crypt.c File Reference

Asterisk wrapper for crypt(3) More...

#include "asterisk.h"
#include <unistd.h>
#include <crypt.h>
#include "asterisk/utils.h"

Include dependency graph for crypt.c:

Go to the source code of this file.

Macros
#define	MAX_SALT_LEN   21
	Max length of a salt string. More...

Functions
char *	ast_crypt (const char *key, const char *salt)
	Asterisk wrapper around crypt(3). More...
char *	ast_crypt_encrypt (const char *key)
	Asterisk wrapper around crypt(3) for encrypting passwords. More...
int	ast_crypt_validate (const char *key, const char *expected)
	Asterisk wrapper around crypt(3) for validating passwords. More...
static int	gen_salt (char *current_salt, size_t maxlen)
	Generates a salt to try with crypt. More...
static char	gen_salt_char (void)

Variables
static char	salt_chars []

Detailed Description

Asterisk wrapper for crypt(3)

Author

David M. Lee, II dlee@.nosp@m.digi.nosp@m.um.co.nosp@m.m

Definition in file crypt.c.

Macro Definition Documentation

MAX_SALT_LEN

#define MAX_SALT_LEN   21

Max length of a salt string.

$[1,5,6]$[a–zA–Z0–9./]{1,16}$, plus null terminator

Definition at line 43 of file crypt.c.

Referenced by ast_crypt_encrypt(), and gen_salt().

Function Documentation

ast_crypt()

char* ast_crypt	(	const char *	key,
		const char *	salt
	)

Asterisk wrapper around crypt(3).

The interpretation of the salt (which determines the password hashing algorithm) is system specific. Application code should prefer to use ast_crypt_encrypt() or ast_crypt_validate().

The returned string is heap allocated, and should be freed with ast_free().

Parameters

key	User's password to crypt.
salt	Salt to crypt with.

Returns

Crypted password.

NULL on error.

Definition at line 121 of file crypt.c.

References ast_begins_with(), ast_strdup, and NULL.

Referenced by ast_crypt_encrypt(), and ast_crypt_validate().

{
   struct crypt_data data = {};
   const char *crypted = crypt_r(key, salt, &data);

   /* Crypt may return success even if it doesn't recognize the salt. But
    * in those cases it always mangles the salt in some way.
    */
   if (!crypted || !ast_begins_with(crypted, salt)) {
      return NULL;
   }

   return ast_strdup(crypted);
}

ast_crypt_encrypt()

char* ast_crypt_encrypt

(

const char *

key

)

Asterisk wrapper around crypt(3) for encrypting passwords.

This function will generate a random salt and encrypt the given password.

The returned string is heap allocated, and should be freed with ast_free().

Parameters

key	User's password to crypt.

Returns

Crypted password.

NULL on error.

Definition at line 190 of file crypt.c.

References ast_crypt(), gen_salt(), MAX_SALT_LEN, and NULL.

Referenced by ari_mkpasswd(), and AST_TEST_DEFINE().

{
   char salt[MAX_SALT_LEN] = {};
   while (gen_salt(salt, sizeof(salt)) == 0) {
      char *crypted = ast_crypt(key, salt);
      if (crypted) {
         return crypted;
      }
   }
   return NULL;
}

ast_crypt_validate()

int ast_crypt_validate	(	const char *	key,
		const char *	expected
	)

Asterisk wrapper around crypt(3) for validating passwords.

Parameters

key	User's password to validate.
expected	Expected result from crypt.

Returns

True (non-zero) if key matches expected.

False (zero) if key doesn't match.

Definition at line 136 of file crypt.c.

References ast_begins_with(), ast_crypt(), ast_log, AST_MUTEX_DEFINE_STATIC, ast_strdup, lock, LOG_WARNING, NULL, and SCOPED_MUTEX.

Referenced by ast_ari_config_validate_user(), and AST_TEST_DEFINE().

{
   struct crypt_data data = {};
   return strcmp(expected, crypt_r(key, expected, &data)) == 0;
}

gen_salt()

static int gen_salt ( char *  current_salt, size_t  maxlen  )

static

Generates a salt to try with crypt.

If given an empty string, will generate a salt for the most secure algorithm to try with crypt(). If given a previously generated salt, the algorithm will be lowered by one level of security.

Parameters

[out]	current_salt	Output string in which to generate the salt. This can be an empty string, or the results of a prior gen_salt call.
	max_len	Length of current_salt.

Returns

0 on success.

Non-zero on error.

Definition at line 72 of file crypt.c.

References gen_salt_char(), MAX_SALT_LEN, and NULL.

Referenced by ast_crypt_encrypt().

{
   int i;

   if (maxlen < MAX_SALT_LEN || current_salt == NULL) {
      return -1;
   }

   switch (current_salt[0]) {
   case '\0':
      /* Initial generation; $6$ = SHA-512 */
      *current_salt++ = '$';
      *current_salt++ = '6';
      *current_salt++ = '$';
      for (i = 0; i < 16; ++i) {
         *current_salt++ = gen_salt_char();
      }
      *current_salt++ = '$';
      *current_salt++ = '\0';
      return 0;
   case '$':
      switch (current_salt[1]) {
      case '6':
         /* Downgrade to SHA-256 */
         current_salt[1] = '5';
         return 0;
      case '5':
         /* Downgrade to MD5 */
         current_salt[1] = '1';
         return 0;
      case '1':
         /* Downgrade to traditional crypt */
         *current_salt++ = gen_salt_char();
         *current_salt++ = gen_salt_char();
         *current_salt++ = '\0';
         return 0;
      default:
         /* Unrecognized algorithm */
         return -1;
      }
   default:
      /* Was already as insecure as it gets */
      return -1;
   }

}

gen_salt_char()

static char gen_salt_char ( void  )

static

Randomly select a character for a salt string

Definition at line 52 of file crypt.c.

References ast_random_double, and salt_chars.

Referenced by gen_salt().

{
   int which = ast_random_double() * 64;
   return salt_chars[which];
}

Variable Documentation

salt_chars

char salt_chars[]

static

Initial value:

=
   "abcdefghijklmnopqrstuvwxyz"
   "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
   "0123456789"
   "./"

Definition at line 45 of file crypt.c.

Referenced by gen_salt_char().