Jpp test-rotations-new
the software that should make you happy
Loading...
Searching...
No Matches
crypt.cc
Go to the documentation of this file.
1/* SHA256-based Unix crypt implementation.
2 Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>.
3 Adapted for MS Windows by Stefan Ritt <stefan.ritt@psi.ch>
4
5 Copyrights Ulrich Drepper
6 Copyright 2000 + Stefan Ritt
7
8 ELOG is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 3 of the License, or
11 (at your option) any later version.
12
13 ELOG is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with ELOG. If not, see <http://www.gnu.org/licenses/>.
20
21
22 $Id$ */
23
24#ifdef _MSC_VER
25#include <stdio.h>
26#include <string.h>
27#include <stdlib.h>
28#include <malloc.h>
29
30#define __alignof__(x) sizeof(x)
31#define ERANGE 34
32
33typedef unsigned int uint32_t;
34
35#pragma warning(disable:4996)
36#else
37#include <errno.h>
38#include <limits.h>
39#include <stdint.h>
40#include <stdbool.h>
41#include <stdio.h>
42#include <stdlib.h>
43#include <string.h>
44#include <sys/param.h>
45#include <sys/types.h>
46#endif
47
48#ifndef MAX
49#define MAX(x,y) ((x)>(y)?(x):(y))
50#define MIN(x,y) ((x)<(y)?(x):(y))
51#endif
52
53/* Structure to save state of computation between the single steps. */
54struct sha256_ctx {
55 uint32_t H[8];
56
57 uint32_t total[2];
58 uint32_t buflen;
59 char buffer[128]; /* NB: always correctly aligned for uint32_t. */
60};
61
62
63#if __BYTE_ORDER == __LITTLE_ENDIAN
64#define SWAP(n) \
65 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
66#else
67#define SWAP(n) (n)
68#endif
69
70
71/* This array contains the bytes used to pad the buffer to the next
72 64-byte boundary. (FIPS 180-2:5.1.1) */
73static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
74
75
76/* Constants for SHA256 from FIPS 180-2:4.2.2. */
77static const uint32_t K[64] = {
78 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
79 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
80 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
81 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
82 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
83 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
84 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
85 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
86 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
87 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
88 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
89 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
90 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
91 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
92 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
93 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
94};
95
96
97/* Process LEN bytes of BUFFER, accumulating context into CTX.
98 It is assumed that LEN % 64 == 0. */
99static void sha256_process_block(const void *buffer, size_t len, struct sha256_ctx *ctx)
100{
101 const uint32_t *words = (const uint32_t *) buffer;
102 size_t nwords = len / sizeof(uint32_t);
