summaryrefslogtreecommitdiffstats
path: root/lib/libcrypt
diff options
context:
space:
mode:
authormarkm <markm@FreeBSD.org>2003-06-02 19:29:27 +0000
committermarkm <markm@FreeBSD.org>2003-06-02 19:29:27 +0000
commitec27a748079eea5188cc0b53a46b236429761fb1 (patch)
tree8e6b976dc658b3a9d034ea4211cf590ed8f6af57 /lib/libcrypt
parentc9e0f045e69296620fe503e1cdd62d75d4a1f218 (diff)
downloadFreeBSD-src-ec27a748079eea5188cc0b53a46b236429761fb1.zip
FreeBSD-src-ec27a748079eea5188cc0b53a46b236429761fb1.tar.gz
Add a new hash type. This "NT-hash" is compatible with the password
hashing scheme used in Microsoft's NT machines. IT IS NOT SECURE! DON'T USE IT! This is for the use of competent sysadmins only! Submitted by: Michael Bretterklieber
Diffstat (limited to 'lib/libcrypt')
-rw-r--r--lib/libcrypt/Makefile18
-rw-r--r--lib/libcrypt/crypt-nthash.c88
-rw-r--r--lib/libcrypt/crypt.319
-rw-r--r--lib/libcrypt/crypt.c5
-rw-r--r--lib/libcrypt/crypt.h4
5 files changed, 123 insertions, 11 deletions
diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile
index eda43f6..603a957 100644
--- a/lib/libcrypt/Makefile
+++ b/lib/libcrypt/Makefile
@@ -6,25 +6,29 @@ SHLIB_MAJOR= 2
LIB= crypt
.PATH: ${.CURDIR}/../libmd
-SRCS= crypt.c crypt-md5.c md5c.c misc.c
+SRCS= crypt.c misc.c \
+ crypt-md5.c md5c.c \
+ crypt-nthash.c md4c.c
MAN= crypt.3
MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
CFLAGS+= -I${.CURDIR}/../libmd -I${.CURDIR}/../libutil
-CFLAGS+= -DLIBC_SCCS -Wall
-# Pull in the crypt-des.c source, assuming it is present.
-.if exists(${.CURDIR}/../../secure/lib/libcrypt/crypt-des.c) && \
- !defined(NOCRYPT)
+
+# Pull in the strong crypto, if it is present.
+.if exists(${.CURDIR}/../../secure/lib/libcrypt) && !defined(NOCRYPT)
.PATH: ${.CURDIR}/../../secure/lib/libcrypt
SRCS+= crypt-des.c crypt-blowfish.c blowfish.c
CFLAGS+= -I${.CURDIR} -DHAS_DES -DHAS_BLOWFISH
.endif
+
# And the auth_getval() code and support.
.PATH: ${.CURDIR}/../libutil
SRCS+= auth.c property.c
-.for sym in MD5Init MD5Final MD5Update MD5Pad auth_getval \
- property_find properties_read properties_free
+.for sym in auth_getval property_find properties_read properties_free \
+ MD4Init MD4Final MD4Update MD4Pad \
+ MD5Init MD5Final MD5Update MD5Pad
CFLAGS+= -D${sym}=__${sym}
.endfor
+
PRECIOUSLIB= yes
.include <bsd.lib.mk>
diff --git a/lib/libcrypt/crypt-nthash.c b/lib/libcrypt/crypt-nthash.c
new file mode 100644
index 0000000..19b84ce
--- /dev/null
+++ b/lib/libcrypt/crypt-nthash.c
@@ -0,0 +1,88 @@
+/*-
+ * Copyright (c) 2003 Michael Bretterklieber
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <netinet/in.h>
+
+#include <ctype.h>
+#include <err.h>
+#include <md4.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "crypt.h"
+
+/*
+ * NT HASH = md4(str2unicode(pw))
+ */
+
+/* ARGSUSED */
+char *
+crypt_nthash(const char *pw, const char *salt __unused)
+{
+ size_t unipwLen;
+ int i, j;
+ static char hexconvtab[] = "0123456789abcdef";
+ static const char *magic = "$3$";
+ static char passwd[120];
+ u_int16_t unipw[128];
