summaryrefslogtreecommitdiff
path: root/src/lib/libc/crypt
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libc/crypt/Makefile.inc8
-rw-r--r--src/lib/libc/crypt/arc4random.3116
-rw-r--r--src/lib/libc/crypt/arc4random.c198
-rw-r--r--src/lib/libc/crypt/arc4random.h61
-rw-r--r--src/lib/libc/crypt/arc4random_uniform.c57
-rw-r--r--src/lib/libc/crypt/bcrypt.c397
-rw-r--r--src/lib/libc/crypt/blowfish.3106
-rw-r--r--src/lib/libc/crypt/blowfish.c698
-rw-r--r--src/lib/libc/crypt/chacha_private.h222
-rw-r--r--src/lib/libc/crypt/crypt.3144
-rw-r--r--src/lib/libc/crypt/crypt.c22
-rw-r--r--src/lib/libc/crypt/crypt_checkpass.3112
-rw-r--r--src/lib/libc/crypt/cryptutil.c97
13 files changed, 0 insertions, 2238 deletions
diff --git a/src/lib/libc/crypt/Makefile.inc b/src/lib/libc/crypt/Makefile.inc
deleted file mode 100644
index e9263b09fe..0000000000
--- a/src/lib/libc/crypt/Makefile.inc
+++ /dev/null
@@ -1,8 +0,0 @@
1# $OpenBSD: Makefile.inc,v 1.27 2016/03/30 06:38:41 jmc Exp $
2
3.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/crypt ${LIBCSRCDIR}/crypt
4
5SRCS+= crypt.c cryptutil.c arc4random.c arc4random_uniform.c \
6 blowfish.c bcrypt.c
7
8MAN+= crypt.3 crypt_checkpass.3 blowfish.3 arc4random.3
diff --git a/src/lib/libc/crypt/arc4random.3 b/src/lib/libc/crypt/arc4random.3
deleted file mode 100644
index 411860c28f..0000000000
--- a/src/lib/libc/crypt/arc4random.3
+++ /dev/null
@@ -1,116 +0,0 @@
1.\" $OpenBSD: arc4random.3,v 1.37 2019/09/29 16:30:35 jmc Exp $
2.\"
3.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\" notice, this list of conditions and the following disclaimer in the
13.\" documentation and/or other materials provided with the distribution.
14.\" 3. All advertising materials mentioning features or use of this software
15.\" must display the following acknowledgement:
16.\" This product includes software developed by Niels Provos.
17.\" 4. The name of the author may not be used to endorse or promote products
18.\" derived from this software without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30.\"
31.\" Manual page, using -mandoc macros
32.\"
33.Dd $Mdocdate: September 29 2019 $
34.Dt ARC4RANDOM 3
35.Os
36.Sh NAME
37.Nm arc4random ,
38.Nm arc4random_buf ,
39.Nm arc4random_uniform
40.Nd random number generator
41.Sh SYNOPSIS
42.In stdlib.h
43.Ft uint32_t
44.Fn arc4random "void"
45.Ft void
46.Fn arc4random_buf "void *buf" "size_t nbytes"
47.Ft uint32_t
48.Fn arc4random_uniform "uint32_t upper_bound"
49.Sh DESCRIPTION
50This family of functions provides higher quality data than those
51described in
52.Xr rand 3 ,
53.Xr random 3 ,
54and
55.Xr rand48 3 .
56.Pp
57Use of these functions is encouraged for almost all random number
58consumption because the other interfaces are deficient in either
59quality, portability, standardization, or availability.
60These functions can be called in almost all coding environments,
61including
62.Xr pthreads 3
63and
64.Xr chroot 2 .
65.Pp
66High quality 32-bit pseudo-random numbers are generated very quickly.
67On each call, a cryptographic pseudo-random number generator is used
68to generate a new result.
69One data pool is used for all consumers in a process, so that consumption
70under program flow can act as additional stirring.
71The subsystem is re-seeded from the kernel
72.Xr random 4
73subsystem using
74.Xr getentropy 2
75on a regular basis, and also upon
76.Xr fork 2 .
77.Pp
78The
79.Fn arc4random
80function returns a single 32-bit value.
81.Pp
82.Fn arc4random_buf
83fills the region
84.Fa buf
85of length
86.Fa nbytes
87with random data.
88.Pp
89.Fn arc4random_uniform
90will return a single 32-bit value, uniformly distributed but less than
91.Fa upper_bound .
92This is recommended over constructions like
93.Dq Li arc4random() % upper_bound
94as it avoids "modulo bias" when the upper bound is not a power of two.
95In the worst case, this function may consume multiple iterations
96to ensure uniformity; see the source code to understand the problem
97and solution.
98.Sh RETURN VALUES
99These functions are always successful, and no return value is
100reserved to indicate an error.
101.Sh SEE ALSO
102.Xr rand 3 ,
103.Xr rand48 3 ,
104.Xr random 3
105.Sh HISTORY
106These functions first appeared in
107.Ox 2.1 .
108.Pp
109The original version of this random number generator used the
110RC4 (also known as ARC4) algorithm.
111In
112.Ox 5.5
113it was replaced with the ChaCha20 cipher, and it may be replaced
114again in the future as cryptographic techniques advance.
115A good mnemonic is
116.Dq A Replacement Call for Random .
diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c
deleted file mode 100644
index 1a16bd3940..0000000000
--- a/src/lib/libc/crypt/arc4random.c
+++ /dev/null
@@ -1,198 +0,0 @@
1/* $OpenBSD: arc4random.c,v 1.55 2019/03/24 17:56:54 deraadt Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * ChaCha based random number generator for OpenBSD.
