diff options
Diffstat (limited to 'libextra/crypt_bcrypt.c')
-rw-r--r-- | libextra/crypt_bcrypt.c | 773 |
1 files changed, 773 insertions, 0 deletions
diff --git a/libextra/crypt_bcrypt.c b/libextra/crypt_bcrypt.c new file mode 100644 index 0000000000..55ece44c4b --- /dev/null +++ b/libextra/crypt_bcrypt.c @@ -0,0 +1,773 @@ +/* + * Copyright (C) 2000,2001 Nikos Mavroyanopoulos + * + * This file is part of GNUTLS. + * + * GNUTLS is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +/* + * This is a modified version of the blowfish algorithm. + * It is an implementation of the bcrypt algorithm as described + * in a usenix paper by Niels Provos and David Mazieres. + * This is the encoding algorithm used in OpenBSD for passwords. + * (includes a modified version of b64.c) + */ + +/* The differences here from the original openbsd bcrypt algorithm are: + * 1. we use a different b64 hash function + * (the one used in SRP password files), + * 2. we use all the bytes from the encryption step (openbsd omited one byte), + * 3. we use the first 24 bytes of CONCAT(username,NULL,"Orphean...") as the + * encryption string. + */ + +#include "gnutls_int.h" + +#ifdef ENABLE_SRP + +#include "crypt_bcrypt.h" +#include "gnutls_random.h" +#include "auth_srp_passwd.h" +#include "gnutls_srp.h" +#include "gnutls_errors.h" +#include "debug.h" + +typedef struct { + uint32 S[4][256], P[18]; +} blf_ctx; + +#define BF_N 16 + +#define F(bc, x) ( ((bc->S[0][(x >> 24) & 0xff] + bc->S[1][(x >> 16) & 0xff]) ^ bc->S[2][(x >> 8) & 0xff]) + bc->S[3][x & 0xff] ) + +/* x should be a 64 bit integer */ +static void _blf_encrypt(blf_ctx * c, uint8 * x) +{ + uint32 Xl; + uint32 Xr, temp; + short i; + + Xl = x[0] << 24 | x[1] << 16 | x[2] << 8 | x[3]; + Xr = x[4] << 24 | x[5] << 16 | x[6] << 8 | x[7]; + + for (i = 0; i < BF_N; ++i) { + Xl ^= c->P[i]; + Xr ^= F(c, Xl); + + temp = Xl; + Xl = Xr; + Xr = temp; + } + + temp = Xl; + Xl = Xr; + Xr = temp; + + Xr ^= c->P[BF_N]; + Xl ^= c->P[BF_N + 1]; + + x[0] = (Xl >> 24) & 0xff; + x[1] = (Xl >> 16) & 0xff; + x[2] = (Xl >> 8) & 0xff; + x[3] = (Xl) & 0xff; + x[4] = (Xr >> 24) & 0xff; + x[5] = (Xr >> 16) & 0xff; + x[6] = (Xr >> 8) & 0xff; + x[7] = (Xr) & 0xff; +} + +/* x should be a 64 bit integer */ +static void enblf_noswap(blf_ctx * c, uint32 * x) +{ /* Used internally */ + uint32 Xl; + uint32 Xr, temp; + short i; + + Xl = x[0]; + Xr = x[1]; + + for (i = 0; i < BF_N; ++i) { + Xl ^= c->P[i]; + Xr ^= F(c, Xl); + + temp = Xl; + Xl = Xr; + Xr = temp; + } + + temp = Xl; + Xl = Xr; + Xr = temp; + + Xr ^= c->P[BF_N]; + Xl ^= c->P[BF_N + 1]; + + x[0] = Xl; + x[1] = Xr; +} + + +/* salt is an 128 bit integer */ +static short initialize_blowfish(blf_ctx * c) +{ + short i; + + uint32 ks0[] = { + 0xd1310ba6UL, 0x98dfb5acUL, 0x2ffd72dbUL, 0xd01adfb7UL, + 0xb8e1afedUL, 0x6a267e96UL, + 0xba7c9045UL, 0xf12c7f99UL, 0x24a19947UL, 0xb3916cf7UL, + 0x0801f2e2UL, 0x858efc16UL, + 0x636920d8UL, 0x71574e69UL, 0xa458fea3UL, 0xf4933d7eUL, + 0x0d95748fUL, 0x728eb658UL, + 0x718bcd58UL, 0x82154aeeUL, 0x7b54a41dUL, 0xc25a59b5UL, + 