Asterisk - The Open Source Telephony Project  18.5.0
Macros | Functions | Variables
crypt.c File Reference

Asterisk wrapper for crypt(3) More...

#include "asterisk.h"
#include <unistd.h>
#include <crypt.h>
#include "asterisk/utils.h"
Include dependency graph for crypt.c:

Go to the source code of this file.

Macros

#define MAX_SALT_LEN   21
 Max length of a salt string. More...
 

Functions

char * ast_crypt (const char *key, const char *salt)
 Asterisk wrapper around crypt(3). More...
 
char * ast_crypt_encrypt (const char *key)
 Asterisk wrapper around crypt(3) for encrypting passwords. More...
 
int ast_crypt_validate (const char *key, const char *expected)
 Asterisk wrapper around crypt(3) for validating passwords. More...
 
static int gen_salt (char *current_salt, size_t maxlen)
 Generates a salt to try with crypt. More...
 
static char gen_salt_char (void)
 

Variables

static char salt_chars []
 

Detailed Description

Asterisk wrapper for crypt(3)

Author
David M. Lee, II dlee@.nosp@m.digi.nosp@m.um.co.nosp@m.m

Definition in file crypt.c.

Macro Definition Documentation

◆ MAX_SALT_LEN

#define MAX_SALT_LEN   21

Max length of a salt string.

$[1,5,6]$[a–zA–Z0–9./]{1,16}$, plus null terminator

Definition at line 43 of file crypt.c.

Referenced by ast_crypt_encrypt(), and gen_salt().

Function Documentation

◆ ast_crypt()

char* ast_crypt ( const char *  key,
const char *  salt 
)

Asterisk wrapper around crypt(3).

The interpretation of the salt (which determines the password hashing algorithm) is system specific. Application code should prefer to use ast_crypt_encrypt() or ast_crypt_validate().

The returned string is heap allocated, and should be freed with ast_free().

Parameters
keyUser's password to crypt.
saltSalt to crypt with.
Returns
Crypted password.
NULL on error.

Definition at line 121 of file crypt.c.

References ast_begins_with(), ast_strdup, and NULL.

Referenced by ast_crypt_encrypt(), and ast_crypt_validate().

122 {
123  struct crypt_data data = {};
124  const char *crypted = crypt_r(key, salt, &data);
125 
126  /* Crypt may return success even if it doesn't recognize the salt. But
127  * in those cases it always mangles the salt in some way.
128  */
129  if (!crypted || !ast_begins_with(crypted, salt)) {
130  return NULL;
131  }
132 
133  return ast_strdup(crypted);
134 }
#define ast_strdup(str)
A wrapper for strdup()
Definition: astmm.h:243
#define NULL
Definition: resample.c:96
static int force_inline attribute_pure ast_begins_with(const char *str, const char *prefix)
Definition: strings.h:94

◆ ast_crypt_encrypt()

char* ast_crypt_encrypt ( const char *  key)

Asterisk wrapper around crypt(3) for encrypting passwords.

This function will generate a random salt and encrypt the given password.

The returned string is heap allocated, and should be freed with ast_free().

Parameters
keyUser's password to crypt.
Returns
Crypted password.
NULL on error.

Definition at line 190 of file crypt.c.

References ast_crypt(), gen_salt(), MAX_SALT_LEN, and NULL.

Referenced by ari_mkpasswd(), and AST_TEST_DEFINE().

191 {
192  char salt[MAX_SALT_LEN] = {};
193  while (gen_salt(salt, sizeof(salt)) == 0) {
194  char *crypted = ast_crypt(key, salt);
195  if (crypted) {
196  return crypted;
197  }
198  }
199  return NULL;
200 }
static int gen_salt(char *current_salt, size_t maxlen)
Generates a salt to try with crypt.
Definition: crypt.c:72
#define NULL
Definition: resample.c:96
#define MAX_SALT_LEN
Max length of a salt string.
Definition: crypt.c:43
char * ast_crypt(const char *key, const char *salt)
Asterisk wrapper around crypt(3).
Definition: crypt.c:121

◆ ast_crypt_validate()

int ast_crypt_validate ( const char *  key,
const char *  expected 
)

Asterisk wrapper around crypt(3) for validating passwords.

Parameters
keyUser's password to validate.
expectedExpected result from crypt.
Returns
True (non-zero) if key matches expected.
False (zero) if key doesn't match.

Definition at line 136 of file crypt.c.

References ast_begins_with(), ast_crypt(), ast_log, AST_MUTEX_DEFINE_STATIC, ast_strdup, lock, LOG_WARNING, NULL, and SCOPED_MUTEX.

Referenced by ast_ari_config_validate_user(), and AST_TEST_DEFINE().

137 {
138  struct crypt_data data = {};
139  return strcmp(expected, crypt_r(key, expected, &data)) == 0;
140 }

◆ gen_salt()

static int gen_salt ( char *  current_salt,
size_t  maxlen 
)
static

Generates a salt to try with crypt.

If given an empty string, will generate a salt for the most secure algorithm to try with crypt(). If given a previously generated salt, the algorithm will be lowered by one level of security.

Parameters
[out]current_saltOutput string in which to generate the salt. This can be an empty string, or the results of a prior gen_salt call.
max_lenLength of current_salt.
Returns
0 on success.
Non-zero on error.

Definition at line 72 of file crypt.c.

References gen_salt_char(), MAX_SALT_LEN, and NULL.

Referenced by ast_crypt_encrypt().

73 {
74  int i;
75 
76  if (maxlen < MAX_SALT_LEN || current_salt == NULL) {
77  return -1;
78  }
79 
80  switch (current_salt[0]) {
81  case '\0':
82  /* Initial generation; $6$ = SHA-512 */
83  *current_salt++ = '$';
84  *current_salt++ = '6';
85  *current_salt++ = '$';
86  for (i = 0; i < 16; ++i) {
87  *current_salt++ = gen_salt_char();
88  }
89  *current_salt++ = '$';
90  *current_salt++ = '\0';
91  return 0;
92  case '$':
93  switch (current_salt[1]) {
94  case '6':
95  /* Downgrade to SHA-256 */
96  current_salt[1] = '5';
97  return 0;
98  case '5':
99  /* Downgrade to MD5 */
100  current_salt[1] = '1';
101  return 0;
102  case '1':
103  /* Downgrade to traditional crypt */
104  *current_salt++ = gen_salt_char();
105  *current_salt++ = gen_salt_char();
106  *current_salt++ = '\0';
107  return 0;
108  default:
109  /* Unrecognized algorithm */
110  return -1;
111  }
112  default:
113  /* Was already as insecure as it gets */
114  return -1;
115  }
116 
117 }
static char gen_salt_char(void)
Definition: crypt.c:52
#define NULL
Definition: resample.c:96
#define MAX_SALT_LEN
Max length of a salt string.
Definition: crypt.c:43

◆ gen_salt_char()

static char gen_salt_char ( void  )
static

Randomly select a character for a salt string

Definition at line 52 of file crypt.c.

References ast_random_double, and salt_chars.

Referenced by gen_salt().

53 {
54  int which = ast_random_double() * 64;
55  return salt_chars[which];
56 }
static char salt_chars[]
Definition: crypt.c:45
#define ast_random_double()
Returns a random number between 0.0 and 1.0, inclusive.
Definition: utils.h:599

Variable Documentation

◆ salt_chars

char salt_chars[]
static
Initial value:
=
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"0123456789"
"./"

Definition at line 45 of file crypt.c.

Referenced by gen_salt_char().