diff options
Diffstat (limited to 'lib/libcrypt')
-rw-r--r-- | lib/libcrypt/Makefile | 18 | ||||
-rw-r--r-- | lib/libcrypt/crypt-nthash.c | 88 | ||||
-rw-r--r-- | lib/libcrypt/crypt.3 | 19 | ||||
-rw-r--r-- | lib/libcrypt/crypt.c | 5 | ||||
-rw-r--r-- | lib/libcrypt/crypt.h | 4 |
5 files changed, 123 insertions, 11 deletions
diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile index eda43f6..603a957 100644 --- a/lib/libcrypt/Makefile +++ b/lib/libcrypt/Makefile @@ -6,25 +6,29 @@ SHLIB_MAJOR= 2 LIB= crypt .PATH: ${.CURDIR}/../libmd -SRCS= crypt.c crypt-md5.c md5c.c misc.c +SRCS= crypt.c misc.c \ + crypt-md5.c md5c.c \ + crypt-nthash.c md4c.c MAN= crypt.3 MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3 CFLAGS+= -I${.CURDIR}/../libmd -I${.CURDIR}/../libutil -CFLAGS+= -DLIBC_SCCS -Wall -# Pull in the crypt-des.c source, assuming it is present. -.if exists(${.CURDIR}/../../secure/lib/libcrypt/crypt-des.c) && \ - !defined(NOCRYPT) + +# Pull in the strong crypto, if it is present. +.if exists(${.CURDIR}/../../secure/lib/libcrypt) && !defined(NOCRYPT) .PATH: ${.CURDIR}/../../secure/lib/libcrypt SRCS+= crypt-des.c crypt-blowfish.c blowfish.c CFLAGS+= -I${.CURDIR} -DHAS_DES -DHAS_BLOWFISH .endif + # And the auth_getval() code and support. .PATH: ${.CURDIR}/../libutil SRCS+= auth.c property.c -.for sym in MD5Init MD5Final MD5Update MD5Pad auth_getval \ - property_find properties_read properties_free +.for sym in auth_getval property_find properties_read properties_free \ + MD4Init MD4Final MD4Update MD4Pad \ + MD5Init MD5Final MD5Update MD5Pad CFLAGS+= -D${sym}=__${sym} .endfor + PRECIOUSLIB= yes .include <bsd.lib.mk> diff --git a/lib/libcrypt/crypt-nthash.c b/lib/libcrypt/crypt-nthash.c new file mode 100644 index 0000000..19b84ce --- /dev/null +++ b/lib/libcrypt/crypt-nthash.c @@ -0,0 +1,88 @@ +/*- + * Copyright (c) 2003 Michael Bretterklieber + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <sys/types.h> + +#include <netinet/in.h> + +#include <ctype.h> +#include <err.h> +#include <md4.h> +#include <stdarg.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> + +#include "crypt.h" + +/* + * NT HASH = md4(str2unicode(pw)) + */ + +/* ARGSUSED */ +char * +crypt_nthash(const char *pw, const char *salt __unused) +{ + size_t unipwLen; + int i, j; + static char hexconvtab[] = "0123456789abcdef"; + static const char *magic = "$3$"; + static char passwd[120]; + u_int16_t unipw[128]; + char final[MD4_SIZE*2 + 1]; + u_char hash[MD4_SIZE]; + const char *s; + MD4_CTX ctx; + + bzero(unipw, sizeof(unipw)); + /* convert to unicode (thanx Archie) */ + unipwLen = 0; + for (s = pw; unipwLen < sizeof(unipw) / 2 && *s; s++) + unipw[unipwLen++] = htons(*s << 8); + + /* Compute MD4 of Unicode password */ + MD4Init(&ctx); + MD4Update(&ctx, (u_char *)unipw, unipwLen*sizeof(u_int16_t)); + MD4Final(hash, &ctx); + + for (i = j = 0; i < MD4_SIZE; i++) { + final[j++] = hexconvtab[hash[i] >> 4]; + final[j++] = hexconvtab[hash[i] & 15]; + } + final[j] = '\0'; + + strcpy(passwd, magic); + strcat(passwd, "$"); + strncat(passwd, final, MD4_SIZE*2); + + /* Don't leave anything around in vm they could use. */ + memset(final, 0, sizeof(final)); + + return (passwd); +} diff --git a/lib/libcrypt/crypt.3 b/lib/libcrypt/crypt.3 index 8d6e3c8..bcb3cfb 100644 --- a/lib/libcrypt/crypt.3 +++ b/lib/libcrypt/crypt.3 @@ -62,6 +62,9 @@ Currently these include the .Tn NBS .Tn Data Encryption Standard (DES) , .Tn MD5 +hash, +.Tn NT-Hash +(compatible with Microsoft's NT scheme) and .Tn Blowfish . The algorithm used will depend upon the format of the Salt (following @@ -178,11 +181,13 @@ Currently supported algorithms are: MD5 .It Blowfish +.It +NT-Hash .El .Pp Other crypt formats may be easily added. An example salt would be: .Bl -tag -offset indent -.It Cm "$3$thesalt$rest" +.It Cm "$4$thesalt$rest" .El .Pp .Ss "Traditional" crypt: @@ -213,9 +218,10 @@ Valid values are .\" NOTICE: Also make sure to update this, too, as well .\" .Ql des , -.Ql blf +.Ql blf , +.Ql md5 and -.Ql md5 . +.Ql nth . .Pp The .Fn crypt_set_format @@ -253,6 +259,12 @@ function returns a pointer to static data, and subsequent calls to will modify the same data. Likewise, .Fn crypt_set_format modifies static data. +.Pp +The NT-hash scheme does not use a salt, +and is not hard +for a competent attacker +to break. +Its use is not recommended. .Sh HISTORY A rotor-based .Fn crypt @@ -276,6 +288,7 @@ Originally written by later additions and changes by .An Poul-Henning Kamp , .An Mark R V Murray , +.An Michael Bretterklieber , .An Kris Kennaway , .An Brian Feldman , .An Paul Herman diff --git a/lib/libcrypt/crypt.c b/lib/libcrypt/crypt.c index a41ee85..a6b91f5 100644 --- a/lib/libcrypt/crypt.c +++ b/lib/libcrypt/crypt.c @@ -58,6 +58,11 @@ static const struct { }, #endif { + "nth", + crypt_nthash, + "$3$" + }, + { NULL, NULL, NULL diff --git a/lib/libcrypt/crypt.h b/lib/libcrypt/crypt.h index 2488ac8..c677160 100644 --- a/lib/libcrypt/crypt.h +++ b/lib/libcrypt/crypt.h @@ -1,3 +1,4 @@ +/* LINTLIBRARY */ /* * Copyright (c) 1999 * Mark Murray. All rights reserved. @@ -28,11 +29,12 @@ */ /* magic sizes */ +#define MD4_SIZE 16 #define MD5_SIZE 16 char *crypt_des(const char *pw, const char *salt); char *crypt_md5(const char *pw, const char *salt); +char *crypt_nthash(const char *pw, const char *salt); char *crypt_blowfish(const char *pw, const char *salt); extern void _crypt_to64(char *s, u_long v, int n); - |