0x9c30d539UL, 0x2af26013UL, + 0xc5d1b023UL, 0x286085f0UL, 0xca417918UL, 0xb8db38efUL, + 0x8e79dcb0UL, 0x603a180eUL, + 0x6c9e0e8bUL, 0xb01e8a3eUL, 0xd71577c1UL, 0xbd314b27UL, + 0x78af2fdaUL, 0x55605c60UL, + 0xe65525f3UL, 0xaa55ab94UL, 0x57489862UL, 0x63e81440UL, + 0x55ca396aUL, 0x2aab10b6UL, + 0xb4cc5c34UL, 0x1141e8ceUL, 0xa15486afUL, 0x7c72e993UL, + 0xb3ee1411UL, 0x636fbc2aUL, + 0x2ba9c55dUL, 0x741831f6UL, 0xce5c3e16UL, 0x9b87931eUL, + 0xafd6ba33UL, 0x6c24cf5cUL, + 0x7a325381UL, 0x28958677UL, 0x3b8f4898UL, 0x6b4bb9afUL, + 0xc4bfe81bUL, 0x66282193UL, + 0x61d809ccUL, 0xfb21a991UL, 0x487cac60UL, 0x5dec8032UL, + 0xef845d5dUL, 0xe98575b1UL, + 0xdc262302UL, 0xeb651b88UL, 0x23893e81UL, 0xd396acc5UL, + 0x0f6d6ff3UL, 0x83f44239UL, + 0x2e0b4482UL, 0xa4842004UL, 0x69c8f04aUL, 0x9e1f9b5eUL, + 0x21c66842UL, 0xf6e96c9aUL, + 0x670c9c61UL, 0xabd388f0UL, 0x6a51a0d2UL, 0xd8542f68UL, + 0x960fa728UL, 0xab5133a3UL, + 0x6eef0b6cUL, 0x137a3be4UL, 0xba3bf050UL, 0x7efb2a98UL, + 0xa1f1651dUL, 0x39af0176UL, + 0x66ca593eUL, 0x82430e88UL, 0x8cee8619UL, 0x456f9fb4UL, + 0x7d84a5c3UL, 0x3b8b5ebeUL, + 0xe06f75d8UL, 0x85c12073UL, 0x401a449fUL, 0x56c16aa6UL, + 0x4ed3aa62UL, 0x363f7706UL, + 0x1bfedf72UL, 0x429b023dUL, 0x37d0d724UL, 0xd00a1248UL, + 0xdb0fead3UL, 0x49f1c09bUL, + 0x075372c9UL, 0x80991b7bUL, 0x25d479d8UL, 0xf6e8def7UL, + 0xe3fe501aUL, 0xb6794c3bUL, + 0x976ce0bdUL, 0x04c006baUL, 0xc1a94fb6UL, 0x409f60c4UL, + 0x5e5c9ec2UL, 0x196a2463UL, + 0x68fb6fafUL, 0x3e6c53b5UL, 0x1339b2ebUL, 0x3b52ec6fUL, + 0x6dfc511fUL, 0x9b30952cUL, + 0xcc814544UL, 0xaf5ebd09UL, 0xbee3d004UL, 0xde334afdUL, + 0x660f2807UL, 0x192e4bb3UL, + 0xc0cba857UL, 0x45c8740fUL, 0xd20b5f39UL, 0xb9d3fbdbUL, + 0x5579c0bdUL, 0x1a60320aUL, + 0xd6a100c6UL, 0x402c7279UL, 0x679f25feUL, 0xfb1fa3ccUL, + 0x8ea5e9f8UL, 0xdb3222f8UL, + 0x3c7516dfUL, 0xfd616b15UL, 0x2f501ec8UL, 0xad0552abUL, + 0x323db5faUL, 0xfd238760UL, + 0x53317b48UL, 0x3e00df82UL, 0x9e5c57bbUL, 0xca6f8ca0UL, + 0x1a87562eUL, 0xdf1769dbUL, + 0xd542a8f6UL, 0x287effc3UL, 0xac6732c6UL, 0x8c4f5573UL, + 0x695b27b0UL, 0xbbca58c8UL, + 0xe1ffa35dUL, 0xb8f011a0UL, 0x10fa3d98UL, 0xfd2183b8UL, + 0x4afcb56cUL, 0x2dd1d35bUL, + 0x9a53e479UL, 0xb6f84565UL, 0xd28e49bcUL, 0x4bfb9790UL, + 0xe1ddf2daUL, 0xa4cb7e33UL, + 0x62fb1341UL, 0xcee4c6e8UL, 0xef20cadaUL, 0x36774c01UL, + 0xd07e9efeUL, 0x2bf11fb4UL, + 0x95dbda4dUL, 0xae909198UL, 0xeaad8e71UL, 0x6b93d5a0UL, + 0xd08ed1d0UL, 0xafc725e0UL, + 0x8e3c5b2fUL, 0x8e7594b7UL, 0x8ff6e2fbUL, 0xf2122b64UL, + 0x8888b812UL, 0x900df01cUL, + 0x4fad5ea0UL, 0x688fc31cUL, 0xd1cff191UL, 0xb3a8c1adUL, + 0x2f2f2218UL, 0xbe0e1777UL, + 0xea752dfeUL, 0x8b021fa1UL, 0xe5a0cc0fUL, 0xb56f74e8UL, + 0x18acf3d6UL, 0xce89e299UL, + 0xb4a84fe0UL, 0xfd13e0b7UL, 0x7cc43b81UL, 0xd2ada8d9UL, + 0x165fa266UL, 0x80957705UL, + 0x93cc7314UL, 0x211a1477UL, 0xe6ad2065UL, 0x77b5fa86UL, + 0xc75442f5UL, 0xfb9d35cfUL, + 0xebcdaf0cUL, 0x7b3e89a0UL, 0xd6411bd3UL, 0xae1e7e49UL, + 0x00250e2dUL, 0x2071b35eUL, + 0x226800bbUL, 0x57b8e0afUL, 0x2464369bUL, 0xf009b91eUL, + 0x5563911dUL, 0x59dfa6aaUL, + 0x78c14389UL, 0xd95a537fUL, 0x207d5ba2UL, 