mkcrypt.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441
  1. /*-
  2. * Copyright (c) 2007
  3. * Thorsten Glaser <tg@mirbsd.de>
  4. *
  5. * Provided that these terms and disclaimer and all copyright notices
  6. * are retained or reproduced in an accompanying document, permission
  7. * is granted to deal in this work without restriction, including un-
  8. * limited rights to use, publicly perform, distribute, sell, modify,
  9. * merge, give away, or sublicence.
  10. *
  11. * Advertising materials mentioning features or use of this work must
  12. * display the following acknowledgement:
  13. * This product includes material provided by Thorsten Glaser.
  14. * This product includes software developed by Niels Provos.
  15. *
  16. * This work is provided "AS IS" and WITHOUT WARRANTY of any kind, to
  17. * the utmost extent permitted by applicable law, neither express nor
  18. * implied; without malicious intent or gross negligence. In no event
  19. * may a licensor, author or contributor be held liable for indirect,
  20. * direct, other damage, loss, or other issues arising in any way out
  21. * of dealing in the work, even if advised of the possibility of such
  22. * damage or existence of a defect, except proven that it results out
  23. * of said person's immediate fault when using the work as intended.
  24. */
  25. #include <stdio.h>
  26. #include <stdlib.h>
  27. #include <string.h>
  28. #include <unistd.h>
  29. #include <sys/types.h>
  30. #define MD5_BLOCK_LENGTH 64
  31. #define MD5_DIGEST_LENGTH 16
  32. #define MD5_DIGEST_STRING_LENGTH (MD5_DIGEST_LENGTH * 2 + 1)
  33. typedef struct MD5Context {
  34. u_int32_t state[4];
  35. u_int64_t count;
  36. u_int8_t buffer[MD5_BLOCK_LENGTH];
  37. } MD5_CTX;
  38. /* low-level MD5 functions from md5c.c */
  39. void MD5Init(MD5_CTX *);
  40. void MD5Update(MD5_CTX *, const u_int8_t *, size_t);
  41. void MD5Pad(MD5_CTX *);
  42. void MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *);
  43. void MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH]);
  44. /* high-level functions from mdXhl.c */
  45. char *MD5End(MD5_CTX *, char *);
  46. char *MD5File(const char *, char *);
  47. char *MD5FileChunk(const char *, char *, off_t, off_t);
  48. char *MD5Data(const u_int8_t *, size_t, char *);
  49. void to64(char *, u_int32_t, int);
  50. char *md5crypt(const char *pw, const char *salt);
  51. int pwd_gensalt(char *, int);
  52. static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
  53. "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
  54. void
  55. to64(char *s, u_int32_t v, int n)
  56. {
  57. while (--n >= 0) {
  58. *s++ = itoa64[v&0x3f];
  59. v >>= 6;
  60. }
  61. }
  62. #define PUT_64BIT_LE(cp, value) do { \
  63. (cp)[7] = (value) >> 56; \
  64. (cp)[6] = (value) >> 48; \
  65. (cp)[5] = (value) >> 40; \
  66. (cp)[4] = (value) >> 32; \
  67. (cp)[3] = (value) >> 24; \
  68. (cp)[2] = (value) >> 16; \
  69. (cp)[1] = (value) >> 8; \
  70. (cp)[0] = (value); } while (0)
  71. #define PUT_32BIT_LE(cp, value) do { \
  72. (cp)[3] = (value) >> 24; \
  73. (cp)[2] = (value) >> 16; \
  74. (cp)[1] = (value) >> 8; \
  75. (cp)[0] = (value); } while (0)
  76. static u_int8_t PADDING[MD5_BLOCK_LENGTH] = {
  77. 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  78. 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  79. 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
  80. };
  81. /*
  82. * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
  83. * initialization constants.
  84. */
  85. void
  86. MD5Init(MD5_CTX *ctx)
  87. {
  88. ctx->count = 0;
  89. ctx->state[0] = 0x67452301;
  90. ctx->state[1] = 0xefcdab89;
  91. ctx->state[2] = 0x98badcfe;
  92. ctx->state[3] = 0x10325476;
  93. }
  94. /*
  95. * Update context to reflect the concatenation of another buffer full
  96. * of bytes.