103 uint32_t a = ctx->H[0];
104 uint32_t b = ctx->H[1];
105 uint32_t c = ctx->H[2];
106 uint32_t d = ctx->H[3];
107 uint32_t e = ctx->H[4];
108 uint32_t f = ctx->H[5];
109 uint32_t g = ctx->H[6];
110 uint32_t h = ctx->H[7];
111
112 /* First increment the byte count. FIPS 180-2 specifies the possible
113 length of the file up to 2^64 bits. Here we only compute the
114 number of bytes. Do a double word increment. */
115 ctx->total[0] += len;
116 if (ctx->total[0] < len)
117 ++ctx->total[1];
118
119 /* Process all bytes in the buffer with 64 bytes in each round of
120 the loop. */
121 while (nwords > 0) {
122 uint32_t W[64];
123 unsigned int t;
124 uint32_t a_save = a;
125 uint32_t b_save = b;
126 uint32_t c_save = c;
127 uint32_t d_save = d;
128 uint32_t e_save = e;
129 uint32_t f_save = f;
130 uint32_t g_save = g;
131 uint32_t h_save = h;
132
133 /* Operators defined in FIPS 180-2:4.1.2. */
134#define Ch(x, y, z) ((x & y) ^ (~x & z))
135#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
136#define S0(x) (CYCLIC (x, 2) ^ CYCLIC (x, 13) ^ CYCLIC (x, 22))
137#define S1(x) (CYCLIC (x, 6) ^ CYCLIC (x, 11) ^ CYCLIC (x, 25))
138#define R0(x) (CYCLIC (x, 7) ^ CYCLIC (x, 18) ^ (x >> 3))
139#define R1(x) (CYCLIC (x, 17) ^ CYCLIC (x, 19) ^ (x >> 10))
140
141 /* It is unfortunate that C does not provide an operator for
142 cyclic rotation. Hope the C compiler is smart enough. */
143#define CYCLIC(w, s) ((w >> s) | (w << (32 - s)))
144
145 /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */
146 for (t = 0; t < 16; ++t) {
147 W[t] = SWAP(*words);
148 ++words;
149 }
150 for (t = 16; t < 64; ++t)
151 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
152
153 /* The actual computation according to FIPS 180-2:6.2.2 step 3. */
154 for (t = 0; t < 64; ++t) {
155 uint32_t T1 = h + S1(e) + Ch(e, f, g) + K[t] + W[t];
156 uint32_t T2 = S0(a) + Maj(a, b, c);
157 h = g;
158 g = f;
159 f = e;
160 e = d + T1;
161 d = c;
162 c = b;
163 b = a;
164 a = T1 + T2;
165 }
166
167 /* Add the starting values of the context according to FIPS 180-2:6.2.2
168 step 4. */
169 a += a_save;
170 b += b_save;
171 c += c_save;
172 d += d_save;
173 e += e_save;
174 f += f_save;
175 g += g_save;
176 h += h_save;
177
178 /* Prepare for the next round. */
179 nwords -= 16;
180 }
181
182 /* Put checksum in context given as argument. */
183 ctx->H[0] = a;
184 ctx->H[1] = b;
185 ctx->H[2] = c;
186 ctx->H[3] = d;
187 ctx->H[4] = e;
188 ctx->H[5] = f;
189 ctx->H[6] = g;
190 ctx->H[7] = h;
191}
192
193
194/* Initialize structure containing state of computation.
195 (FIPS 180-2:5.3.2) */
196static void sha256_init_ctx(struct sha256_ctx *ctx)
197{
198 ctx->H[0] = 0x6a09e667;
199 ctx->H[1] = 0xbb67ae85;
200 ctx->H[2] = 0x3c6ef372;
201 ctx->H[3] = 0xa54ff53a;
202 ctx->H[4] = 0x510e527f;
203 ctx->H[5] = 0x9b05688c;
204 ctx->H[6] = 0x1f83d9ab;
205 ctx->H[7] = 0x5be0cd19;
206
207 ctx->total[0] = ctx->total[1] = 0;
208 ctx->buflen = 0;
209}
210
211
212/* Process the remaining bytes in the internal buffer and the usual
213 prolog according to the standard and write the result to RESBUF.