0x02e5b9c5UL, + 0x83260376UL, 0x6295cfa9UL, + 0x11c81968UL, 0x4e734a41UL, 0xb3472dcaUL, 0x7b14a94aUL, + 0x1b510052UL, 0x9a532915UL, + 0xd60f573fUL, 0xbc9bc6e4UL, 0x2b60a476UL, 0x81e67400UL, + 0x08ba6fb5UL, 0x571be91fUL, + 0xf296ec6bUL, 0x2a0dd915UL, 0xb6636521UL, 0xe7b9f9b6UL, + 0xff34052eUL, 0xc5855664UL, + 0x53b02d5dUL, 0xa99f8fa1UL, 0x08ba4799UL, 0x6e85076aUL + }; + + uint32 ks1[] = { + 0x4b7a70e9UL, 0xb5b32944UL, 0xdb75092eUL, 0xc4192623UL, + 0xad6ea6b0UL, 0x49a7df7dUL, + 0x9cee60b8UL, 0x8fedb266UL, 0xecaa8c71UL, 0x699a17ffUL, + 0x5664526cUL, 0xc2b19ee1UL, + 0x193602a5UL, 0x75094c29UL, 0xa0591340UL, 0xe4183a3eUL, + 0x3f54989aUL, 0x5b429d65UL, + 0x6b8fe4d6UL, 0x99f73fd6UL, 0xa1d29c07UL, 0xefe830f5UL, + 0x4d2d38e6UL, 0xf0255dc1UL, + 0x4cdd2086UL, 0x8470eb26UL, 0x6382e9c6UL, 0x021ecc5eUL, + 0x09686b3fUL, 0x3ebaefc9UL, + 0x3c971814UL, 0x6b6a70a1UL, 0x687f3584UL, 0x52a0e286UL, + 0xb79c5305UL, 0xaa500737UL, + 0x3e07841cUL, 0x7fdeae5cUL, 0x8e7d44ecUL, 0x5716f2b8UL, + 0xb03ada37UL, 0xf0500c0dUL, + 0xf01c1f04UL, 0x0200b3ffUL, 0xae0cf51aUL, 0x3cb574b2UL, + 0x25837a58UL, 0xdc0921bdUL, + 0xd19113f9UL, 0x7ca92ff6UL, 0x94324773UL, 0x22f54701UL, + 0x3ae5e581UL, 0x37c2dadcUL, + 0xc8b57634UL, 0x9af3dda7UL, 0xa9446146UL, 0x0fd0030eUL, + 0xecc8c73eUL, 0xa4751e41UL, + 0xe238cd99UL, 0x3bea0e2fUL, 0x3280bba1UL, 0x183eb331UL, + 0x4e548b38UL, 0x4f6db908UL, + 0x6f420d03UL, 0xf60a04bfUL, 0x2cb81290UL, 0x24977c79UL, + 0x5679b072UL, 0xbcaf89afUL, + 0xde9a771fUL, 0xd9930810UL, 0xb38bae12UL, 0xdccf3f2eUL, + 0x5512721fUL, 0x2e6b7124UL, + 0x501adde6UL, 0x9f84cd87UL, 0x7a584718UL, 0x7408da17UL, + 0xbc9f9abcUL, 0xe94b7d8cUL, + 0xec7aec3aUL, 0xdb851dfaUL, 0x63094366UL, 0xc464c3d2UL, + 0xef1c1847UL, 0x3215d908UL, + 0xdd433b37UL, 0x24c2ba16UL, 0x12a14d43UL, 0x2a65c451UL, + 0x50940002UL, 0x133ae4ddUL, + 0x71dff89eUL, 0x10314e55UL, 0x81ac77d6UL, 0x5f11199bUL, + 0x043556f1UL, 0xd7a3c76bUL, + 0x3c11183bUL, 0x5924a509UL, 0xf28fe6edUL, 0x97f1fbfaUL, + 0x9ebabf2cUL, 0x1e153c6eUL, + 0x86e34570UL, 0xeae96fb1UL, 0x860e5e0aUL, 0x5a3e2ab3UL, + 0x771fe71cUL, 0x4e3d06faUL, + 0x2965dcb9UL, 0x99e71d0fUL, 0x803e89d6UL, 0x5266c825UL, + 0x2e4cc978UL, 0x9c10b36aUL, + 0xc6150ebaUL, 0x94e2ea78UL, 0xa5fc3c53UL, 0x1e0a2df4UL, + 0xf2f74ea7UL, 0x361d2b3dUL, + 0x1939260fUL, 0x19c27960UL, 0x5223a708UL, 0xf71312b6UL, + 0xebadfe6eUL, 0xeac31f66UL, + 0xe3bc4595UL, 0xa67bc883UL, 0xb17f37d1UL, 0x018cff28UL, + 0xc332ddefUL, 0xbe6c5aa5UL, + 0x65582185UL, 0x68ab9802UL, 0xeecea50fUL, 0xdb2f953bUL, + 0x2aef7dadUL, 0x5b6e2f84UL, + 0x1521b628UL, 0x29076170UL, 0xecdd4775UL, 0x619f1510UL, + 0x13cca830UL, 0xeb61bd96UL, + 0x0334fe1eUL, 0xaa0363cfUL, 0xb5735c90UL, 0x4c70a239UL, + 0xd59e9e0bUL, 0xcbaade14UL, + 0xeecc86bcUL, 0x60622ca7UL, 0x9cab5cabUL, 0xb2f3846eUL, + 0x648b1eafUL, 0x19bdf0caUL, + 0xa02369b9UL, 0x655abb50UL, 0x40685a32UL, 0x3c2ab4b3UL, + 0x319ee9d5UL, 0xc021b8f7UL, + 0x9b540b19UL, 0x875fa099UL, 0x95f7997eUL, 0x623d7da8UL, + 0xf837889aUL, 0x97e32d77UL, + 0x11ed935fUL, 0x16681281UL, 0x0e358829UL, 0xc7e61fd6UL, + 0x96dedfa1UL, 0x7858ba99UL, + 0x57f584a5UL, 