2795
|
1 /* One way encryption based on MD5 sum.
|
|
2 Copyright (C) 1996, 1997, 1999, 2000 Free Software Foundation, Inc.
|
|
3 This file is part of the GNU C Library.
|
|
4 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
|
|
5
|
|
6 The GNU C Library is free software; you can redistribute it and/or
|
|
7 modify it under the terms of the GNU Lesser General Public
|
|
8 License as published by the Free Software Foundation; either
|
|
9 version 2.1 of the License, or (at your option) any later version.
|
|
10
|
|
11 The GNU C Library is distributed in the hope that it will be useful,
|
|
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
14 Lesser General Public License for more details.
|
|
15
|
|
16 You should have received a copy of the GNU Lesser General Public
|
|
17 License along with the GNU C Library; if not, write to the Free
|
|
18 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
|
19 02111-1307 USA. */
|
|
20
|
|
21 /* warmenhoven took this file and made it work with the md5.[ch] we
|
|
22 * already had. isn't that lovely. people should just use linux or
|
|
23 * freebsd, crypt works properly on those systems. i hate solaris */
|
|
24
|
|
25 #include <string.h>
|
|
26 #include <stdlib.h>
|
|
27 #include <glib.h>
|
|
28
|
|
29 #include "md5.h"
|
|
30
|
|
31 /* Define our magic string to mark salt for MD5 "encryption"
|
|
32 replacement. This is meant to be the same as for other MD5 based
|
|
33 encryption implementations. */
|
|
34 static const char md5_salt_prefix[] = "$1$";
|
|
35
|
|
36 /* Table with characters for base64 transformation. */
|
|
37 static const char b64t[64] =
|
|
38 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
|
39
|
|
40 char *yahoo_crypt(char *key, char *salt)
|
|
41 {
|
|
42 static char *buffer = NULL;
|
|
43 static int buflen = 0;
|
|
44 int needed = 3 + strlen (salt) + 1 + 26 + 1;
|
|
45
|
|
46 md5_byte_t alt_result[16];
|
|
47 md5_state_t ctx;
|
|
48 md5_state_t alt_ctx;
|
|
49 size_t salt_len;
|
|
50 size_t key_len;
|
|
51 size_t cnt;
|
|
52 char *cp;
|
|
53
|
|
54 if (buflen < needed) {
|
|
55 buflen = needed;
|
|
56 if ((buffer = g_realloc(buffer, buflen)) == NULL)
|
|
57 return NULL;
|
|
58 }
|
|
59
|
|
60 /* Find beginning of salt string. The prefix should normally always
|
|
61 be present. Just in case it is not. */
|
|
62 if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
|
|
63 /* Skip salt prefix. */
|
|
64 salt += sizeof (md5_salt_prefix) - 1;
|
|
65
|
|
66 salt_len = MIN (strcspn (salt, "$"), 8);
|
|
67 key_len = strlen (key);
|
|
68
|
|
69 /* Prepare for the real work. */
|
|
70 md5_init(&ctx);
|
|
71
|
|
72 /* Add the key string. */
|
|
73 md5_append(&ctx, key, key_len);
|
|
74
|
|
75 /* Because the SALT argument need not always have the salt prefix we
|
|
76 add it separately. */
|
|
77 md5_append(&ctx, md5_salt_prefix, sizeof (md5_salt_prefix) - 1);
|
|
78
|
|
79 /* The last part is the salt string. This must be at most 8
|
|
80 characters and it ends at the first `$' character (for
|
|
81 compatibility which existing solutions). */
|
|
82 md5_append(&ctx, salt, salt_len);
|
|
83
|
|
84 /* Compute alternate MD5 sum with input KEY, SALT, and KEY. The
|
|
85 final result will be added to the first context. */
|
|
86 md5_init(&alt_ctx);
|
|
87
|
|
88 /* Add key. */
|
|
89 md5_append(&alt_ctx, key, key_len);
|
|
90
|
|
91 /* Add salt. */
|
|
92 md5_append(&alt_ctx, salt, salt_len);
|
|
93
|
|
94 /* Add key again. */
|
|
95 md5_append(&alt_ctx, key, key_len);
|
|
96
|
|
97 /* Now get result of this (16 bytes) and add it to the other
|
|
98 context. */
|
|
99 md5_finish(&alt_ctx, alt_result);
|
|
