diff options
Diffstat (limited to 'libmisc/salt.c')
| -rw-r--r-- | libmisc/salt.c | 566 |
1 files changed, 0 insertions, 566 deletions
diff --git a/libmisc/salt.c b/libmisc/salt.c deleted file mode 100644 index e5f633a..0000000 --- a/libmisc/salt.c +++ /dev/null @@ -1,566 +0,0 @@ -/* - * SPDX-FileCopyrightText: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl> - * SPDX-FileCopyrightText: J.T. Conklin <jtc@netbsd.org> - * - * SPDX-License-Identifier: Unlicense - */ - -/* - * salt.c - generate a random salt string for crypt() - * - * Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>, - * it is in the public domain. - * - * l64a was Written by J.T. Conklin <jtc@netbsd.org>. Public domain. - */ - -#include <config.h> - -#ident "$Id$" - -#include <assert.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#if HAVE_SYS_RANDOM_H -#include <sys/random.h> -#endif -#include "prototypes.h" -#include "defines.h" -#include "getdef.h" -#include "shadowlog.h" - -#if (defined CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY && \ - CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY) -#define USE_XCRYPT_GENSALT 1 -#else -#define USE_XCRYPT_GENSALT 0 -#endif - -/* Add the salt prefix. */ -#define MAGNUM(array,ch) (array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0' - -#ifdef USE_BCRYPT -/* Use $2b$ as prefix for compatibility with OpenBSD's bcrypt. */ -#define BCRYPTMAGNUM(array) (array)[0]=(array)[3]='$',(array)[1]='2',(array)[2]='b',(array)[4]='\0' -#define BCRYPT_SALT_SIZE 22 -/* Default number of rounds if not explicitly specified. */ -#define B_ROUNDS_DEFAULT 13 -/* Minimum number of rounds. */ -#define B_ROUNDS_MIN 4 -/* Maximum number of rounds. */ -#define B_ROUNDS_MAX 31 -#endif /* USE_BCRYPT */ - -#ifdef USE_SHA_CRYPT -/* Fixed salt len for sha{256,512}crypt. */ -#define SHA_CRYPT_SALT_SIZE 16 -/* Default number of rounds if not explicitly specified. */ -#define SHA_ROUNDS_DEFAULT 5000 -/* Minimum number of rounds. */ -#define SHA_ROUNDS_MIN 1000 -/* Maximum number of rounds. */ -#define SHA_ROUNDS_MAX 999999999 -#endif - -#ifdef USE_YESCRYPT -/* - * Default number of base64 characters used for the salt. - * 24 characters gives a 144 bits (18 bytes) salt. Unlike the more - * traditional 128 bits (16 bytes) salt, this 144 bits salt is always - * represented by the same number of base64 characters without padding - * issue, even with a non-standard base64 encoding scheme. - */ -#define YESCRYPT_SALT_SIZE 24 -/* Default cost if not explicitly specified. */ -#define Y_COST_DEFAULT 5 -/* Minimum cost. */ -#define Y_COST_MIN 1 -/* Maximum cost. */ -#define Y_COST_MAX 11 -#endif - -/* Fixed salt len for md5crypt. */ -#define MD5_CRYPT_SALT_SIZE 8 - -/* Generate salt of size salt_size. */ -#define MAX_SALT_SIZE 44 -#define MIN_SALT_SIZE 8 - -/* Maximum size of the generated salt string. */ -#define GENSALT_SETTING_SIZE 100 - -/* local function prototypes */ -static long read_random_bytes (void); -#if !USE_XCRYPT_GENSALT -static /*@observer@*/const char *gensalt (size_t salt_size); -#endif /* !USE_XCRYPT_GENSALT */ -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) -static long shadow_random (long min, long max); -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ -#ifdef USE_SHA_CRYPT -static /*@observer@*/unsigned long SHA_get_salt_rounds (/*@null@*/const int *prefered_rounds); -static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long rounds); -#endif /* USE_SHA_CRYPT */ -#ifdef USE_BCRYPT -static /*@observer@*/unsigned long BCRYPT_get_salt_rounds (/*@null@*/const int *prefered_rounds); -static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, unsigned long rounds); -#endif /* USE_BCRYPT */ -#ifdef USE_YESCRYPT -static /*@observer@*/unsigned long YESCRYPT_get_salt_cost (/*@null@*/const int *prefered_cost); -static /*@observer@*/void YESCRYPT_salt_cost_to_buf (char *buf, unsigned long cost); -#endif /* USE_YESCRYPT */ - -#if !USE_XCRYPT_GENSALT && !defined(HAVE_L64A) -static /*@observer@*/char *l64a (long value) -{ - static char buf[8]; - char *s = buf; - int digit; - int i; - - if (value < 0) { - errno = EINVAL; - return(NULL); - } - - for (i = 0; value != 0 && i < 6; i++) { - digit = value & 0x3f; - - if (digit < 2) { - *s = digit + '.'; - } else if (digit < 12) { - *s = digit + '0' - 2; - } else if (digit < 38) { - *s = digit + 'A' - 12; - } else { - *s = digit + 'a' - 38; - } - - value >>= 6; - s++; - } - - *s = '\0'; - - return buf; -} -#endif /* !USE_XCRYPT_GENSALT && !defined(HAVE_L64A) */ - -/* Read sizeof (long) random bytes from /dev/urandom. */ -static long read_random_bytes (void) -{ - long randval = 0; - -#ifdef HAVE_ARC4RANDOM_BUF - /* arc4random_buf, if it exists, can never fail. */ - arc4random_buf (&randval, sizeof (randval)); - goto end; -#endif - -#ifdef HAVE_GETENTROPY - /* getentropy may exist but lack kernel support. */ - if (getentropy (&randval, sizeof (randval)) == 0) { - goto end; - } -#endif - -#ifdef HAVE_GETRANDOM - /* Likewise getrandom. */ - if ((size_t) getrandom (&randval, sizeof (randval), 0) == sizeof (randval)) { - goto end; - } -#endif - - /* Use /dev/urandom as a last resort. */ - FILE *f = fopen ("/dev/urandom", "r"); - if (NULL == f) { - goto fail; - } - - if (fread (&randval, sizeof (randval), 1, f) != 1) { - fclose(f); - goto fail; - } - - fclose(f); - goto end; - -fail: - fprintf (log_get_logfd(), - _("Unable to obtain random bytes.\n")); - exit (1); - -end: - return randval; -} - -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) -/* - * Return a random number between min and max (both included). - * - * It favors slightly the higher numbers. - */ -static long shadow_random (long min, long max) -{ - double drand; - long ret; - - drand = (double) (read_random_bytes () & RAND_MAX) / (double) RAND_MAX; - drand *= (double) (max - min + 1); - /* On systems were this is not random() range is lower, we favor - * higher numbers of salt. */ - ret = (long) (max + 1 - drand); - /* And we catch limits, and use the highest number */ - if ((ret < min) || (ret > max)) { - ret = max; - } - return ret; -} -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ - -#ifdef USE_SHA_CRYPT -/* Return the the rounds number for the SHA crypt methods. */ -static /*@observer@*/unsigned long SHA_get_salt_rounds (/*@null@*/const int *prefered_rounds) -{ - unsigned long rounds; - - if (NULL == prefered_rounds) { - long min_rounds = getdef_long ("SHA_CRYPT_MIN_ROUNDS", -1); - long max_rounds = getdef_long ("SHA_CRYPT_MAX_ROUNDS", -1); - - if ((-1 == min_rounds) && (-1 == max_rounds)) { - rounds = SHA_ROUNDS_DEFAULT; - } - else { - if (-1 == min_rounds) { - min_rounds = max_rounds; - } - - if (-1 == max_rounds) { - max_rounds = min_rounds; - } - - if (min_rounds > max_rounds) { - max_rounds = min_rounds; - } - - rounds = (unsigned long) shadow_random (min_rounds, max_rounds); - } - } else if (0 == *prefered_rounds) { - rounds = SHA_ROUNDS_DEFAULT; - } else { - rounds = (unsigned long) *prefered_rounds; - } - - /* Sanity checks. The libc should also check this, but this - * protects against a rounds_prefix overflow. */ - if (rounds < SHA_ROUNDS_MIN) { - rounds = SHA_ROUNDS_MIN; - } - - if (rounds > SHA_ROUNDS_MAX) { - rounds = SHA_ROUNDS_MAX; - } - - return rounds; -} - -/* - * Fill a salt prefix specifying the rounds number for the SHA crypt methods - * to a buffer. - */ -static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long rounds) -{ - const size_t buf_begin = strlen (buf); - - /* Nothing to do here if SHA_ROUNDS_DEFAULT is used. */ - if (rounds == SHA_ROUNDS_DEFAULT) { - return; - } - - /* - * Check