One Level Up Top Level

src/core/ngx_crypt.c - nginx source code

Functions defined

Source code


  2. /*
  3. * Copyright (C) Maxim Dounin
  4. */


  7. #include <ngx_config.h>
  8. #include <ngx_core.h>
  9. #include <ngx_crypt.h>
  10. #include <ngx_md5.h>
  11. #include <ngx_sha1.h>


  14. #if (NGX_CRYPT)

  16. static ngx_int_t ngx_crypt_apr1(ngx_pool_t *pool, u_char *key, u_char *salt,
  17.     u_char **encrypted);
  18. static ngx_int_t ngx_crypt_plain(ngx_pool_t *pool, u_char *key, u_char *salt,
  19.     u_char **encrypted);
  20. static ngx_int_t ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt,
  21.     u_char **encrypted);
  22. static ngx_int_t ngx_crypt_sha(ngx_pool_t *pool, u_char *key, u_char *salt,
  23.     u_char **encrypted);


  26. static u_char *ngx_crypt_to64(u_char *p, uint32_t v, size_t n);


  29. ngx_int_t
  30. ngx_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
  31. {
  32.     if (ngx_strncmp(salt, "$apr1$", sizeof("$apr1$") - 1) == 0) {
  33.         return ngx_crypt_apr1(pool, key, salt, encrypted);

  35.     } else if (ngx_strncmp(salt, "{PLAIN}", sizeof("{PLAIN}") - 1) == 0) {
  36.         return ngx_crypt_plain(pool, key, salt, encrypted);

  38.     } else if (ngx_strncmp(salt, "{SSHA}", sizeof("{SSHA}") - 1) == 0) {
  39.         return ngx_crypt_ssha(pool, key, salt, encrypted);

  41.     } else if (ngx_strncmp(salt, "{SHA}", sizeof("{SHA}") - 1) == 0) {
  42.         return ngx_crypt_sha(pool, key, salt, encrypted);
  43.     }

  45.     /* fallback to libc crypt() */

  47.     return ngx_libc_crypt(pool, key, salt, encrypted);
  48. }


  51. static ngx_int_t
  52. ngx_crypt_apr1(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
  53. {
  54.     ngx_int_t          n;
  55.     ngx_uint_t         i;
  56.     u_char            *p, *last, final[16];
  57.     size_t             saltlen, keylen;
  58.     ngx_md5_t          md5, ctx1;

  60.     /* Apache's apr1 crypt is Poul-Henning Kamp's md5 crypt with $apr1$ magic */

  62.     keylen = ngx_strlen(key);

  64.     /* true salt: no magic, max 8 chars, stop at first $ */

  66.     salt += sizeof("$apr1$") - 1;
  67.     last = salt + 8;
  68.     for (p = salt; *p && *p != '$' && p < last; p++) { /* void */ }
  69.     saltlen = p - salt;

  71.     /* hash key and salt */

  73.     ngx_md5_init(&md5);
  74.     ngx_md5_update(&md5, key, keylen);
  75.     ngx_md5_update(&md5, (u_char *) "$apr1$", sizeof("$apr1$") - 1);
  76.     ngx_md5_update(&md5, salt, saltlen);

  78.     ngx_md5_init(&ctx1);
  79.     ngx_md5_update(&ctx1, key, keylen);
  80.     ngx_md5_update(&ctx1, salt, saltlen);
  81.     ngx_md5_update(&ctx1, key, keylen);
  82.     ngx_md5_final(final, &ctx1);

  84.     for (n = keylen; n > 0; n -= 16) {
  85.         ngx_md5_update(&md5, final, n > 16 ? 16 : n);
  86.     }

  88.     ngx_memzero(final, sizeof(final));

  90.     for (i = keylen; i; i >>= 1) {
  91.         if (i & 1) {
  92.             ngx_md5_update(&md5, final, 1);

  94.         } else {
  95.             ngx_md5_update(&md5, key, 1);
  96.         }
  97.     }

  99.     ngx_md5_final(final, &md5);

  101.     for (i = 0; i < 1000; i++) {
  102.         ngx_md5_init(&ctx1);

  104.         if (i & 1) {
  105.             ngx_md5_update(&ctx1, key, keylen);

  107.         } else {
  108.             ngx_md5_update(&ctx1, final, 16);
  109.         }

  111.         if (i % 3) {
  112.             ngx_md5_update(&ctx1, salt, saltlen);
  113.         }

  115.         if (i % 7) {
  116.             ngx_md5_update(&ctx1, key, keylen);
  117.         }

  119.         if (i & 1) {
  120.             ngx_md5_update(&ctx1, final, 16);

  122.         } else {
  123.             ngx_md5_update(&ctx1, key, keylen);
  124.         }

  126.         ngx_md5_final(final, &ctx1);
  127.     }

  129.     /* output */

  131.     *encrypted = ngx_pnalloc(pool, sizeof("$apr1$") - 1 + saltlen + 1 + 22 + 1);
  132.     if (*encrypted == NULL) {
  133.         return NGX_ERROR;
  134.     }