100
|
|
101 /* Add for any character in the key one byte of the alternate sum. */
|
|
102 for (cnt = key_len; cnt > 16; cnt -= 16)
|
|
103 md5_append(&ctx, alt_result, 16);
|
|
104 md5_append(&ctx, alt_result, cnt);
|
|
105
|
|
106 /* For the following code we need a NUL byte. */
|
|
107 alt_result[0] = '\0';
|
|
108
|
|
109 /* The original implementation now does something weird: for every 1
|
|
110 bit in the key the first 0 is added to the buffer, for every 0
|
|
111 bit the first character of the key. This does not seem to be
|
|
112 what was intended but we have to follow this to be compatible. */
|
|
113 for (cnt = key_len; cnt > 0; cnt >>= 1)
|
|
114 md5_append(&ctx, (cnt & 1) != 0 ? alt_result : (md5_byte_t *)key, 1);
|
|
115
|
|
116 /* Create intermediate result. */
|
|
117 md5_finish(&ctx, alt_result);
|
|
118
|
|
119 /* Now comes another weirdness. In fear of password crackers here
|
|
120 comes a quite long loop which just processes the output of the
|
|
121 previous round again. We cannot ignore this here. */
|
|
122 for (cnt = 0; cnt < 1000; ++cnt) {
|
|
123 /* New context. */
|
|
124 md5_init(&ctx);
|
|
125
|
|
126 /* Add key or last result. */
|
|
127 if ((cnt & 1) != 0)
|
|
128 md5_append(&ctx, key, key_len);
|
|
129 else
|
|
130 md5_append(&ctx, alt_result, 16);
|
|
131
|
|
132 /* Add salt for numbers not divisible by 3. */
|
|
133 if (cnt % 3 != 0)
|
|
134 md5_append(&ctx, salt, salt_len);
|
|
135
|
|
136 /* Add key for numbers not divisible by 7. */
|
|
137 if (cnt % 7 != 0)
|
|
138 md5_append(&ctx, key, key_len);
|
|
139
|
|
140 /* Add key or last result. */
|
|
141 if ((cnt & 1) != 0)
|
|
142 md5_append(&ctx, alt_result, 16);
|
|
143 else
|
|
144 md5_append(&ctx, key, key_len);
|
|
145
|
|
146 /* Create intermediate result. */
|
|
147 md5_finish(&ctx, alt_result);
|
|
148 }
|
|
149
|
|
150 /* Now we can construct the result string. It consists of three
|
|
151 parts. */
|
|
152
|
|
153 strncpy(buffer, md5_salt_prefix, MAX (0, buflen));
|
|
154 cp = buffer + strlen(buffer);
|
|
155 buflen -= sizeof (md5_salt_prefix);
|
|
156
|
|
157 strncpy(cp, salt, MIN ((size_t) buflen, salt_len));
|
|
158 cp = cp + strlen(cp);
|
|
159 buflen -= MIN ((size_t) buflen, salt_len);
|
|
160
|
|
161 if (buflen > 0) {
|
|
162 *cp++ = '$';
|
|
163 --buflen;
|
|
164 }
|
|
165
|
|
166 #define b64_from_24bit(B2, B1, B0, N) \
|
|
167 do { \
|
|
168 unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \
|
|
169 int n = (N); \
|
|
170 while (n-- > 0 && buflen > 0) { \
|
|
171 *cp++ = b64t[w & 0x3f]; \
|
|
172 --buflen; \
|
|
173 w >>= 6; \
|
|
174 }\
|
|
175 } while (0)
|
|
176
|
|
177 b64_from_24bit (alt_result[0], alt_result[6], alt_result[12], 4);
|
|
178 b64_from_24bit (alt_result[1], alt_result[7], alt_result[13], 4);
|
|
179 b64_from_24bit (alt_result[2], alt_result[8], alt_result[14], 4);
|
|
180 b64_from_24bit (alt_result[3], alt_result[9], alt_result[15], 4);
|
|
181 b64_from_24bit (alt_result[4], alt_result[10], alt_result[5], 4);
|
|
182 b64_from_24bit (0, 0, alt_result[11], 2);
|
|
183 if (buflen <= 0) {
|
|
184 g_free(buffer);
|
|
185 buffer = NULL;
|
|
186 } else
|
|
187 *cp = '\0'; /* Terminate the string. */
|
|
188
|
|
189 /* Clear the buffer for the intermediate result so that people
|
|
190 attaching to processes or reading core dumps cannot get any
|
|
191 information. We do it in this way to clear correct_words[]
|
|
192 inside the MD5 implementation as well. */
|
|
193 md5_init(&ctx);
|
|
194 md5_finish(&ctx, alt_result);
|
|
195 memset (&ctx, '\0', sizeof (ctx));
|
|
196 memset (&alt_ctx, '\0', sizeof (alt_ctx));
|
|
197
|
|
198 return buffer;
|
|
199 }
|