24 */
25
26#include <fcntl.h>
27#include <limits.h>
28#include <signal.h>
29#include <stdint.h>
30#include <stdlib.h>
31#include <string.h>
32#include <unistd.h>
33#include <sys/types.h>
34#include <sys/time.h>
35
36#define KEYSTREAM_ONLY
37#include "chacha_private.h"
38
39#define minimum(a, b) ((a) < (b) ? (a) : (b))
40
41#if defined(__GNUC__) || defined(_MSC_VER)
42#define inline __inline
43#else /* __GNUC__ || _MSC_VER */
44#define inline
45#endif /* !__GNUC__ && !_MSC_VER */
46
47#define KEYSZ 32
48#define IVSZ 8
49#define BLOCKSZ 64
50#define RSBUFSZ (16*BLOCKSZ)
51
52/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
53static struct _rs {
54 size_t rs_have; /* valid bytes at end of rs_buf */
55 size_t rs_count; /* bytes till reseed */
56} *rs;
57
58/* Maybe be preserved in fork children, if _rs_allocate() decides. */
59static struct _rsx {
60 chacha_ctx rs_chacha; /* chacha context for random keystream */
61 u_char rs_buf[RSBUFSZ]; /* keystream blocks */
62} *rsx;
63
64static inline int _rs_allocate(struct _rs **, struct _rsx **);
65static inline void _rs_forkdetect(void);
66#include "arc4random.h"
67
68static inline void _rs_rekey(u_char *dat, size_t datlen);
69
70static inline void
71_rs_init(u_char *buf, size_t n)
72{
73 if (n < KEYSZ + IVSZ)
74 return;
75
76 if (rs == NULL) {
77 if (_rs_allocate(&rs, &rsx) == -1)
78 _exit(1);
79 }
80
81 chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0);
82 chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ);
83}
84
85static void
86_rs_stir(void)
87{
88 u_char rnd[KEYSZ + IVSZ];
89
90 if (getentropy(rnd, sizeof rnd) == -1)
91 _getentropy_fail();
92
93 if (!rs)
94 _rs_init(rnd, sizeof(rnd));
95 else
96 _rs_rekey(rnd, sizeof(rnd));
97 explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */
98
99 /* invalidate rs_buf */
100 rs->rs_have = 0;
101 memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
102
103 rs->rs_count = 1600000;
104}
105
106static inline void
107_rs_stir_if_needed(size_t len)
108{
109 _rs_forkdetect();
110 if (!rs || rs->rs_count <= len)
111 _rs_stir();
112 if (rs->rs_count <= len)
113 rs->rs_count = 0;
114 else
115 rs->rs_count -= len;
116}
117
118static inline void
119_rs_rekey(u_char *dat, size_t datlen)
120{
121#ifndef KEYSTREAM_ONLY
122 memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
123#endif
124 /* fill rs_buf with the keystream */
125 chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf,
126 rsx->rs_buf, sizeof(rsx->rs_buf));
127 /* mix in optional user provided data */
128 if (dat) {
129 size_t i, m;
130
131 m = minimum(datlen, KEYSZ + IVSZ);
132 for (i = 0; i < m; i++)
133 rsx->rs_buf[i] ^= dat[i];
134 }
135 /* immediately reinit for backtracking resistance */
136 _rs_init(rsx->rs_buf, KEYSZ + IVSZ);
137 memset(rsx->rs_buf, 0, KEYSZ + IVSZ);
138 rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ;
139}
140
141static inline void
142_rs_random_buf(void *_buf, size_t n)
143{
144 u_char *buf = (u_char *)_buf;
145 u_char *keystream;
146 size_t m;
147
148 _rs_stir_if_needed(n);
149 while (n > 0) {
150 if (rs->rs_have > 0) {
151 m = minimum(n, rs->rs_have);
152 keystream = rsx->rs_buf + sizeof(rsx->rs_buf)
153 - rs->rs_have;
154 memcpy(buf, keystream, m);
155 memset(keystream, 0, m);
156 buf += m;
157 n -= m;
158 rs->rs_have -= m;
159 }
160 if (rs->rs_have == 0)
161 _rs_rekey(NULL, 0);
162 }
163}
164
165static inline void
166_rs_random_u32(uint32_t *val)
167{
168 u_char *keystream;
169
170 _rs_stir_if_needed(sizeof(*val));
171 if (rs->rs_have < sizeof(*val))
172 _rs_rekey(NULL, 0);
173 keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - rs->rs_have;
174 memcpy(val, keystream, sizeof(*val));
175 memset(keystream, 0, sizeof(*val));
176 rs->rs_have -= sizeof(*val);
177}
178
179uint32_t
180arc4random(void)
181{
182 uint32_t val;
183
184 _ARC4_LOCK();
185 _rs_random_u32(&val);
186 _ARC4_UNLOCK();
187 return val;
188}
189DEF_WEAK(arc4random);
190
191void
192arc4random_buf(void *buf, size_t n)
193{
194 _ARC4_LOCK();
195 _rs_random_buf(buf, n);
196 _ARC4_UNLOCK();
197}
198DEF_WEAK(arc4random_buf);
diff --git a/src/lib/libc/crypt/arc4random.h b/src/lib/libc/crypt/arc4random.h
deleted file mode 100644
index 4abd15321a..0000000000
--- a/src/lib/libc/crypt/arc4random.h
+++ /dev/null
@@ -1,61 +0,0 @@
1/* $OpenBSD: arc4random.h,v 1.4 2015/01/15 06:57:18 deraadt Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
7 * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * Stub functions for portability.
24 */
25#include <sys/mman.h>
26
27#include <signal.h>
28
29#include "thread_private.h"
30
31static inline void
32_getentropy_fail(void)
33{
34 raise(SIGKILL);
35}
36
37static inline int
38_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
39{
40 struct {
41 struct _rs rs;
42 struct _rsx rsx;
43 } *p;
44
45 if ((p = mmap(NULL, sizeof(*p), PROT_READ|PROT_WRITE,
46 MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
47 return (-1);
48 if (minherit(p, sizeof(*p), MAP_INHERIT_ZERO) == -1) {
49 munmap(p, sizeof(*p));
50 return (-1);
51 }
52
53 *rsp = &p->rs;
54 *rsxp = &p->rsx;
55 return (0);
56}
57
58static inline void
59_rs_forkdetect(void)
60{
61}
diff --git a/src/lib/libc/crypt/arc4random_uniform.c b/src/lib/libc/crypt/arc4random_uniform.c
deleted file mode 100644
index a18b5b1238..0000000000
--- a/src/lib/libc/crypt/arc4random_uniform.c
+++ /dev/null
@@ -1,57 +0,0 @@
1/* $OpenBSD: arc4random_uniform.c,v 1.3 2019/01/20 02:59:07 bcook Exp $ */
2
3/*
4 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <stdint.h>
20#include <stdlib.h>
21
22/*
23 * Calculate a uniformly distributed random number less than upper_bound
24 * avoiding "modulo bias".
25 *
26 * Uniformity is achieved by generating new random numbers until the one
27 * returned is outside the range [0, 2**32 % upper_bound). This
28 * guarantees the selected random number will be inside
29 * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
30 * after reduction modulo upper_bound.
31 */
32uint32_t
33arc4random_uniform(uint32_t upper_bound)
34{
35 uint32_t r, min;
36
37 if (upper_bound < 2)
38 return 0;
39
40 /* 2**32 % x == (2**32 - x) % x */
41 min = -upper_bound % upper_bound;
42
43 /*
44 * This could theoretically loop forever but each retry has
45 * p > 0.5 (worst case, usually far better) of selecting a
46 * number inside the range we need, so it should rarely need
47 * to re-roll.
48 */
49 for (;;) {
50 r = arc4random();
51 if (r >= min)
52 break;
53 }
54
55 return r % upper_bound;
56}
57DEF_WEAK(arc4random_uniform);
diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c
deleted file mode 100644
index ba45b104ed..0000000000
--- a/src/lib/libc/crypt/bcrypt.c
+++ /dev/null
@@ -1,397 +0,0 @@
1/* $OpenBSD: bcrypt.c,v 1.58 2020/07/06 13:33:05 pirofti Exp $ */
2
3/*
4 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
5 * Copyright (c) 1997 Niels Provos <provos@umich.edu>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19/* This password hashing algorithm was designed by David Mazieres
20 * <dm@lcs.mit.edu> and works as follows:
21 *
22 * 1. state := InitState ()
23 * 2. state := ExpandKey (state, salt, password)
24 * 3. REPEAT rounds:
25 * state := ExpandKey (state, 0, password)
26 * state := ExpandKey (state, 0, salt)
27 * 4. ctext := "OrpheanBeholderScryDoubt"
28 * 5. REPEAT 64:
29 * ctext := Encrypt_ECB (state, ctext);
30 * 6. RETURN Concatenate (salt, ctext);
31 *
32 */
33
34#include <sys/types.h>
35#include <blf.h>
36#include <ctype.h>
37#include <errno.h>
38#include <pwd.h>
39#include <stdio.h>
40#include <stdlib.h>
41#include <string.h>
42#include <time.h>
43
44/* This implementation is adaptable to current computing power.
45 * You can have up to 2^31 rounds which should be enough for some
46 * time to come.
47 */
48
49#define BCRYPT_VERSION '2'
50#define BCRYPT_MAXSALT 16 /* Precomputation is just so nice */
51#define BCRYPT_WORDS 6 /* Ciphertext words */
52#define BCRYPT_MINLOGROUNDS 4 /* we have log2(rounds) in salt */
53
54#define BCRYPT_SALTSPACE (7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1)
55#define BCRYPT_HASHSPACE 61
56
57char *bcrypt_gensalt(u_int8_t);
58
59static int encode_base64(char *, const u_int8_t *, size_t);
60static int decode_base64(u_int8_t *, size_t, const char *);
61
62/*
63 * Generates a salt for this version of crypt.