214
215 IMPORTANT: On some systems it is required that RESBUF is correctly
216 aligned for a 32 bits value. */
217static void *sha256_finish_ctx(struct sha256_ctx *ctx, void *resbuf)
218{
219 /* Take yet unprocessed bytes into account. */
220 uint32_t bytes = ctx->buflen;
221 size_t pad;
222 unsigned int i;
223
224 /* Now count remaining bytes. */
225 ctx->total[0] += bytes;
226 if (ctx->total[0] < bytes)
227 ++ctx->total[1];
228
229 pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
230 memcpy(&ctx->buffer[bytes], fillbuf, pad);
231
232 /* Put the 64-bit file length in *bits* at the end of the buffer. */
233 *(uint32_t *) & ctx->buffer[bytes + pad + 4] = SWAP(ctx->total[0] << 3);
234 *(uint32_t *) & ctx->buffer[bytes + pad] = SWAP((ctx->total[1] << 3) | (ctx->total[0] >> 29));
235
236 /* Process last bytes. */
237 sha256_process_block(ctx->buffer, bytes + pad + 8, ctx);
238
239 /* Put result from CTX in first 32 bytes following RESBUF. */
240 for (i = 0; i < 8; ++i)
241 ((uint32_t *) resbuf)[i] = SWAP(ctx->H[i]);
242
243 return resbuf;
244}
245
246
247static void sha256_process_bytes(const void *buffer, size_t len, struct sha256_ctx *ctx)
248{
249 /* When we already have some bits in our internal buffer concatenate
250 both inputs first. */
251 if (ctx->buflen != 0) {
252 size_t left_over = ctx->buflen;
253 size_t add = 128 - left_over > len ? len : 128 - left_over;
254
255 memcpy(&ctx->buffer[left_over], buffer, add);
256 ctx->buflen += add;
257
258 if (ctx->buflen > 64) {
259 sha256_process_block(ctx->buffer, ctx->buflen & ~63, ctx);
260
261 ctx->buflen &= 63;
262 /* The regions in the following copy operation cannot overlap. */
263 memcpy(ctx->buffer, &ctx->buffer[(left_over + add) & ~63], ctx->buflen);
264 }
265
266 buffer = (const char *) buffer + add;
267 len -= add;
268 }
269
270 /* Process available complete blocks. */
271 if (len >= 64) {
272/* To check alignment gcc has an appropriate operator. Other
273 compilers don't. */
274#if __GNUC__ >= 2
275#define UNALIGNED_P(p) (((uintptr_t) p) % __alignof__ (uint32_t) != 0)
276#else
277#define UNALIGNED_P(p) (((uintptr_t) p) % sizeof (uint32_t) != 0)
278#endif
279 if (UNALIGNED_P(buffer))
280 while (len > 64) {
281 sha256_process_block(memcpy(ctx->buffer, buffer, 64), 64, ctx);
282 buffer = (const char *) buffer + 64;
283 len -= 64;
284 } else {
285 sha256_process_block(buffer, len & ~63, ctx);
286 buffer = (const char *) buffer + (len & ~63);
287 len &= 63;
288 }
289 }
290
291 /* Move remaining bytes into internal buffer. */
292 if (len > 0) {
293 size_t left_over = ctx->buflen;
294
295 memcpy(&ctx->buffer[left_over], buffer, len);
296 left_over += len;
297 if (left_over >= 64) {
298 sha256_process_block(ctx->buffer, 64, ctx);
299 left_over -= 64;
300 memcpy(ctx->buffer, &ctx->buffer[64], left_over);
301 }
302 ctx->buflen = left_over;
303 }
304}
305
306
307/* Define our magic string to mark salt for SHA256 "encryption"
308 replacement. */
309static const char sha256_salt_prefix[] = "$5$";
310
311/* Prefix for optional rounds specification. */
312static const char sha256_rounds_prefix[] = "rounds=";
313
314/* Maximum salt string length. */
315#define SALT_LEN_MAX 16
316/* Default number of rounds if not explicitly specified. */
317#define ROUNDS_DEFAULT 5000
318/* Minimum number of rounds. */
319#define ROUNDS_MIN 1000
320/* Maximum number of rounds. */
321#define ROUNDS_MAX 999999999
322
323/* Table with characters for base64 transformation. */