if the result buffer is long enough. - * We are going to write a maximum of 17 bytes, - * plus one byte for the terminator. - * rounds=XXXXXXXXX$ - * 00000000011111111 - * 12345678901234567 - */ - assert (GENSALT_SETTING_SIZE > buf_begin + 17); - - (void) snprintf (buf + buf_begin, 18, "rounds=%lu$", rounds); -} -#endif /* USE_SHA_CRYPT */ - -#ifdef USE_BCRYPT -/* Return the the rounds number for the BCRYPT method. */ -static /*@observer@*/unsigned long BCRYPT_get_salt_rounds (/*@null@*/const int *prefered_rounds) -{ - unsigned long rounds; - - if (NULL == prefered_rounds) { - long min_rounds = getdef_long ("BCRYPT_MIN_ROUNDS", -1); - long max_rounds = getdef_long ("BCRYPT_MAX_ROUNDS", -1); - - if ((-1 == min_rounds) && (-1 == max_rounds)) { - rounds = B_ROUNDS_DEFAULT; - } else { - if (-1 == min_rounds) { - min_rounds = max_rounds; - } - - if (-1 == max_rounds) { - max_rounds = min_rounds; - } - - if (min_rounds > max_rounds) { - max_rounds = min_rounds; - } - - rounds = (unsigned long) shadow_random (min_rounds, max_rounds); - } - } else if (0 == *prefered_rounds) { - rounds = B_ROUNDS_DEFAULT; - } else { - rounds = (unsigned long) *prefered_rounds; - } - - /* Sanity checks. */ - if (rounds < B_ROUNDS_MIN) { - rounds = B_ROUNDS_MIN; - } - -#if USE_XCRYPT_GENSALT - if (rounds > B_ROUNDS_MAX) { - rounds = B_ROUNDS_MAX; - } -#else /* USE_XCRYPT_GENSALT */ - /* - * Use 19 as an upper bound for now, - * because musl doesn't allow rounds >= 20. - * If musl ever supports > 20 rounds, - * rounds should be set to B_ROUNDS_MAX. - */ - if (rounds > 19) { - rounds = 19; - } -#endif /* USE_XCRYPT_GENSALT */ - - return rounds; -} - -/* - * Fill a salt prefix specifying the rounds number for the BCRYPT method - * to a buffer. - */ -static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, unsigned long rounds) -{ - const size_t buf_begin = strlen (buf); - - /* - * Check if the result buffer is long enough. - * We are going to write three bytes, - * plus one byte for the terminator. - * XX$ - * 000 - * 123 - */ - assert (GENSALT_SETTING_SIZE > buf_begin + 3); - - (void) snprintf (buf + buf_begin, 4, "%2.2lu$", rounds); -} -#endif /* USE_BCRYPT */ - -#ifdef USE_YESCRYPT -/* Return the the cost number for the YESCRYPT method. */ -static /*@observer@*/unsigned long YESCRYPT_get_salt_cost (/*@null@*/const int *prefered_cost) -{ - unsigned long cost; - - if (NULL == prefered_cost) { - cost = getdef_num ("YESCRYPT_COST_FACTOR", Y_COST_DEFAULT); - } else if (0 == *prefered_cost) { - cost = Y_COST_DEFAULT; - } else { - cost = (unsigned long) *prefered_cost; - } - - /* Sanity checks. */ - if (cost < Y_COST_MIN) { - cost = Y_COST_MIN; - } - - if (cost > Y_COST_MAX) { - cost = Y_COST_MAX; - } - - return cost; -} - -/* - * Fill a salt prefix specifying the cost for the YESCRYPT method - * to a buffer. - */ -static /*@observer@*/void YESCRYPT_salt_cost_to_buf (char *buf, unsigned long cost) -{ - const size_t buf_begin = strlen (buf); - - /* - * Check if the result buffer is long enough. - * We are going to write four bytes, - * plus one byte for the terminator. - * jXX$ - * 0000 - * 1234 - */ - assert (GENSALT_SETTING_SIZE > buf_begin + 4); - - buf[buf_begin + 0] = 'j'; - if (cost < 3) { - buf[buf_begin + 1] = 0x36 + cost; - } else if (cost < 6) { - buf[buf_begin + 1] = 0x34 + cost; - } else { - buf[buf_begin + 1] = 0x3b + cost; - } - buf[buf_begin + 2] = cost >= 3 ? 'T' : '5'; - buf[buf_begin + 3] = '$'; - buf[buf_begin + 4] = '\0'; -} -#endif /* USE_YESCRYPT */ - -#if !USE_XCRYPT_GENSALT -static /*@observer@*/const char *gensalt (size_t salt_size) -{ - static char salt[MAX_SALT_SIZE + 6]; - - memset (salt, '\0', MAX_SALT_SIZE + 6); - - assert (salt_size >= MIN_SALT_SIZE && - salt_size <= MAX_SALT_SIZE); - strcat (salt, l64a (read_random_bytes ())); - do { - strcat (salt, l64a (read_random_bytes ())); - } while (strlen (salt) < salt_size); - - salt[salt_size] = '\0'; - - return salt; -} -#endif /* !USE_XCRYPT_GENSALT */ - -/* - * Generate 8 base64 ASCII characters of random salt. If MD5_CRYPT_ENAB - * in /etc/login.defs is "yes", the salt string will be prefixed by "$1$" - * (magic) and pw_encrypt() will execute the MD5-based FreeBSD-compatible - * version of crypt() instead of the standard one. - * Other methods can be set with ENCRYPT_METHOD - * - * The method can be forced with the meth parameter. - * If NULL, the method will be defined according to the ENCRYPT_METHOD - * variable, and if not set according to the MD5_CRYPT_ENAB variable, - * which can both be set inside the login.defs file. - * - * If meth is specified, an additional parameter can be provided. - * * For the SHA256 and SHA512 method, this specifies the number of rounds - * (if not NULL). - * * For the YESCRYPT method, this specifies the cost factor (if not NULL). - */ -/*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const char *meth, /*@null@*/void *arg) -{ - static char result[GENSALT_SETTING_SIZE]; - size_t salt_len = MAX_SALT_SIZE; - const char *method; - unsigned long rounds = 0; - - memset (result, '\0', GENSALT_SETTING_SIZE); - - if (NULL != meth) - method = meth; - else { - method = getdef_str ("ENCRYPT_METHOD"); - if (NULL == method) { - method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES"; - } - } - - if (0 == strcmp (method, "MD5")) { - MAGNUM(result, '1'); - salt_len = MD5_CRYPT_SALT_SIZE; - rounds = 0; -#ifdef USE_BCRYPT - } else if (0 == strcmp (method, "BCRYPT")) { - BCRYPTMAGNUM(result); - salt_len = BCRYPT_SALT_SIZE; - rounds = BCRYPT_get_salt_rounds ((int *) arg); - BCRYPT_salt_rounds_to_buf (result, rounds); -#endif /* USE_BCRYPT */ -#ifdef USE_YESCRYPT - } else if (0 == strcmp (method, "YESCRYPT")) { - MAGNUM(result, 'y'); - salt_len = YESCRYPT_SALT_SIZE; - rounds = YESCRYPT_get_salt_cost ((int *) arg); - YESCRYPT_salt_cost_to_buf (result, rounds); -#endif /* USE_YESCRYPT */ -#ifdef USE_SHA_CRYPT - } else if (0 == strcmp (method, "SHA256")) { - MAGNUM(result, '5'); - salt_len = SHA_CRYPT_SALT_SIZE; - rounds = SHA_get_salt_rounds ((int *) arg); - SHA_salt_rounds_to_buf (result, rounds); - } else if (0 == strcmp (method, "SHA512")) { - MAGNUM(result, '6'); - salt_len = SHA_CRYPT_SALT_SIZE; - rounds = SHA_get_salt_rounds ((int *) arg); - SHA_salt_rounds_to_buf (result, rounds); -#endif /* USE_SHA_CRYPT */ - } else if (0 != strcmp (method, "DES")) { - fprintf (log_get_logfd(), - _("Invalid ENCRYPT_METHOD value: '%s'.\n" - "Defaulting to DES.\n"), - method); - salt_len = MAX_SALT_SIZE; - rounds = 0; - memset (result, '\0', GENSALT_SETTING_SIZE); - } - -#if USE_XCRYPT_GENSALT - /* - * Prepare DES setting for crypt_gensalt(), if result - * has not been filled with anything previously. - */ - if ('\0' == result[0]) { - /* Avoid -Wunused-but-set-variable. */ - salt_len = GENSALT_SETTING_SIZE - 1; - rounds = 0; - memset (result, '.', salt_len); - result[salt_len] = '\0'; - } - - char *retval = crypt_gensalt (result, rounds, NULL, 0); - - /* Should not happen, but... */ - if (NULL == retval) { - fprintf (log_get_logfd(), - _("Unable to generate a salt from setting " - "\"%s\", check your settings in " - "ENCRYPT_METHOD and the corresponding " - "configuration for your selected hash " - "method.\n"), result); - - exit (1); - } - - return retval; -#else /* USE_XCRYPT_GENSALT */ - /* Check if the result buffer is long enough. */ - assert (GENSALT_SETTING_SIZE > strlen (result) + salt_len); - - /* Concatenate a pseudo random salt. */ - strncat (result, gensalt (salt_len), - GENSALT_SETTING_SIZE - strlen (result) - 1); - - return result; -#endif /* USE_XCRYPT_GENSALT */ -} |