  97. */
  98. void
  99. MD5Update(MD5_CTX *ctx, const unsigned char *input, size_t len)
  100. {
  101. size_t have, need;
  102. /* Check how many bytes we already have and how many more we need. */
  103. have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
  104. need = MD5_BLOCK_LENGTH - have;
  105. /* Update bitcount */
  106. ctx->count += (u_int64_t)len << 3;
  107. if (len >= need) {
  108. if (have != 0) {
  109. memcpy(ctx->buffer + have, input, need);
  110. MD5Transform(ctx->state, ctx->buffer);
  111. input += need;
  112. len -= need;
  113. have = 0;
  114. }
  115. /* Process data in MD5_BLOCK_LENGTH-byte chunks. */
  116. while (len >= MD5_BLOCK_LENGTH) {
  117. MD5Transform(ctx->state, input);
  118. input += MD5_BLOCK_LENGTH;
  119. len -= MD5_BLOCK_LENGTH;
  120. }
  121. }
  122. /* Handle any remaining bytes of data. */
  123. if (len != 0)
  124. memcpy(ctx->buffer + have, input, len);
  125. }
  126. /*
  127. * Pad pad to 64-byte boundary with the bit pattern
  128. * 1 0* (64-bit count of bits processed, MSB-first)
  129. */
  130. void
  131. MD5Pad(MD5_CTX *ctx)
  132. {
  133. u_int8_t count[8];
  134. size_t padlen;
  135. /* Convert count to 8 bytes in little endian order. */
  136. PUT_64BIT_LE(count, ctx->count);
  137. /* Pad out to 56 mod 64. */
  138. padlen = MD5_BLOCK_LENGTH -
  139. ((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
  140. if (padlen < 1 + 8)
  141. padlen += MD5_BLOCK_LENGTH;
  142. MD5Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
  143. MD5Update(ctx, count, 8);
  144. }
  145. /*
  146. * Final wrapup--call MD5Pad, fill in digest and zero out ctx.
  147. */
  148. void
  149. MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
  150. {
  151. int i;
  152. MD5Pad(ctx);
  153. if (digest != NULL) {
  154. for (i = 0; i < 4; i++)
  155. PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
  156. memset(ctx, 0, sizeof(*ctx));
  157. }
  158. }
  159. /* The four core functions - F1 is optimized somewhat */
  160. /* #define F1(x, y, z) (x & y | ~x & z) */
  161. #define F1(x, y, z) (z ^ (x & (y ^ z)))
  162. #define F2(x, y, z) F1(z, x, y)
  163. #define F3(x, y, z) (x ^ y ^ z)
  164. #define F4(x, y, z) (y ^ (x | ~z))
  165. /* This is the central step in the MD5 algorithm. */
  166. #define MD5STEP(f, w, x, y, z, data, s) \
  167. ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
  168. /*
  169. * The core of the MD5 algorithm, this alters an existing MD5 hash to
  170. * reflect the addition of 16 longwords of new data. MD5Update blocks
  171. * the data and converts bytes into longwords for this routine.
  172. */
  173. void
  174. MD5Transform(u_int32_t state[4], const u_int8_t block[MD5_BLOCK_LENGTH])
  175. {
  176. u_int32_t a, b, c, d, in[MD5_BLOCK_LENGTH / 4];
  177. #if BYTE_ORDER == LITTLE_ENDIAN
  178. memcpy(in, block, sizeof(in));
  179. #else
  180. for (a = 0; a < MD5_BLOCK_LENGTH / 4; a++) {
  181. in[a] = (u_int32_t)(
  182. (u_int32_t)(block[a * 4 + 0]) |
  183. (u_int32_t)(block[a * 4 + 1]) << 8 |
  184. (u_int32_t)(block[a * 4 + 2]) << 16 |
  185. (u_int32_t)(block[a * 4 + 3]) << 24);
  186. }
  187. #endif
  188. a = state[0];
  189. b = state[1];
  190. c = state[2];
  191. d = state[3];
  192. MD5STEP(F1, a, b, c, d, in[ 0] + 0xd76aa478, 7);
  193. MD5STEP(F1, d, a, b, c, in[ 1] + 0xe8c7b756, 12);
  194. MD5STEP(F1, c, d, a, b, in[ 2] + 0x242070db, 17);
  195. MD5STEP(F1, b, c, d, a, in[ 3] + 0xc1bdceee, 22);
  196. MD5STEP(F1, a, b, c, d, in[ 4] + 0xf57c0faf, 7);
  197. MD5STEP(F1, d, a, b, c, in[ 5] + 0x4787c62a, 12);