  136.     p = ngx_cpymem(*encrypted, "$apr1$", sizeof("$apr1$") - 1);
  137.     p = ngx_copy(p, salt, saltlen);
  138.     *p++ = '$';

  140.     p = ngx_crypt_to64(p, (final[ 0]<<16) | (final[ 6]<<8) | final[12], 4);
  141.     p = ngx_crypt_to64(p, (final[ 1]<<16) | (final[ 7]<<8) | final[13], 4);
  142.     p = ngx_crypt_to64(p, (final[ 2]<<16) | (final[ 8]<<8) | final[14], 4);
  143.     p = ngx_crypt_to64(p, (final[ 3]<<16) | (final[ 9]<<8) | final[15], 4);
  144.     p = ngx_crypt_to64(p, (final[ 4]<<16) | (final[10]<<8) | final[ 5], 4);
  145.     p = ngx_crypt_to64(p, final[11], 2);
  146.     *p = '\0';

  148.     return NGX_OK;
  149. }


  152. static u_char *
  153. ngx_crypt_to64(u_char *p, uint32_t v, size_t n)
  154. {
  155.     static u_char   itoa64[] =
  156.         "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

  158.     while (n--) {
  159.         *p++ = itoa64[v & 0x3f];
  160.         v >>= 6;
  161.     }

  163.     return p;
  164. }


  167. static ngx_int_t
  168. ngx_crypt_plain(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
  169. {
  170.     size_t   len;
  171.     u_char  *p;

  173.     len = ngx_strlen(key);

  175.     *encrypted = ngx_pnalloc(pool, sizeof("{PLAIN}") - 1 + len + 1);
  176.     if (*encrypted == NULL) {
  177.         return NGX_ERROR;
  178.     }

  180.     p = ngx_cpymem(*encrypted, "{PLAIN}", sizeof("{PLAIN}") - 1);
  181.     ngx_memcpy(p, key, len + 1);

  183.     return NGX_OK;
  184. }


  187. static ngx_int_t
  188. ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
  189. {
  190.     size_t       len;
  191.     ngx_int_t    rc;
  192.     ngx_str_t    encoded, decoded;
  193.     ngx_sha1_t   sha1;

  195.     /* "{SSHA}" base64(SHA1(key salt) salt) */

  197.     /* decode base64 salt to find out true salt */

  199.     encoded.data = salt + sizeof("{SSHA}") - 1;
  200.     encoded.len = ngx_strlen(encoded.data);

  202.     len = ngx_max(ngx_base64_decoded_length(encoded.len), 20);

  204.     decoded.data = ngx_pnalloc(pool, len);
  205.     if (decoded.data == NULL) {
  206.         return NGX_ERROR;
  207.     }

  209.     rc = ngx_decode_base64(&decoded, &encoded);

  211.     if (rc != NGX_OK || decoded.len < 20) {
  212.         decoded.len = 20;
  213.     }

  215.     /* update SHA1 from key and salt */

  217.     ngx_sha1_init(&sha1);
  218.     ngx_sha1_update(&sha1, key, ngx_strlen(key));
  219.     ngx_sha1_update(&sha1, decoded.data + 20, decoded.len - 20);
  220.     ngx_sha1_final(decoded.data, &sha1);

  222.     /* encode it back to base64 */

  224.     len = sizeof("{SSHA}") - 1 + ngx_base64_encoded_length(decoded.len) + 1;

  226.     *encrypted = ngx_pnalloc(pool, len);
  227.     if (*encrypted == NULL) {
  228.         return NGX_ERROR;
  229.     }

  231.     encoded.data = ngx_cpymem(*encrypted, "{SSHA}", sizeof("{SSHA}") - 1);
  232.     ngx_encode_base64(&encoded, &decoded);
  233.     encoded.data[encoded.len] = '\0';

  235.     return NGX_OK;
  236. }


  239. static ngx_int_t
  240. ngx_crypt_sha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
  241. {
  242.     size_t      len;
  243.     ngx_str_t   encoded, decoded;
  244.     ngx_sha1_t  sha1;
  245.     u_char      digest[20];

  247.     /* "{SHA}" base64(SHA1(key)) */

  249.     decoded.len = sizeof(digest);
  250.     decoded.data = digest;

  252.     ngx_sha1_init(&sha1);
  253.     ngx_sha1_update(&sha1, key, ngx_strlen(key));
  254.     ngx_sha1_final(digest, &sha1);

  256.     len = sizeof("{SHA}") - 1 + ngx_base64_encoded_length(decoded.len) + 1;

  258.     *encrypted = ngx_pnalloc(pool, len);
  259.     if (*encrypted == NULL) {
  260.         return NGX_ERROR;
  261.     }

  263.     encoded.data = ngx_cpymem(*encrypted, "{SHA}", sizeof("{SHA}") - 1);
  264.     ngx_encode_base64(&encoded, &decoded);
  265.     encoded.data[encoded.len] = '\0';

  267.     return NGX_OK;
  268. }

  270. #endif /* NGX_CRYPT */

One Level Up Top Level