324static const char b64t[65] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
325
326
327static char *sha256_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
328{
329#ifdef _MSC_VER
330 unsigned char alt_result[32];
331 unsigned char temp_result[32];
332#else
333 unsigned char alt_result[32]
334 __attribute__ ((__aligned__(__alignof__(uint32_t))));
335 unsigned char temp_result[32]
336 __attribute__ ((__aligned__(__alignof__(uint32_t))));
337#endif
338 struct sha256_ctx ctx;
339 struct sha256_ctx alt_ctx;
340 size_t salt_len;
341 size_t key_len;
342 size_t cnt;
343 char *cp;
344 char *copied_key = NULL;
345 char *copied_salt = NULL;
346 char *p_bytes;
347 char *s_bytes;
348 /* Default number of rounds. */
349 size_t rounds = ROUNDS_DEFAULT;
350 int rounds_custom = 0;
351
352 /* Find beginning of salt string. The prefix should normally always
353 be present. Just in case it is not. */
354 if (strncmp(sha256_salt_prefix, salt, sizeof(sha256_salt_prefix) - 1) == 0)
355 /* Skip salt prefix. */
356 salt += sizeof(sha256_salt_prefix) - 1;
357
358 if (strncmp(salt, sha256_rounds_prefix, sizeof(sha256_rounds_prefix) - 1)
359 == 0) {
360 const char *num = salt + sizeof(sha256_rounds_prefix) - 1;
361 char *endp;
362 unsigned long int srounds = strtoul(num, &endp, 10);
363 if (*endp == '$') {
364 salt = endp + 1;
365 rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX));
366 rounds_custom = 1;
367 }
368 }
369
370 salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX);
371 key_len = strlen(key);
372
373 if ((key - (char *) 0) % __alignof__(uint32_t) != 0) {
374 char *tmp = (char *) alloca(key_len + __alignof__(uint32_t));
375 key = copied_key = (char *) memcpy(tmp + __alignof__(uint32_t)
376 - (tmp - (char *) 0) % __alignof__(uint32_t), key, key_len);
377 }
378
379 if ((salt - (char *) 0) % __alignof__(uint32_t) != 0) {
380 char *tmp = (char *) alloca(salt_len + __alignof__(uint32_t));
381 salt = copied_salt = (char *) memcpy(tmp + __alignof__(uint32_t)
382 - (tmp - (char *) 0) % __alignof__(uint32_t), salt, salt_len);
383 }
384
385 /* Prepare for the real work. */
386 sha256_init_ctx(&ctx);
387
388 /* Add the key string. */
389 sha256_process_bytes(key, key_len, &ctx);
390
391 /* The last part is the salt string. This must be at most 16
392 characters and it ends at the first `$' character (for
393 compatibility with existing implementations). */
394 sha256_process_bytes(salt, salt_len, &ctx);
395
396
397 /* Compute alternate SHA256 sum with input KEY, SALT, and KEY. The
398 final result will be added to the first context. */
399 sha256_init_ctx(&alt_ctx);
400
401 /* Add key. */
402 sha256_process_bytes(key, key_len, &alt_ctx);
403
404 /* Add salt. */
405 sha256_process_bytes(salt, salt_len, &alt_ctx);
406
407 /* Add key again. */
408 sha256_process_bytes(key, key_len, &alt_ctx);
409
410 /* Now get result of this (32 bytes) and add it to the other
411 context. */
412 sha256_finish_ctx(&alt_ctx, alt_result);
413
414 /* Add for any character in the key one byte of the alternate sum. */
415 for (cnt = key_len; cnt > 32; cnt -= 32)
416 sha256_process_bytes(alt_result, 32, &ctx);
417 sha256_process_bytes(alt_result, cnt, &ctx);
418
419 /* Take the binary representation of the length of the key and for every
420 1 add the alternate sum, for every 0 the key. */
421 for (cnt = key_len; cnt > 0; cnt >>= 1)
422 if ((cnt & 1) != 0)
423 sha256_process_bytes(alt_result, 32, &ctx);
424 else
