crypt.c File Reference

Asterisk wrapper for crypt(3). More...

#include "asterisk.h"
#include <unistd.h>
#include "asterisk/utils.h"

Include dependency graph for crypt.c:

Go to the source code of this file.

Defines

#define MAX_SALT_LEN   21
 Max length of a salt string.

Functions

char * ast_crypt (const char *key, const char *salt)
 Asterisk wrapper around crypt(3).
char * ast_crypt_encrypt (const char *key)
int ast_crypt_validate (const char *key, const char *expected)
static int gen_salt (char *current_salt, size_t maxlen)
 Generates a salt to try with crypt.
static char gen_salt_char (void)

Variables

static char salt_chars []


Detailed Description

Asterisk wrapper for crypt(3).

Author:
David M. Lee, II <dlee@digium.com>

Definition in file crypt.c.


Define Documentation

#define MAX_SALT_LEN   21

Max length of a salt string.

$[1,5,6]$[a–zA–Z0–9./]{1,16}$, plus null terminator

Definition at line 45 of file crypt.c.

Referenced by ast_crypt_encrypt(), and gen_salt().


Function Documentation

char* ast_crypt ( const char *  key,
const char *  salt 
)

Asterisk wrapper around crypt(3).

The interpretation of the salt (which determines the password hashing algorithm) is system specific. Application code should prefer to use ast_crypt_encrypt() or ast_crypt_validate().

The returned string is heap allocated, and should be freed with ast_free().

Parameters:
key User's password to crypt.
salt Salt to crypt with.
Returns:
Crypted password.

NULL on error.

Definition at line 176 of file crypt.c.

References ast_log, LOG_WARNING, and NULL.

Referenced by ast_crypt_encrypt().

00177 {
00178    ast_log(LOG_WARNING,
00179       "crypt() support not available; cannot encrypt password\n");
00180    return NULL;
00181 }

char* ast_crypt_encrypt ( const char *  key  ) 

Definition at line 192 of file crypt.c.

References ast_crypt(), gen_salt(), MAX_SALT_LEN, and NULL.

Referenced by ari_mkpasswd(), and AST_TEST_DEFINE().

00193 {
00194    char salt[MAX_SALT_LEN] = {};
00195    while (gen_salt(salt, sizeof(salt)) == 0) {
00196       char *crypted = ast_crypt(key, salt);
00197       if (crypted) {
00198          return crypted;
00199       }
00200    }
00201    return NULL;
00202 }

int ast_crypt_validate ( const char *  key,
const char *  expected 
)

Definition at line 183 of file crypt.c.

References ast_log, and LOG_WARNING.

Referenced by ast_ari_config_validate_user(), and AST_TEST_DEFINE().

00184 {
00185    ast_log(LOG_WARNING,
00186       "crypt() support not available; cannot validate password\n");
00187    return 0;
00188 }

static int gen_salt ( char *  current_salt,
size_t  maxlen 
) [static]

Generates a salt to try with crypt.

If given an empty string, will generate a salt for the most secure algorithm to try with crypt(). If given a previously generated salt, the algorithm will be lowered by one level of security.

Parameters:
[out] current_salt Output string in which to generate the salt. This can be an empty string, or the results of a prior gen_salt call.
max_len Length of current_salt.
Returns:
0 on success.

Non-zero on error.

Definition at line 74 of file crypt.c.

References gen_salt_char(), MAX_SALT_LEN, and NULL.

Referenced by ast_crypt_encrypt().

00075 {
00076    int i;
00077 
00078    if (maxlen < MAX_SALT_LEN || current_salt == NULL) {
00079       return -1;
00080    }
00081 
00082    switch (current_salt[0]) {
00083    case '\0':
00084       /* Initial generation; $6$ = SHA-512 */
00085       *current_salt++ = '$';
00086       *current_salt++ = '6';
00087       *current_salt++ = '$';
00088       for (i = 0; i < 16; ++i) {
00089          *current_salt++ = gen_salt_char();
00090       }
00091       *current_salt++ = '$';
00092       *current_salt++ = '\0';
00093       return 0;
00094    case '$':
00095       switch (current_salt[1]) {
00096       case '6':
00097          /* Downgrade to SHA-256 */
00098          current_salt[1] = '5';
00099          return 0;
00100       case '5':
00101          /* Downgrade to MD5 */
00102          current_salt[1] = '1';
00103          return 0;
00104       case '1':
00105          /* Downgrade to traditional crypt */
00106          *current_salt++ = gen_salt_char();
00107          *current_salt++ = gen_salt_char();
00108          *current_salt++ = '\0';
00109          return 0;
00110       default:
00111          /* Unrecognized algorithm */
00112          return -1;
00113       }
00114    default:
00115       /* Was already as insecure as it gets */
00116       return -1;
00117    }
00118 
00119 }

static char gen_salt_char ( void   )  [static]

Randomly select a character for a salt string

Definition at line 54 of file crypt.c.

References ast_random_double.

Referenced by gen_salt().

00055 {
00056    int which = ast_random_double() * 64;
00057    return salt_chars[which];
00058 }


Variable Documentation

char salt_chars[] [static]

Initial value:

   "abcdefghijklmnopqrstuvwxyz"
   "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
   "0123456789"
   "./"

Definition at line 47 of file crypt.c.


Generated on Thu Apr 16 06:30:32 2015 for Asterisk - The Open Source Telephony Project by  doxygen 1.5.6