64 */
65static int
66bcrypt_initsalt(int log_rounds, uint8_t *salt, size_t saltbuflen)
67{
68 uint8_t csalt[BCRYPT_MAXSALT];
69
70 if (saltbuflen < BCRYPT_SALTSPACE) {
71 errno = EINVAL;
72 return -1;
73 }
74
75 arc4random_buf(csalt, sizeof(csalt));
76
77 if (log_rounds < 4)
78 log_rounds = 4;
79 else if (log_rounds > 31)
80 log_rounds = 31;
81
82 snprintf(salt, saltbuflen, "$2b$%2.2u$", log_rounds);
83 encode_base64(salt + 7, csalt, sizeof(csalt));
84
85 return 0;
86}
87
88/*
89 * the core bcrypt function
90 */
91static int
92bcrypt_hashpass(const char *key, const char *salt, char *encrypted,
93 size_t encryptedlen)
94{
95 blf_ctx state;
96 u_int32_t rounds, i, k;
97 u_int16_t j;
98 size_t key_len;
99 u_int8_t salt_len, logr, minor;
100 u_int8_t ciphertext[4 * BCRYPT_WORDS] = "OrpheanBeholderScryDoubt";
101 u_int8_t csalt[BCRYPT_MAXSALT];
102 u_int32_t cdata[BCRYPT_WORDS];
103
104 if (encryptedlen < BCRYPT_HASHSPACE)
105 goto inval;
106
107 /* Check and discard "$" identifier */
108 if (salt[0] != '$')
109 goto inval;
110 salt += 1;
111
112 if (salt[0] != BCRYPT_VERSION)
113 goto inval;
114
115 /* Check for minor versions */
116 switch ((minor = salt[1])) {
117 case 'a':
118 key_len = (u_int8_t)(strlen(key) + 1);
119 break;
120 case 'b':
121 /* strlen() returns a size_t, but the function calls
122 * below result in implicit casts to a narrower integer
123 * type, so cap key_len at the actual maximum supported
124 * length here to avoid integer wraparound */
125 key_len = strlen(key);
126 if (key_len > 72)
127 key_len = 72;
128 key_len++; /* include the NUL */
129 break;
130 default:
131 goto inval;
132 }
133 if (salt[2] != '$')
134 goto inval;
135 /* Discard version + "$" identifier */
136 salt += 3;
137
138 /* Check and parse num rounds */
139 if (!isdigit((unsigned char)salt[0]) ||
140 !isdigit((unsigned char)salt[1]) || salt[2] != '$')
141 goto inval;
142 logr = (salt[1] - '0') + ((salt[0] - '0') * 10);
143 if (logr < BCRYPT_MINLOGROUNDS || logr > 31)
144 goto inval;
145 /* Computer power doesn't increase linearly, 2^x should be fine */
146 rounds = 1U << logr;
147
148 /* Discard num rounds + "$" identifier */
149 salt += 3;
150
151 if (strlen(salt) * 3 / 4 < BCRYPT_MAXSALT)
152 goto inval;
153
154 /* We dont want the base64 salt but the raw data */
155 if (decode_base64(csalt, BCRYPT_MAXSALT, salt))
156 goto inval;
157 salt_len = BCRYPT_MAXSALT;
158
159 /* Setting up S-Boxes and Subkeys */
160 Blowfish_initstate(&state);
161 Blowfish_expandstate(&state, csalt, salt_len,
162 (u_int8_t *) key, key_len);
163 for (k = 0; k < rounds; k++) {
164 Blowfish_expand0state(&state, (u_int8_t *) key, key_len);
165 Blowfish_expand0state(&state, csalt, salt_len);
166 }
167
168 /* This can be precomputed later */
169 j = 0;
170 for (i = 0; i < BCRYPT_WORDS; i++)
171 cdata[i] = Blowfish_stream2word(ciphertext, 4 * BCRYPT_WORDS, &j);
172
173 /* Now do the encryption */
174 for (k = 0; k < 64; k++)
175 blf_enc(&state, cdata, BCRYPT_WORDS / 2);
176
177 for (i = 0; i < BCRYPT_WORDS; i++) {
178 ciphertext[4 * i + 3] = cdata[i] & 0xff;
179 cdata[i] = cdata[i] >> 8;
180 ciphertext[4 * i + 2] = cdata[i] & 0xff;
181 cdata[i] = cdata[i] >> 8;
182 ciphertext[4 * i + 1] = cdata[i] & 0xff;
183 cdata[i] = cdata[i] >> 8;
184 ciphertext[4 * i + 0] = cdata[i] & 0xff;
185 }
186
187
188 snprintf(encrypted, 8, "$2%c$%2.2u$", minor, logr);
189 encode_base64(encrypted + 7, csalt, BCRYPT_MAXSALT);
190 encode_base64(encrypted + 7 + 22, ciphertext, 4 * BCRYPT_WORDS - 1);
191 explicit_bzero(&state, sizeof(state));
192 explicit_bzero(ciphertext, sizeof(ciphertext));
193 explicit_bzero(csalt, sizeof(csalt));
194 explicit_bzero(cdata, sizeof(cdata));
195 return 0;
196
197inval:
198 errno = EINVAL;
199 return -1;
200}
201
202/*
203 * user friendly functions
204 */
205int
206bcrypt_newhash(const char *pass, int log_rounds, char *hash, size_t hashlen)
207{
208 char salt[BCRYPT_SALTSPACE];
209
210 if (bcrypt_initsalt(log_rounds, salt, sizeof(salt)) != 0)
211 return -1;
212
213 if (bcrypt_hashpass(pass, salt, hash, hashlen) != 0)
214 return -1;
215
216 explicit_bzero(salt, sizeof(salt));
217 return 0;
218}
219DEF_WEAK(bcrypt_newhash);
220
221int
222bcrypt_checkpass(const char *pass, const char *goodhash)
223{
224 char hash[BCRYPT_HASHSPACE];
225
226 if (bcrypt_hashpass(pass, goodhash, hash, sizeof(hash)) != 0)
227 return -1;
228 if (strlen(hash) != strlen(goodhash) ||
229 timingsafe_bcmp(hash, goodhash, strlen(goodhash)) != 0) {
230 errno = EACCES;
231 return -1;
232 }
233
234 explicit_bzero(hash, sizeof(hash));
235 return 0;
236}
237DEF_WEAK(bcrypt_checkpass);
238
239/*
240 * Measure this system's performance by measuring the time for 8 rounds.
241 * We are aiming for something that takes around 0.1s, but not too much over.
242 */
243int
244_bcrypt_autorounds(void)
245{
246 struct timespec before, after;
247 int r = 8;
248 char buf[_PASSWORD_LEN];
249 int duration;
250
251 WRAP(clock_gettime)(CLOCK_THREAD_CPUTIME_ID, &before);
252 bcrypt_newhash("testpassword", r, buf, sizeof(buf));
253 WRAP(clock_gettime)(CLOCK_THREAD_CPUTIME_ID, &after);
254
255 duration = after.tv_sec - before.tv_sec;
256 duration *= 1000000;
257 duration += (after.tv_nsec - before.tv_nsec) / 1000;
258
259 /* too quick? slow it down. */
260 while (r < 16 && duration <= 60000) {
261 r += 1;
262 duration *= 2;
263 }
264 /* too slow? speed it up. */
265 while (r > 6 && duration > 120000) {
266 r -= 1;
267 duration /= 2;
268 }
269
270 return r;
271}
272
273/*
274 * internal utilities
275 */
276static const u_int8_t Base64Code[] =
277"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
278
279static const u_int8_t index_64[128] = {
280 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
281 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
282 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
283 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
284 255, 255, 255, 255, 255, 255, 0, 1, 54, 55,
285 56, 57, 58, 59, 60, 61, 62, 63, 255, 255,
286 255, 255, 255, 255, 255, 2, 3, 4, 5, 6,
287 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
288 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
289 255, 255, 255, 255, 255, 255, 28, 29, 30,
290 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
291 41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
292 51, 52, 53, 255, 255, 255, 255, 255
293};
294#define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)])
295
296/*
297 * read buflen (after decoding) bytes of data from b64data
298 */
299static int
300decode_base64(u_int8_t *buffer, size_t len, const char *b64data)
301{
302 u_int8_t *bp = buffer;
303 const u_int8_t *p = b64data;
304 u_int8_t c1, c2, c3, c4;
305
306 while (bp < buffer + len) {
307 c1 = CHAR64(*p);
308 /* Invalid data */
309 if (c1 == 255)
310 return -1;
311
312 c2 = CHAR64(*(p + 1));
313 if (c2 == 255)
314 return -1;
315
316 *bp++ = (c1 << 2) | ((c2 & 0x30) >> 4);
317 if (bp >= buffer + len)
318 break;
319
320 c3 = CHAR64(*(p + 2));
321 if (c3 == 255)
322 return -1;
323
324 *bp++ = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2);
325 if (bp >= buffer + len)
326 break;
327
328 c4 = CHAR64(*(p + 3));
329 if (c4 == 255)
330 return -1;
331 *bp++ = ((c3 & 0x03) << 6) | c4;
332
333 p += 4;
334 }
335 return 0;
336}
337
338/*
339 * Turn len bytes of data into base64 encoded data.