425 sha256_process_bytes(key, key_len, &ctx);
426
427 /* Create intermediate result. */
428 sha256_finish_ctx(&ctx, alt_result);
429
430 /* Start computation of P byte sequence. */
431 sha256_init_ctx(&alt_ctx);
432
433 /* For every character in the password add the entire password. */
434 for (cnt = 0; cnt < key_len; ++cnt)
435 sha256_process_bytes(key, key_len, &alt_ctx);
436
437 /* Finish the digest. */
438 sha256_finish_ctx(&alt_ctx, temp_result);
439
440 /* Create byte sequence P. */
441 cp = p_bytes = (char*) alloca(key_len);
442 for (cnt = key_len; cnt >= 32; cnt -= 32) {
443 memcpy(cp, temp_result, 32);
444 cp += 32;
445 }
446 memcpy(cp, temp_result, cnt);
447
448 /* Start computation of S byte sequence. */
449 sha256_init_ctx(&alt_ctx);
450
451 /* For every character in the password add the entire password. */
452 for (cnt = 0; (int) cnt < 16 + alt_result[0]; ++cnt)
453 sha256_process_bytes(salt, salt_len, &alt_ctx);
454
455 /* Finish the digest. */
456 sha256_finish_ctx(&alt_ctx, temp_result);
457
458 /* Create byte sequence S. */
459 cp = s_bytes = (char*) alloca(salt_len);
460 for (cnt = salt_len; cnt >= 32; cnt -= 32) {
461 memcpy(cp, temp_result, 32);
462 cp += 32;
463 }
464 memcpy(cp, temp_result, cnt);
465
466 /* Repeatedly run the collected hash value through SHA256 to burn
467 CPU cycles. */
468 for (cnt = 0; cnt < rounds; ++cnt) {
469 /* New context. */
470 sha256_init_ctx(&ctx);
471
472 /* Add key or last result. */
473 if ((cnt & 1) != 0)
474 sha256_process_bytes(p_bytes, key_len, &ctx);
475 else
476 sha256_process_bytes(alt_result, 32, &ctx);
477
478 /* Add salt for numbers not divisible by 3. */
479 if (cnt % 3 != 0)
480 sha256_process_bytes(s_bytes, salt_len, &ctx);
481
482 /* Add key for numbers not divisible by 7. */
483 if (cnt % 7 != 0)
484 sha256_process_bytes(p_bytes, key_len, &ctx);
485
486 /* Add key or last result. */
487 if ((cnt & 1) != 0)
488 sha256_process_bytes(alt_result, 32, &ctx);
489 else
490 sha256_process_bytes(p_bytes, key_len, &ctx);
491
492 /* Create intermediate result. */
493 sha256_finish_ctx(&ctx, alt_result);
494 }
495
496 /* Now we can construct the result string. It consists of three
497 parts. */
498 strncpy(buffer, sha256_salt_prefix, MAX(0, buflen));
499 cp = buffer + strlen(buffer);
500 buflen -= sizeof(sha256_salt_prefix) - 1;
501
502 if (rounds_custom) {
503#ifdef _MSC_VER
504 int n = _snprintf(cp, MAX(0, buflen), "%s%Iu$",
505 sha256_rounds_prefix, rounds);
506#else
507 int n = snprintf(cp, MAX(0, buflen), "%s%zu$",
508 sha256_rounds_prefix, rounds);
509#endif
510 cp += n;
511 buflen -= n;
512 }
513
514 strncpy(cp, salt, MIN((size_t) MAX(0, buflen), salt_len));
515 cp = cp + strlen(cp);
516 buflen -= MIN((size_t) MAX(0, buflen), salt_len);
517
518 if (buflen > 0) {
519 *cp++ = '$';
520 --buflen;
521 }
522#define b64_from_24bit(B2, B1, B0, N) \
523 do { \
524 unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \
525 int n = (N); \
526 while (n-- > 0 && buflen > 0) \
527 { \
528 *cp++ = b64t[w & 0x3f]; \
529 --buflen; \
530 w >>= 6; \
531 } \
532 } while (0)
533
534 b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4);
535 b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4);
536 b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4);
537 b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4);
538 b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4);
539 b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4);
