) + +static const struct { + const char *salt; + const char *input; + const char *expected; +} tests2[] = +{ + { + "$6$saltstring", "Hello world!", + "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu" + "esI68u4OTLiBFdcbYEdFCoEOfaS35inz1" + }, + { + "$6$rounds=10000$saltstringsaltstring", "Hello world!", + "$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sb" + "HbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v." + }, + { + "$6$rounds=5000$toolongsaltstring", "This is just a test", + "$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQ" + "zQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0" + }, + { + "$6$rounds=1400$anotherlongsaltstring", + "a very much longer text to encrypt. This one even stretches over more" + "than one line.", + "$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wP" + "vMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1" + }, + { + "$6$rounds=77777$short", + "we have a short salt string but not a short password", + "$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0g" + "ge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0" + }, + { + "$6$rounds=123456$asaltof16chars..", "a short string", + "$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwc" + "elCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1" + }, + { + "$6$rounds=10$roundstoolow", "the minimum number is still observed", + "$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1x" + "hLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX." + }, +}; + +#define ntests2 (sizeof (tests2) / sizeof (tests2[0])) + +int +main(void) +{ + SHA512_CTX ctx; + uint8_t sum[64]; + int result = 0; + int i, cnt; + + for (cnt = 0; cnt < (int)ntests; ++cnt) { + SHA512_Init(&ctx); + SHA512_Update(&ctx, tests[cnt].input, strlen(tests[cnt].input)); + SHA512_Final(sum, &ctx); + if (memcmp(tests[cnt].result, sum, 64) != 0) { + printf("test %d run %d failed\n", cnt, 1); + result = 1; + } + + SHA512_Init(&ctx); + for (i = 0; tests[cnt].input[i] != '\0'; ++i) + SHA512_Update(&ctx, &tests[cnt].input[i], 1); + SHA512_Final(sum, &ctx); + if (memcmp(tests[cnt].result, sum, 64) != 0) { + printf("test %d run %d failed\n", cnt, 2); + result = 1; + } + } + + /* Test vector from FIPS 180-2: appendix C.3. */ + char buf[1000]; + + memset(buf, 'a', sizeof(buf)); + SHA512_Init(&ctx); + for (i = 0; i < 1000; ++i) + SHA512_Update(&ctx, buf, sizeof(buf)); + SHA512_Final(sum, &ctx); + static const char expected[64] = + "\xe7\x18\x48\x3d\x0c\xe7\x69\x64\x4e\x2e\x42\xc7\xbc\x15\xb4\x63" + "\x8e\x1f\x98\xb1\x3b\x20\x44\x28\x56\x32\xa8\x03\xaf\xa9\x73\xeb" + "\xde\x0f\xf2\x44\x87\x7e\xa6\x0a\x4c\xb0\x43\x2c\xe5\x77\xc3\x1b" + "\xeb\x00\x9c\x5c\x2c\x49\xaa\x2e\x4e\xad\xb2\x17\xad\x8c\xc0\x9b"; + + if (memcmp(expected, sum, 64) != 0) { + printf("test %d failed\n", cnt); + result = 1; + } + + for (cnt = 0; cnt < ntests2; ++cnt) { + char *cp = crypt_sha512(tests2[cnt].input, tests2[cnt].salt); + + if (strcmp(cp, tests2[cnt].expected) != 0) { + printf("test %d: expected \"%s\", got \"%s\"\n", + cnt, tests2[cnt].expected, cp); + result = 1; + } + } + + if (result == 0) + puts("all tests OK"); + + return result; +} + +#endif /* TEST */ diff --git a/lib/libcrypt/crypt.3 b/lib/libcrypt/crypt.3 new file mode 100644 index 000000000000..570cf6f40a04 --- /dev/null +++ b/lib/libcrypt/crypt.3 @@ -0,0 +1,325 @@ +.\" FreeSec: libcrypt for NetBSD +.\" +.