2
0

Make bcrypt code more standard.

This commit is contained in:
Maarten Billemont 2017-09-07 00:05:55 -04:00
parent 1c0f274868
commit 5ef69aa045
3 changed files with 119 additions and 187 deletions

View File

@ -31,11 +31,10 @@
* *
*/ */
#include <sys/types.h>
#include <ctype.h> #include <ctype.h>
#include <errno.h> #include <errno.h>
#include <pwd.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
@ -198,75 +197,6 @@ bcrypt_hashpass(const char *key, const uint8_t *salt, char *encrypted,
return -1; return -1;
} }
/*
* user friendly functions
*/
static int
bcrypt_newhash(const char *pass, int log_rounds, char *hash, size_t hashlen) {
uint8_t salt[BCRYPT_SALTSPACE];
if (bcrypt_initsalt( log_rounds, salt, sizeof( salt ) ) != 0)
return -1;
if (bcrypt_hashpass( pass, salt, hash, hashlen ) != 0)
return -1;
bzero( salt, sizeof( salt ) );
return 0;
}
static int __unused
bcrypt_checkpass(const char *pass, const char *goodhash) {
char hash[BCRYPT_HASHSPACE];
if (bcrypt_hashpass( pass, (const uint8_t *)goodhash, hash, sizeof( hash ) ) != 0)
return -1;
if (strlen( hash ) != strlen( goodhash ) ||
timingsafe_bcmp( hash, goodhash, strlen( goodhash ) ) != 0) {
errno = EACCES;
return -1;
}
bzero( hash, sizeof( hash ) );
return 0;
}
/*
* Measure this system's performance by measuring the time for 8 rounds.
* We are aiming for something that takes around 0.1s, but not too much over.
*/
static int __unused
_bcrypt_autorounds(void) {
struct timespec before, after;
int r = 8;
char buf[_PASSWORD_LEN];
time_t duration;
clock_gettime( CLOCK_THREAD_CPUTIME_ID, &before );
bcrypt_newhash( "testpassword", r, buf, sizeof( buf ) );
clock_gettime( CLOCK_THREAD_CPUTIME_ID, &after );
duration = after.tv_sec - before.tv_sec;
duration *= 1000000;
duration += (after.tv_nsec - before.tv_nsec) / 1000;
/* too quick? slow it down. */
while (r < 16 && duration <= 60000) {
r += 1;
duration *= 2;
}
/* too slow? speed it up. */
while (r > 6 && duration > 120000) {
r -= 1;
duration /= 2;
}
return r;
}
/* /*
* internal utilities * internal utilities
*/ */

View File

@ -31,6 +31,8 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
#include <stdint.h>
#ifndef _BLF_H_ #ifndef _BLF_H_
#define _BLF_H_ #define _BLF_H_
@ -47,8 +49,8 @@
/* Blowfish context */ /* Blowfish context */
typedef struct BlowfishContext { typedef struct BlowfishContext {
u_int32_t S[4][256]; /* S-Boxes */ uint32_t S[4][256]; /* S-Boxes */
u_int32_t P[BLF_N + 2]; /* Subkeys */ uint32_t P[BLF_N + 2]; /* Subkeys */
} blf_ctx; } blf_ctx;
/* Raw access to customized Blowfish /* Raw access to customized Blowfish
@ -57,25 +59,25 @@ typedef struct BlowfishContext {
* Blowfish_expand0state( state, key, keylen ) * Blowfish_expand0state( state, key, keylen )
*/ */
void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *); void Blowfish_encipher(blf_ctx *, uint32_t *, uint32_t *);
void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *); void Blowfish_decipher(blf_ctx *, uint32_t *, uint32_t *);