0x1b227263UL, 0x9b83c3ffUL, 0x1ac24696UL, + 0xcdb30aebUL, 0x532e3054UL, + 0x8fd948e4UL, 0x6dbc3128UL, 0x58ebf2efUL, 0x34c6ffeaUL, + 0xfe28ed61UL, 0xee7c3c73UL, + 0x5d4a14d9UL, 0xe864b7e3UL, 0x42105d14UL, 0x203e13e0UL, + 0x45eee2b6UL, 0xa3aaabeaUL, + 0xdb6c4f15UL, 0xfacb4fd0UL, 0xc742f442UL, 0xef6abbb5UL, + 0x654f3b1dUL, 0x41cd2105UL, + 0xd81e799eUL, 0x86854dc7UL, 0xe44b476aUL, 0x3d816250UL, + 0xcf62a1f2UL, 0x5b8d2646UL, + 0xfc8883a0UL, 0xc1c7b6a3UL, 0x7f1524c3UL, 0x69cb7492UL, + 0x47848a0bUL, 0x5692b285UL, + 0x095bbf00UL, 0xad19489dUL, 0x1462b174UL, 0x23820e00UL, + 0x58428d2aUL, 0x0c55f5eaUL, + 0x1dadf43eUL, 0x233f7061UL, 0x3372f092UL, 0x8d937e41UL, + 0xd65fecf1UL, 0x6c223bdbUL, + 0x7cde3759UL, 0xcbee7460UL, 0x4085f2a7UL, 0xce77326eUL, + 0xa6078084UL, 0x19f8509eUL, + 0xe8efd855UL, 0x61d99735UL, 0xa969a7aaUL, 0xc50c06c2UL, + 0x5a04abfcUL, 0x800bcadcUL, + 0x9e447a2eUL, 0xc3453484UL, 0xfdd56705UL, 0x0e1e9ec9UL, + 0xdb73dbd3UL, 0x105588cdUL, + 0x675fda79UL, 0xe3674340UL, 0xc5c43465UL, 0x713e38d8UL, + 0x3d28f89eUL, 0xf16dff20UL, + 0x153e21e7UL, 0x8fb03d4aUL, 0xe6e39f2bUL, 0xdb83adf7UL + }; + + uint32 ks2[] = { + 0xe93d5a68UL, 0x948140f7UL, 0xf64c261cUL, 0x94692934UL, + 0x411520f7UL, 0x7602d4f7UL, + 0xbcf46b2eUL, 0xd4a20068UL, 0xd4082471UL, 0x3320f46aUL, + 0x43b7d4b7UL, 0x500061afUL, + 0x1e39f62eUL, 0x97244546UL, 0x14214f74UL, 0xbf8b8840UL, + 0x4d95fc1dUL, 0x96b591afUL, + 0x70f4ddd3UL, 0x66a02f45UL, 0xbfbc09ecUL, 0x03bd9785UL, + 0x7fac6dd0UL, 0x31cb8504UL, + 0x96eb27b3UL, 0x55fd3941UL, 0xda2547e6UL, 0xabca0a9aUL, + 0x28507825UL, 0x530429f4UL, + 0x0a2c86daUL, 0xe9b66dfbUL, 0x68dc1462UL, 0xd7486900UL, + 0x680ec0a4UL, 0x27a18deeUL, + 0x4f3ffea2UL, 0xe887ad8cUL, 0xb58ce006UL, 0x7af4d6b6UL, + 0xaace1e7cUL, 0xd3375fecUL, + 0xce78a399UL, 0x406b2a42UL, 0x20fe9e35UL, 0xd9f385b9UL, + 0xee39d7abUL, 0x3b124e8bUL, + 0x1dc9faf7UL, 0x4b6d1856UL, 0x26a36631UL, 0xeae397b2UL, + 0x3a6efa74UL, 0xdd5b4332UL, + 0x6841e7f7UL, 0xca7820fbUL, 0xfb0af54eUL, 0xd8feb397UL, + 0x454056acUL, 0xba489527UL, + 0x55533a3aUL, 0x20838d87UL, 0xfe6ba9b7UL, 0xd096954bUL, + 0x55a867bcUL, 0xa1159a58UL, + 0xcca92963UL, 0x99e1db33UL, 0xa62a4a56UL, 0x3f3125f9UL, + 0x5ef47e1cUL, 0x9029317cUL, + 0xfdf8e802UL, 0x04272f70UL, 0x80bb155cUL, 0x05282ce3UL, + 0x95c11548UL, 0xe4c66d22UL, + 0x48c1133fUL, 0xc70f86dcUL, 0x07f9c9eeUL, 0x41041f0fUL, + 0x404779a4UL, 0x5d886e17UL, + 0x325f51ebUL, 0xd59bc0d1UL, 0xf2bcc18fUL, 0x41113564UL, + 0x257b7834UL, 0x602a9c60UL, + 0xdff8e8a3UL, 0x1f636c1bUL, 0x0e12b4c2UL, 0x02e1329eUL, + 0xaf664fd1UL, 0xcad18115UL, + 0x6b2395e0UL, 0x333e92e1UL, 0x3b240b62UL, 0xeebeb922UL, + 0x85b2a20eUL, 0xe6ba0d99UL, + 0xde720c8cUL, 0x2da2f728UL, 0xd0127845UL, 0x95b794fdUL, + 0x647d0862UL, 0xe7ccf5f0UL, + 0x5449a36fUL, 0x877d48faUL, 0xc39dfd27UL, 0xf33e8d1eUL, + 0x0a476341UL, 0x992eff74UL, + 0x3a6f6eabUL, 0xf4f8fd37UL, 0xa812dc60UL, 0xa1ebddf8UL, + 0x991be14cUL, 0xdb6e6b0dUL, + 0xc67b5510UL, 0x6d672c37UL, 0x2765d43bUL, 0xdcd0e804UL, + 0xf1290dc7UL, 0xcc00ffa3UL, + 0xb5390f92UL, 0x690fed0bUL, 0x667b9ffbUL, 0xcedb7d9cUL, + 0xa091cf0bUL, 0xd9155ea3UL, + 