  198. MD5STEP(F1, c, d, a, b, in[ 6] + 0xa8304613, 17);
  199. MD5STEP(F1, b, c, d, a, in[ 7] + 0xfd469501, 22);
  200. MD5STEP(F1, a, b, c, d, in[ 8] + 0x698098d8, 7);
  201. MD5STEP(F1, d, a, b, c, in[ 9] + 0x8b44f7af, 12);
  202. MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
  203. MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
  204. MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
  205. MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
  206. MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
  207. MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
  208. MD5STEP(F2, a, b, c, d, in[ 1] + 0xf61e2562, 5);
  209. MD5STEP(F2, d, a, b, c, in[ 6] + 0xc040b340, 9);
  210. MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
  211. MD5STEP(F2, b, c, d, a, in[ 0] + 0xe9b6c7aa, 20);
  212. MD5STEP(F2, a, b, c, d, in[ 5] + 0xd62f105d, 5);
  213. MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
  214. MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
  215. MD5STEP(F2, b, c, d, a, in[ 4] + 0xe7d3fbc8, 20);
  216. MD5STEP(F2, a, b, c, d, in[ 9] + 0x21e1cde6, 5);
  217. MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
  218. MD5STEP(F2, c, d, a, b, in[ 3] + 0xf4d50d87, 14);
  219. MD5STEP(F2, b, c, d, a, in[ 8] + 0x455a14ed, 20);
  220. MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
  221. MD5STEP(F2, d, a, b, c, in[ 2] + 0xfcefa3f8, 9);
  222. MD5STEP(F2, c, d, a, b, in[ 7] + 0x676f02d9, 14);
  223. MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
  224. MD5STEP(F3, a, b, c, d, in[ 5] + 0xfffa3942, 4);
  225. MD5STEP(F3, d, a, b, c, in[ 8] + 0x8771f681, 11);
  226. MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
  227. MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
  228. MD5STEP(F3, a, b, c, d, in[ 1] + 0xa4beea44, 4);
  229. MD5STEP(F3, d, a, b, c, in[ 4] + 0x4bdecfa9, 11);
  230. MD5STEP(F3, c, d, a, b, in[ 7] + 0xf6bb4b60, 16);
  231. MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
  232. MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
  233. MD5STEP(F3, d, a, b, c, in[ 0] + 0xeaa127fa, 11);
  234. MD5STEP(F3, c, d, a, b, in[ 3] + 0xd4ef3085, 16);
  235. MD5STEP(F3, b, c, d, a, in[ 6] + 0x04881d05, 23);
  236. MD5STEP(F3, a, b, c, d, in[ 9] + 0xd9d4d039, 4);
  237. MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
  238. MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
  239. MD5STEP(F3, b, c, d, a, in[2 ] + 0xc4ac5665, 23);
  240. MD5STEP(F4, a, b, c, d, in[ 0] + 0xf4292244, 6);
  241. MD5STEP(F4, d, a, b, c, in[7 ] + 0x432aff97, 10);
  242. MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
  243. MD5STEP(F4, b, c, d, a, in[5 ] + 0xfc93a039, 21);
  244. MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
  245. MD5STEP(F4, d, a, b, c, in[3 ] + 0x8f0ccc92, 10);
  246. MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
  247. MD5STEP(F4, b, c, d, a, in[1 ] + 0x85845dd1, 21);
  248. MD5STEP(F4, a, b, c, d, in[8 ] + 0x6fa87e4f, 6);
  249. MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
  250. MD5STEP(F4, c, d, a, b, in[6 ] + 0xa3014314, 15);
  251. MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
  252. MD5STEP(F4, a, b, c, d, in[4 ] + 0xf7537e82, 6);
  253. MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
  254. MD5STEP(F4, c, d, a, b, in[2 ] + 0x2ad7d2bb, 15);
  255. MD5STEP(F4, b, c, d, a, in[9 ] + 0xeb86d391, 21);
  256. state[0] += a;
  257. state[1] += b;
  258. state[2] += c;
  259. state[3] += d;
  260. }
  261. /*
  262. * UNIX password
  263. *
  264. * Use MD5 for what it is best at...
