diff options
Diffstat (limited to 'usr/src')
23 files changed, 979 insertions, 16 deletions
diff --git a/usr/src/cmd/initpkg/security/crypt.conf b/usr/src/cmd/initpkg/security/crypt.conf index cb51ec38f2..7abe7ce33f 100644 --- a/usr/src/cmd/initpkg/security/crypt.conf +++ b/usr/src/cmd/initpkg/security/crypt.conf @@ -2,9 +2,8 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. @@ -19,8 +18,7 @@ # # CDDL HEADER END # -# -# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "%Z%%M% %I% %E% SMI" @@ -30,3 +28,5 @@ 1 crypt_bsdmd5.so.1 2a crypt_bsdbf.so.1 md5 crypt_sunmd5.so.1 +5 crypt_sha256.so.1 +6 crypt_sha512.so.1 diff --git a/usr/src/head/crypt.h b/usr/src/head/crypt.h index 718bb89507..eed8448f96 100644 --- a/usr/src/head/crypt.h +++ b/usr/src/head/crypt.h @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2001-2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -41,7 +40,7 @@ extern "C" { /* Password and file encryption functions */ -#define CRYPT_MAXCIPHERTEXTLEN 100 +#define CRYPT_MAXCIPHERTEXTLEN 512 #if defined(__STDC__) extern char *crypt(const char *, const char *); diff --git a/usr/src/lib/crypt_modules/Makefile b/usr/src/lib/crypt_modules/Makefile index 238fec00e8..15b5a5292e 100644 --- a/usr/src/lib/crypt_modules/Makefile +++ b/usr/src/lib/crypt_modules/Makefile @@ -2,9 +2,8 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "%Z%%M% %I% %E% SMI" @@ -28,7 +27,9 @@ SUBDIRS = \ bsdmd5 \ bsdbf \ - sunmd5 + sunmd5 \ + sha256 \ + sha512 all := TARGET= all clean := TARGET= clean diff --git a/usr/src/lib/crypt_modules/sha256/Makefile b/usr/src/lib/crypt_modules/sha256/Makefile new file mode 100644 index 0000000000..65265904be --- /dev/null +++ b/usr/src/lib/crypt_modules/sha256/Makefile @@ -0,0 +1,51 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# + +include $(SRC)/lib/Makefile.lib + +SUBDIRS= $(MACH) +$(BUILD64)SUBDIRS += $(MACH64) + +all := TARGET= all +clean := TARGET= clean +clobber := TARGET= clobber +delete := TARGET= delete +install := TARGET= install +lint := TARGET= lint +test := TARGET= test + +.KEEP_STATE: + +all clean clobber delete install lint test: $(SUBDIRS) + +_msg: + +catalog: + +$(SUBDIRS): FRC + @cd $@; pwd; $(MAKE) $(TARGET) + +FRC: diff --git a/usr/src/lib/crypt_modules/sha256/Makefile.com b/usr/src/lib/crypt_modules/sha256/Makefile.com new file mode 100644 index 0000000000..b773a2b6e1 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha256/Makefile.com @@ -0,0 +1,45 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "%Z%%M% %I% %E% SMI" + +LIBRARY= crypt_sha256.a +VERS= .1 +OBJECTS= crypt_sha.o + +include ../../Makefile.crypt_modules + +CPPFLAGS += -DCRYPT_SHA256 +LDLIBS += -lc -lmd + +all: $(LIBS) + +lint: lintcheck + +include $(SRC)/lib/Makefile.targ + +CLOBBERFILES += test test.o + +test: $(LIBS) ../test.c + $(LINK.c) -o test ../test.c -R. $(DYNLIB) $(LDFLAGS) + ./test diff --git a/usr/src/lib/crypt_modules/sha256/amd64/Makefile b/usr/src/lib/crypt_modules/sha256/amd64/Makefile new file mode 100644 index 0000000000..b352e49a68 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha256/amd64/Makefile @@ -0,0 +1,31 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# + +include ../Makefile.com +include ../../../Makefile.lib.64 + +install: all $(ROOTLIBS64) $(ROOTLINKS64) diff --git a/usr/src/lib/crypt_modules/sha256/crypt_sha.c b/usr/src/lib/crypt_modules/sha256/crypt_sha.c new file mode 100644 index 0000000000..69f541e107 