1 files changed, 314 insertions, 0 deletions
diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3
new file mode 100644
index 0000000000..5f0f1cdba8
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.3
@@ -0,0 +1,314 @@
+.\" $OpenBSD: crypt.3,v 1.19 2002/01/24 20:33:45 mickey Exp $
+.\"
+.\" FreeSec: libcrypt
+.\"
+.\" Copyright (c) 1994 David Burren
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 4. Neither the name of the author nor the names of other contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" Manual page, using -mandoc macros
+.\"
+.Dd March 9, 1994
+.Dt CRYPT 3
+.Os
+.Sh NAME
+.Nm crypt ,
+.Nm setkey ,
+.Nm encrypt ,
+.Nm des_setkey ,
+.Nm des_cipher
+.Nd DES encryption
+.Sh SYNOPSIS
+.Fd #include <unistd.h>
+.Ft char *
+.Fn crypt "const char *key" "const char *setting"
+.Ft int
+.Fn setkey "char *key"
+.Ft int
+.Fn encrypt "char *block" "int flag"
+.Ft int
+.Fn des_setkey "const char *key"
+.Ft int
+.Fn des_cipher "const char *in" "char *out" "int32_t salt" "int count"
+.Sh DESCRIPTION
+The
+.Fn crypt
+function performs password encryption based on the
+.Tn NBS
+Data Encryption Standard (DES).
+Additional code has been added to deter key search attempts and to use
+stronger hashing algorithms.
+.Pp
+The first argument to
+.Fn crypt
+is a
+.Dv null Ns -terminated
+string, typically a user's typed password.
+The second is in one of three forms:
+if it begins with an underscore
+.Pq Ql _
+then an extended format is used
+in interpreting both the key and the setting, as outlined below.
+If it begins
+with a string character
+.Pq Ql $
+and a number then a different algorithm is used depending on the number.
+At the moment a
+.Ql $1
+chooses MD5 hashing and a
+.Ql $2
+chooses Blowfish hashing; see below for more information.
+.Ss Extended crypt
+The
+.Ar key
+is divided into groups of 8 characters (the last group is null-padded)
+and the low-order 7 bits of each character (56 bits per group) are
+used to form the DES key as follows:
+the first group of 56 bits becomes the initial DES key.
+For each additional group, the XOR of the encryption of the current DES
+key with itself and the group bits becomes the next DES key.
+.Pp
+The setting is a 9-character array consisting of an underscore followed
+by 4 bytes of iteration count and 4 bytes of salt.
+These are encoded as printable characters, 6 bits per character,
+least significant character first.
+The values 0 to 63 are encoded as
+.Dq \&./0-9A-Za-z .
+This allows 24 bits for both
+.Fa count
+and
+.Fa salt .
+.Ss "MD5" crypt
+For
+.Tn MD5
+crypt the version number,
+.Fa salt
+and the hashed password are separated by the
+.Ql $
+character.
+The maximum length of a password is limited by
+the length counter of the MD5 context, which is about
+2**64.
+A valid MD5 password entry looks like this:
+.Pp
+.Dq $1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1 .
+.Pp
+The whole MD5 password string is passed as
+.Fa setting
+for interpretation.
+.Ss "Blowfish" crypt
+The
+.Tn Blowfish
+version of crypt has 128 bits of
+.Fa salt
+in order to make building dictionaries of common passwords space consuming.
+The initial state of the
+.Tn Blowfish
+cipher is expanded using the
+.Fa salt
+and the
+.Fa password
+repeating the process a variable number of rounds, which is encoded in
+the password string.
+The maximum password length is 72.
+The final Blowfish password entry is created by encrypting the string
+.Pp
+.Dq OrpheanBeholderScryDoubt
+.Pp
+with the
+.Tn Blowfish
+state 64 times.
+.Pp
+The version number, the logarithm of the number of rounds and
+the concatenation of salt and hashed password are separated by the
+.Ql $
+character.
+An encoded
+.Sq 8
+would specify 256 rounds.
+A valid Blowfish password looks like this:
+.Pp
+.Dq $2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC .
+.Pp
+The whole Blowfish password string is passed as
+.Fa setting
+for interpretation.
+.Ss "Traditional" crypt
+The first 8 bytes of the key are null-padded, and the low-order 7 bits of
+each character is used to form the 56-bit
+.Tn DES
+key.
+.Pp
+The setting is a 2-character array of the ASCII-encoded salt.
+Thus only 12 bits of
+.Fa salt
+are used.
+.Fa count
+is set to 25.
+.Ss DES Algorithm
+The
+.Fa salt
+introduces disorder in the
+.Tn DES
+algorithm in one of 16777216 or 4096 possible ways
+(i.e., with 24 or 12 bits: if bit
+.Em i
+of the
+.Ar salt
+is set, then bits
+.Em i
+and
+.Em i+24
+are swapped in the
+.Tn DES
+E-box output).