  265. */
  266. char *
  267. md5crypt(const char *pw, const char *salt)
  268. {
  269. /*
  270. * This string is magic for this algorithm. Having
  271. * it this way, we can get get better later on
  272. */
  273. static const unsigned char *magic = (const unsigned char *)"$1$";
  274. static char passwd[120], *p;
  275. static const unsigned char *sp,*ep;
  276. unsigned char final[16];
  277. int sl,pl,i;
  278. MD5_CTX ctx,ctx1;
  279. u_int32_t l;
  280. /* Refine the Salt first */
  281. sp = (const unsigned char *)salt;
  282. /* If it starts with the magic string, then skip that */
  283. if(!strncmp((const char *)sp,(const char *)magic,strlen((const char *)magic)))
  284. sp += strlen((const char *)magic);
  285. /* It stops at the first '$', max 8 chars */
  286. for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
  287. continue;
  288. /* get the length of the true salt */
  289. sl = ep - sp;
  290. MD5Init(&ctx);
  291. /* The password first, since that is what is most unknown */
  292. MD5Update(&ctx,(const unsigned char *)pw,strlen(pw));
  293. /* Then our magic string */
  294. MD5Update(&ctx,magic,strlen((const char *)magic));
  295. /* Then the raw salt */
  296. MD5Update(&ctx,sp,sl);
  297. /* Then just as many characters of the MD5(pw,salt,pw) */
  298. MD5Init(&ctx1);
  299. MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
  300. MD5Update(&ctx1,sp,sl);
  301. MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
  302. MD5Final(final,&ctx1);
  303. for(pl = strlen(pw); pl > 0; pl -= 16)
  304. MD5Update(&ctx,final,pl>16 ? 16 : pl);
  305. /* Don't leave anything around in vm they could use. */
  306. memset(final,0,sizeof final);
  307. /* Then something really weird... */
  308. for (i = strlen(pw); i ; i >>= 1)
  309. if(i&1)
  310. MD5Update(&ctx, final, 1);
  311. else
  312. MD5Update(&ctx, (const unsigned char *)pw, 1);
  313. /* Now make the output string */
  314. snprintf(passwd, sizeof(passwd), "%s%.*s$", magic,
  315. sl, (const char *)sp);
  316. MD5Final(final,&ctx);
  317. /*
  318. * and now, just to make sure things don't run too fast
  319. * On a 60 Mhz Pentium this takes 34 msec, so you would
  320. * need 30 seconds to build a 1000 entry dictionary...
  321. */
  322. for(i=0;i<1000;i++) {
  323. MD5Init(&ctx1);
  324. if(i & 1)
  325. MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
  326. else
  327. MD5Update(&ctx1,final,16);
  328. if(i % 3)
  329. MD5Update(&ctx1,sp,sl);
  330. if(i % 7)
  331. MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
  332. if(i & 1)
  333. MD5Update(&ctx1,final,16);
  334. else
  335. MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
  336. MD5Final(final,&ctx1);
  337. }
  338. p = passwd + strlen(passwd);
  339. l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
  340. l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
  341. l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
  342. l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
  343. l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
  344. l = final[11] ; to64(p,l,2); p += 2;
  345. *p = '\0';
  346. /* Don't leave anything around in vm they could use. */
  347. memset(final, 0, sizeof final);
  348. return passwd;
  349. }
  350. int pwd_gensalt(char *salt, int saltlen) {
  351. *salt = '\0';
  352. if (saltlen < 13) { /* $1$8salt$\0 */
  353. return 0;
  354. }
  355. strcpy(salt, "$1$");
  356. to64(&salt[3], random(), 4);
  357. to64(&salt[7], random(), 4);
  358. strcpy(&salt[11], "$");
  359. return 1;
  360. }
  361. int main(int argc, char *argv[]) {
  362. char salt[16];
  363. char *pw;
  364. if (!argv[1]) {
  365. fprintf(stderr, "Syntax Error!\n");
  366. return (1);
  367. }
  368. if (!pwd_gensalt(salt, sizeof (salt)))
  369. return (255);
  370. if ((pw = md5crypt(argv[1], salt)) == NULL) {
  371. fprintf(stderr, "Error generating password!\n");
  372. return (1);
  373. }
  374. printf("%s\n", pw);
  375. return (0);
  376. }