540 b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4);
541 b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4);
542 b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4);
543 b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4);
544 b64_from_24bit(0, alt_result[31], alt_result[30], 3);
545 if (buflen <= 0) {
546 errno = ERANGE;
547 buffer = NULL;
548 } else
549 *cp = '\0'; /* Terminate the string. */
550
551 /* Clear the buffer for the intermediate result so that people
552 attaching to processes or reading core dumps cannot get any
553 information. We do it in this way to clear correct_words[]
554 inside the SHA256 implementation as well. */
555 sha256_init_ctx(&ctx);
556 sha256_finish_ctx(&ctx, alt_result);
557 memset(temp_result, '\0', sizeof(temp_result));
558 memset(p_bytes, '\0', key_len);
559 memset(s_bytes, '\0', salt_len);
560 memset(&ctx, '\0', sizeof(ctx));
561 memset(&alt_ctx, '\0', sizeof(alt_ctx));
562 if (copied_key != NULL)
563 memset(copied_key, '\0', key_len);
564 if (copied_salt != NULL)
565 memset(copied_salt, '\0', salt_len);
566
567 return buffer;
568}
569
570
571/* This entry point is equivalent to the `crypt' function in Unix
572 libcs. */
573char *sha256_crypt(const char *key, const char *salt)
574{
575 /* We don't want to have an arbitrary limit in the size of the
576 password. We can compute an upper bound for the size of the
577 result in advance and so we can prepare the buffer we pass to
578 `sha256_crypt_r'. */
579 static char *buffer;
580 static int buflen;
581 int needed = (sizeof(sha256_salt_prefix) - 1
582 + sizeof(sha256_rounds_prefix) + 9 + 1 + strlen(salt) + 1 + 43 + 1);
583
584 if (buflen < needed) {
585 char *new_buffer = (char *) realloc(buffer, needed);
586 if (new_buffer == NULL)
587 return NULL;
588
589 buffer = new_buffer;
590 buflen = needed;
591 }
592
593 return sha256_crypt_r(key, salt, buffer, buflen);
594}
#define UNALIGNED_P(p)
static void * sha256_finish_ctx(struct sha256_ctx *ctx, void *resbuf)
Definition crypt.cc:217
#define ROUNDS_DEFAULT
Definition crypt.cc:317
static void sha256_init_ctx(struct sha256_ctx *ctx)
Definition crypt.cc:196
static const uint32_t K[64]
Definition crypt.cc:77
#define ROUNDS_MIN
Definition crypt.cc:319
static void sha256_process_bytes(const void *buffer, size_t len, struct sha256_ctx *ctx)
Definition crypt.cc:247
static const char sha256_salt_prefix[]
Definition crypt.cc:309
static const char b64t[65]
Definition crypt.cc:324
static char * sha256_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
Definition crypt.cc:327
#define Maj(x, y, z)
#define S0(x)
#define R1(x)
#define SALT_LEN_MAX
Definition crypt.cc:315
#define S1(x)
#define MIN(x, y)
Definition crypt.cc:50
char * sha256_crypt(const char *key, const char *salt)
Definition crypt.cc:573
#define R0(x)
#define MAX(x, y)
Definition crypt.cc:49
#define Ch(x, y, z)
#define b64_from_24bit(B2, B1, B0, N)
#define SWAP(n)
Definition crypt.cc:64
#define ROUNDS_MAX
Definition crypt.cc:321
static void sha256_process_block(const void *buffer, size_t len, struct sha256_ctx *ctx)
Definition crypt.cc:99
static const unsigned char fillbuf[64]
Definition crypt.cc:73
static const char sha256_rounds_prefix[]
Definition crypt.cc:312
struct __attribute__((__packed__)) InfoWord
Definition infoword.hh:18
char buffer[128]
Definition crypt.cc:59
uint32_t buflen
Definition crypt.cc:58
uint32_t total[2]
Definition crypt.cc:57
uint32_t H[8]
Definition crypt.cc:55