+.Pp
+The DES key is used to encrypt a 64-bit constant using
+.Ar count
+iterations of
+.Tn DES .
+The value returned is a
+.Dv null Ns -terminated
+string, 20 or 13 bytes (plus null) in length, consisting of the
+.Ar setting
+followed by the encoded 64-bit encryption.
+.Pp
+The functions
+.Fn encrypt ,
+.Fn setkey ,
+.Fn des_setkey ,
+and
+.Fn des_cipher
+provide access to the
+.Tn DES
+algorithm itself.
+.Fn setkey
+is passed a 64-byte array of binary values (numeric 0 or 1).
+A 56-bit key is extracted from this array by dividing the
+array into groups of 8, and ignoring the last bit in each group.
+That bit is reserved for a byte parity check by DES, but is ignored
+by these functions.
+.Pp
+The
+.Fa block
+argument to
+.Fn encrypt
+is also a 64-byte array of binary values.
+If the value of
+.Fa flag
+is 0,
+.Fa block
+is encrypted otherwise it is decrypted.
+The result is returned in the original array
+.Fa block
+after using the key specified by
+.Fn setkey
+to process it.
+.Pp
+The argument to
+.Fn des_setkey
+is a character array of length 8.
+The least significant bit (the parity bit) in each character is ignored,
+and the remaining bits are concatenated to form a 56-bit key.
+The function
+.Fn des_cipher
+encrypts (or decrypts if
+.Fa count
+is negative) the 64-bits stored in the 8 characters at
+.Fa in
+using
+.Xr abs 3
+of
+.Fa count
+iterations of
+.Tn DES
+and stores the 64-bit result in the 8 characters at
+.Fa out
+(which may be the same as
+.Fa in ) .
+The
+.Fa salt
+specifies perturbations to the
+.Tn DES
+E-box output as described above.
+.Pp
+The function
+.Fn crypt
+returns a pointer to the encrypted value on success, and
+.Dv NULL
+on failure.
+The functions
+.Fn setkey ,
+.Fn encrypt ,
+.Fn des_setkey ,
+and
+.Fn des_cipher
+return 0 on success and 1 on failure.
+.Pp
+The
+.Fn crypt ,
+.Fn setkey ,
+and
+.Fn des_setkey
+functions all manipulate the same key space.
+.Sh SEE ALSO
+.Xr login 1 ,
+.Xr passwd 1 ,
+.Xr blowfish 3 ,
+.Xr getpass 3 ,
+.Xr md5 3 ,
+.Xr passwd 5
+.Sh AUTHORS
+David Burren <davidb@werj.com.au>
+.Sh HISTORY
+A rotor-based
+.Fn crypt
+function appeared in
+.At v3 .
+The current style
+.Fn crypt
+first appeared in
+.At v7 .
+.Pp
+This library (FreeSec 1.0) was developed outside the United States of America
+as an unencumbered replacement for the U.S.-only libcrypt encryption
+library.
+Programs linked against the
+.Fn crypt
+interface may be exported from the U.S.A. only if they use
+.Fn crypt
+solely for authentication purposes and avoid use of
+the other programmer interfaces listed above.
+Special care has been taken
+in the library so that programs which only use the
+.Fn crypt
+interface do not pull in the other components.
+.Sh BUGS
+The
+.Fn crypt
+function returns a pointer to static data, and subsequent calls to
+.Fn crypt
+will modify the same object.

diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3 new file mode 100644 index 0000000000..5f0f1cdba8 --- /dev/null +++ b/src/lib/libc/crypt/crypt.3
@@ -0,0 +1,314 @@
	1	.\" $OpenBSD: crypt.3,v 1.19 2002/01/24 20:33:45 mickey Exp $
	2	.\"
	3	.\" FreeSec: libcrypt
	4	.\"
	5	.\" Copyright (c) 1994 David Burren
	6	.\" All rights reserved.
	7	.\"
	8	.\" Redistribution and use in source and binary forms, with or without
	9	.\" modification, are permitted provided that the following conditions
	10	.\" are met:
	11	.\" 1. Redistributions of source code must retain the above copyright
	12	.\" notice, this list of conditions and the following disclaimer.
	13	.\" 2. Redistributions in binary form must reproduce the above copyright
	14	.\" notice, this list of conditions and the following disclaimer in the
	15	.\" documentation and/or other materials provided with the distribution.
	16	.\" 4. Neither the name of the author nor the names of other contributors
	17	.\" may be used to endorse or promote products derived from this software
	18	.\" without specific prior written permission.