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha256/crypt_sha.c @@ -0,0 +1,345 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * Portions of this code from crypt_bsdmd5.so (bsdmd5.c) : + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * ---------------------------------------------------------------------------- + * + * $FreeBSD: crypt.c,v 1.5 1996/10/14 08:34:02 phk Exp $ + * + */ + +/* + * Implements the specification from: + * + * From http://people.redhat.com/drepper/SHA-crypt.txt + * + * Portions of the code taken from inspired by or verified against the + * source in the above document which is licensed as: + * + * "Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>." + */ + + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/sysmacros.h> +#include <fcntl.h> +#include <unistd.h> +#include <string.h> +#include <stdio.h> +#include <errno.h> +#include <stdlib.h> +#include <alloca.h> + +#include <sha2.h> +#include <crypt.h> + +#define MAX_SALT_LEN 16 +#define ROUNDS_DEFAULT 5000 +#define ROUNDS_MIN 1000 +#define ROUNDS_MAX 999999999 + +#ifdef CRYPT_SHA256 + +#define DIGEST_CTX SHA256_CTX +#define DIGESTInit SHA256Init +#define DIGESTUpdate SHA256Update +#define DIGESTFinal SHA256Final +#define DIGEST_LEN SHA256_DIGEST_LENGTH +#define MIXCHARS 32 +static const char crypt_alg_magic[] = "$5$"; + +#elif CRYPT_SHA512 + +#define DIGEST_CTX SHA512_CTX +#define DIGESTInit SHA512Init +#define DIGESTUpdate SHA512Update +#define DIGESTFinal SHA512Final +#define DIGEST_LEN SHA512_DIGEST_LENGTH +#define MIXCHARS 64 +static const char crypt_alg_magic[] = "$6$"; + +#else +#error "One of CRYPT_256 or CRYPT_512 must be defined" +#endif + +static const int crypt_alg_magic_len = sizeof (crypt_alg_magic) - 1; +static const char rounds_prefix[] = "rounds="; + + +static uchar_t b64t[] = /* 0 ... 63 => ascii - 64 */ + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +#define b64_from_24bit(B2, B1, B0, N) \ +{ \ + uint_t w = ((B2) << 16) | ((B1) << 8) | (B0); \ + int n = (N); \ + while (--n >= 0 && ctbufflen > 0) { \ + *p++ = b64t[w & 0x3f]; \ + w >>= 6; \ + ctbufflen--; \ + } \ +} + +static void +to64(char *s, uint64_t v, int n) +{ + while (--n >= 0) { + *s++ = b64t[v&0x3f]; + v >>= 6; + } +} + +char * +crypt_genhash_impl(char *ctbuffer, + size_t ctbufflen, + const char *plaintext, + const char *switchsalt, + const char **params) +{ + int salt_len, plaintext_len, i; + char *salt; + uchar_t A[DIGEST_LEN]; + uchar_t B[DIGEST_LEN]; + uchar_t DP[DIGEST_LEN]; + uchar_t DS[DIGEST_LEN]; + DIGEST_CTX ctxA, ctxB, ctxC, ctxDP, ctxDS; + int rounds = ROUNDS_DEFAULT; + boolean_t custom_rounds = B_FALSE; + char *p; + char *P, *Pp; + char *S, *Sp; + + /* Refine the salt */ + salt = (char *)switchsalt; + + /* skip our magic string */ + if (strncmp((char *)salt, crypt_alg_magic, crypt_alg_magic_len) == 0) { + salt += crypt_alg_magic_len; + } + + if (strncmp(salt, rounds_prefix, sizeof (rounds_prefix) - 1) == 0) { + char *num = salt + sizeof (rounds_prefix) - 1; + char *endp; + ulong_t srounds = strtoul(num, &endp, 10); + if (*endp == '$') { + salt = endp + 1; + rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX)); + custom_rounds = B_TRUE; + } + } + + salt_len = MIN(strcspn(salt, "$"), MAX_SALT_LEN); + plaintext_len = strlen(plaintext); + + /* 1. */ + DIGESTInit(&ctxA); + + /* 2. The password first, since that is what is most unknown */ + DIGESTUpdate(&ctxA, plaintext, plaintext_len); + + /* 