+ char final[MD4_SIZE*2 + 1];
+ u_char hash[MD4_SIZE];
+ const char *s;
+ MD4_CTX ctx;
+
+ bzero(unipw, sizeof(unipw));
+ /* convert to unicode (thanx Archie) */
+ unipwLen = 0;
+ for (s = pw; unipwLen < sizeof(unipw) / 2 && *s; s++)
+ unipw[unipwLen++] = htons(*s << 8);
+
+ /* Compute MD4 of Unicode password */
+ MD4Init(&ctx);
+ MD4Update(&ctx, (u_char *)unipw, unipwLen*sizeof(u_int16_t));
+ MD4Final(hash, &ctx);
+
+ for (i = j = 0; i < MD4_SIZE; i++) {
+ final[j++] = hexconvtab[hash[i] >> 4];
+ final[j++] = hexconvtab[hash[i] & 15];
+ }
+ final[j] = '\0';
+
+ strcpy(passwd, magic);
+ strcat(passwd, "$");
+ strncat(passwd, final, MD4_SIZE*2);
+
+ /* Don't leave anything around in vm they could use. */
+ memset(final, 0, sizeof(final));
+
+ return (passwd);
+}
diff --git a/lib/libcrypt/crypt.3 b/lib/libcrypt/crypt.3
index 8d6e3c8..bcb3cfb 100644
--- a/lib/libcrypt/crypt.3
+++ b/lib/libcrypt/crypt.3
@@ -62,6 +62,9 @@ Currently these include the
.Tn NBS
.Tn Data Encryption Standard (DES) ,
.Tn MD5
+hash,
+.Tn NT-Hash
+(compatible with Microsoft's NT scheme)
and
.Tn Blowfish .
The algorithm used will depend upon the format of the Salt (following
@@ -178,11 +181,13 @@ Currently supported algorithms are:
MD5
.It
Blowfish
+.It
+NT-Hash
.El
.Pp
Other crypt formats may be easily added. An example salt would be:
.Bl -tag -offset indent
-.It Cm "$3$thesalt$rest"
+.It Cm "$4$thesalt$rest"
.El
.Pp
.Ss "Traditional" crypt:
@@ -213,9 +218,10 @@ Valid values are
.\" NOTICE: Also make sure to update this, too, as well
.\"
.Ql des ,
-.Ql blf
+.Ql blf ,
+.Ql md5
and
-.Ql md5 .
+.Ql nth .
.Pp
The
.Fn crypt_set_format
@@ -253,6 +259,12 @@ function returns a pointer to static data, and subsequent calls to
will modify the same data. Likewise,
.Fn crypt_set_format
modifies static data.
+.Pp
+The NT-hash scheme does not use a salt,
+and is not hard
+for a competent attacker
+to break.
+Its use is not recommended.
.Sh HISTORY
A rotor-based
.Fn crypt
@@ -276,6 +288,7 @@ Originally written by
later additions and changes by
.An Poul-Henning Kamp ,
.An Mark R V Murray ,
+.An Michael Bretterklieber ,
.An Kris Kennaway ,
.An Brian Feldman ,
.An Paul Herman
diff --git a/lib/libcrypt/crypt.c b/lib/libcrypt/crypt.c
index a41ee85..a6b91f5 100644
--- a/lib/libcrypt/crypt.c
+++ b/lib/libcrypt/crypt.c
@@ -58,6 +58,11 @@ static const struct {
},
#endif
{
+ "nth",
+ crypt_nthash,
+ "$3$"
+ },
+ {
NULL,
NULL,
NULL
diff --git a/lib/libcrypt/crypt.h b/lib/libcrypt/crypt.h
index 2488ac8..c677160 100644
--- a/lib/libcrypt/crypt.h
+++ b/lib/libcrypt/crypt.h
@@ -1,3 +1,4 @@
+/* LINTLIBRARY */
/*
* Copyright (c) 1999
* Mark Murray. All rights reserved.
@@ -28,11 +29,12 @@
*/
/* magic sizes */
+#define MD4_SIZE 16
#define MD5_SIZE 16
char *crypt_des(const char *pw, const char *salt);
char *crypt_md5(const char *pw, const char *salt);
+char *crypt_nthash(const char *pw, const char *salt);
char *crypt_blowfish(const char *pw, const char *salt);
extern void _crypt_to64(char *s, u_long v, int n);
-
OpenPOWER on IntegriCloud