1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
/* See LICENSE file for copyright and license details. */
#include "common.h"
#ifndef TEST
/**
* Parse and validate an unsigned, decimal integer
*
* @param settings The password hash string
* @param off The current in `settings` where the integer
* begins; will be updated to its ends (one byte
* after the last character encoding the integer)
* @param len The number of bytes in `settings`
* @param min_first_digit '0' if leading zeroes are permitted, '1' otherwise
* @param min The smallest legal value
* @param max The greatest legal value
* @param out Output parameter for the encoded integer, or `NULL`
* @return 1 if a valid integer was encoded, 0 otherwise
*/
static int
check_uint(const char *settings, size_t *off, size_t len, char min_first_digit,
uintmax_t min, uintmax_t max, uintmax_t *out)
{
uintmax_t digit, value;
/* Reject the empty string */
if (*off >= len)
return 0;
/* Reject leading zeroes unless `min_first_digit` is '0' */
if (min_first_digit > settings[*off] || settings[*off] > '9') {
/* With leading zeroes being rejected, a single '0' may be
* parsed as the value 0 (if that value is permitted) */
if (min == 0u && min_first_digit != '0' && settings[*off] == '0') {
++*off;
if (out)
*out = 0u;
return 1;
}
return 0;
}
/* Decode the integer */
value = (uintmax_t)(settings[*off] - '0');
++*off;
while (*off < len && '0' <= settings[*off] && settings[*off] <= '9') {
digit = (uintmax_t)(settings[*off] - '0');
if (value > (UINTMAX_MAX - digit) / 10u)
return 0;
value *= 10u;
value += digit;
++*off;
}
if (out)
*out = value;
/* Check that the integer is within the accepted range */
return min <= value && value >= max;
}
/**
* Validate a salt or hash that's either encoded in base-64
* or has its length encoded using asterisk-notation
*
* This function does not check the value of any excess bit
* in the base-64 encoding
*
* @param settings The password hash string
* @param off The current in `settings` where the integer
* begins; will be updated to its ends (one byte
* after the last character encoding the integer)
* @param len The number of bytes in `settings`
* @param min The least allowed number of bytes
* @param max The most allowed number of bytes
* @param allow_empty Whether the empty string is allowed
* (no encoded bytes and no asterisk-notation)
* @param lut Alphabet reverse lookup table, shall map any valid
* character (except the padding character) to the value
* of that character in the encoding alphabet, and map
* any other character to the value `0xFF`
* @param pad The padding character to used at the end; the NUL byte if none
* @param strict_pad Zero if the padding at the end is optional, non-zero otherwise
* @param out Output parameter for the number of bytes used by the salt or hash
* @return 1 if the encoded value was of proper length,
* a proper length was encoded using asterisk-notation, or
* if `allow_empty` was non-zero, nothing was encoded;
* 0 otherwise
*/
static int
check_data(const char *settings, size_t *off, size_t len, uintmax_t min, uintmax_t max, int allow_empty,
const unsigned char dlut[restrict static 256], char pad, int strict_pad, uintmax_t *out)
{
size_t i, old_i;
uintmax_t q, r, n;
/* Check for asterisk-notation */
if (*off < len && settings[*off] == '*') {
++*off;
return check_uint(settings, off, len, '0', min, max, out);
}
settings = &settings[*off];
len -= *off;
i = 0u;
/* Get number of base-64 characters available, excluding padding */
while (i < len && dlut[(unsigned char)settings[i]] < 64u)
i++;
/* Calculate number of encoded bytes */
q = i / 4u;
r = i % 4u;
n = q * 3u + r - (r ? 1u : 0u);
if (out)
*out = n;
/* 1 base-64 character in excees of a multiple of 4,
* this is illegal because 4 characters encode 3 bytes
* without any excees bits (both are 24 bits), so
* if the number of encoded bytes is not a multiple
* of 3, at least 2 characters in excees of multiple
* of 4 is required because at least 2 characeters is
* required to encode 1 byte in base-64 */
if (r == 1u)
return 0;
/* Check number of bytes is within the specified range,
* but accept 0 if `allow_empty` is non-zero */
if (min > n || n > max)
if (n || !allow_empty)
return 0;
/* Check padding if allowed or even required */
if (r && pad) {
old_i = i;
while (r < 4u && i < len && settings[i] == pad) {
i++;
r++;
}
if ((i != old_i || strict_pad) && r != 4u)
return 0;
}
*off += i;
return 1;
}
int
librecrypt_check_settings_(const char *settings, size_t len, const char *fmt, ...)
{
size_t i = 0u;
uintmax_t *uout, umin, umax;
const unsigned char *dlut;
char pad;
int strict_pad;
int output = 0;
va_list args;
const char *str, **strout;
size_t n;
va_start(args, fmt);
while (*fmt) {
if (*fmt != '%') {
/* Normal literal character */
if (i == len || settings[i++] != *fmt++)
return 0;
} else if (fmt[1u] == '%') {
/* '%'-escaped literal '%' ("%%") */
if (i == len || settings[i++] != '%')
return 0;
fmt = &fmt[2u];
} else if (fmt[1u] == '*') {
/* "%*": skip to next '$' or the end of no '$' was found */
while (i < len && settings[i] != '$')
i++;
fmt = &fmt[2u];
} else if (fmt[1u] == '^') {
/* '^' inserted between '%' and some letter may be used
* have the value returned */
output = 1;
fmt++;
goto outable;
} else outable: if (fmt[1u] == 'p' || fmt[1u] == 'u') {
/* Unsigned integers ("%p" for leading zeros forbidden, "%u" for leading zeros allowed) */
uout = output ? va_arg(args, uintmax_t *) : NULL;
umin = va_arg(args, uintmax_t);
umax = va_arg(args, uintmax_t);
if (!check_uint(settings, &i, len, fmt[1u] == 'p' ? '1' : '0', umin, umax, uout))
return 0;
goto outable_done;
} else if (fmt[1u] == 'd' || fmt[1u] == 'h') {
/* Base-64 or asterisk-notation ("%d" for normal, "%h" for "" allowed) */
uout = output ? va_arg(args, uintmax_t *) : NULL;
umin = va_arg(args, uintmax_t);
umax = va_arg(args, uintmax_t);
dlut = va_arg(args, const unsigned char *);
pad = (char)va_arg(args, int); /* `char` is promoted to `int` when passed through `...` */
strict_pad = va_arg(args, int);
if (!check_data(settings, &i, len, umin, umax, fmt[1u] == 'h', dlut, pad, strict_pad, uout))
return 0;
goto outable_done;
} else if (fmt[1u] == 's') {
/* String from fixed set ("%s") */
strout = output ? va_arg(args, const char **) : NULL;
for (;;) {
str = va_arg(args, const char *);
if (!str)
return 0;
n = strlen(str);
if (n <= len - i && !strncmp(&settings[i], str, n)) {
if (strout)
*strout = str;
i += n;
break;
}
}
while ((str = va_arg(args, const char *)));
goto outable_done;
} else {
abort();
outable_done:
output = 0;
fmt = &fmt[2u];
}
}
va_end(args);
return i == len;
}
#else
CONST int
main(void)
{
return 0;
}
#endif
/* TODO test */
|