3. Then the raw salt */ + DIGESTUpdate(&ctxA, salt, salt_len); + + /* 4. - 8. */ + DIGESTInit(&ctxB); + DIGESTUpdate(&ctxB, plaintext, plaintext_len); + DIGESTUpdate(&ctxB, salt, salt_len); + DIGESTUpdate(&ctxB, plaintext, plaintext_len); + DIGESTFinal(B, &ctxB); + + /* 9. - 10. */ + for (i = plaintext_len; i > MIXCHARS; i -= MIXCHARS) + DIGESTUpdate(&ctxA, B, MIXCHARS); + DIGESTUpdate(&ctxA, B, i); + + /* 11. */ + for (i = plaintext_len; i > 0; i >>= 1) { + if ((i & 1) != 0) { + DIGESTUpdate(&ctxA, B, MIXCHARS); + } else { + DIGESTUpdate(&ctxA, plaintext, plaintext_len); + } + } + + /* 12. */ + DIGESTFinal(A, &ctxA); + + /* 13. - 15. */ + DIGESTInit(&ctxDP); + for (i = 0; i < plaintext_len; i++) + DIGESTUpdate(&ctxDP, plaintext, plaintext_len); + DIGESTFinal(DP, &ctxDP); + + /* 16. */ + Pp = P = alloca(plaintext_len); + for (i = plaintext_len; i >= MIXCHARS; i -= MIXCHARS) { + Pp = (char *)(memcpy(Pp, DP, MIXCHARS)) + MIXCHARS; + } + memcpy(Pp, DP, i); + + /* 17. - 19. */ + DIGESTInit(&ctxDS); + for (i = 0; i < 16 + (uint8_t)A[0]; i++) + DIGESTUpdate(&ctxDS, salt, salt_len); + DIGESTFinal(DS, &ctxDS); + + /* 20. */ + Sp = S = alloca(salt_len); + for (i = salt_len; i >= MIXCHARS; i -= MIXCHARS) { + Sp = (char *)(memcpy(Sp, DS, MIXCHARS)) + MIXCHARS; + } + memcpy(Sp, DS, i); + + /* 21. */ + for (i = 0; i < rounds; i++) { + DIGESTInit(&ctxC); + + if ((i & 1) != 0) { + DIGESTUpdate(&ctxC, P, plaintext_len); + } else { + if (i == 0) + DIGESTUpdate(&ctxC, A, MIXCHARS); + else + DIGESTUpdate(&ctxC, DP, MIXCHARS); + } + + if (i % 3 != 0) { + DIGESTUpdate(&ctxC, S, salt_len); + } + + if (i % 7 != 0) { + DIGESTUpdate(&ctxC, P, plaintext_len); + } + + if ((i & 1) != 0) { + if (i == 0) + DIGESTUpdate(&ctxC, A, MIXCHARS); + else + DIGESTUpdate(&ctxC, DP, MIXCHARS); + } else { + DIGESTUpdate(&ctxC, P, plaintext_len); + } + DIGESTFinal(DP, &ctxC); + } + + /* 22. Now make the output string */ + (void) strlcpy(ctbuffer, crypt_alg_magic, ctbufflen); + if (custom_rounds) { + (void) snprintf(ctbuffer, ctbufflen, + "%srounds=%zu$", ctbuffer, rounds); + } + + (void) strncat(ctbuffer, (const char *)salt, MAX_SALT_LEN); + (void) strlcat(ctbuffer, "$", ctbufflen); + p = ctbuffer + strlen(ctbuffer); + ctbufflen -= strlen(ctbuffer); + +#ifdef CRYPT_SHA256 + b64_from_24bit(DP[ 0], DP[10], DP[20], 4); + b64_from_24bit(DP[21], DP[ 1], DP[11], 4); + b64_from_24bit(DP[12], DP[22], DP[ 2], 4); + b64_from_24bit(DP[ 3], DP[13], DP[23], 4); + b64_from_24bit(DP[24], DP[ 4], DP[14], 4); + b64_from_24bit(DP[15], DP[25], DP[ 5], 4); + b64_from_24bit(DP[ 6], DP[16], DP[26], 4); + b64_from_24bit(DP[27], DP[ 7], DP[17], 4); + b64_from_24bit(DP[18], DP[28], DP[ 8], 4); + b64_from_24bit(DP[ 9], DP[19], DP[29], 4); + b64_from_24bit(0, DP[31], DP[30], 3); +#elif CRYPT_SHA512 + b64_from_24bit(DP[ 0], DP[21], DP[42], 4); + b64_from_24bit(DP[22], DP[43], DP[ 1], 4); + b64_from_24bit(DP[44], DP[ 2], DP[23], 4); + b64_from_24bit(DP[ 3], DP[24], DP[45], 4); + b64_from_24bit(DP[25], DP[46], DP[ 4], 4); + b64_from_24bit(DP[47], DP[ 5], DP[26], 4); + b64_from_24bit(DP[ 6], DP[27], DP[48], 4); + b64_from_24bit(DP[28], DP[49], DP[ 7], 4); + b64_from_24bit(DP[50], DP[ 8], DP[29], 4); + b64_from_24bit(DP[ 9], DP[30], DP[51], 4); + b64_from_24bit(DP[31], DP[52], DP[10], 4); + b64_from_24bit(DP[53], DP[11], DP[32], 4); + b64_from_24bit(DP[12], DP[33], DP[54], 4); + b64_from_24bit(DP[34], DP[55], DP[13], 4); + b64_from_24bit(DP[56], DP[14], DP[35], 