Changeset 102488 in vbox for trunk/include

Timestamp:

Dec 5, 2023 11:53:09 PM (16 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

160631

Message:

IPRT,Main/Unattended: Added a simplified API for the SHAcrypt functionality (the two step approach isn't really something we'll be needing). Corrected documentation, added constant for max output size (RTSHA512_HASH_SIZE*4 isn't a good choice) and whatnot. Added missing round count range checks. Fixed rounding error in output string buffer requirements; actually replacing the whole stuff by just calculating the size upfront before formatting anything. bugref:10551

Location:

trunk/include/iprt

Files:

• crypto/shacrypt.h (modified) (2 diffs)
• mangling.h (modified) (1 diff)

trunk/include/iprt/crypto/shacrypt.h

@@ -45 +45 @@
 RT_C_DECLS_BEGIN
 
-/** @defgroup grp_rt_crshacrypt   RTCrShaCrypt - SHAcrypt functions
- * @ingroup grp_rt
+/** @defgroup grp_rt_crshacrypt   RTCrShaCrypt - SHA-crypt
+ * @ingroup grp_rt_crypto
+ *
+ * This implements SHA-crypt.txt v0.6 (2016-08-31), which is a scheme to encrypt
+ * passwords using SHA-256 and SHA-512.
+ *
  * @{
  */
 
-/** Default number of rounds for SHA-crypt 256/512. */
-#define RT_SHACRYPT_DEFAULT_ROUNDS 5000
-/** Minimum salt length (in bytes) for SHA-crypt 256/512. */
-#define RT_SHACRYPT_MIN_SALT_LEN   8
-/** Maximum salt length (in bytes) for SHA-crypt 256/512. */
-#define RT_SHACRYPT_MAX_SALT_LEN   16
+/** Minimum salt string length for SHA-crypt (inclusive). */
+#define RT_SHACRYPT_SALT_MIN_LEN        8
+/** Maximum salt string length for SHA-crypt (inclusive). */
+#define RT_SHACRYPT_SALT_MAX_LEN        16
+
+
+/** Minimum number of rounds for SHA-crypt (inclusive). */
+#define RT_SHACRYPT_ROUNDS_MIN          1000
+/** Default number of rounds for SHA-crypt. */
+#define RT_SHACRYPT_ROUNDS_DEFAULT      5000
+/** Maximum number of rounds for SHA-crypt (inclusive). */
+#define RT_SHACRYPT_ROUNDS_MAX          999999999
+
+
+/** The maximum string length of a password encrypted with SHA-256
+ * (including the terminator). */
+#define RT_SHACRYPT_256_MAX_SIZE        80
+/** The maximum string length of a password encrypted with SHA-512.
+ * (including the terminator). */
+#define RT_SHACRYPT_512_MAX_SIZE        123
+
+
+/** The extended password '$ID$' part for SHA-256 encrypted passwords. */
+#define RT_SHACRYPT_ID_STR_256          "$5$"
+/** The extended password '$ID$' part for SHA-512 encrypted passwords. */
+#define RT_SHACRYPT_ID_STR_512          "$6$"
 