340 * This works without = padding.
341 */
342static int
343encode_base64(char *b64buffer, const u_int8_t *data, size_t len)
344{
345 u_int8_t *bp = b64buffer;
346 const u_int8_t *p = data;
347 u_int8_t c1, c2;
348
349 while (p < data + len) {
350 c1 = *p++;
351 *bp++ = Base64Code[(c1 >> 2)];
352 c1 = (c1 & 0x03) << 4;
353 if (p >= data + len) {
354 *bp++ = Base64Code[c1];
355 break;
356 }
357 c2 = *p++;
358 c1 |= (c2 >> 4) & 0x0f;
359 *bp++ = Base64Code[c1];
360 c1 = (c2 & 0x0f) << 2;
361 if (p >= data + len) {
362 *bp++ = Base64Code[c1];
363 break;
364 }
365 c2 = *p++;
366 c1 |= (c2 >> 6) & 0x03;
367 *bp++ = Base64Code[c1];
368 *bp++ = Base64Code[c2 & 0x3f];
369 }
370 *bp = '\0';
371 return 0;
372}
373
374/*
375 * classic interface
376 */
377char *
378bcrypt_gensalt(u_int8_t log_rounds)
379{
380 static char gsalt[BCRYPT_SALTSPACE];
381
382 bcrypt_initsalt(log_rounds, gsalt, sizeof(gsalt));
383
384 return gsalt;
385}
386
387char *
388bcrypt(const char *pass, const char *salt)
389{
390 static char gencrypted[BCRYPT_HASHSPACE];
391
392 if (bcrypt_hashpass(pass, salt, gencrypted, sizeof(gencrypted)) != 0)
393 return NULL;
394
395 return gencrypted;
396}
397DEF_WEAK(bcrypt);
diff --git a/src/lib/libc/crypt/blowfish.3 b/src/lib/libc/crypt/blowfish.3
deleted file mode 100644
index 88a62336cf..0000000000
--- a/src/lib/libc/crypt/blowfish.3
+++ /dev/null
@@ -1,106 +0,0 @@
1.\" $OpenBSD: blowfish.3,v 1.23 2015/11/10 23:48:17 jmc Exp $
2.\"
3.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\" notice, this list of conditions and the following disclaimer in the
13.\" documentation and/or other materials provided with the distribution.
14.\" 3. All advertising materials mentioning features or use of this software
15.\" must display the following acknowledgement:
16.\" This product includes software developed by Niels Provos.
17.\" 4. The name of the author may not be used to endorse or promote products
18.\" derived from this software without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30.\"
31.\" Manual page, using -mandoc macros
32.\"
33.Dd $Mdocdate: November 10 2015 $
34.Dt BLF_KEY 3
35.Os
36.Sh NAME
37.Nm blf_key ,
38.Nm blf_enc ,
39.Nm blf_dec ,
40.Nm blf_ecb_encrypt ,
41.Nm blf_ecb_decrypt ,
42.Nm blf_cbc_encrypt ,
43.Nm blf_cbc_decrypt
44.Nd Blowfish encryption
45.Sh SYNOPSIS
46.In blf.h
47.Ft void
48.Fn blf_key "blf_ctx *state" "const u_int8_t *key" "u_int16_t keylen"
49.Ft void
50.Fn blf_enc "blf_ctx *state" "u_int32_t *data" "u_int16_t blocks"
51.Ft void
52.Fn blf_dec "blf_ctx *state" "u_int32_t *data" "u_int16_t blocks"
53.Ft void
54.Fn blf_ecb_encrypt "blf_ctx *state" "u_int8_t *data" "u_int32_t datalen"
55.Ft void
56.Fn blf_ecb_decrypt "blf_ctx *state" "u_int8_t *data" "u_int32_t datalen"
57.Ft void
58.Fn blf_cbc_encrypt "blf_ctx *state" "u_int8_t *iv" "u_int8_t *data" "u_int32_t datalen"
59.Ft void
60.Fn blf_cbc_decrypt "blf_ctx *state" "u_int8_t *iv" "u_int8_t *data" "u_int32_t datalen"
61.Sh DESCRIPTION
62.Em Blowfish
63is a fast unpatented block cipher designed by Bruce Schneier.
64It basically consists of a 16-round Feistel network.
65The block size is 64 bits and the maximum key size is 448 bits.
66.Pp
67The
68.Fn blf_key
69function initializes the 4 8-bit S-boxes and the 18 Subkeys with
70the hexadecimal digits of Pi.
71The key is used for further randomization.
72The first argument to
73.Fn blf_enc
74is the initialized state derived from
75.Fn blf_key .
76The stream of 32-bit words is encrypted in Electronic Codebook
77Mode (ECB) and
78.Fa blocks
79is the number of 64-bit blocks in the stream.
80.Fn blf_dec
81is used for decrypting Blowfish encrypted blocks.
82.Pp
83The functions
84.Fn blf_ecb_encrypt
85and
86.Fn blf_ecb_decrypt
87are used for encrypting and decrypting octet streams in ECB mode.
88The functions
89.Fn blf_cbc_encrypt
90and
91.Fn blf_cbc_decrypt
92are used for encrypting and decrypting octet streams in
93Cipherblock Chaining Mode (CBC).
94For these functions
95.Fa datalen
96specifies the number of octets of data to encrypt or decrypt.
97It must be a multiple of 8 (64-bit block).
98The initialisation vector
99.Fa iv
100points to an 8-byte buffer.
101.Sh SEE ALSO
102.Xr passwd 1 ,
103.Xr crypt 3 ,
104.Xr passwd 5
105.Sh AUTHORS
106.An Niels Provos Aq Mt provos@physnet.uni-hamburg.de
diff --git a/src/lib/libc/crypt/blowfish.c b/src/lib/libc/crypt/blowfish.c
deleted file mode 100644
index a658e602d2..0000000000
--- a/src/lib/libc/crypt/blowfish.c
+++ /dev/null
@@ -1,698 +0,0 @@
1/* $OpenBSD: blowfish.c,v 1.19 2015/09/11 09:18:27 guenther Exp $ */
2/*
3 * Blowfish block cipher for OpenBSD
4 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5 * All rights reserved.
6 *
7 * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Niels Provos.
20 * 4. The name of the author may not be used to endorse or promote products
21 * derived from this software without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35/*
36 * This code is derived from section 14.3 and the given source
37 * in section V of Applied Cryptography, second edition.
38 * Blowfish is an unpatented fast block cipher designed by
39 * Bruce Schneier.