4); + b64_from_24bit(DP[15], DP[36], DP[57], 4); + b64_from_24bit(DP[37], DP[58], DP[16], 4); + b64_from_24bit(DP[59], DP[17], DP[38], 4); + b64_from_24bit(DP[18], DP[39], DP[60], 4); + b64_from_24bit(DP[40], DP[61], DP[19], 4); + b64_from_24bit(DP[62], DP[20], DP[41], 4); + b64_from_24bit(0, 0, DP[63], 2); +#endif + *p = '\0'; + + (void) memset(A, 0, sizeof (A)); + (void) memset(B, 0, sizeof (B)); + (void) memset(DP, 0, sizeof (DP)); + (void) memset(DS, 0, sizeof (DS)); + + return (ctbuffer); +} + +char * +crypt_gensalt_impl(char *gsbuffer, + size_t gsbufflen, + const char *oldsalt, + const struct passwd *userinfo, + const char **params) +{ + int fd; + int err; + ssize_t got; + uint64_t rndval; + + if ((fd = open("/dev/urandom", O_RDONLY)) == -1) { + return (NULL); + } + + (void) strlcpy(gsbuffer, crypt_alg_magic, gsbufflen); + + got = read(fd, &rndval, sizeof (rndval)); + if (got < sizeof (rndval)) { + err = errno; + (void) close(fd); + errno = err; + return (NULL); + } + + to64(&gsbuffer[strlen(crypt_alg_magic)], rndval, sizeof (rndval)); + + (void) close(fd); + + return (gsbuffer); +} diff --git a/usr/src/lib/crypt_modules/sha256/i386/Makefile b/usr/src/lib/crypt_modules/sha256/i386/Makefile new file mode 100644 index 0000000000..f40ff1b701 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha256/i386/Makefile @@ -0,0 +1,29 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "%Z%%M% %I% %E% SMI" + +include ../Makefile.com + +install: all $(ROOTLIBS) $(ROOTLINKS) diff --git a/usr/src/lib/crypt_modules/sha256/mapfile-vers b/usr/src/lib/crypt_modules/sha256/mapfile-vers new file mode 100644 index 0000000000..c3101b04a6 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha256/mapfile-vers @@ -0,0 +1,33 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# + +SUNW_1.0 { + global: + crypt_genhash_impl; + crypt_gensalt_impl; + local: + *; +}; diff --git a/usr/src/lib/crypt_modules/sha256/sparc/Makefile b/usr/src/lib/crypt_modules/sha256/sparc/Makefile new file mode 100644 index 0000000000..f40ff1b701 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha256/sparc/Makefile @@ -0,0 +1,29 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "%Z%%M% %I% %E% SMI" + +include ../Makefile.com + +install: all $(ROOTLIBS) $(ROOTLINKS) diff --git a/usr/src/lib/crypt_modules/sha256/sparcv9/Makefile b/usr/src/lib/crypt_modules/sha256/sparcv9/Makefile new file mode 100644 index 0000000000..646f2f8485 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha256/sparcv9/Makefile @@ -0,0 +1,30 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "%Z%%M% %I% %E% SMI" + +include ../Makefile.com +include ../../../Makefile.lib.64 + +install: all $(ROOTLIBS64) $(ROOTLINKS64) diff --git a/usr/src/lib/crypt_modules/sha256/test.c b/usr/src/lib/crypt_modules/sha256/test.c new file mode 100644 index 0000000000..091f062f8c --- /dev/null +++ b/usr/src/lib/crypt_modules/sha256/test.c @@ -0,0 +1,140 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + * + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +#include <crypt.h> +#include <string.h> + +#ifdef CRYPT_SHA256 +static const struct +{ + const char *salt; + const char *input; + const char *expected; +} tests2[] = { + { "$5$saltstring", "Hello world!", + "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5" }, + { "$5$rounds=10000$saltstringsaltstring", "Hello world!", + "$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBA" + "wqFMz2.opqey6IcA" }, + { "$5$rounds=5000$toolongsaltstring", "This