0xbb132f88UL, 0x515bad24UL, 0x7b9479bfUL, 0x763bd6ebUL, + 0x37392eb3UL, 0xcc115979UL, + 0x8026e297UL, 0xf42e312dUL, 0x6842ada7UL, 0xc66a2b3bUL, + 0x12754cccUL, 0x782ef11cUL, + 0x6a124237UL, 0xb79251e7UL, 0x06a1bbe6UL, 0x4bfb6350UL, + 0x1a6b1018UL, 0x11caedfaUL, + 0x3d25bdd8UL, 0xe2e1c3c9UL, 0x44421659UL, 0x0a121386UL, + 0xd90cec6eUL, 0xd5abea2aUL, + 0x64af674eUL, 0xda86a85fUL, 0xbebfe988UL, 0x64e4c3feUL, + 0x9dbc8057UL, 0xf0f7c086UL, + 0x60787bf8UL, 0x6003604dUL, 0xd1fd8346UL, 0xf6381fb0UL, + 0x7745ae04UL, 0xd736fcccUL, + 0x83426b33UL, 0xf01eab71UL, 0xb0804187UL, 0x3c005e5fUL, + 0x77a057beUL, 0xbde8ae24UL, + 0x55464299UL, 0xbf582e61UL, 0x4e58f48fUL, 0xf2ddfda2UL, + 0xf474ef38UL, 0x8789bdc2UL, + 0x5366f9c3UL, 0xc8b38e74UL, 0xb475f255UL, 0x46fcd9b9UL, + 0x7aeb2661UL, 0x8b1ddf84UL, + 0x846a0e79UL, 0x915f95e2UL, 0x466e598eUL, 0x20b45770UL, + 0x8cd55591UL, 0xc902de4cUL, + 0xb90bace1UL, 0xbb8205d0UL, 0x11a86248UL, 0x7574a99eUL, + 0xb77f19b6UL, 0xe0a9dc09UL, + 0x662d09a1UL, 0xc4324633UL, 0xe85a1f02UL, 0x09f0be8cUL, + 0x4a99a025UL, 0x1d6efe10UL, + 0x1ab93d1dUL, 0x0ba5a4dfUL, 0xa186f20fUL, 0x2868f169UL, + 0xdcb7da83UL, 0x573906feUL, + 0xa1e2ce9bUL, 0x4fcd7f52UL, 0x50115e01UL, 0xa70683faUL, + 0xa002b5c4UL, 0x0de6d027UL, + 0x9af88c27UL, 0x773f8641UL, 0xc3604c06UL, 0x61a806b5UL, + 0xf0177a28UL, 0xc0f586e0UL, + 0x006058aaUL, 0x30dc7d62UL, 0x11e69ed7UL, 0x2338ea63UL, + 0x53c2dd94UL, 0xc2c21634UL, + 0xbbcbee56UL, 0x90bcb6deUL, 0xebfc7da1UL, 0xce591d76UL, + 0x6f05e409UL, 0x4b7c0188UL, + 0x39720a3dUL, 0x7c927c24UL, 0x86e3725fUL, 0x724d9db9UL, + 0x1ac15bb4UL, 0xd39eb8fcUL, + 0xed545578UL, 0x08fca5b5UL, 0xd83d7cd3UL, 0x4dad0fc4UL, + 0x1e50ef5eUL, 0xb161e6f8UL, + 0xa28514d9UL, 0x6c51133cUL, 0x6fd5c7e7UL, 0x56e14ec4UL, + 0x362abfceUL, 0xddc6c837UL, + 0xd79a3234UL, 0x92638212UL, 0x670efa8eUL, 0x406000e0UL + }; + + uint32 ks3[] = { + 0x3a39ce37UL, 0xd3faf5cfUL, 0xabc27737UL, 0x5ac52d1bUL, + 0x5cb0679eUL, 0x4fa33742UL, + 0xd3822740UL, 0x99bc9bbeUL, 0xd5118e9dUL, 0xbf0f7315UL, + 0xd62d1c7eUL, 0xc700c47bUL, + 0xb78c1b6bUL, 0x21a19045UL, 0xb26eb1beUL, 0x6a366eb4UL, + 0x5748ab2fUL, 0xbc946e79UL, + 0xc6a376d2UL, 0x6549c2c8UL, 0x530ff8eeUL, 0x468dde7dUL, + 0xd5730a1dUL, 0x4cd04dc6UL, + 0x2939bbdbUL, 0xa9ba4650UL, 0xac9526e8UL, 0xbe5ee304UL, + 0xa1fad5f0UL, 0x6a2d519aUL, + 0x63ef8ce2UL, 0x9a86ee22UL, 0xc089c2b8UL, 0x43242ef6UL, + 0xa51e03aaUL, 0x9cf2d0a4UL, + 0x83c061baUL, 0x9be96a4dUL, 0x8fe51550UL, 0xba645bd6UL, + 0x2826a2f9UL, 0xa73a3ae1UL, + 0x4ba99586UL, 0xef5562e9UL, 0xc72fefd3UL, 0xf752f7daUL, + 0x3f046f69UL, 0x77fa0a59UL, + 0x80e4a915UL, 0x87b08601UL, 0x9b09e6adUL, 0x3b3ee593UL, + 0xe990fd5aUL, 0x9e34d797UL, + 0x2cf0b7d9UL, 0x022b8b51UL, 0x96d5ac3aUL, 0x017da67dUL, + 0xd1cf3ed6UL, 0x7c7d2d28UL, + 0x1f9f25cfUL, 0xadf2b89bUL, 0x5ad6b472UL, 0x5a88f54cUL, + 0xe029ac71UL, 0xe019a5e6UL, + 0x47b0acfdUL, 0xed93fa9bUL, 0xe8d3c48dUL, 0x283b57ccUL, + 0xf8d56629UL, 0x79132e28UL, + 0x785f0191UL, 0xed756055UL, 0xf7960e44UL, 0xe3d35e8cUL, + 0x15056dd4UL, 0x88f46dbaUL, + 0x03a16125UL, 0x0564f0bdUL, 0xc3eb9e15UL, 0x3c9057a2UL, + 0x97271aecUL, 