void Blowfish_initstate(blf_ctx *); void Blowfish_initstate(blf_ctx *);
void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t); void Blowfish_expand0state(blf_ctx *, const uint8_t *, u_int16_t);
void Blowfish_expandstate(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t); void Blowfish_expandstate(blf_ctx *, const uint8_t *, u_int16_t, const uint8_t *, u_int16_t);
/* Standard Blowfish */ /* Standard Blowfish */
void blf_key(blf_ctx *, const u_int8_t *, u_int16_t); void blf_key(blf_ctx *, const uint8_t *, u_int16_t);
void blf_enc(blf_ctx *, u_int32_t *, u_int16_t); void blf_enc(blf_ctx *, uint32_t *, u_int16_t);
void blf_dec(blf_ctx *, u_int32_t *, u_int16_t); void blf_dec(blf_ctx *, uint32_t *, u_int16_t);
void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t); void blf_ecb_encrypt(blf_ctx *, uint8_t *, uint32_t);
void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t); void blf_ecb_decrypt(blf_ctx *, uint8_t *, uint32_t);
void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); void blf_cbc_encrypt(blf_ctx *, uint8_t *, uint8_t *, uint32_t);
void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); void blf_cbc_decrypt(blf_ctx *, uint8_t *, uint8_t *, uint32_t);
/* Converts u_int8_t to u_int32_t */ /* Converts uint8_t to uint32_t */
u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t, u_int16_t *); uint32_t Blowfish_stream2word(const uint8_t *, u_int16_t, u_int16_t *);
#endif #endif

View File

@ -63,12 +63,12 @@
#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) #define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
void void
Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) Blowfish_encipher(blf_ctx *c, uint32_t *xl, uint32_t *xr)
{ {
u_int32_t Xl; uint32_t Xl;
u_int32_t Xr; uint32_t Xr;
u_int32_t *s = c->S[0]; uint32_t *s = c->S[0];
u_int32_t *p = c->P; uint32_t *p = c->P;
Xl = *xl; Xl = *xl;
Xr = *xr; Xr = *xr;
@ -88,12 +88,12 @@ Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
} }
void void
Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) Blowfish_decipher(blf_ctx *c, uint32_t *xl, uint32_t *xr)
{ {
u_int32_t Xl; uint32_t Xl;
u_int32_t Xr; uint32_t Xr;
u_int32_t *s = c->S[0]; uint32_t *s = c->S[0];
u_int32_t *p = c->P; uint32_t *p = c->P;
Xl = *xl; Xl = *xl;
Xr = *xr; Xr = *xr;
@ -391,13 +391,13 @@ Blowfish_initstate(blf_ctx *c)
*c = initstate; *c = initstate;
} }
u_int32_t uint32_t
Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, Blowfish_stream2word(const uint8_t *data, uint16_t databytes,
u_int16_t *current) uint16_t *current)
{ {
u_int8_t i; uint8_t i;
u_int16_t j; uint16_t j;
u_int32_t temp; uint32_t temp;
temp = 0x00000000; temp = 0x00000000;
j = *current; j = *current;
@ -413,14 +413,14 @@ Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
} }
void void
Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) Blowfish_expand0state(blf_ctx *c, const uint8_t *key, uint16_t keybytes)