40 */
41
42#if 0
43#include <stdio.h> /* used for debugging */
44#include <string.h>
45#endif
46
47#include <sys/types.h>
48#include <blf.h>
49
50#undef inline
51#ifdef __GNUC__
52#define inline __inline
53#else /* !__GNUC__ */
54#define inline
55#endif /* !__GNUC__ */
56
57/* Function for Feistel Networks */
58
59#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \
60 + (s)[0x100 + (((x)>>16)&0xFF)]) \
61 ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
62 + (s)[0x300 + ( (x) &0xFF)])
63
64#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
65
66void
67Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
68{
69 u_int32_t Xl;
70 u_int32_t Xr;
71 u_int32_t *s = c->S[0];
72 u_int32_t *p = c->P;
73
74 Xl = *xl;
75 Xr = *xr;
76
77 Xl ^= p[0];
78 BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
79 BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
80 BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
81 BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
82 BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
83 BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
84 BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
85 BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
86
87 *xl = Xr ^ p[17];
88 *xr = Xl;
89}
90DEF_WEAK(Blowfish_encipher);
91
92void
93Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
94{
95 u_int32_t Xl;
96 u_int32_t Xr;
97 u_int32_t *s = c->S[0];
98 u_int32_t *p = c->P;
99
100 Xl = *xl;
101 Xr = *xr;
102
103 Xl ^= p[17];
104 BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
105 BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
106 BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
107 BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
108 BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
109 BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
110 BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
111 BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
112
113 *xl = Xr ^ p[0];
114 *xr = Xl;
115}
116DEF_WEAK(Blowfish_decipher);
117
118void
119Blowfish_initstate(blf_ctx *c)
120{
121 /* P-box and S-box tables initialized with digits of Pi */
122
123 static const blf_ctx initstate =
124 { {
125 {
126 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
127 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
128 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
129 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
130 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
131 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
132 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
133 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
134 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
135 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
136 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
137 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
138 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
139 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
140 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
141 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
142 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
143 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
144 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
145 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
146 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
147 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
148 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
149 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
150 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
151 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
152 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
153 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
154 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
155 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
156 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
157 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
158 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
159 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
160 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
161 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
162 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
163 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
164 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
165 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
166 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
167 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
168 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
169 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
170 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
171 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
172 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
173 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
174 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
175 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
176 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
177 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
178 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
179 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
180 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
181 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
182 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
183 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
184 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
185 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
186 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
187 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
188 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
189 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
190 {
191 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
192 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
193 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
194 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
195 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
196 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
197 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
198 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
199 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
200 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
201 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
202 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
203 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
204 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
205 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
206 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
207 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
208 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
209 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
210 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
211 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
212 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
213 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
214 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
215 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
216 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
217 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
218 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
219 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
220 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
221 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
222 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
223 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
224 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
225 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
226 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
227 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
228 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
229 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
230 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
231 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
232 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
233 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
234 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
235 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
236 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
237 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
238 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
239 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
240 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
241 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
242 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
243 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
244 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
245 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
246 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
247 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
248 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
249 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
250 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
251 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
252 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
253 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
254 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
255 {
256 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
257 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
258 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
259 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
260 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
261 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
262 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
263 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
264 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
265 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
266 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
267 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
268 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
269 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
270 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
271 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
272 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
273 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
274 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
275 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