is just a test", + "$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07g" + "uHPvOW8mGRcvxa5" }, + { "$5$rounds=1400$anotherlongsaltstring", + "a very much longer text to encrypt. This one even stretches" + " over morethan one line.", + "$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIU" + "nzyxf12oP84Bnq1" }, + { "$5$rounds=77777$short", + "we have a short salt string but not a short password", + "$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0" + "KQRd/" }, + { "$5$rounds=123456$asaltof16chars..", "a short string", + "$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2" + "jxPyzV/cZKmF/wJvD" }, + { "$5$rounds=10$roundstoolow", "the minimum number is still observed", + "$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY" + "9l/gL972bIC" }, +}; +#elif CRYPT_SHA512 +static const struct +{ + const char *salt; + const char *input; + const char *expected; +} tests2[] = { + { "$6$saltstring", "Hello world!", + "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnI" + "FNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1" }, + { "$6$rounds=10000$saltstringsaltstring", "Hello world!", + "$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3" + "Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v." }, + { "$6$rounds=5000$toolongsaltstring", "This is just a test", + "$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxG" + "oNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0" }, + { "$6$rounds=1400$anotherlongsaltstring", + "a very much longer text to encrypt. This one even stretches " + "over morethan one line.", + "$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/p" + "Qs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1" }, + { "$6$rounds=77777$short", + "we have a short salt string but not a short password", + "$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXb" + "kvr0gge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0" }, + { "$6$rounds=123456$asaltof16chars..", "a short string", + "$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ" + "4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1" }, + { "$6$rounds=10$roundstoolow", "the minimum number is still observed", + "$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50Y" + "hH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX." }, +}; + +#else +#error "One of CRYPT_SHA256 or CRYPT_SHA512 must be defined" +#endif + +#define ntests2 (sizeof (tests2) / sizeof (tests2[0])) + +int +main(int argc, char *argv[]) +{ + int cnt; + int failures = 0; + char ctbuffer[CRYPT_MAXCIPHERTEXTLEN]; + size_t ctbufflen = sizeof (ctbuffer); + +#ifdef CRYPT_SHA256 + fprintf(stderr, "CRYPT_SHA256 "); +#elif CRYPT_SHA512 + fprintf(stderr, "CRYPT_SHA512 "); +#endif + fprintf(stderr, "CRYPT_MAXCIPHERTEXTLEN = %d\n", + CRYPT_MAXCIPHERTEXTLEN); + for (cnt = 0; cnt < ntests2; ++cnt) { + char *cp; + fprintf(stderr, "test %d (outlen=%d): ", cnt, + strlen(tests2[cnt].expected)); + cp = crypt_genhash_impl(ctbuffer, ctbufflen, + tests2[cnt].input, tests2[cnt].salt, NULL); + + if (cp == NULL || (strcmp(cp, tests2[cnt].expected) != 0)) { + fprintf(stderr, + "FAILED\nE(%d): \"%s\"\nG(%d): \"%s\"\n", + strlen(tests2[cnt].expected), tests2[cnt].expected, + (cp ? strlen(cp) : 0), (cp ? cp : "NULL")); + failures++; + } else { + fprintf(stderr, "OK\n"); + } + } + + if (failures == 0) { + fprintf(stderr, "all tests