	19	.\"
	20	.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
	21	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	22	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	23	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	24	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	25	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	26	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	27	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	28	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	29	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	30	.\" SUCH DAMAGE.
	31	.\"
	32	.\" Manual page, using -mandoc macros
	33	.\"
	34	.Dd March 9, 1994
	35	.Dt CRYPT 3
	36	.Os
	37	.Sh NAME
	38	.Nm crypt ,
	39	.Nm setkey ,
	40	.Nm encrypt ,
	41	.Nm des_setkey ,
	42	.Nm des_cipher
	43	.Nd DES encryption
	44	.Sh SYNOPSIS
	45	.Fd #include <unistd.h>
	46	.Ft char *
	47	.Fn crypt "const char key" "const char setting"
	48	.Ft int
	49	.Fn setkey "char *key"
	50	.Ft int
	51	.Fn encrypt "char *block" "int flag"
	52	.Ft int
	53	.Fn des_setkey "const char *key"
	54	.Ft int
	55	.Fn des_cipher "const char in" "char out" "int32_t salt" "int count"
	56	.Sh DESCRIPTION
	57	The
	58	.Fn crypt
	59	function performs password encryption based on the
	60	.Tn NBS
	61	Data Encryption Standard (DES).
	62	Additional code has been added to deter key search attempts and to use
	63	stronger hashing algorithms.
	64	.Pp
	65	The first argument to
	66	.Fn crypt
	67	is a
	68	.Dv null Ns -terminated
	69	string, typically a user's typed password.
	70	The second is in one of three forms:
	71	if it begins with an underscore
	72	.Pq Ql _
	73	then an extended format is used
	74	in interpreting both the key and the setting, as outlined below.
	75	If it begins
	76	with a string character
	77	.Pq Ql $
	78	and a number then a different algorithm is used depending on the number.
	79	At the moment a
	80	.Ql $1
	81	chooses MD5 hashing and a
	82	.Ql $2
	83	chooses Blowfish hashing; see below for more information.
	84	.Ss Extended crypt
	85	The
	86	.Ar key
	87	is divided into groups of 8 characters (the last group is null-padded)
	88	and the low-order 7 bits of each character (56 bits per group) are
	89	used to form the DES key as follows:
	90	the first group of 56 bits becomes the initial DES key.
	91	For each additional group, the XOR of the encryption of the current DES
	92	key with itself and the group bits becomes the next DES key.
	93	.Pp
	94	The setting is a 9-character array consisting of an underscore followed
	95	by 4 bytes of iteration count and 4 bytes of salt.
	96	These are encoded as printable characters, 6 bits per character,
	97	least significant character first.
	98	The values 0 to 63 are encoded as
	99	.Dq \&./0-9A-Za-z .
	100	This allows 24 bits for both
	101	.Fa count
	102	and
	103	.Fa salt .
	104	.Ss "MD5" crypt
	105	For
	106	.Tn MD5
	107	crypt the version number,
	108	.Fa salt
	109	and the hashed password are separated by the
	110	.Ql $
	111	character.
	112	The maximum length of a password is limited by
	113	the length counter of the MD5 context, which is about
	114	2**64.
	115	A valid MD5 password entry looks like this:
	116	.Pp
	117	.Dq $1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1 .
	118	.Pp
	119	The whole MD5 password string is passed as
	120	.Fa setting
	121	for interpretation.
	122	.Ss "Blowfish" crypt
	123	The
	124	.Tn Blowfish
	125	version of crypt has 128 bits of
	126	.Fa salt
	127	in order to make building dictionaries of common passwords space consuming.
	128	The initial state of the
	129	.Tn Blowfish
	130	cipher is expanded using the
	131	.Fa salt
	132	and the
	133	.Fa password
	134	repeating the process a variable number of rounds, which is encoded in
	135	the password string.
	136	The maximum password length is 72.
	137	The final Blowfish password entry is created by encrypting the string
	138	.Pp
	139	.Dq OrpheanBeholderScryDoubt
	140	.Pp
	141	with the
	142	.Tn Blowfish
	143	state 64 times.
	144	.Pp
	145	The version number, the logarithm of the number of rounds and
	146	the concatenation of salt and hashed password are separated by the
	147	.Ql $
	148	character.
	149	An encoded
	150	.Sq 8
	151	would specify 256 rounds.
	152	A valid Blowfish password looks like this:
	153	.Pp
	154	.Dq $2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC .
	155	.Pp
	156	The whole Blowfish password string is passed as
	157	.Fa setting
	158	for interpretation.
	159	.Ss "Traditional" crypt
	160	The first 8 bytes of the key are null-padded, and the low-order 7 bits of
	161	each character is used to form the 56-bit
	162	.Tn DES
	163	key.