276 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
277 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
278 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
279 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
280 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
281 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
282 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
283 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
284 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
285 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
286 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
287 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
288 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
289 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
290 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
291 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
292 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
293 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
294 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
295 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
296 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
297 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
298 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
299 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
300 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
301 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
302 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
303 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
304 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
305 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
306 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
307 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
308 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
309 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
310 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
311 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
312 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
313 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
314 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
315 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
316 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
317 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
318 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
319 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
320 {
321 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
322 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
323 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
324 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
325 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
326 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
327 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
328 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
329 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
330 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
331 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
332 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
333 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
334 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
335 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
336 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
337 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
338 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
339 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
340 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
341 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
342 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
343 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
344 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
345 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
346 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
347 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
348 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
349 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
350 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
351 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
352 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
353 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
354 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
355 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
356 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
357 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
358 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
359 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
360 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
361 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
362 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
363 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
364 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
365 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
366 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
367 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
368 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
369 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
370 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
371 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
372 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
373 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
374 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
375 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
376 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
377 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
378 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
379 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
380 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
381 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
382 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
383 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
384 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
385 },
386 {
387 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
388 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
389 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
390 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
391 0x9216d5d9, 0x8979fb1b
392 } };
393
394 *c = initstate;
395}
396DEF_WEAK(Blowfish_initstate);
397
398u_int32_t
399Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
400 u_int16_t *current)
401{
402 u_int8_t i;
403 u_int16_t j;
404 u_int32_t temp;
405
406 temp = 0x00000000;
407 j = *current;
408
409 for (i = 0; i < 4; i++, j++) {
410 if (j >= databytes)
411 j = 0;
412 temp = (temp << 8) | data[j];
413 }
414
415 *current = j;
416 return temp;
417}
418DEF_WEAK(Blowfish_stream2word);
419
420void
421Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
422{
423 u_int16_t i;
424 u_int16_t j;
425 u_int16_t k;
426 u_int32_t temp;
427 u_int32_t datal;
428 u_int32_t datar;
429
430 j = 0;
431 for (i = 0; i < BLF_N + 2; i++) {
432 /* Extract 4 int8 to 1 int32 from keystream */
433 temp = Blowfish_stream2word(key, keybytes, &j);
434 c->P[i] = c->P[i] ^ temp;
435 }
436
437 j = 0;
438 datal = 0x00000000;
439 datar = 0x00000000;
440 for (i = 0; i < BLF_N + 2; i += 2) {
441 Blowfish_encipher(c, &datal, &datar);
442
443 c->P[i] = datal;
444 c->P[i + 1] = datar;
445 }
446
447 for (i = 0; i < 4; i++) {
448 for (k = 0; k < 256; k += 2) {
449 Blowfish_encipher(c, &datal, &datar);
450
451 c->S[i][k] = datal;
452 c->S[i][k + 1] = datar;
453 }
454 }
455}
456DEF_WEAK(Blowfish_expand0state);
457
458
459void
460Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
461 const u_int8_t *key, u_int16_t keybytes)
462{
463 u_int16_t i;
464 u_int16_t j;
465 u_int16_t k;
466 u_int32_t temp;
467 u_int32_t datal;
468 u_int32_t datar;
469
470 j = 0;
471 for (i = 0; i < BLF_N + 2; i++) {
472 /* Extract 4 int8 to 1 int32 from keystream */
473 temp = Blowfish_stream2word(key, keybytes, &j);
474 c->P[i] = c->P[i] ^ temp;
475 }
476
477 j = 0;
478 datal = 0x00000000;
479 datar = 0x00000000;
480 for (i = 0; i < BLF_N + 2; i += 2) {
481 datal ^= Blowfish_stream2word(data, databytes, &j);
482 datar ^= Blowfish_stream2word(data, databytes, &j);
483 Blowfish_encipher(c, &datal, &datar);
484
485 c->P[i] = datal;
486 c->P[i + 1] = datar;
487 }
488
489 for (i = 0; i < 4; i++) {
490 for (k = 0; k < 256; k += 2) {
491 datal ^= Blowfish_stream2word(data, databytes, &j);
492 datar ^= Blowfish_stream2word(data, databytes, &j);
493 Blowfish_encipher(c, &datal, &datar);
494
495 c->S[i][k] = datal;
496 c->S[i][k + 1] = datar;
497 }
498 }
499
500}
501DEF_WEAK(Blowfish_expandstate);
502
503void
504blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
505{
506 /* Initialize S-boxes and subkeys with Pi */
507 Blowfish_initstate(c);
508
509 /* Transform S-boxes and subkeys with key */
510 Blowfish_expand0state(c, k, len);
511}
512DEF_WEAK(blf_key);
513
514void
515blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
516{
517 u_int32_t *d;
518 u_int16_t i;
519
520 d = data;
521 for (i = 0; i < blocks; i++) {
522 Blowfish_encipher(c, d, d + 1);
523 d += 2;
524 }
525}
526DEF_WEAK(blf_enc);
527
528void
529blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
530{
531 u_int32_t *d;
532 u_int16_t i;
533
534 d = data;
535 for (i = 0; i < blocks; i++) {
536 Blowfish_decipher(c, d, d + 1);
537 d += 2;
538 }
539}
540DEF_WEAK(blf_dec);
541
542void
543blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
544{
545 u_int32_t l, r;
546 u_int32_t i;
547
548 for (i = 0; i < len; i += 8) {
549 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
550 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
551 Blowfish_encipher(c, &l, &r);
552 data[0] = l >> 24 & 0xff;
553 data[1] = l >> 16 & 0xff;
554 data[2] = l >> 8 & 0xff;
555 data[3] = l & 0xff;
556 data[4] = r >> 24 & 0xff;
557 data[5] = r >> 16 & 0xff;
558 data[6] = r >> 8 & 0xff;
559 data[7] = r & 0xff;
560 data += 8;
561 }
562}
563DEF_WEAK(blf_ecb_encrypt);
564
565void
566blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
567{
568 u_int32_t l, r;
569 u_int32_t i;
570
571 for (i = 0; i < len; i += 8) {
572 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
573 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
574 Blowfish_decipher(c, &l, &r);
575 data[0] = l >> 24 & 0xff;
576 data[1] = l >> 16 & 0xff;
577 data[2] = l >> 8 & 0xff;
578 data[3] = l & 0xff;
579 data[4] = r >> 24 & 0xff;
580 data[5] = r >> 16 & 0xff;
581 data[6] = r >> 8 & 0xff;
582 data[7] = r & 0xff;
583 data += 8;
584 }
585}
586DEF_WEAK(blf_ecb_decrypt);
587