0xa93a072aUL, + 0x1b3f6d9bUL, 0x1e6321f5UL, 0xf59c66fbUL, 0x26dcf319UL, + 0x7533d928UL, 0xb155fdf5UL, + 0x03563482UL, 0x8aba3cbbUL, 0x28517711UL, 0xc20ad9f8UL, + 0xabcc5167UL, 0xccad925fUL, + 0x4de81751UL, 0x3830dc8eUL, 0x379d5862UL, 0x9320f991UL, + 0xea7a90c2UL, 0xfb3e7bceUL, + 0x5121ce64UL, 0x774fbe32UL, 0xa8b6e37eUL, 0xc3293d46UL, + 0x48de5369UL, 0x6413e680UL, + 0xa2ae0810UL, 0xdd6db224UL, 0x69852dfdUL, 0x09072166UL, + 0xb39a460aUL, 0x6445c0ddUL, + 0x586cdecfUL, 0x1c20c8aeUL, 0x5bbef7ddUL, 0x1b588d40UL, + 0xccd2017fUL, 0x6bb4e3bbUL, + 0xdda26a7eUL, 0x3a59ff45UL, 0x3e350a44UL, 0xbcb4cdd5UL, + 0x72eacea8UL, 0xfa6484bbUL, + 0x8d6612aeUL, 0xbf3c6f47UL, 0xd29be463UL, 0x542f5d9eUL, + 0xaec2771bUL, 0xf64e6370UL, + 0x740e0d8dUL, 0xe75b1357UL, 0xf8721671UL, 0xaf537d5dUL, + 0x4040cb08UL, 0x4eb4e2ccUL, + 0x34d2466aUL, 0x0115af84UL, 0xe1b00428UL, 0x95983a1dUL, + 0x06b89fb4UL, 0xce6ea048UL, + 0x6f3f3b82UL, 0x3520ab82UL, 0x011a1d4bUL, 0x277227f8UL, + 0x611560b1UL, 0xe7933fdcUL, + 0xbb3a792bUL, 0x344525bdUL, 0xa08839e1UL, 0x51ce794bUL, + 0x2f32c9b7UL, 0xa01fbac9UL, + 0xe01cc87eUL, 0xbcc7d1f6UL, 0xcf0111c3UL, 0xa1e8aac7UL, + 0x1a908749UL, 0xd44fbd9aUL, + 0xd0dadecbUL, 0xd50ada38UL, 0x0339c32aUL, 0xc6913667UL, + 0x8df9317cUL, 0xe0b12b4fUL, + 0xf79e59b7UL, 0x43f5bb3aUL, 0xf2d519ffUL, 0x27d9459cUL, + 0xbf97222cUL, 0x15e6fc2aUL, + 0x0f91fc71UL, 0x9b941525UL, 0xfae59361UL, 0xceb69cebUL, + 0xc2a86459UL, 0x12baa8d1UL, + 0xb6c1075eUL, 0xe3056a0cUL, 0x10d25065UL, 0xcb03a442UL, + 0xe0ec6e0eUL, 0x1698db3bUL, + 0x4c98a0beUL, 0x3278e964UL, 0x9f1f9532UL, 0xe0d392dfUL, + 0xd3a0342bUL, 0x8971f21eUL, + 0x1b0a7441UL, 0x4ba3348cUL, 0xc5be7120UL, 0xc37632d8UL, + 0xdf359f8dUL, 0x9b992f2eUL, + 0xe60b6f47UL, 0x0fe3f11dUL, 0xe54cda54UL, 0x1edad891UL, + 0xce6279cfUL, 0xcd3e7e6fUL, + 0x1618b166UL, 0xfd2c1d05UL, 0x848fd2c5UL, 0xf6fb2299UL, + 0xf523f357UL, 0xa6327623UL, + 0x93a83531UL, 0x56cccd02UL, 0xacf08162UL, 0x5a75ebb5UL, + 0x6e163697UL, 0x88d273ccUL, + 0xde966292UL, 0x81b949d0UL, 0x4c50901bUL, 0x71c65614UL, + 0xe6c6c7bdUL, 0x327a140aUL, + 0x45e1d006UL, 0xc3f27b9aUL, 0xc9aa53fdUL, 0x62a80f00UL, + 0xbb25bfe2UL, 0x35bdd2f6UL, + 0x71126905UL, 0xb2040222UL, 0xb6cbcf7cUL, 0xcd769c2bUL, + 0x53113ec0UL, 0x1640e3d3UL, + 0x38abbd60UL, 0x2547adf0UL, 0xba38209cUL, 0xf746ce76UL, + 0x77afa1c5UL, 0x20756060UL, + 0x85cbfe4eUL, 0x8ae88dd8UL, 0x7aaaf9b0UL, 0x4cf9aa7eUL, + 0x1948c25cUL, 0x02fb8a8cUL, + 0x01c36ae4UL, 0xd6ebe1f9UL, 0x90d4f869UL, 0xa65cdea0UL, + 0x3f09252dUL, 0xc208e69fUL, + 0xb74e6132UL, 0xce77e25bUL, 0x578fdfe3UL, 0x3ac372e6UL + }; + + + uint32 pi[] = { + 0x243f6a88UL, 0x85a308d3UL, 0x13198a2eUL, 0x03707344UL, + 0xa4093822UL, 0x299f31d0UL, + 0x082efa98UL, 0xec4e6c89UL, 0x452821e6UL, 0x38d01377UL, + 0xbe5466cfUL, 0x34e90c6cUL, + 0xc0ac29b7UL, 0xc97c50ddUL, 0x3f84d5b5UL, 0xb5470917UL, + 0x9216d5d9UL, 0x8979fb1bUL + }; + + +/* Initialize s-boxes without file read. */ + for (i = 0; i < 256; i++) { + c->S[0][i] = ks0[i]; + c->S[1][i] = ks1[i]; + c->S[2][i] = ks2[i]; + c->S[3][i] = ks3[i]; + } + +/* P-boxes */ + for (i = 0; i < 18; i++) { + c->P[i] = pi[i]; + } + return 0; +} + +static short _blf_ExpandKey(blf_ctx * c, const uint8 * key, short keybytes, + const uint8 * bsalt) +{ + short i, j; + int k; + uint32 data, temp[2]; + uint32 wsalt[4]; + + if (bsalt != NULL) { + wsalt[0] = 0x00000000; + wsalt[1] = 0x00000000; + wsalt[2] = 0x00000000; + wsalt[3] = 0x00000000; + for (i = 0; i < 4; i++) { + wsalt[0] = (wsalt[0] << 8) | bsalt[i]; + wsalt[1] = (wsalt[1] << 8) | bsalt[i + 4]; + wsalt[2] = (wsalt[2] << 8) | bsalt[i + 8]; + wsalt[3] = (wsalt[3] << 8) | bsalt[i + 12]; + } + } + + temp[0] = temp[1] = 0x00000000; + + j = 0; + /* Step 1: XOR the Pbox with the key */ + for (i = 0; i < BF_N + 2; i++) { + data = 0x00000000; + data = (data << 8) | key[(j) % keybytes]; + data = (data << 8) | key[(j + 1) % keybytes]; + data = (data << 8) | key[(j + 2) % keybytes]; + data = (data << 8) | key[(j + 3) % keybytes]; + + c->P[i] ^= data; + j = (j + 4) % keybytes; + } + + k = 2; /* This should be 0 ??? */ + /* Step 2: Use the salt on Pbox */ + for (i = 0; i < BF_N + 2; i += 2) { + if (bsalt != NULL) { + temp[0] ^= wsalt[(k + 2) % 4]; + temp[1] ^= wsalt[(k + 3) % 4]; + k = (k + 2) % 4; + } + enblf_noswap(c, temp); + c->P[i] = temp[0]; + c->P[i + 1] = temp[1]; + } + + for (i = 0; i < 4; i++) { + for (j = 0; j < 256; j += 2) { + if (bsalt != NULL) { + temp[0] ^= wsalt[(k + 2) % 4]; + temp[1] ^= wsalt[(k + 3) % 4]; + k = (k + 2) % 4; + } + enblf_noswap(c, temp); + c->S[i][j] = temp[0]; + c->S[i][j + 1] = temp[1]; + + } + } + return 0; +} + + + + +static blf_ctx *_blf_init(uint8 * salt, const char *key, int key_len, + int cost) +{ + blf_ctx *state = gnutls_malloc(sizeof(blf_ctx)); + uint32 i, rcost; + + if (state==NULL) + return NULL; + + rcost = (uint32) 1 << cost; /* 2^cost */ + + initialize_blowfish(state); + _blf_ExpandKey(state, (uint8 *) key, key_len, salt); + for (i = 0; i < rcost; i++) { + /* these should have been in reverse order */ + _blf_ExpandKey(state, (uint8 *) key, key_len, NULL); + _blf_ExpandKey(state, salt, 16, NULL); + } + return state; +} + +static void _blf_deinit(blf_ctx * ctx) +{ + gnutls_free(ctx); +} +static const char magic[] = "$2$"; + +#define B64TEXT "OrpheanBeholderScryDoubt" + +char *crypt_bcrypt(const char* username, const char *passwd, const char *salt, GNUTLS_MPI g, GNUTLS_MPI n) +{ + unsigned char *sp; + blf_ctx *ctx; + unsigned char text[24]; + uint8 *csalt; + uint8 *rtext; + uint8 cost; + int i, salt_size = strlen(salt), len; + unsigned char *local_salt, *v; + int passwd_len, vsize, tmpsize; + opaque *tmp; + + /* copy username+null+B64TEXT to text */ + strncpy( text, username, sizeof(text)); + if ( ( sizeof(text)-strlen(username) - 1 ) > 0) + strncpy( &text[strlen(username)+1], B64TEXT, sizeof(text)-strlen(username)-1); + + passwd_len = strlen(passwd) + 1; /* we want the null also */ + if (passwd_len > 56) + passwd_len = 56; + + local_salt = gnutls_malloc(salt_size + 1); + if (local_salt==NULL) { + gnutls_assert(); + return NULL; + } + strcpy((char *) local_salt, salt); /* Flawfinder: ignore */ + + sp = index( local_salt, ':'); /* move