	164	.Pp
	165	The setting is a 2-character array of the ASCII-encoded salt.
	166	Thus only 12 bits of
	167	.Fa salt
	168	are used.
	169	.Fa count
	170	is set to 25.
	171	.Ss DES Algorithm
	172	The
	173	.Fa salt
	174	introduces disorder in the
	175	.Tn DES
	176	algorithm in one of 16777216 or 4096 possible ways
	177	(i.e., with 24 or 12 bits: if bit
	178	.Em i
	179	of the
	180	.Ar salt
	181	is set, then bits
	182	.Em i
	183	and
	184	.Em i+24
	185	are swapped in the
	186	.Tn DES
	187	E-box output).
	188	.Pp
	189	The DES key is used to encrypt a 64-bit constant using
	190	.Ar count
	191	iterations of
	192	.Tn DES .
	193	The value returned is a
	194	.Dv null Ns -terminated
	195	string, 20 or 13 bytes (plus null) in length, consisting of the
	196	.Ar setting
	197	followed by the encoded 64-bit encryption.
	198	.Pp
	199	The functions
	200	.Fn encrypt ,
	201	.Fn setkey ,
	202	.Fn des_setkey ,
	203	and
	204	.Fn des_cipher
	205	provide access to the
	206	.Tn DES
	207	algorithm itself.
	208	.Fn setkey
	209	is passed a 64-byte array of binary values (numeric 0 or 1).
	210	A 56-bit key is extracted from this array by dividing the
	211	array into groups of 8, and ignoring the last bit in each group.
	212	That bit is reserved for a byte parity check by DES, but is ignored
	213	by these functions.
	214	.Pp
	215	The
	216	.Fa block
	217	argument to
	218	.Fn encrypt
	219	is also a 64-byte array of binary values.
	220	If the value of
	221	.Fa flag
	222	is 0,
	223	.Fa block
	224	is encrypted otherwise it is decrypted.
	225	The result is returned in the original array
	226	.Fa block
	227	after using the key specified by
	228	.Fn setkey
	229	to process it.
	230	.Pp
	231	The argument to
	232	.Fn des_setkey
	233	is a character array of length 8.
	234	The least significant bit (the parity bit) in each character is ignored,
	235	and the remaining bits are concatenated to form a 56-bit key.
	236	The function
	237	.Fn des_cipher
	238	encrypts (or decrypts if
	239	.Fa count
	240	is negative) the 64-bits stored in the 8 characters at
	241	.Fa in
	242	using
	243	.Xr abs 3
	244	of
	245	.Fa count
	246	iterations of
	247	.Tn DES
	248	and stores the 64-bit result in the 8 characters at
	249	.Fa out
	250	(which may be the same as
	251	.Fa in ) .
	252	The
	253	.Fa salt
	254	specifies perturbations to the
	255	.Tn DES
	256	E-box output as described above.
	257	.Pp
	258	The function
	259	.Fn crypt
	260	returns a pointer to the encrypted value on success, and
	261	.Dv NULL
	262	on failure.
	263	The functions
	264	.Fn setkey ,
	265	.Fn encrypt ,
	266	.Fn des_setkey ,
	267	and
	268	.Fn des_cipher
	269	return 0 on success and 1 on failure.
	270	.Pp
	271	The
	272	.Fn crypt ,
	273	.Fn setkey ,
	274	and
	275	.Fn des_setkey
	276	functions all manipulate the same key space.
	277	.Sh SEE ALSO
	278	.Xr login 1 ,
	279	.Xr passwd 1 ,
	280	.Xr blowfish 3 ,
	281	.Xr getpass 3 ,
	282	.Xr md5 3 ,
	283	.Xr passwd 5
	284	.Sh AUTHORS
	285	David Burren <davidb@werj.com.au>
	286	.Sh HISTORY
	287	A rotor-based
	288	.Fn crypt
	289	function appeared in
	290	.At v3 .
	291	The current style
	292	.Fn crypt
	293	first appeared in
	294	.At v7 .
	295	.Pp
	296	This library (FreeSec 1.0) was developed outside the United States of America
	297	as an unencumbered replacement for the U.S.-only libcrypt encryption
	298	library.
	299	Programs linked against the
	300	.Fn crypt
	301	interface may be exported from the U.S.A. only if they use
	302	.Fn crypt
	303	solely for authentication purposes and avoid use of
	304	the other programmer interfaces listed above.
	305	Special care has been taken
	306	in the library so that programs which only use the
	307	.Fn crypt
	308	interface do not pull in the other components.
	309	.Sh BUGS
	310	The
	311	.Fn crypt
	312	function returns a pointer to static data, and subsequent calls to
	313	.Fn crypt
	314	will modify the same object.