Commit 114dad49 authored by Gary Ching-Pang Lin's avatar Gary Ching-Pang Lin Committed by Peter Jones

MokManager: support blowfish-based crypt() hash

Conflicts:
	Makefile
parent 5a898351
......@@ -36,8 +36,8 @@ TARGET = shim.efi MokManager.efi.signed fallback.efi.signed
OBJS = shim.o netboot.o cert.o dbx.o
KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key
SOURCES = shim.c shim.h netboot.c signature.h PeImage.h
MOK_OBJS = MokManager.o PasswordCrypt.o
MOK_SOURCES = MokManager.c shim.h console_control.h PasswordCrypt.c PasswordCrypt.h
MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
MOK_SOURCES = MokManager.c shim.h console_control.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
FALLBACK_OBJS = fallback.o
FALLBACK_SRCS = fallback.c
......
......@@ -4,7 +4,9 @@
#include <openssl/sha.h>
#include <openssl/md5.h>
#include "PasswordCrypt.h"
#include "crypt_blowfish.h"
#define BLOWFISH_HASH_SIZE 31 /* 184/6+1 */
UINT16 get_hash_size (const UINT16 method)
{
......@@ -20,7 +22,7 @@ UINT16 get_hash_size (const UINT16 method)
case SHA512_BASED:
return SHA512_DIGEST_LENGTH;
case BLOWFISH_BASED:
return 184 / 8; /* per "man crypt" */
return BLOWFISH_HASH_SIZE;
}
return 0;
......@@ -201,6 +203,21 @@ static EFI_STATUS sha512_crypt (const char *key, UINT32 key_len,
return EFI_SUCCESS;
}
#define BF_RESULT_SIZE (7 + 22 + 31 + 1)
static EFI_STATUS blowfish_crypt (const char *key, const char *salt, UINT8 *hash)
{
char *retval, result[BF_RESULT_SIZE];
retval = crypt_blowfish_rn (key, salt, result, BF_RESULT_SIZE);
if (!retval)
return EFI_UNSUPPORTED;
CopyMem(hash, result + 7 + 22, BF_RESULT_SIZE);
return EFI_SUCCESS;
}
EFI_STATUS password_crypt (const char *password, UINT32 pw_length,
const PASSWORD_CRYPT *pw_crypt, UINT8 *hash)
{
......@@ -227,8 +244,11 @@ EFI_STATUS password_crypt (const char *password, UINT32 pw_length,
hash);
break;
case BLOWFISH_BASED:
/* TODO unsupported */
status = EFI_UNSUPPORTED;
if (pw_crypt->salt_size != (7 + 22 + 1)) {
status = EFI_INVALID_PARAMETER;
break;
}
status = blowfish_crypt(password, (char *)pw_crypt->salt, hash);
break;
default:
return EFI_INVALID_PARAMETER;
......
This diff is collapsed.
/*
* Written by Solar Designer <solar at openwall.com> in 2000-2011.
* No copyright is claimed, and the software is hereby placed in the public
* domain. In case this attempt to disclaim copyright and place the software
* in the public domain is deemed null and void, then the software is
* Copyright (c) 2000-2011 Solar Designer and it is hereby released to the
* general public under the following terms:
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted.
*
* There's ABSOLUTELY NO WARRANTY, express or implied.
*
* See crypt_blowfish.c for more information.
*/
#ifndef _CRYPT_BLOWFISH_H
#define _CRYPT_BLOWFISH_H
char *crypt_blowfish_rn(const char *key, const char *setting,
char *output, int size);
#endif
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment