1 // SPDX-License-Identifier: GPL-2.0+
2 /* Copyright (C) 2020 Steffen Jaeckel <jaeckel-floss@eyet-services.de> */
3
4 #include <common.h>
5 #include <crypt.h>
6 #include "crypt-port.h"
7
8 typedef int (*crypt_fn)(const char *, size_t, const char *, size_t, uint8_t *,
9 size_t, void *, size_t);
10
11 const unsigned char ascii64[65] =
12 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
13
equals_constant_time(const void * a_,const void * b_,size_t len,int * equal)14 static void equals_constant_time(const void *a_, const void *b_, size_t len,
15 int *equal)
16 {
17 u8 ret = 0;
18 const u8 *a = a_, *b = b_;
19 int i;
20
21 for (i = 0; i < len; i++)
22 ret |= a[i] ^ b[i];
23
24 ret |= ret >> 4;
25 ret |= ret >> 2;
26 ret |= ret >> 1;
27 ret &= 1;
28
29 *equal = ret ^ 1;
30 }
31
crypt_compare(const char * should,const char * passphrase,int * equal)32 int crypt_compare(const char *should, const char *passphrase, int *equal)
33 {
34 u8 output[CRYPT_OUTPUT_SIZE], scratch[ALG_SPECIFIC_SIZE];
35 size_t n;
36 int err;
37 struct {
38 const char *prefix;
39 crypt_fn crypt;
40 } crypt_algos[] = {
41 #if defined(CONFIG_CRYPT_PW_SHA256)
42 { "$5$", crypt_sha256crypt_rn_wrapped },
43 #endif
44 #if defined(CONFIG_CRYPT_PW_SHA512)
45 { "$6$", crypt_sha512crypt_rn_wrapped },
46 #endif
47 { NULL, NULL }
48 };
49
50 *equal = 0;
51
52 for (n = 0; n < ARRAY_SIZE(crypt_algos); ++n) {
53 if (!crypt_algos[n].prefix)
54 continue;
55 if (strncmp(should, crypt_algos[n].prefix, 3) == 0)
56 break;
57 }
58
59 if (n >= ARRAY_SIZE(crypt_algos))
60 return -EINVAL;
61
62 err = crypt_algos[n].crypt(passphrase, strlen(passphrase), should, 0,
63 output, sizeof(output), scratch,
64 sizeof(scratch));
65 /* early return on error, nothing really happened inside the crypt() function */
66 if (err)
67 return err;
68
69 equals_constant_time(should, output, strlen((const char *)output),
70 equal);
71
72 memset(scratch, 0, sizeof(scratch));
73 memset(output, 0, sizeof(output));
74
75 return 0;
76 }
77