\" Copyright (c) 1994 David Burren +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the author nor the names of other contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd May 26, 2019 +.Dt CRYPT 3 +.Os +.Sh NAME +.Nm crypt +.Nd Trapdoor encryption +.Sh LIBRARY +.Lb libcrypt +.Sh SYNOPSIS +.In unistd.h +.Ft char * +.Fn crypt "const char *key" "const char *salt" +.Ft char * +.Fn crypt_r "const char *key" "const char *salt" "struct crypt_data *data" +.Ft const char * +.Fn crypt_get_format "void" +.Ft int +.Fn crypt_set_format "const char *string" +.Sh DESCRIPTION +The +.Fn crypt +function performs password hashing with additional code added to +deter key search attempts. +Different algorithms can be used to +in the hash. +.\" +.\" NOTICE: +.\" If you add more algorithms, make sure to update this list +.\" and the default used for the Traditional format, below. +.\" +Currently these include the +.Tn NBS +.Tn Data Encryption Standard (DES) , +.Tn MD5 +hash, +.Tn NT-Hash +.Pq compatible with Microsoft's NT scheme +and +.Tn Blowfish . +The algorithm used will depend upon the format of the Salt +.Po +following +the Modular Crypt Format +.Pq MCF +.Pc , +if +.Tn DES +and/or +.Tn Blowfish +is installed or not, and whether +.Fn crypt_set_format +has been called to change the default. +.Pp +The first argument to +.Nm +is the data to hash +.Pq usually a password , +in a +.Dv NUL Ns -terminated +string. +The second is the salt, in one of three forms: +.Pp +.Bl -tag -width Traditional -compact -offset indent +.It Extended +If it begins with an underscore +.Pq Dq _ +then the +.Tn DES +Extended Format +is used in interpreting both the key and the salt, as outlined below. +.It Modular +If it begins with the string +.Dq $digit$ +then the Modular Crypt Format is used, as outlined below. +.It Traditional +If neither of the above is true, it assumes the Traditional Format, +using the entire string as the salt +.Pq or the first portion . +.El +.Pp +All routines are designed to be time-consuming. +.Ss DES Extended Format: +The +.Ar key +is divided into groups of 8 characters +.Pq the last group is NUL-padded +and the low-order 7 bits of each character +.Pq 56 bits per group +are used to form the +.Tn DES +key as follows: +the first group of 56 bits becomes the initial +.Tn DES +key. +For each additional group, the XOR of the encryption of the current +.Tn DES +key with itself and the group bits becomes the next +.Tn DES +key. +.Pp +The salt is a 9-character array consisting of an underscore followed +by 4 bytes of iteration count and 4 bytes of salt. +These are encoded as printable characters, 6 bits per character, +least significant character first. +The values 0 to 63 are encoded as +.Dq ./0-9A-Za-z . +This allows 24 bits for both +.Fa count +and +.Fa salt . +.Pp +The +.Fa salt +introduces disorder in the +.Tn DES +algorithm in one of 16777216 or 4096 possible ways +.Po +i.e., with 24 or 12 bits: if bit +.Em i +of the +.Ar salt +is set, then bits +.Em i +and +.Em i+24 +are swapped in the +.Tn DES +E-box output +.Pc . +.Pp +The +.Tn DES +key is used to encrypt a 64-bit constant using +.Ar count +iterations of +.Tn DES . +The value returned is a +.Dv NUL Ns -terminated +string, 20 or 13 bytes +.Pq plus NUL +in length, consisting of the +.Ar salt +followed by the encoded 64-bit encryption. +.Ss Modular crypt: +If the salt begins with the string +.Fa $digit$ +then the Modular Crypt Format is used. +The +.Fa digit +represents which algorithm is used in encryption. +Following the token is +the actual salt to use in the encryption. +The maximum length of the salt used depends upon the module. +The salt must be terminated with the end of the string character +.Pq NUL +or a dollar sign. +Any characters after the dollar sign are ignored. +.Pp +Currently supported algorithms are: +.Pp +.Bl -enum -compact -offset indent +.It +MD5 +.It +Blowfish +.It +NT-Hash +.It +(unused) +.It +SHA-256 +.It +SHA-512 +.El +.Pp +Other crypt formats may be easily added. +An example salt would be: +.Bl -tag -width 6n -offset indent +.It Cm "$4$thesalt$rest" +.El +.Ss Traditional crypt: +The algorithm used will depend upon whether +.Fn crypt_set_format +has been called and whether a global default format has been specified. +Unless a global default has been specified or +.Fn crypt_set_format +has set the format to something else, the built-in default format is +used. +This is currently +.\" +.\" NOTICE: Also make sure to update this +.\" +DES +if it is available, or SHA-512 if not. +.Pp +How the salt is used will depend upon the algorithm for the hash. +For +best results, specify at least eight characters of salt. +.Pp +The +.Fn crypt_get_format +function returns a constant string that represents the name of the +algorithm currently used. +Valid values are +.\" +.\" NOTICE: Also make sure to update this, too, as well +.\" +.Ql des , +.Ql blf , +.Ql md5 , +.Ql sha256 , +.Ql sha512 +and +.Ql nth . +.Pp +The +.Fn crypt_set_format +function sets the default encoding format according to the supplied +.Fa string . +.Pp +The +.Fn crypt_r +function behaves identically to +.Fn crypt , +except that the resulting string is stored in +.Fa data , +making it thread-safe. +.Sh RETURN VALUES +The +.Fn crypt +and +.Fn crypt_r +functions return a pointer to the encrypted value on success, and NULL on +failure. +Note: this is not a standard behaviour, AT&T +.Fn crypt +will always return a pointer to a string. +.Pp +The +.Fn crypt_set_format +function will return 1 if the supplied encoding format was valid. +Otherwise, a value of 0 is returned. +.Sh SEE ALSO +.Xr login 1 , +.Xr passwd 1 , +.Xr getpass 3 , +.Xr passwd 5 +.Sh HISTORY +A rotor-based +.Fn crypt +function appeared in +.At v6 . +The current style +.Fn crypt +first appeared in +.At v7 . +.Pp +The +.Tn DES +section of the code (FreeSec 1.0) was developed outside the United +States of America as an unencumbered replacement for the U.S.-only +.Nx +libcrypt encryption library. +.Pp +The +.Fn crypt_r +function was added in +.Fx 12.0 . +.Sh AUTHORS +.An -nosplit +Originally written by +.An David Burren Aq Mt davidb@werj.com.au , +later additions and changes by +.An Poul-Henning Kamp , +.An Mark R V Murray , +.An Michael Bretterklieber , +.An Kris Kennaway , +.An Brian Feldman , +.An Paul Herman +and +.An Niels Provos . +.Sh BUGS +The +.Fn crypt +function returns a pointer to static data, and subsequent calls to +.Fn crypt +will modify the same data. +Likewise, +.Fn crypt_set_format +modifies static data. +.Pp +The NT-hash scheme does not use a salt, +and is not hard +for a competent attacker +to break. +Its use is not recommended. diff --git a/lib/libcrypt/crypt.c b/lib/libcrypt/crypt.c new file mode 100644 index 000000000000..aaf3552f95ff --- /dev/null +++ b/lib/libcrypt/crypt.c @@ -0,0 +1,138 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 1999 Mark Murray + * Copyright (c) 2014 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL MARK MURRAY OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/types.h> + +#include <string.h> +#include <unistd.h> + +#include "crypt.h" + +/* + * List of supported crypt(3) formats. + * + * The default algorithm is the last entry in the list (second-to-last + * array element since the last is a sentinel). The reason for placing + * the default last rather than first is that DES needs to be at the + * bottom for the algorithm guessing logic in crypt(3) to work correctly, + * and it needs to be the default for backward compatibility. + */ +static const struct crypt_format { + const char *name; + int (*func)(const char *, const char *, char *); + const char *magic; +} crypt_formats[] = { + { "md5", crypt_md5, "$1$" }, +#ifdef HAS_BLOWFISH + { "blf", crypt_blowfish, "$2" }, +#endif + { "nth", crypt_nthash, "$3$" }, + { "sha256", crypt_sha256, "$5$" }, + { "sha512", crypt_sha512, "$6$" }, +#ifdef HAS_DES + { "des", crypt_des, "_" }, +#endif + + /* sentinel */ + { NULL, NULL, NULL } +}; + +static const struct crypt_format *crypt_format = + &crypt_formats[(sizeof crypt_formats / sizeof *crypt_formats) - 2]; + +#define DES_SALT_ALPHABET \ + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + +/* + * Returns the name of the currently selected format. + */ +const char * +crypt_get_format(void) +{ + + return (crypt_format->name); +} + +/* + * Selects the format to use for subsequent crypt(3) invocations. + */ +int +crypt_set_format(const char *format) +{ + const struct crypt_format *cf; + + for (cf = crypt_formats; cf->name != NULL; ++cf) { + if (strcasecmp(cf->name, format) == 0) { + crypt_format = cf; + return (1); + } + } + return (0); +} + +/* + * Hash the given password with the given salt. If the salt begins with a + * magic string (e.g. "$6$" for sha512), the corresponding format is used; + * otherwise, the currently selected format is used. + */ +char * +crypt_r(const char *passwd, const char *salt, struct crypt_data *data) +{ + const struct crypt_format *cf; + int (*func)(const char *, const char *, char *); +#ifdef HAS_DES + int len; +#endif + + for (cf = crypt_formats; cf->name != NULL; ++cf) + if (cf->magic != NULL && strstr(salt, cf->magic) == salt) { + func = cf->func; + goto match; + } +#ifdef HAS_DES + len = strlen(salt); + if ((len == 13 || len == 2) && strspn(salt, DES_SALT_ALPHABET) == len) { + func = crypt_des; + goto match; + } +#endif + func = crypt_format->func; +match: + if (func(passwd, salt, data->__buf) != 0) + return (NULL); + return (data->__buf); +} + +char * +crypt(const char *passwd, const char *salt) +{ + static struct crypt_data data; + + return (crypt_r(passwd, salt, &data)); +} diff --git a/lib/libcrypt/crypt.h b/lib/libcrypt/crypt.h new file mode 100644 index 000000000000..d2ab380d9b83 --- /dev/null +++ b/lib/libcrypt/crypt.h @@ -0,0 +1,43 @@ +/* LINTLIBRARY */ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 1999 + * Mark Murray. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL MARK MURRAY OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +/* magic sizes */ +#define MD4_SIZE 16 +#define MD5_SIZE 16 + +int crypt_des(const char *pw, const char *salt, char *buf); +int crypt_md5(const char *pw, const char *salt, char *buf); +int crypt_nthash(const char *pw, const char *salt, char *buf); +int crypt_blowfish(const char *pw, const char *salt, char *buf); +int crypt_sha256 (const char *pw, const char *salt, char *buf); +int crypt_sha512 (const char *pw, const char *salt, char *buf); + +extern void _crypt_to64(char *s, u_long v, int n); +extern void