{ {
u_int16_t i; uint16_t i;
u_int16_t j; uint16_t j;
u_int16_t k; uint16_t k;
u_int32_t temp; uint32_t temp;
u_int32_t datal; uint32_t datal;
u_int32_t datar; uint32_t datar;
j = 0; j = 0;
for (i = 0; i < BLF_N + 2; i++) { for (i = 0; i < BLF_N + 2; i++) {
@ -451,15 +451,15 @@ Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
void void
Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, Blowfish_expandstate(blf_ctx *c, const uint8_t *data, uint16_t databytes,
const u_int8_t *key, u_int16_t keybytes) const uint8_t *key, uint16_t keybytes)
{ {
u_int16_t i; uint16_t i;
u_int16_t j; uint16_t j;
u_int16_t k; uint16_t k;
u_int32_t temp; uint32_t temp;
u_int32_t datal; uint32_t datal;
u_int32_t datar; uint32_t datar;
j = 0; j = 0;
for (i = 0; i < BLF_N + 2; i++) { for (i = 0; i < BLF_N + 2; i++) {
@ -494,7 +494,7 @@ Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
} }
void void
__unused blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) __unused blf_key(blf_ctx *c, const uint8_t *k, uint16_t len)
{ {
/* Initialize S-boxes and subkeys with Pi */ /* Initialize S-boxes and subkeys with Pi */
Blowfish_initstate(c); Blowfish_initstate(c);
@ -504,10 +504,10 @@ __unused blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
} }
void void
blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) blf_enc(blf_ctx *c, uint32_t *data, uint16_t blocks)
{ {
u_int32_t *d; uint32_t *d;
u_int16_t i; uint16_t i;
d = data; d = data;
for (i = 0; i < blocks; i++) { for (i = 0; i < blocks; i++) {
@ -517,10 +517,10 @@ blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
} }
void void
__unused blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) __unused blf_dec(blf_ctx *c, uint32_t *data, uint16_t blocks)
{ {
u_int32_t *d; uint32_t *d;
u_int16_t i; uint16_t i;
d = data; d = data;
for (i = 0; i < blocks; i++) { for (i = 0; i < blocks; i++) {
@ -530,111 +530,111 @@ __unused blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
} }
void void
__unused blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) __unused blf_ecb_encrypt(blf_ctx *c, uint8_t *data, uint32_t len)
{ {
u_int32_t l, r; uint32_t l, r;
u_int32_t i; uint32_t i;
for (i = 0; i < len; i += 8) { for (i = 0; i < len; i += 8) {
l = (u_int32_t)data[0] << 24 | (u_int32_t)data[1] << 16 | (u_int32_t)data[2] << 8 | (u_int32_t)data[3]; l = (uint32_t)data[0] << 24 | (uint32_t)data[1] << 16 | (uint32_t)data[2] << 8 | (uint32_t)data[3];
r = (u_int32_t)data[4] << 24 | (u_int32_t)data[5] << 16 | (u_int32_t)data[6] << 8 | (u_int32_t)data[7]; r = (uint32_t)data[4] << 24 | (uint32_t)data[5] << 16 | (uint32_t)data[6] << 8 | (uint32_t)data[7];
Blowfish_encipher(c, &l, &r); Blowfish_encipher(c, &l, &r);
data[0] = (u_int8_t)(l >> 24 & 0xff); data[0] = (uint8_t)(l >> 24 & 0xff);
data[1] = (u_int8_t)(l >> 16 & 0xff); data[1] = (uint8_t)(l >> 16 & 0xff);
data[2] = (u_int8_t)(l >> 8 & 0xff); data[2] = (uint8_t)(l >> 8 & 0xff);