 
@@ -62 +86 @@
  *
  * @returns IPRT status code.
- * @param   pszSalt     Where to store the generated salt.
- * @param   cchSalt     Size of \a pszSalt.
- *                      Also marks the number of characters the generated salt should use.
- *                      Must be >= RT_SHACRYPT_MIN_SALT_LEN and <= RT_SHACRYPT_MAX_SALT_LEN.
- */
-RTR3DECL(int) RTCrShaCryptGenerateSalt(char *pszSalt, size_t cchSalt);
-
-
-/**
- * Calculates a SHAcrypt (SHA-256) digest.
- *
- * @returns IPRT status code.
- * @param   pszKey              Key (password) to use.
- * @param   pszSalt             Salt to use.
- *                              Must be >= RT_SHACRYPT_MIN_SALT_LEN and <= RT_SHACRYPT_MAX_SALT_LEN.
- *
- *                              This parameter also accepts crypted password strings produced by RTCrShaCrypt256ToString().
- *
- *                              This approach is used by many *crypt implementations -- it allows feeding the user-provided
- *                              password and the crypted password from "the password file" to the function. If it returns the
- *                              same crypted password then the user-provided password must be the correct one.
- * @param   cRounds             Number of rounds to use. @sa RT_SHACRYPT_DEFAULT_ROUNDS
- * @param   abHash              Where to return the hash on success.
- *
- * @note    This implements SHA-crypt.txt Version: 0.6 2016-8-31.
- */
-RTR3DECL(int) RTCrShaCrypt256(const char *pszKey, const char *pszSalt, uint32_t cRounds, uint8_t abHash[RTSHA256_HASH_SIZE]);
-
-
-/**
- * Returns a SHAcrypt (SHA-256) digest as a printable scheme.
- *
- * @returns IPRT status code.
- * @param   abHash              SHAcrypt (SHA-256) digest to return printable scheme for.
- * @param   pszSalt             Salt to use. Must match the salt used when generating \a pabHash via RTSha256Crypt().
- * @param   cRounds             Number of rounds used for generating \a pabHash.
- * @param   pszString           Where to store the printable string on success.
- * @param   cchString           Size of \a pszString.
- *                              Should be at least RTSHA256_DIGEST_LEN + 1 bytes.
- *
- * @note    This implements step 22 of SHA-crypt.txt Version: 0.6 2016-8-31.
- */
-RTR3DECL(int) RTCrShaCrypt256ToString(uint8_t abHash[RTSHA256_HASH_SIZE], const char *pszSalt, uint32_t cRounds, char *pszString, size_t cchString);
-
-
-/**
- * Calculates a SHAcrypt (SHA-512) digest.
- *
- * @returns IPRT status code.
- * @param   pszKey              Key (password) to use.
- * @param   pszSalt             Salt to use.
- *                              Must be >= RT_SHACRYPT_MIN_SALT_LEN and <= RT_SHACRYPT_MAX_SALT_LEN.
- *
- *                              This parameter also accepts crypted password strings produced by RTCrShaCrypt512ToString().
- *
- *                              This approach is used by many *crypt implementations -- it allows feeding the user-provided
- *                              password and the crypted password from "the password file" to the function. If it returns the
- *                              same crypted password then the user-provided password must be the correct one.
- * @param   cRounds             Number of rounds to use. @sa RT_SHACRYPT_DEFAULT_ROUNDS
- * @param   abHash              Where to return the hash on success.
- *
- * @note    This implements SHA-crypt.txt Version: 0.6 2016-8-31.
- */
-RTR3DECL(int) RTCrShaCrypt512(const char *pszKey, const char *pszSalt, uint32_t cRounds, uint8_t abHash[RTSHA512_HASH_SIZE]);
-
-
-/**
- * Returns a SHAcrypt (SHA-512) digest as a printable scheme.
- *
- * @returns IPRT status code.
- * @param   abHash              SHAcrypt (SHA-512) digest to return printable scheme for.
- * @param   pszSalt             Salt to use. Must match the salt used when generating \a pabHash via RTSha512Crypt().
- * @param   cRounds             Number of rounds used for generating \a pabHash.
- * @param   pszString           Where to store the printable string on success.
- * @param   cchString           Size of \a pszString.
- *                              Should be at least RTSHA512_DIGEST_LEN + 1 bytes.
- *
- * @note    This implements step 22 of SHA-crypt.txt Version: 0.6 2016-8-31.
- */
-RTR3DECL(int) RTCrShaCrypt512ToString(uint8_t abHash[RTSHA512_HASH_SIZE], const char *pszSalt, uint32_t cRounds, char *pszString, size_t cchString);
