Steffen Jaeckel | 229bd51 | 2021-07-08 15:57:33 +0200 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0+ |
| 2 | /* Copyright (C) 2020 Steffen Jaeckel <jaeckel-floss@eyet-services.de> */ |
| 3 | |
| 4 | #include <common.h> |
| 5 | #include <crypt.h> |
| 6 | #include "crypt-port.h" |
| 7 | |
Steffen Jaeckel | 878c91b | 2021-07-08 15:57:34 +0200 | [diff] [blame] | 8 | typedef int (*crypt_fn)(const char *, size_t, const char *, size_t, uint8_t *, |
| 9 | size_t, void *, size_t); |
Steffen Jaeckel | 229bd51 | 2021-07-08 15:57:33 +0200 | [diff] [blame] | 10 | |
| 11 | const unsigned char ascii64[65] = |
| 12 | "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
| 13 | |
| 14 | static void equals_constant_time(const void *a_, const void *b_, size_t len, |
| 15 | int *equal) |
| 16 | { |
| 17 | u8 ret = 0; |
| 18 | const u8 *a = a_, *b = b_; |
| 19 | int i; |
| 20 | |
| 21 | for (i = 0; i < len; i++) |
| 22 | ret |= a[i] ^ b[i]; |
| 23 | |
| 24 | ret |= ret >> 4; |
| 25 | ret |= ret >> 2; |
| 26 | ret |= ret >> 1; |
| 27 | ret &= 1; |
| 28 | |
| 29 | *equal = ret ^ 1; |
| 30 | } |
| 31 | |
Steffen Jaeckel | 878c91b | 2021-07-08 15:57:34 +0200 | [diff] [blame] | 32 | int crypt_compare(const char *should, const char *passphrase, int *equal) |
Steffen Jaeckel | 229bd51 | 2021-07-08 15:57:33 +0200 | [diff] [blame] | 33 | { |
| 34 | u8 output[CRYPT_OUTPUT_SIZE], scratch[ALG_SPECIFIC_SIZE]; |
| 35 | size_t n; |
Steffen Jaeckel | 878c91b | 2021-07-08 15:57:34 +0200 | [diff] [blame] | 36 | int err; |
Steffen Jaeckel | 229bd51 | 2021-07-08 15:57:33 +0200 | [diff] [blame] | 37 | struct { |
| 38 | const char *prefix; |
| 39 | crypt_fn crypt; |
| 40 | } crypt_algos[] = { |
| 41 | #if defined(CONFIG_CRYPT_PW_SHA256) |
Steffen Jaeckel | 878c91b | 2021-07-08 15:57:34 +0200 | [diff] [blame] | 42 | { "$5$", crypt_sha256crypt_rn_wrapped }, |
Steffen Jaeckel | 229bd51 | 2021-07-08 15:57:33 +0200 | [diff] [blame] | 43 | #endif |
| 44 | #if defined(CONFIG_CRYPT_PW_SHA512) |
Steffen Jaeckel | 878c91b | 2021-07-08 15:57:34 +0200 | [diff] [blame] | 45 | { "$6$", crypt_sha512crypt_rn_wrapped }, |
Steffen Jaeckel | 229bd51 | 2021-07-08 15:57:33 +0200 | [diff] [blame] | 46 | #endif |
| 47 | { NULL, NULL } |
| 48 | }; |
| 49 | |
| 50 | *equal = 0; |
| 51 | |
| 52 | for (n = 0; n < ARRAY_SIZE(crypt_algos); ++n) { |
| 53 | if (!crypt_algos[n].prefix) |
| 54 | continue; |
| 55 | if (strncmp(should, crypt_algos[n].prefix, 3) == 0) |
| 56 | break; |
| 57 | } |
| 58 | |
| 59 | if (n >= ARRAY_SIZE(crypt_algos)) |
Steffen Jaeckel | 878c91b | 2021-07-08 15:57:34 +0200 | [diff] [blame] | 60 | return -EINVAL; |
Steffen Jaeckel | 229bd51 | 2021-07-08 15:57:33 +0200 | [diff] [blame] | 61 | |
Steffen Jaeckel | 878c91b | 2021-07-08 15:57:34 +0200 | [diff] [blame] | 62 | err = crypt_algos[n].crypt(passphrase, strlen(passphrase), should, 0, |
| 63 | output, sizeof(output), scratch, |
| 64 | sizeof(scratch)); |
Steffen Jaeckel | 229bd51 | 2021-07-08 15:57:33 +0200 | [diff] [blame] | 65 | /* early return on error, nothing really happened inside the crypt() function */ |
Steffen Jaeckel | 878c91b | 2021-07-08 15:57:34 +0200 | [diff] [blame] | 66 | if (err) |
| 67 | return err; |
Steffen Jaeckel | 229bd51 | 2021-07-08 15:57:33 +0200 | [diff] [blame] | 68 | |
| 69 | equals_constant_time(should, output, strlen((const char *)output), |
| 70 | equal); |
| 71 | |
| 72 | memset(scratch, 0, sizeof(scratch)); |
| 73 | memset(output, 0, sizeof(output)); |
Steffen Jaeckel | 878c91b | 2021-07-08 15:57:34 +0200 | [diff] [blame] | 74 | |
| 75 | return 0; |
Steffen Jaeckel | 229bd51 | 2021-07-08 15:57:33 +0200 | [diff] [blame] | 76 | } |