| 1 | /* |
| 2 | * ---------------------------------------------------------------------------- |
| 3 | * "THE BEER-WARE LICENSE" (Revision 42): |
| 4 | * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you |
| 5 | * can do whatever you want with this stuff. If we meet some day, and you think |
| 6 | * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp |
| 7 | * ---------------------------------------------------------------------------- |
| 8 | * |
| 9 | * $FreeBSD: src/lib/libcrypt/crypt-md5.c,v 1.5.2.1 2001/05/24 12:20:02 markm Exp $ |
| 10 | * $DragonFly: src/lib/libcrypt/crypt-md5.c,v 1.3 2005/08/04 17:27:09 drhodus Exp $ |
| 11 | */ |
| 12 | |
| 13 | #include <unistd.h> |
| 14 | #include <stdio.h> |
| 15 | #include <string.h> |
| 16 | #include <md5.h> |
| 17 | #include <err.h> |
| 18 | #include "crypt.h" |
| 19 | |
| 20 | /* |
| 21 | * UNIX password |
| 22 | */ |
| 23 | |
| 24 | char * |
| 25 | crypt_md5(const char *pw, const char *salt) |
| 26 | { |
| 27 | static char *magic = "$1$"; /* |
| 28 | * This string is magic for |
| 29 | * this algorithm. Having |
| 30 | * it this way, we can get |
| 31 | * get better later on |
| 32 | */ |
| 33 | static char passwd[120], *p; |
| 34 | static const char *sp,*ep; |
| 35 | unsigned char final[MD5_SIZE]; |
| 36 | int sl,pl,i; |
| 37 | MD5_CTX ctx,ctx1; |
| 38 | unsigned long l; |
| 39 | |
| 40 | /* Refine the Salt first */ |
| 41 | sp = salt; |
| 42 | |
| 43 | /* If it starts with the magic string, then skip that */ |
| 44 | if(!strncmp(sp,magic,strlen(magic))) |
| 45 | sp += strlen(magic); |
| 46 | |
| 47 | /* It stops at the first '$', max 8 chars */ |
| 48 | for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++) |
| 49 | continue; |
| 50 | |
| 51 | /* get the length of the true salt */ |
| 52 | sl = ep - sp; |
| 53 | |
| 54 | MD5Init(&ctx); |
| 55 | |
| 56 | /* The password first, since that is what is most unknown */ |
| 57 | MD5Update(&ctx,pw,strlen(pw)); |
| 58 | |
| 59 | /* Then our magic string */ |
| 60 | MD5Update(&ctx,magic,strlen(magic)); |
| 61 | |
| 62 | /* Then the raw salt */ |
| 63 | MD5Update(&ctx,sp,sl); |
| 64 | |
| 65 | /* Then just as many characters of the MD5(pw,salt,pw) */ |
| 66 | MD5Init(&ctx1); |
| 67 | MD5Update(&ctx1,pw,strlen(pw)); |
| 68 | MD5Update(&ctx1,sp,sl); |
| 69 | MD5Update(&ctx1,pw,strlen(pw)); |
| 70 | MD5Final(final,&ctx1); |
| 71 | for(pl = strlen(pw); pl > 0; pl -= MD5_SIZE) |
| 72 | MD5Update(&ctx,final,pl>MD5_SIZE ? MD5_SIZE : pl); |
| 73 | |
| 74 | /* Don't leave anything around in vm they could use. */ |
| 75 | memset(final,0,sizeof final); |
| 76 | |
| 77 | /* Then something really weird... */ |
| 78 | for (i = strlen(pw); i ; i >>= 1) |
| 79 | if(i&1) |
| 80 | MD5Update(&ctx, final, 1); |
| 81 | else |
| 82 | MD5Update(&ctx, pw, 1); |
| 83 | |
| 84 | /* Now make the output string */ |
| 85 | strcpy(passwd,magic); |
| 86 | strncat(passwd,sp,sl); |
| 87 | strcat(passwd,"$"); |
| 88 | |
| 89 | MD5Final(final,&ctx); |
| 90 | |
| 91 | /* |
| 92 | * and now, just to make sure things don't run too fast |
| 93 | * On a 60 Mhz Pentium this takes 34 msec, so you would |
| 94 | * need 30 seconds to build a 1000 entry dictionary... |
| 95 | */ |
| 96 | for(i=0;i<1000;i++) { |
| 97 | MD5Init(&ctx1); |
| 98 | if(i & 1) |
| 99 | MD5Update(&ctx1,pw,strlen(pw)); |
| 100 | else |
| 101 | MD5Update(&ctx1,final,MD5_SIZE); |
| 102 | |
| 103 | if(i % 3) |
| 104 | MD5Update(&ctx1,sp,sl); |
| 105 | |
| 106 | if(i % 7) |
| 107 | MD5Update(&ctx1,pw,strlen(pw)); |
| 108 | |
| 109 | if(i & 1) |
| 110 | MD5Update(&ctx1,final,MD5_SIZE); |
| 111 | else |
| 112 | MD5Update(&ctx1,pw,strlen(pw)); |
| 113 | MD5Final(final,&ctx1); |
| 114 | } |
| 115 | |
| 116 | p = passwd + strlen(passwd); |
| 117 | |
| 118 | l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; |
| 119 | _crypt_to64(p,l,4); p += 4; |
| 120 | l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; |
| 121 | _crypt_to64(p,l,4); p += 4; |
| 122 | l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; |
| 123 | _crypt_to64(p,l,4); p += 4; |
| 124 | l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; |
| 125 | _crypt_to64(p,l,4); p += 4; |
| 126 | l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; |
| 127 | _crypt_to64(p,l,4); p += 4; |
| 128 | l = final[11] ; |
| 129 | _crypt_to64(p,l,2); p += 2; |
| 130 | *p = '\0'; |
| 131 | |
| 132 | /* Don't leave anything around in vm they could use. */ |
| 133 | memset(final,0,sizeof final); |
| 134 | |
| 135 | return passwd; |
| 136 | } |
| 137 | |