588void
589blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
590{
591 u_int32_t l, r;
592 u_int32_t i, j;
593
594 for (i = 0; i < len; i += 8) {
595 for (j = 0; j < 8; j++)
596 data[j] ^= iv[j];
597 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
598 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
599 Blowfish_encipher(c, &l, &r);
600 data[0] = l >> 24 & 0xff;
601 data[1] = l >> 16 & 0xff;
602 data[2] = l >> 8 & 0xff;
603 data[3] = l & 0xff;
604 data[4] = r >> 24 & 0xff;
605 data[5] = r >> 16 & 0xff;
606 data[6] = r >> 8 & 0xff;
607 data[7] = r & 0xff;
608 iv = data;
609 data += 8;
610 }
611}
612DEF_WEAK(blf_cbc_encrypt);
613
614void
615blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
616{
617 u_int32_t l, r;
618 u_int8_t *iv;
619 u_int32_t i, j;
620
621 iv = data + len - 16;
622 data = data + len - 8;
623 for (i = len - 8; i >= 8; i -= 8) {
624 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
625 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
626 Blowfish_decipher(c, &l, &r);
627 data[0] = l >> 24 & 0xff;
628 data[1] = l >> 16 & 0xff;
629 data[2] = l >> 8 & 0xff;
630 data[3] = l & 0xff;
631 data[4] = r >> 24 & 0xff;
632 data[5] = r >> 16 & 0xff;
633 data[6] = r >> 8 & 0xff;
634 data[7] = r & 0xff;
635 for (j = 0; j < 8; j++)
636 data[j] ^= iv[j];
637 iv -= 8;
638 data -= 8;
639 }
640 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
641 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
642 Blowfish_decipher(c, &l, &r);
643 data[0] = l >> 24 & 0xff;
644 data[1] = l >> 16 & 0xff;
645 data[2] = l >> 8 & 0xff;
646 data[3] = l & 0xff;
647 data[4] = r >> 24 & 0xff;
648 data[5] = r >> 16 & 0xff;
649 data[6] = r >> 8 & 0xff;
650 data[7] = r & 0xff;
651 for (j = 0; j < 8; j++)
652 data[j] ^= iva[j];
653}
654DEF_WEAK(blf_cbc_decrypt);
655
656#if 0
657void
658report(u_int32_t data[], u_int16_t len)
659{
660 u_int16_t i;
661 for (i = 0; i < len; i += 2)
662 printf("Block %0hd: %08lx %08lx.\n",
663 i / 2, data[i], data[i + 1]);
664}
665void
666main(void)
667{
668
669 blf_ctx c;
670 char key[] = "AAAAA";
671 char key2[] = "abcdefghijklmnopqrstuvwxyz";
672
673 u_int32_t data[10];
674 u_int32_t data2[] =
675 {0x424c4f57l, 0x46495348l};
676
677 u_int16_t i;
678
679 /* First test */
680 for (i = 0; i < 10; i++)
681 data[i] = i;
682
683 blf_key(&c, (u_int8_t *) key, 5);
684 blf_enc(&c, data, 5);
685 blf_dec(&c, data, 1);
686 blf_dec(&c, data + 2, 4);
687 printf("Should read as 0 - 9.\n");
688 report(data, 10);
689
690 /* Second test */
691 blf_key(&c, (u_int8_t *) key2, strlen(key2));
692 blf_enc(&c, data2, 1);
693 printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
694 report(data2, 2);
695 blf_dec(&c, data2, 1);
696 report(data2, 2);
697}
698#endif
diff --git a/src/lib/libc/crypt/chacha_private.h b/src/lib/libc/crypt/chacha_private.h
deleted file mode 100644
index 7c3680fa6d..0000000000
--- a/src/lib/libc/crypt/chacha_private.h
+++ /dev/null
@@ -1,222 +0,0 @@
1/*
2chacha-merged.c version 20080118
3D. J. Bernstein
4Public domain.
5*/
6
7/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */
8
9typedef unsigned char u8;
10typedef unsigned int u32;
11
12typedef struct
13{
14 u32 input[16]; /* could be compressed */
15} chacha_ctx;
16
17#define U8C(v) (v##U)
18#define U32C(v) (v##U)
19
20#define U8V(v) ((u8)(v) & U8C(0xFF))
21#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
22
23#define ROTL32(v, n) \
24 (U32V((v) << (n)) | ((v) >> (32 - (n))))
25
26#define U8TO32_LITTLE(p) \
27 (((u32)((p)[0]) ) | \
28 ((u32)((p)[1]) << 8) | \
29 ((u32)((p)[2]) << 16) | \
30 ((u32)((p)[3]) << 24))
31
32#define U32TO8_LITTLE(p, v) \
33 do { \
34 (p)[0] = U8V((v) ); \
35 (p)[1] = U8V((v) >> 8); \
36 (p)[2] = U8V((v) >> 16); \
37 (p)[3] = U8V((v) >> 24); \
38 } while (0)
39
40#define ROTATE(v,c) (ROTL32(v,c))
41#define XOR(v,w) ((v) ^ (w))
42#define PLUS(v,w) (U32V((v) + (w)))
43#define PLUSONE(v) (PLUS((v),1))
44
45#define QUARTERROUND(a,b,c,d) \
46 a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
47 c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
48 a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
49 c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
50
51static const char sigma[16] = "expand 32-byte k";
52static const char tau[16] = "expand 16-byte k";
53
54static void
55chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
56{
57 const char *constants;
58
59 x->input[4] = U8TO32_LITTLE(k + 0);
60 x->input[5] = U8TO32_LITTLE(k + 4);
61 x->input[6] = U8TO32_LITTLE(k + 8);
62 x->input[7] = U8TO32_LITTLE(k + 12);
63 if (kbits == 256) { /* recommended */
64 k += 16;
65 constants = sigma;
66 } else { /* kbits == 128 */
67 constants = tau;
68 }
69 x->input[8] = U8TO32_LITTLE(k + 0);
70 x->input[9] = U8TO32_LITTLE(k + 4);
71 x->input[10] = U8TO32_LITTLE(k + 8);
72 x->input[11] = U8TO32_LITTLE(k + 12);
73 x->input[0] = U8TO32_LITTLE(constants + 0);
74 x->input[1] = U8TO32_LITTLE(constants + 4);
75 x->input[2] = U8TO32_LITTLE(constants + 8);
76 x->input[3] = U8TO32_LITTLE(constants + 12);
77}
78
79static void
80chacha_ivsetup(chacha_ctx *x,const u8 *iv)
81{
82 x->input[12] = 0;
83 x->input[13] = 0;
84 x->input[14] = U8TO32_LITTLE(iv + 0);
85 x->input[15] = U8TO32_LITTLE(iv + 4);
86}
87
88static void
89chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
90{
91 u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
92 u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
93 u8 *ctarget = NULL;
94 u8 tmp[64];
95 u_int i;
96
97 if (!bytes) return;
98
99 j0 = x->input[0];
100 j1 = x->input[1];
101 j2 = x->input[2];
102 j3 = x->input[3];
103 j4 = x->input[4];
104 j5 = x->input[5];
105 j6 = x->input[6];
106 j7 = x->input[7];
107 j8 = x->input[8];
108 j9 = x->input[9];
109 j10 = x->input[10];
110 j11 = x->input[11];
111 j12 = x->input[12];
112 j13 = x->input[13];
113 j14 = x->input[14];
114 j15 = x->input[15];
115
116 for (;;) {
117 if (bytes < 64) {
118 for (i = 0;i < bytes;++i) tmp[i] = m[i];
119 m = tmp;
120 ctarget = c;
121 c = tmp;
122 }
123 x0 = j0;
124 x1 = j1;
125 x2 = j2;
126 x3 = j3;
127 x4 = j4;
128 x5 = j5;
129 x6 = j6;
130 x7 = j7;
131 x8 = j8;
132 x9 = j9;
133 x10 = j10;
134 x11 = j11;
135 x12 = j12;
136 x13 = j13;
137 x14 = j14;
138 x15 = j15;
139 for (i = 20;i > 0;i -= 2) {
140 QUARTERROUND( x0, x4, x8,x12)
141 QUARTERROUND( x1, x5, x9,x13)
142 QUARTERROUND( x2, x6,x10,x14)
143 QUARTERROUND( x3, x7,x11,x15)
144 QUARTERROUND( x0, x5,x10,x15)
145 QUARTERROUND( x1, x6,x11,x12)
146 QUARTERROUND( x2, x7, x8,x13)
147 QUARTERROUND( x3, x4, x9,x14)
148 }
149 x0 = PLUS(x0,j0);
150 x1 = PLUS(x1,j1);
151 x2 = PLUS(x2,j2);
152 x3 = PLUS(x3,j3);
153 x4 = PLUS(x4,j4);
154 x5 = PLUS(x5,j5);
155 x6 = PLUS(x6,j6);
156 x7 = PLUS(x7,j7);
157 x8 = PLUS(x8,j8);
158 x9 = PLUS(x9,j9);
159 x10 = PLUS(x10,j10);
160 x11 = PLUS(x11,j11);
161 x12 = PLUS(x12,j12);
162 x13 = PLUS(x13,j13);
163 x14 = PLUS(x14,j14);
164 x15 = PLUS(x15,j15);
165
166#ifndef KEYSTREAM_ONLY
167 x0 = XOR(x0,U8TO32_LITTLE(m + 0));
168 x1 = XOR(x1,U8TO32_LITTLE(m + 4));
169 x2 = XOR(x2,U8TO32_LITTLE(m + 8));
170 x3 = XOR(x3,U8TO32_LITTLE(m + 12));
171 x4 = XOR(x4,U8TO32_LITTLE(m + 16));
172 x5 = XOR(x5,U8TO32_LITTLE(m + 20));
173 x6 = XOR(x6,U8TO32_LITTLE(m + 24));
174 x7 = XOR(x7,U8TO32_LITTLE(m + 28));
175 x8 = XOR(x8,U8TO32_LITTLE(m + 32));
176 x9 = XOR(x9,U8TO32_LITTLE(m + 36));
177 x10 = XOR(x10,U8TO32_LITTLE(m + 40));
178 x11 = XOR(x11,U8TO32_LITTLE(m + 44));
179 x12 = XOR(x12,U8TO32_LITTLE(m + 48));
180 x13 = XOR(x13,U8TO32_LITTLE(m + 52));
181 x14 = XOR(x14,U8TO32_LITTLE(m + 56));
182 x15 = XOR(x15,U8TO32_LITTLE(m + 60));
183#endif
184
185 j12 = PLUSONE(j12);
186 if (!j12) {
187 j13 = PLUSONE(j13);
188 /* stopping at 2^70 bytes per nonce is user's responsibility */
189 }
190
191 U32TO8_LITTLE(c + 0,x0);
192 U32TO8_LITTLE(c + 4,x1);
193 U32TO8_LITTLE(c + 8,x2);
194 U32TO8_LITTLE(c + 12,x3);
195 U32TO8_LITTLE(c + 16,x4);
196 U32TO8_LITTLE(c + 20,x5);
197 U32TO8_LITTLE(c + 24,x6);
198 U32TO8_LITTLE(c + 28,x7);
199 U32TO8_LITTLE(c + 32,x8);
200 U32TO8_LITTLE(c + 36,x9);
201 U32TO8_LITTLE(c + 40,x10);
202 U32TO8_LITTLE(c + 44,x11);
203 U32TO8_LITTLE(c + 48,x12);
204 U32TO8_LITTLE(c + 52,x13);
205 U32TO8_LITTLE(c + 56,x14);
206 U32TO8_LITTLE(c + 60,x15);
207
208 if (bytes <= 64) {
209 if (bytes < 64) {
210 for (i = 0;i < bytes;++i) ctarget[i] = c[i];
211 }
212 x->input[12] = j12;
213 x->input[13] = j13;
214 return;
215 }
216 bytes -= 64;
217 c += 64;
218#ifndef KEYSTREAM_ONLY
219 m += 64;
220#endif
221 }
222}
diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3
deleted file mode 100644
index c8ebf9861d..0000000000
--- a/src/lib/libc/crypt/crypt.3
+++ /dev/null
@@ -1,144 +0,0 @@
1.\" $OpenBSD: crypt.3,v 1.45 2015/04/06 20:49:41 tedu Exp $
2.\"
3.\" FreeSec: libcrypt
4.\"
5.\" Copyright (c) 1994 David Burren
6.\" All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\" 1. Redistributions of source code must retain the above copyright
12.\" notice, this list of conditions and the following disclaimer.
13.\" 2. Redistributions in binary form must reproduce the above copyright
14.\" notice, this list of conditions and the following disclaimer in the
15.\" documentation and/or other materials provided with the distribution.
16.\" 4. Neither the name of the author nor the names of other contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" Manual page, using -mandoc macros
33.\"
34.Dd $Mdocdate: April 6 2015 $
35.Dt CRYPT 3
36.Os
37.Sh NAME
38.Nm crypt ,
39.Nm bcrypt_gensalt ,
40.Nm bcrypt
41.Nd password hashing
42.Sh SYNOPSIS
43.In stdlib.h
44.Pp
45.In unistd.h
46.Ft char *
47.Fn crypt "const char *key" "const char *setting"
48.In pwd.h
49.Ft char *
50.Fn bcrypt_gensalt "u_int8_t log_rounds"
51.Ft char *
52.Fn bcrypt "const char *key" "const char *salt"
53.Sh DESCRIPTION
54These functions are deprecated in favor of
55.Xr crypt_checkpass 3
56and
57.Xr crypt_newhash 3 .
58.Pp
59The
60.Fn crypt
61function performs password hashing.
62Additional code has been added to deter key search attempts and to use
63stronger hashing algorithms.
64.Pp
65The first argument to
66.Fn crypt
67is a NUL-terminated
68string
69.Fa key ,
70typically a user's typed password.
71The second,
72.Fa setting ,
73currently supports a single form.
74If it begins
75with a string character
76.Pq Ql $
77and a number then a different algorithm is used depending on the number.
78At the moment
79.Ql $2
80chooses Blowfish hashing; see below for more information.
81.Ss Blowfish crypt
82The Blowfish version of crypt has 128 bits of
83.Fa salt
84in order to make building dictionaries of common passwords space consuming.
85The initial state of the
86Blowfish cipher is expanded using the
87.Fa salt
88and the
89.Fa password
90repeating the process a variable number of rounds, which is encoded in
91the password string.
92The maximum password length is 72.
