Asterisk wrapper for crypt(3) More...

#include "asterisk.h"
#include <unistd.h>
#include <crypt.h>
#include "asterisk/utils.h"

Include dependency graph for crypt.c:

Macros
#define	MAX_SALT_LEN 21
	Max length of a salt string.

Functions
char *	ast_crypt (const char key, const char salt)
	Asterisk wrapper around crypt(3).

char *	ast_crypt_encrypt (const char *key)
	Asterisk wrapper around crypt(3) for encrypting passwords.

int	ast_crypt_validate (const char key, const char expected)
	Asterisk wrapper around crypt(3) for validating passwords.

static int	gen_salt (char *current_salt, size_t maxlen)
	Generates a salt to try with crypt.

static char	gen_salt_char (void)

Variables
static char	salt_chars []

Detailed Description

Asterisk wrapper for crypt(3)

Author: David M. Lee, II dlee@.nosp@m.digi.nosp@m.um.co.nosp@m.m

Definition in file crypt.c.

Macro Definition Documentation

◆ MAX_SALT_LEN

#define MAX_SALT_LEN 21

Max length of a salt string.

$[1,5,6]$[a–zA–Z0–9./]{1,16}$, plus null terminator

Definition at line 43 of file crypt.c.

Function Documentation

◆ ast_crypt()

char * ast_crypt	(	const char *	key,
		const char *	salt
	)

Asterisk wrapper around crypt(3).

The interpretation of the salt (which determines the password hashing algorithm) is system specific. Application code should prefer to use ast_crypt_encrypt() or ast_crypt_validate().

The returned string is heap allocated, and should be freed with ast_free().

Parameters

key	User's password to crypt.
salt	Salt to crypt with.

Returns: Crypted password.

Return values

NULL on error.

Definition at line 121 of file crypt.c.

{
    struct crypt_data data = {};
    const char *crypted = crypt_r(key, salt, &data);
 
    /* Crypt may return success even if it doesn't recognize the salt. But
     * in those cases it always mangles the salt in some way.
     */
    if (!crypted || !ast_begins_with(crypted, salt)) {
        return NULL;
    }
 
    return ast_strdup(crypted);
}

References ast_begins_with(), ast_strdup, and NULL.

Referenced by ast_crypt_encrypt().

◆ ast_crypt_encrypt()

char * ast_crypt_encrypt ( const char * key )

Asterisk wrapper around crypt(3) for encrypting passwords.

This function will generate a random salt and encrypt the given password.

The returned string is heap allocated, and should be freed with ast_free().

Parameters

key	User's password to crypt.

Returns: Crypted password.

Return values

NULL on error.

Definition at line 190 of file crypt.c.

{
    char salt[MAX_SALT_LEN] = {};
    while (gen_salt(salt, sizeof(salt)) == 0) {
        char *crypted = ast_crypt(key, salt);
        if (crypted) {
            return crypted;
        }
    }
    return NULL;
}

References ast_crypt(), gen_salt(), MAX_SALT_LEN, and NULL.

Referenced by ari_mkpasswd(), and AST_TEST_DEFINE().

◆ ast_crypt_validate()

int ast_crypt_validate	(	const char *	key,
		const char *	expected
	)

Asterisk wrapper around crypt(3) for validating passwords.

Parameters

key	User's password to validate.
expected	Expected result from crypt.

Return values

True	(non-zero) if key matches expected.
False	(zero) if key doesn't match.

Definition at line 136 of file crypt.c.

{
    struct crypt_data data = {};
    return strcmp(expected, crypt_r(key, expected, &data)) == 0;
}

Referenced by ari_conf_validate_user(), and AST_TEST_DEFINE().

◆ gen_salt()

static int gen_salt	(	char *	current_salt,
		size_t	maxlen
	)

static

Generates a salt to try with crypt.

If given an empty string, will generate a salt for the most secure algorithm to try with crypt(). If given a previously generated salt, the algorithm will be lowered by one level of security.

Parameters

[out]	current_salt	Output string in which to generate the salt. This can be an empty string, or the results of a prior gen_salt call.
	maxlen	Length of current_salt.

Returns: 0 on success.; Non-zero on error.

Definition at line 72 of file crypt.c.

{
    int i;
 
    if (maxlen < MAX_SALT_LEN || current_salt == NULL) {
        return -1;
    }
 
    switch (current_salt[0]) {
    case '\0':
        /* Initial generation; $6$ = SHA-512 */
        *current_salt++ = '$';
        *current_salt++ = '6';
        *current_salt++ = '$';
        for (i = 0; i < 16; ++i) {
            *current_salt++ = gen_salt_char();
        }
        *current_salt++ = '$';
        *current_salt++ = '\0';
        return 0;
    case '$':
        switch (current_salt[1]) {
        case '6':
            /* Downgrade to SHA-256 */
            current_salt[1] = '5';
            return 0;
        case '5':
            /* Downgrade to MD5 */
            current_salt[1] = '1';
            return 0;
        case '1':
            /* Downgrade to traditional crypt */
            *current_salt++ = gen_salt_char();
            *current_salt++ = gen_salt_char();
            *current_salt++ = '\0';
            return 0;
        default:
            /* Unrecognized algorithm */
            return -1;
        }
    default:
        /* Was already as insecure as it gets */
        return -1;
    }
 
}

References gen_salt_char(), MAX_SALT_LEN, and NULL.

Referenced by ast_crypt_encrypt().

◆ gen_salt_char()

static char gen_salt_char ( void )

static

Randomly select a character for a salt string

Definition at line 52 of file crypt.c.

{
    int which = ast_random_double() * 64;
    return salt_chars[which];
}

References ast_random_double, and salt_chars.

Referenced by gen_salt().

Variable Documentation

◆ salt_chars

char salt_chars[]

static

Initial value:

=
    "abcdefghijklmnopqrstuvwxyz"
    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
    "0123456789"
    "./"

Definition at line 45 of file crypt.c.

Referenced by gen_salt_char().

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ MAX_SALT_LEN

Function Documentation

◆ ast_crypt()

◆ ast_crypt_encrypt()

◆ ast_crypt_validate()

◆ gen_salt()

◆ gen_salt_char()

Variable Documentation

◆ salt_chars