data[3] = (u_int8_t)(l & 0xff); data[3] = (uint8_t)(l & 0xff);
data[4] = (u_int8_t)(r >> 24 & 0xff); data[4] = (uint8_t)(r >> 24 & 0xff);
data[5] = (u_int8_t)(r >> 16 & 0xff); data[5] = (uint8_t)(r >> 16 & 0xff);
data[6] = (u_int8_t)(r >> 8 & 0xff); data[6] = (uint8_t)(r >> 8 & 0xff);
data[7] = (u_int8_t)(r & 0xff); data[7] = (uint8_t)(r & 0xff);
data += 8; data += 8;
} }
} }
void void
__unused blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) __unused blf_ecb_decrypt(blf_ctx *c, uint8_t *data, uint32_t len)
{ {
u_int32_t l, r; uint32_t l, r;
u_int32_t i; uint32_t i;
for (i = 0; i < len; i += 8) { for (i = 0; i < len; i += 8) {
l = (u_int32_t)data[0] << 24 | (u_int32_t)data[1] << 16 | (u_int32_t)data[2] << 8 | (u_int32_t)data[3]; l = (uint32_t)data[0] << 24 | (uint32_t)data[1] << 16 | (uint32_t)data[2] << 8 | (uint32_t)data[3];
r = (u_int32_t)data[4] << 24 | (u_int32_t)data[5] << 16 | (u_int32_t)data[6] << 8 | (u_int32_t)data[7]; r = (uint32_t)data[4] << 24 | (uint32_t)data[5] << 16 | (uint32_t)data[6] << 8 | (uint32_t)data[7];
Blowfish_decipher(c, &l, &r); Blowfish_decipher(c, &l, &r);
data[0] = (u_int8_t)(l >> 24 & 0xff); data[0] = (uint8_t)(l >> 24 & 0xff);
data[1] = (u_int8_t)(l >> 16 & 0xff); data[1] = (uint8_t)(l >> 16 & 0xff);
data[2] = (u_int8_t)(l >> 8 & 0xff); data[2] = (uint8_t)(l >> 8 & 0xff);
data[3] = (u_int8_t)(l & 0xff); data[3] = (uint8_t)(l & 0xff);
data[4] = (u_int8_t)(r >> 24 & 0xff); data[4] = (uint8_t)(r >> 24 & 0xff);
data[5] = (u_int8_t)(r >> 16 & 0xff); data[5] = (uint8_t)(r >> 16 & 0xff);
data[6] = (u_int8_t)(r >> 8 & 0xff); data[6] = (uint8_t)(r >> 8 & 0xff);
data[7] = (u_int8_t)(r & 0xff); data[7] = (uint8_t)(r & 0xff);
data += 8; data += 8;
} }
} }
void void
__unused blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) __unused blf_cbc_encrypt(blf_ctx *c, uint8_t *iv, uint8_t *data, uint32_t len)
{ {
u_int32_t l, r; uint32_t l, r;
u_int32_t i, j; uint32_t i, j;
for (i = 0; i < len; i += 8) { for (i = 0; i < len; i += 8) {
for (j = 0; j < 8; j++) for (j = 0; j < 8; j++)
data[j] ^= iv[j]; data[j] ^= iv[j];
l = (u_int32_t)data[0] << 24 | (u_int32_t)data[1] << 16 | (u_int32_t)data[2] << 8 | (u_int32_t)data[3]; l = (uint32_t)data[0] << 24 | (uint32_t)data[1] << 16 | (uint32_t)data[2] << 8 | (uint32_t)data[3];
r = (u_int32_t)data[4] << 24 | (u_int32_t)data[5] << 16 | (u_int32_t)data[6] << 8 | (u_int32_t)data[7]; r = (uint32_t)data[4] << 24 | (uint32_t)data[5] << 16 | (uint32_t)data[6] << 8 | (uint32_t)data[7];
Blowfish_encipher(c, &l, &r); Blowfish_encipher(c, &l, &r);
data[0] = (u_int8_t)(l >> 24 & 0xff); data[0] = (uint8_t)(l >> 24 & 0xff);
data[1] = (u_int8_t)(l >> 16 & 0xff); data[1] = (uint8_t)(l >> 16 & 0xff);
data[2] = (u_int8_t)(l >> 8 & 0xff); data[2] = (uint8_t)(l >> 8 & 0xff);
data[3] = (u_int8_t)(l & 0xff); data[3] = (uint8_t)(l & 0xff);
data[4] = (u_int8_t)(r >> 24 & 0xff); data[4] = (uint8_t)(r >> 24 & 0xff);