93The final Blowfish password entry is created by encrypting the string
94.Pp
95.Dq OrpheanBeholderScryDoubt
96.Pp
97with the Blowfish state 64 times.
98.Pp
99The version number, the logarithm of the number of rounds and
100the concatenation of salt and hashed password are separated by the
101.Ql $
102character.
103An encoded
104.Sq 8
105would specify 256 rounds.
106A valid Blowfish password looks like this:
107.Pp
108.Dq $2b$12$FPWWO2RJ3CK4FINTw0Hi8OiPKJcX653gzSS.jqltHFMxyDmmQ0Hqq .
109.Pp
110The whole Blowfish password string is passed as
111.Fa setting
112for interpretation.
113.Sh RETURN VALUES
114The function
115.Fn crypt
116returns a pointer to the encrypted value on success, and
117.Dv NULL
118on failure.
119.Sh SEE ALSO
120.Xr encrypt 1 ,
121.Xr login 1 ,
122.Xr passwd 1 ,
123.Xr blowfish 3 ,
124.Xr crypt_checkpass 3 ,
125.Xr getpass 3 ,
126.Xr passwd 5
127.Sh HISTORY
128A rotor-based
129.Fn crypt
130function appeared in
131.At v3 .
132A DES-based
133.Fn crypt
134first appeared in
135.At v7 .
136.Fn bcrypt
137first appeared in
138.Ox 2.1 .
139.Sh BUGS
140The
141.Fn crypt
142function returns a pointer to static data, and subsequent calls to
143.Fn crypt
144will modify the same object.
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
deleted file mode 100644
index 40d5503544..0000000000
--- a/src/lib/libc/crypt/crypt.c
+++ /dev/null
@@ -1,22 +0,0 @@
1/* $OpenBSD: crypt.c,v 1.31 2015/09/12 14:56:50 guenther Exp $ */
2
3#include <errno.h>
4#include <pwd.h>
5#include <unistd.h>
6
7char *
8crypt(const char *key, const char *setting)
9{
10 if (setting[0] == '$') {
11 switch (setting[1]) {
12 case '2':
13 return bcrypt(key, setting);
14 default:
15 errno = EINVAL;
16 return (NULL);
17 }
18 }
19 errno = EINVAL;
20 return (NULL);
21}
22DEF_WEAK(crypt);
diff --git a/src/lib/libc/crypt/crypt_checkpass.3 b/src/lib/libc/crypt/crypt_checkpass.3
deleted file mode 100644
index 9e0561130a..0000000000
--- a/src/lib/libc/crypt/crypt_checkpass.3
+++ /dev/null
@@ -1,112 +0,0 @@
1.\" $OpenBSD: crypt_checkpass.3,v 1.12 2019/07/29 23:14:06 deraadt Exp $
2.\"
3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: July 29 2019 $
18.Dt CRYPT_CHECKPASS 3
19.Os
20.Sh NAME
21.Nm crypt_checkpass ,
22.Nm crypt_newhash
23.Nd password hashing
24.Sh SYNOPSIS
25.In unistd.h
26.Ft int
27.Fn crypt_checkpass "const char *password" "const char *hash"
28.Ft int
29.Fn crypt_newhash "const char *password" "const char *pref" "char *hash" "size_t hashsize"
30.Sh DESCRIPTION
31The
32.Fn crypt_checkpass
33function simplifies checking a user's password.
34If both the
35.Fa hash
36and the
37.Fa password
38are the empty string, authentication
39is a success.
40Otherwise, the
41.Fa password
42is hashed and compared to the provided
43.Fa hash .
44If the
45.Fa hash
46is
47.Dv NULL ,
48authentication will always fail, but a default
49amount of work is performed to simulate the hashing operation.
50A successful match will return 0.
51A failure will return \-1 and set
52.Xr errno 2 .
53.Pp
54The
55.Fn crypt_newhash
56function simplifies the creation of new password hashes.
57The provided
58.Fa password
59is randomly salted and hashed and stored in
60.Fa hash .
61The size of the available space is specified by
62.Fa hashsize ,
63which should be
64.Dv _PASSWORD_LEN .
65The
66.Fa pref
67argument identifies the preferred hashing algorithm and parameters.
68Possible values are:
69.Bl -tag -width Ds
70.It Dq bcrypt,<rounds>
71The bcrypt algorithm, where the value of rounds can be between 4 and 31 and
72specifies the base 2 logarithm of the number of rounds.
73If rounds is omitted or the special value
74.Sq a ,
75an appropriate number of rounds is automatically selected based on system
76performance.
77.El
78.Sh RETURN VALUES
79.Rv -std crypt_checkpass crypt_newhash
80.Sh ERRORS
81The
82.Fn crypt_checkpass
83function sets
84.Va errno
85to
86.Er EACCES
87when authentication fails.
88.Pp
89The
90.Fn crypt_newhash
91function sets
92.Va errno
93to
94.Er EINVAL
95if
96.Fa pref
97is unsupported or insufficient space is provided.
98.Sh SEE ALSO
99.Xr crypt 3 ,
100.Xr login.conf 5 ,
101.Xr passwd 5
102.Sh HISTORY
103The function
104.Fn crypt_checkpass
105first appeared in
106.Ox 5.6 ,
107and
108.Fn crypt_newhash
109in
110.Ox 5.7 .
111.Sh AUTHORS
112.An Ted Unangst Aq Mt tedu@openbsd.org
diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c
deleted file mode 100644
index f48ba1af2c..0000000000
--- a/src/lib/libc/crypt/cryptutil.c
+++ /dev/null
@@ -1,97 +0,0 @@
1/* $OpenBSD: cryptutil.c,v 1.12 2015/09/13 15:33:48 guenther Exp $ */
2/*
3 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17#include <stdlib.h>
18#include <unistd.h>
19#include <string.h>
20#include <pwd.h>
21#include <login_cap.h>
22#include <errno.h>
23
24int
25crypt_checkpass(const char *pass, const char *goodhash)
26{
27 char dummy[_PASSWORD_LEN];
28
29 if (goodhash == NULL) {
30 /* fake it */
31 goto fake;
32 }
33
34 /* empty password */
35 if (strlen(goodhash) == 0 && strlen(pass) == 0)
36 return 0;
37
38 if (goodhash[0] == '$' && goodhash[1] == '2') {
39 if (bcrypt_checkpass(pass, goodhash))
40 goto fail;
41 return 0;
42 }
43
44 /* unsupported. fake it. */
45fake:
46 bcrypt_newhash(pass, 8, dummy, sizeof(dummy));
47fail:
48 errno = EACCES;
49 return -1;
50}
51DEF_WEAK(crypt_checkpass);
52
53int
54crypt_newhash(const char *pass, const char *pref, char *hash, size_t hashlen)
55{
56 int rv = -1;
57 const char *defaultpref = "blowfish,8";
58 const char *errstr;
59 const char *choices[] = { "blowfish", "bcrypt" };
60 size_t maxchoice = sizeof(choices) / sizeof(choices[0]);
61 int i;
62 int rounds;
63
64 if (pref == NULL)
65 pref = defaultpref;
66
67 for (i = 0; i < maxchoice; i++) {
68 const char *choice = choices[i];
69 size_t len = strlen(choice);
70 if (strcmp(pref, choice) == 0) {
71 rounds = _bcrypt_autorounds();
72 break;
73 } else if (strncmp(pref, choice, len) == 0 &&
74 pref[len] == ',') {
75 if (strcmp(pref + len + 1, "a") == 0) {
76 rounds = _bcrypt_autorounds();
77 } else {
78 rounds = strtonum(pref + len + 1, 4, 31, &errstr);
79 if (errstr) {
80 errno = EINVAL;
81 goto err;
82 }
83 }
84 break;
85 }
86 }
87 if (i == maxchoice) {
88 errno = EINVAL;
89 goto err;
90 }
91
92 rv = bcrypt_newhash(pass, rounds, hash, hashlen);
93
94err:
95 return rv;
96}
97DEF_WEAK(crypt_newhash);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-02-12 08:12:00 +0000