+ * @param   pszSalt     Where to return the generated salt string.
+ * @param   cchSalt     The length of the salt to generate.  The buffer size is
+ *                      this value plus 1 (for the terminator character)!
+ *
+ *                      Must be in the range RT_SHACRYPT_MIN_SALT_LEN to
+ *                      RT_SHACRYPT_MAX_SALT_LEN (both inclusive).
+ *
+ * @warning Be very careful with the @a cchSalt parameter, as it must be at
+ *          least one less than the actual buffer size!
+ */
+RTDECL(int) RTCrShaCryptGenerateSalt(char *pszSalt, size_t cchSalt);
+
+/**
+ * Encrypts @a pszPhrase using SHA-256, @a pszSalt and @a cRounds.
+ *
+ * @returns IPRT status code.
+ * @param   pszPhrase   The passphrase (password) to encrypt.
+ * @param   pszSalt     Salt to use.  This can either be a pure salt, like from
+ *                      RTCrShaCryptGenerateSalt(), or a 'password' string as
+ *                      generated by RTCrShaCrypt256ToString().
+ *
+ *                      The latter allows for easy password validation by
+ *                      comparing the encrypted string with the one stored in
+ *                      the passwd file.
+ *
+ *                      The length of the actual salt portion of the string must
+ *                      be within RT_SHACRYPT_MIN_SALT_LEN to
+ *                      RT_SHACRYPT_MAX_SALT_LEN, both inclusive.
+ *
+ * @param   cRounds     Number of rounds to use (@see
+ *                      RT_SHACRYPT_ROUNDS_DEFAULT).  This is ignored if the
+ *                      salt includes a 'rounds=xxx$' part.
+ * @param   pszString   Where to store the string on success.
+ * @param   cbString    The size of the buffer pointed to by @a pszString.
+ *
+ *                      The minimum length is 3 + salt + 1 + 43 + zero
+ *                      terminator.  If a non-default @a cRounds value is used,
+ *                      add 8 + strlen(cRounds as decimal). The max buffer
+ *                      needed is 80 bytes (RT_SHACRYPT_256_MAX_SIZE).
+ */
+RTDECL(int) RTCrShaCrypt256(const char *pszPhrase, const char *pszSalt, uint32_t cRounds, char *pszString, size_t cbString);
+
+/**
+ * Encrypts @a pszPhrase using SHA-512, @a pszSalt and @a cRounds.
+ *
+ * @returns IPRT status code.
+ * @param   pszPhrase   The passphrase (password) to encrypt.
+ * @param   pszSalt     Salt to use.  This can either be a pure salt, like from
+ *                      RTCrShaCryptGenerateSalt(), or a 'password' string as
+ *                      generated by RTCrShaCrypt512ToString().
+ *
+ *                      The latter allows for easy password validation by
+ *                      comparing the encrypted string with the one stored in
+ *                      the passwd file.
+ *
+ *                      The length of the actual salt portion of the string must
+ *                      be within RT_SHACRYPT_MIN_SALT_LEN to
+ *                      RT_SHACRYPT_MAX_SALT_LEN, both inclusive.
+ *
+ * @param   pszString   Where to store the string on success.
+ * @param   cbString    The size of the buffer pointed to by @a pszString.
+ *
+ *                      The minimum length is 3 + salt + 1 + 86 + zero
+ *                      terminator. If a non-default @a cRounds value is used,
+ *                      add 8 + strlen(cRounds as decimal). The max buffer
+ *                      needed is 123 bytes (RT_SHACRYPT_512_MAX_SIZE).
+ */
+RTDECL(int) RTCrShaCrypt512(const char *pszPhrase, const char *pszSalt, uint32_t cRounds, char *pszString, size_t cbString);
+
+
+
+/**
+ * Encrypts @a pszPhrase using SHA-256, @a pszSalt and @a cRounds, returning raw
+ * bytes.
+ *
+ * @returns IPRT status code.
+ * @param   pszPhrase   The passphrase (password) to encrypt.
+ * @param   pszSalt     Salt to use.  This can either be a pure salt, like from
+ *                      RTCrShaCryptGenerateSalt(), or a 'password' string as
+ *                      generated by RTCrShaCrypt256ToString().
+ *
+ *                      The latter allows for easy password validation by
+ *                      comparing the encrypted string with the one stored in
+ *                      the passwd file.
+ *
+ *                      The length of the actual salt portion of the string must
+ *                      be within RT_SHACRYPT_MIN_SALT_LEN to
+ *                      RT_SHACRYPT_MAX_SALT_LEN, both inclusive.
+ *
+ * @param   cRounds     Number of rounds to use (@see