OK\n"); + } else { + fprintf(stderr, "%d tests failed\n", failures); + } + + return (failures); +} diff --git a/usr/src/lib/crypt_modules/sha512/Makefile b/usr/src/lib/crypt_modules/sha512/Makefile new file mode 100644 index 0000000000..842e20fb39 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha512/Makefile @@ -0,0 +1,52 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# + +include $(SRC)/lib/Makefile.lib + +SUBDIRS= $(MACH) +$(BUILD64)SUBDIRS += $(MACH64) + +all := TARGET= all +clean := TARGET= clean +clobber := TARGET= clobber +delete := TARGET= delete +install := TARGET= install +lint := TARGET= lint +test := TARGET= test + +.KEEP_STATE: + +all clean clobber delete install lint test: $(SUBDIRS) + +_msg: + +catalog: + +$(SUBDIRS): FRC + @cd $@; pwd; $(MAKE) $(TARGET) + +FRC: diff --git a/usr/src/lib/crypt_modules/sha512/Makefile.com b/usr/src/lib/crypt_modules/sha512/Makefile.com new file mode 100644 index 0000000000..cf3f561b72 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha512/Makefile.com @@ -0,0 +1,48 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "%Z%%M% %I% %E% SMI" + +LIBRARY= crypt_sha512.a +VERS= .1 +OBJECTS= crypt_sha.o + +include ../../Makefile.crypt_modules + +CPPFLAGS += -DCRYPT_SHA512 +LDLIBS += -lc -lmd + +SRCDIR = ../../sha256/ + +all: $(LIBS) + +lint: lintcheck + +include $(SRC)/lib/Makefile.targ + +CLOBBERFILES += test test.o + +test: $(LIBS) $(SRCDIR)/test.c + $(LINK.c) -o test $(SRCDIR)/test.c -R. $(DYNLIB) $(LDFLAGS) + ./test diff --git a/usr/src/lib/crypt_modules/sha512/amd64/Makefile b/usr/src/lib/crypt_modules/sha512/amd64/Makefile new file mode 100644 index 0000000000..0b7cc82af4 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha512/amd64/Makefile @@ -0,0 +1,30 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# + +include ../Makefile.com +include ../../../Makefile.lib.64 + +install: all $(ROOTLIBS64) $(ROOTLINKS64) diff --git a/usr/src/lib/crypt_modules/sha512/i386/Makefile b/usr/src/lib/crypt_modules/sha512/i386/Makefile new file mode 100644 index 0000000000..f40ff1b701 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha512/i386/Makefile @@ -0,0 +1,29 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "%Z%%M% %I% %E% SMI" + +include ../Makefile.com + +install: all $(ROOTLIBS) $(ROOTLINKS) diff --git a/usr/src/lib/crypt_modules/sha512/sparc/Makefile b/usr/src/lib/crypt_modules/sha512/sparc/Makefile new file mode 100644 index 0000000000..f40ff1b701 --- /dev/null +++ b/usr/src/lib/crypt_modules/sha512/sparc/Makefile @@ -0,0 +1,29 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "%Z%%M% %I% %E% SMI" + +include ../Makefile.com + +install: all $(ROOTLIBS) $(ROOTLINKS) diff --git a/usr/src/lib/crypt_modules/sha512/sparcv9/Makefile b/usr/src/lib/crypt_modules/sha512/sparcv9/Makefile new file mode 100644 index 0000000000..ea88494bda --- /dev/null +++ b/usr/src/lib/crypt_modules/sha512/sparcv9/Makefile @@ -0,0 +1,29 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "%Z%%M% %I% %E% SMI" + +include ../Makefile.com +include ../../../Makefile.lib.64 + +install: all $(ROOTLIBS64) $(ROOTLINKS64) diff --git a/usr/src/lib/libsecdb/policy.conf b/usr/src/lib/libsecdb/policy.conf index bb5dc487f8..65bf7dcd58 100644 --- a/usr/src/lib/libsecdb/policy.conf +++ b/usr/src/lib/libsecdb/policy.conf @@ -37,7 +37,7 @@ CONSOLE_USER=Console User # CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to # be used for new passwords. This is