data[5] = (u_int8_t)(r >> 16 & 0xff); data[5] = (uint8_t)(r >> 16 & 0xff);
data[6] = (u_int8_t)(r >> 8 & 0xff); data[6] = (uint8_t)(r >> 8 & 0xff);
data[7] = (u_int8_t)(r & 0xff); data[7] = (uint8_t)(r & 0xff);
iv = data; iv = data;
data += 8; data += 8;
} }
} }
void void
__unused blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) __unused blf_cbc_decrypt(blf_ctx *c, uint8_t *iva, uint8_t *data, uint32_t len)
{ {
u_int32_t l, r; uint32_t l, r;
u_int8_t *iv; uint8_t *iv;
u_int32_t i, j; uint32_t i, j;
iv = data + len - 16; iv = data + len - 16;
data = data + len - 8; data = data + len - 8;
for (i = len - 8; i >= 8; i -= 8) { for (i = len - 8; i >= 8; i -= 8) {
l = (u_int32_t)data[0] << 24 | (u_int32_t)data[1] << 16 | (u_int32_t)data[2] << 8 | (u_int32_t)data[3]; l = (uint32_t)data[0] << 24 | (uint32_t)data[1] << 16 | (uint32_t)data[2] << 8 | (uint32_t)data[3];
r = (u_int32_t)data[4] << 24 | (u_int32_t)data[5] << 16 | (u_int32_t)data[6] << 8 | (u_int32_t)data[7]; r = (uint32_t)data[4] << 24 | (uint32_t)data[5] << 16 | (uint32_t)data[6] << 8 | (uint32_t)data[7];
Blowfish_decipher(c, &l, &r); Blowfish_decipher(c, &l, &r);
data[0] = (u_int8_t)(l >> 24 & 0xff); data[0] = (uint8_t)(l >> 24 & 0xff);
data[1] = (u_int8_t)(l >> 16 & 0xff); data[1] = (uint8_t)(l >> 16 & 0xff);
data[2] = (u_int8_t)(l >> 8 & 0xff); data[2] = (uint8_t)(l >> 8 & 0xff);
data[3] = (u_int8_t)(l & 0xff); data[3] = (uint8_t)(l & 0xff);
data[4] = (u_int8_t)(r >> 24 & 0xff); data[4] = (uint8_t)(r >> 24 & 0xff);
data[5] = (u_int8_t)(r >> 16 & 0xff); data[5] = (uint8_t)(r >> 16 & 0xff);
data[6] = (u_int8_t)(r >> 8 & 0xff); data[6] = (uint8_t)(r >> 8 & 0xff);
data[7] = (u_int8_t)(r & 0xff); data[7] = (uint8_t)(r & 0xff);
for (j = 0; j < 8; j++) for (j = 0; j < 8; j++)
data[j] ^= iv[j]; data[j] ^= iv[j];
iv -= 8; iv -= 8;
data -= 8; data -= 8;
} }
l = (u_int32_t)data[0] << 24 | (u_int32_t)data[1] << 16 | (u_int32_t)data[2] << 8 | (u_int32_t)data[3]; l = (uint32_t)data[0] << 24 | (uint32_t)data[1] << 16 | (uint32_t)data[2] << 8 | (uint32_t)data[3];
r = (u_int32_t)data[4] << 24 | (u_int32_t)data[5] << 16 | (u_int32_t)data[6] << 8 | (u_int32_t)data[7]; r = (uint32_t)data[4] << 24 | (uint32_t)data[5] << 16 | (uint32_t)data[6] << 8 | (uint32_t)data[7];
Blowfish_decipher(c, &l, &r); Blowfish_decipher(c, &l, &r);
data[0] = (u_int8_t)(l >> 24 & 0xff); data[0] = (uint8_t)(l >> 24 & 0xff);
data[1] = (u_int8_t)(l >> 16 & 0xff); data[1] = (uint8_t)(l >> 16 & 0xff);
data[2] = (u_int8_t)(l >> 8 & 0xff); data[2] = (uint8_t)(l >> 8 & 0xff);
data[3] = (u_int8_t)(l & 0xff); data[3] = (uint8_t)(l & 0xff);
data[4] = (u_int8_t)(r >> 24 & 0xff); data[4] = (uint8_t)(r >> 24 & 0xff);
data[5] = (u_int8_t)(r >> 16 & 0xff); data[5] = (uint8_t)(r >> 16 & 0xff);
data[6] = (u_int8_t)(r >> 8 & 0xff); data[6] = (uint8_t)(r >> 8 & 0xff);
data[7] = (u_int8_t)(r & 0xff); data[7] = (uint8_t)(r & 0xff);
for (j = 0; j < 8; j++) for (j = 0; j < 8; j++)
data[j] ^= iva[j]; data[j] ^= iva[j];
} }