+ *                      RT_SHACRYPT_ROUNDS_DEFAULT).
+ * @param   pabHash     Where to return the hash on success.
+ * @see     RTCrShaCrypt256, RTCrShaCrypt256ToString
+ */
+RTDECL(int) RTCrShaCrypt256Ex(const char *pszPhrase, const char *pszSalt, uint32_t cRounds, uint8_t pabHash[RTSHA256_HASH_SIZE]);
+
+
+/**
+ * Encrypts @a pszPhrase using SHA-512, @a pszSalt and @a cRounds, returning raw
+ * bytes.
+ *
+ * @returns IPRT status code.
+ * @param   pszPhrase   The passphrase (password) to encrypt.
+ * @param   pszSalt     Salt to use.  This can either be a pure salt, like from
+ *                      RTCrShaCryptGenerateSalt(), or a 'password' string as
+ *                      generated by RTCrShaCrypt512ToString().
+ *
+ *                      The latter allows for easy password validation by
+ *                      comparing the encrypted string with the one stored in
+ *                      the passwd file.
+ *
+ *                      The length of the actual salt portion of the string must
+ *                      be within RT_SHACRYPT_MIN_SALT_LEN to
+ *                      RT_SHACRYPT_MAX_SALT_LEN, both inclusive.
+ *
+ * @param   cRounds     Number of rounds to use (@see
+ *                      RT_SHACRYPT_ROUNDS_DEFAULT).
+ * @param   pabHash     Where to return the hash on success.
+ * @see     RTCrShaCrypt512, RTCrShaCrypt512ToString
+ */
+RTDECL(int) RTCrShaCrypt512Ex(const char *pszPhrase, const char *pszSalt, uint32_t cRounds, uint8_t pabHash[RTSHA512_HASH_SIZE]);
+
+/**
+ * Formats the RTCrShaCrypt256Ex() result and non-secret inputs using the
+ * extended password format.
+ *
+ * @returns IPRT status code.
+ * @param   pabHash     The result from RTCrShaCrypt256().
+ * @param   pszSalt     The salt used when producing @a pabHash.
+ * @param   cRounds     Number of rounds used for producing @a pabHash.
+ * @param   pszString   Where to store the string on success.
+ * @param   cbString    The size of the buffer pointed to by @a pszString.
+ *
+ *                      The minimum length is 3 + salt + 1 + 43 + zero
+ *                      terminator.  If a non-default @a cRounds value is used,
+ *                      add 8 + strlen(cRounds as decimal). The max buffer
+ *                      needed is 80 bytes (RT_SHACRYPT_256_MAX_SIZE).
+ *
+ * @note    This implements step 22 of SHA-crypt.txt v0.6.
+ * @see     RTCrShaCrypt256Ex
+ */
+RTDECL(int) RTCrShaCrypt256ToString(uint8_t const pabHash[RTSHA256_HASH_SIZE], const char *pszSalt, uint32_t cRounds,
+                                    char *pszString, size_t cbString);
+
+/**
+ * Formats the RTCrShaCrypt512Ex() result and non-secret inputs using the
+ * extended password format.
+ *
+ * @returns IPRT status code.
+ * @param   pabHash     The result from RTCrShaCrypt512().
+ * @param   pszSalt     The salt used when producing @a pabHash.
+ * @param   cRounds     Number of rounds used for producing @a pabHash.
+ * @param   pszString   Where to store the string on success.
+ * @param   cbString    The size of the buffer pointed to by @a pszString.
+ *
+ *                      The minimum length is 3 + salt + 1 + 86 + zero
+ *                      terminator. If a non-default @a cRounds value is used,
+ *                      add 8 + strlen(cRounds as decimal). The max buffer
+ *                      needed is 123 bytes (RT_SHACRYPT_512_MAX_SIZE).
+ *
+ * @note    This implements step 22 of SHA-crypt.txt v0.6.
+ * @see     RTCrShaCrypt512Ex
+ */
+RTDECL(int) RTCrShaCrypt512ToString(uint8_t const pabHash[RTSHA512_HASH_SIZE], const char *pszSalt, uint32_t cRounds,
+                                    char *pszString, size_t cbString);
 
 /** @} */

trunk/include/iprt/mangling.h

@@ -3736 +3736 @@
 # define RTCrShaCryptGenerateSalt                       RT_MANGLER(RTCrShaCryptGenerateSalt)
 # define RTCrShaCrypt256                                RT_MANGLER(RTCrShaCrypt256)
+# define RTCrShaCrypt256Ex                              RT_MANGLER(RTCrShaCrypt256Ex)
 # define RTCrShaCrypt256ToString                        RT_MANGLER(RTCrShaCrypt256ToString)
 # define RTCrShaCrypt512                                RT_MANGLER(RTCrShaCrypt512)
+# define RTCrShaCrypt512Ex                              RT_MANGLER(RTCrShaCrypt512Ex)
 # define RTCrShaCrypt512ToString                        RT_MANGLER(RTCrShaCrypt512ToString)
 # define RTCrSpcAttributeTypeAndOptionalValue_SetPeImage RT_MANGLER(RTCrSpcAttributeTypeAndOptionalValue_SetPeImage)