b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, char **cp); diff --git a/lib/libcrypt/libcrypt.aldscript b/lib/libcrypt/libcrypt.aldscript new file mode 100644 index 000000000000..cfc8020dd9e3 --- /dev/null +++ b/lib/libcrypt/libcrypt.aldscript @@ -0,0 +1 @@ +INPUT(-l@@LIB@@@@STATICLIB_SUFFIX@@ -lmd) diff --git a/lib/libcrypt/libcrypt.ldscript b/lib/libcrypt/libcrypt.ldscript new file mode 100644 index 000000000000..a0b20fa43fe8 --- /dev/null +++ b/lib/libcrypt/libcrypt.ldscript @@ -0,0 +1 @@ +INPUT(@@SHLIB@@ AS_NEEDED(-lmd)) diff --git a/lib/libcrypt/misc.c b/lib/libcrypt/misc.c new file mode 100644 index 000000000000..e5db6b5dd838 --- /dev/null +++ b/lib/libcrypt/misc.c @@ -0,0 +1,60 @@ +/*- + * SPDX-License-Identifier: BSD-3-Clause + * + * Copyright (c) 1999 + * University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the author nor the names of any co-contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY CONTRIBUTORS ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER + * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <sys/types.h> + +#include "crypt.h" + +static char itoa64[] = /* 0 ... 63 => ascii - 64 */ + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +void +_crypt_to64(char *s, u_long v, int n) +{ + while (--n >= 0) { + *s++ = itoa64[v&0x3f]; + v >>= 6; + } +} + +void +b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, char **cp) +{ + uint32_t w; + int i; + + w = (B2 << 16) | (B1 << 8) | B0; + for (i = 0; i < n; i++) { + **cp = itoa64[w&0x3f]; + (*cp)++; + w >>= 6; + } +} diff --git a/lib/libcrypt/tests/Makefile b/lib/libcrypt/tests/Makefile new file mode 100644 index 000000000000..f64fafe3c8cb --- /dev/null +++ b/lib/libcrypt/tests/Makefile @@ -0,0 +1,10 @@ +ATF_TESTS_C+= crypt_tests + +NETBSD_ATF_TESTS_C+= crypt_test + +CFLAGS+= -I${.CURDIR:H} +LIBADD= crypt + +.include <netbsd-tests.test.mk> + +.include <bsd.test.mk> diff --git a/lib/libcrypt/tests/Makefile.depend b/lib/libcrypt/tests/Makefile.depend new file mode 100644 index 000000000000..6204df652c5d --- /dev/null +++ b/lib/libcrypt/tests/Makefile.depend @@ -0,0 +1,19 @@ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + gnu/lib/csu \ + include \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/atf/libatf-c \ + lib/libc \ + lib/libcompiler_rt \ + lib/libcrypt \ + lib/libnetbsd \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/lib/libcrypt/tests/crypt_tests.c b/lib/libcrypt/tests/crypt_tests.c new file mode 100644 index 000000000000..2ab0b65db83b --- /dev/null +++ b/lib/libcrypt/tests/crypt_tests.c @@ -0,0 +1,52 @@ +#include <sys/cdefs.h> +#include <sys/types.h> +#include <crypt.h> +#include <unistd.h> + +#include <atf-c.h> + +#define LEET "0.s0.l33t" + +ATF_TC(md5); +ATF_TC_HEAD(md5, tc) +{ + + atf_tc_set_md_var(tc, "descr", "Tests the MD5 based password hash"); +} + +ATF_TC_BODY(md5, tc) +{ + const char want[] = "$1$deadbeef$0Huu6KHrKLVWfqa4WljDE0"; + char *pw; + + pw = crypt(LEET, want); + ATF_CHECK_STREQ(pw, want); +} + +ATF_TC(invalid); +ATF_TC_HEAD(invalid, tc) +{ + + atf_tc_set_md_var(tc, "descr", "Tests that invalid password fails"); +} + +ATF_TC_BODY(invalid, tc) +{ + const char want[] = "$1$cafebabe$0Huu6KHrKLVWfqa4WljDE0"; + char *pw; + + pw = crypt(LEET, want); + ATF_CHECK(strcmp(pw, want) != 0); +} + +/* + * This function must not do anything except enumerate + * the test cases, per atf-c-api(3). + */ +ATF_TP_ADD_TCS(tp) +{ + + ATF_TP_ADD_TC(tp, md5); + ATF_TP_ADD_TC(tp, invalid); + return atf_no_error(); +} |