to salt - after verifier */ + if (sp==NULL) { + gnutls_assert(); + return NULL; + } + sp++; + + len = (int)rindex(sp, ':'); + if (len==0) { /* no ':' was found */ + len = strlen(sp); + } else + len -= (int) sp; + + if (_gnutls_sbase64_decode(sp, len, &csalt) < 0) { + gnutls_assert(); + return NULL; + } + + cost = (int) csalt[0]; + ctx = _blf_init(&csalt[1], passwd, passwd_len, cost); + gnutls_free(csalt); + + if (ctx==NULL) { + return NULL; + } + + for (i = 0; i < 64; i++) { + _blf_encrypt(ctx, (uint8 *) text); + _blf_encrypt(ctx, (uint8 *) & text[8]); + _blf_encrypt(ctx, (uint8 *) & text[16]); + } + + /* v = g^x mod n */ + vsize = _gnutls_srp_gx(text, 8 * 3, &v, g, n); + if (vsize == -1 || v == NULL) { + gnutls_assert(); + return NULL; + } + + if (_gnutls_sbase64_encode(v, vsize, &rtext) < 0) { + gnutls_free(v); + gnutls_assert(); + return NULL; + } + gnutls_free(v); + + tmpsize = strlen(magic) + 3 + strlen(sp) + 1 + strlen(rtext) + 1; + tmp = + gnutls_malloc( tmpsize); + if (tmp==NULL) { + gnutls_assert(); + return NULL; + } + + sprintf(tmp, "%s%s:%s", magic, rtext, sp); /* Flawfinder: ignore */ + + gnutls_free(local_salt); + gnutls_free(rtext); + + _blf_deinit(ctx); + return tmp; +} + +/* cost is stored as the first byte in salt (thus < 255) which is + * just fine! + */ +char *crypt_bcrypt_wrapper(const char* username, const char *pass_new, int cost, GNUTLS_MPI g, GNUTLS_MPI n) +{ + opaque *result; + char *tcp; + uint8 rand[17]; + char *e = NULL; + int result_size; + + if (_gnutls_get_random(&rand[1], 17, GNUTLS_WEAK_RANDOM) < 0 ) { + gnutls_assert(); + return NULL; + } + /* cost should be <32 and >6 */ + if (cost >= 32) + cost = 31; + if (cost < 1) + cost = 1; + + rand[0] = (uint8) cost; + result_size = _gnutls_sbase64_encode( rand, 17, &result); + + if (result_size < 0) { + gnutls_assert(); + return NULL; + } + + tcp = gnutls_calloc(1, 1 + result_size + 1); + sprintf(tcp, ":%s", result); /* Flawfinder: ignore */ + + gnutls_free(result); + + + e = crypt_bcrypt(username, pass_new, (const char *) tcp, g, n); + gnutls_free(tcp); + + return e; +} + +#define BCRYPT_SIZE 24 +int _gnutls_calc_srp_bcrypt(const char* username, const char *passwd, opaque * salt, int salt_size, int* size, void* digest) +{ + blf_ctx *ctx; + opaque text[BCRYPT_SIZE]; + int passwd_len, i; + + strncpy( text, username, sizeof(text)); + if ( (sizeof(text)-strlen(username)-1) > 0) + strncpy( &text[strlen(username)+1], B64TEXT, sizeof(text)-strlen(username)-1); + + *size = sizeof(text); + + /* we need 16 + cost */ + if (salt_size < 17) return -1; + + passwd_len = strlen(passwd) + 1; /* we want the null also */ + if (passwd_len > 56) + passwd_len = 56; + + ctx = _blf_init(&salt[1], passwd, passwd_len, (int)(salt[0])); + if (ctx==NULL) { + return GNUTLS_E_MEMORY_ERROR; + } + + for (i = 0; i < 64; i++) { + _blf_encrypt(ctx, (uint8 *) text); + _blf_encrypt(ctx, (uint8 *) & text[8]); + _blf_encrypt(ctx, (uint8 *) & text[16]); + } + + _blf_deinit(ctx); + + memcpy( digest, text, BCRYPT_SIZE); + return 0; +} + +#endif /* ENABLE_SRP */ |