enforced only in crypt_gensalt(3c). # -CRYPT_ALGORITHMS_ALLOW=1,2a,md5 +CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6 # To deprecate use of the traditional unix algorithm, uncomment below # and change CRYPT_DEFAULT= to another algorithm. For example, diff --git a/usr/src/pkgdefs/SUNWcsl/prototype_com b/usr/src/pkgdefs/SUNWcsl/prototype_com index ba6e4109bc..7faeab7b4f 100644 --- a/usr/src/pkgdefs/SUNWcsl/prototype_com +++ b/usr/src/pkgdefs/SUNWcsl/prototype_com @@ -311,6 +311,10 @@ f none usr/lib/security/crypt_bsdmd5.so.1 755 root bin s none usr/lib/security/crypt_bsdmd5.so=./crypt_bsdmd5.so.1 f none usr/lib/security/crypt_bsdbf.so.1 755 root bin s none usr/lib/security/crypt_bsdbf.so=./crypt_bsdbf.so.1 +f none usr/lib/security/crypt_sha256.so.1 755 root bin +s none usr/lib/security/crypt_sha256.so=./crypt_sha256.so.1 +f none usr/lib/security/crypt_sha512.so.1 755 root bin +s none usr/lib/security/crypt_sha512.so=./crypt_sha512.so.1 f none usr/lib/security/crypt_sunmd5.so.1 755 root bin s none usr/lib/security/crypt_sunmd5.so=./crypt_sunmd5.so.1 f none usr/lib/security/kmf_nss.so.1 755 root bin diff --git a/usr/src/pkgdefs/SUNWcsl/prototype_i386 b/usr/src/pkgdefs/SUNWcsl/prototype_i386 index 19e366699b..f81e603624 100644 --- a/usr/src/pkgdefs/SUNWcsl/prototype_i386 +++ b/usr/src/pkgdefs/SUNWcsl/prototype_i386 @@ -105,6 +105,10 @@ f none usr/lib/security/amd64/crypt_bsdmd5.so.1 755 root bin s none usr/lib/security/amd64/crypt_bsdmd5.so=./crypt_bsdmd5.so.1 f none usr/lib/security/amd64/crypt_bsdbf.so.1 755 root bin s none usr/lib/security/amd64/crypt_bsdbf.so=./crypt_bsdbf.so.1 +f none usr/lib/security/amd64/crypt_sha256.so.1 755 root bin +s none usr/lib/security/amd64/crypt_sha256.so=./crypt_sha256.so.1 +f none usr/lib/security/amd64/crypt_sha512.so.1 755 root bin +s none usr/lib/security/amd64/crypt_sha512.so=./crypt_sha512.so.1 f none usr/lib/security/amd64/crypt_sunmd5.so.1 755 root bin s none usr/lib/security/amd64/crypt_sunmd5.so=./crypt_sunmd5.so.1 f none usr/lib/security/amd64/kmf_nss.so.1 755 root bin diff --git a/usr/src/pkgdefs/SUNWcsl/prototype_sparc b/usr/src/pkgdefs/SUNWcsl/prototype_sparc index 3452eca2cf..3af9d3ae8a 100644 --- a/usr/src/pkgdefs/SUNWcsl/prototype_sparc +++ b/usr/src/pkgdefs/SUNWcsl/prototype_sparc @@ -98,6 +98,10 @@ f none usr/lib/security/sparcv9/crypt_bsdmd5.so.1 755 root bin s none usr/lib/security/sparcv9/crypt_bsdmd5.so=./crypt_bsdmd5.so.1 f none usr/lib/security/sparcv9/crypt_bsdbf.so.1 755 root bin s none usr/lib/security/sparcv9/crypt_bsdbf.so=./crypt_bsdbf.so.1 +f none usr/lib/security/sparcv9/crypt_sha256.so.1 755 root bin +s none usr/lib/security/sparcv9/crypt_sha256.so=./crypt_sha256.so.1 +f none usr/lib/security/sparcv9/crypt_sha512.so.1 755 root bin +s none usr/lib/security/sparcv9/crypt_sha512.so=./crypt_sha512.so.1 f none usr/lib/security/sparcv9/crypt_sunmd5.so.1 755 root bin s none usr/lib/security/sparcv9/crypt_sunmd5.so=./crypt_sunmd5.so.1 f none usr/lib/security/sparcv9/kmf_nss.so.1 755 root bin diff --git a/usr/src/tools/findunref/exception_list b/usr/src/tools/findunref/exception_list index 584105ca45..f8951ac222 100644 --- a/usr/src/tools/findunref/exception_list +++ b/usr/src/tools/findunref/exception_list @@ -150,6 +150,7 @@ ./src/cmd/sendmail/libsm/t-*.c ./src/cmd/sort/common/convert.c ./src/cmd/sort/common/invoke.c +./src/lib/crypt_modules/sha256/test.c ./src/lib/efcode/fcode_test ./src/lib/libkvm/common/test.c |