#include #include #include #include #include #include #include #include #include "crypt_blowfish.h" #define BF_MAX_SALT_LEN 60 #define RANDBYTES 16 static const char base64_table[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/', '\0' }; static const char base64_pad = '='; unsigned char *php_base64_encode(const unsigned char *str, int length, int *ret_length) { const unsigned char *current = str; unsigned char *p; unsigned char *result; if ((length + 2) < 0 || ((length + 2) / 3) >= (1 << (sizeof(int) * 8 - 2))) { if (ret_length != NULL) { *ret_length = 0; } return NULL; } result = (unsigned char *)malloc(((length + 2) / 3) * 4); p = result; while (length > 2) { /* keep going until we have less than 24 bits */ *p++ = base64_table[current[0] >> 2]; *p++ = base64_table[((current[0] & 0x03) << 4) + (current[1] >> 4)]; *p++ = base64_table[((current[1] & 0x0f) << 2) + (current[2] >> 6)]; *p++ = base64_table[current[2] & 0x3f]; current += 3; length -= 3; /* we just handle 3 octets of data */ } /* now deal with the tail end of things */ if (length != 0) { *p++ = base64_table[current[0] >> 2]; if (length > 1) { *p++ = base64_table[((current[0] & 0x03) << 4) + (current[1] >> 4)]; *p++ = base64_table[(current[1] & 0x0f) << 2]; *p++ = base64_pad; } else { *p++ = base64_table[(current[0] & 0x03) << 4]; *p++ = base64_pad; *p++ = base64_pad; } } if (ret_length != NULL) { *ret_length = (int)(p - result); } *p = '\0'; return result; } static int php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) { size_t pos = 0; size_t ret_len = 0; unsigned char *buffer; if ((int) str_len < 0) { return 1; } buffer = php_base64_encode((unsigned char*) str, (int) str_len, (int*) &ret_len); if (ret_len < out_len) { /* Too short of an encoded string generated */ free(buffer); return 1; } for (pos = 0; pos < out_len; pos++) { if (buffer[pos] == '+') { ret[pos] = '.'; } else if (buffer[pos] == '=') { free(buffer); return 1; } else { ret[pos] = buffer[pos]; } } free(buffer); return 0; } static int blowfish_make_salt(size_t length, char *ret) { int buffer_valid = 0; size_t i, raw_length; char *buffer; char *result; if (length > (INT_MAX / 3)) { perror("Length is too large to safely generate"); return 1; } raw_length = length * 3 / 4 + 1; buffer = (char*)malloc(raw_length); { int fd, n; size_t read_bytes = 0; fd = open("/dev/urandom", O_RDONLY); if (fd >= 0) { while (read_bytes < raw_length) { n = read(fd, buffer + read_bytes, raw_length - read_bytes); if (n < 0) { break; } read_bytes += (size_t) n; } close(fd); } if (read_bytes >= raw_length) { buffer_valid = 1; } } if (!buffer_valid) { for (i = 0; i < raw_length; i++) { buffer[i] ^= (char) (255.0 * rand() / RAND_MAX); } } result = (char*)malloc(length); if (php_password_salt_to64(buffer, raw_length, length, result) == 1) { perror("Generated salt too short"); free(buffer); free(result); return 1; } memcpy(ret, result, length); free(result); free(buffer); ret[length] = 0; return 0; } int password_hash(const char *pass, int cost, char *crpt) { static long required_salt_len = 22; char *newsalt,*output, *final; char crypted[BF_MAX_SALT_LEN +1]; char salt[required_salt_len]; output = (char*)malloc(32); memset(crypted, 0, BF_MAX_SALT_LEN + 1); blowfish_make_salt(required_salt_len, salt); newsalt = _crypt_gensalt_blowfish_rn("$2y$", cost, salt, required_salt_len, output, 30); final = php_crypt_blowfish_rn(pass, newsalt, crypted, sizeof(crypted)); free(output); strcpy(crpt,final); return 0; } #ifdef BCRYPT_TEST int main(int argc, char * argv[]) { char * hash; const char * pass = "testpassword"; int ret; hash = (char*)malloc(BF_MAX_SALT_LEN +1); if(argc > 1) { ret = password_hash(argv[1], 10, hash); } else { ret = password_hash(pass,10, hash); } printf("hash : %s\n",hash); free(hash); return 0; } #endif