From 5a89835189b65ac053edc92246b5a9e74abeeea5 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 26 Sep 2013 11:58:01 -0400
Subject: [PATCH] MokManager: support SHA512-based crypt() hash

---
 Cryptlib/OpenSSL/Makefile |   2 +-
 MokManager.c              |  12 ++--
 PasswordCrypt.c           | 114 ++++++++++++++++++++++++++++++++++++++
 PasswordCrypt.h           |   1 +
 4 files changed, 120 insertions(+), 9 deletions(-)

diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
index 1960b6b..f8ab841 100644
--- a/Cryptlib/OpenSSL/Makefile
+++ b/Cryptlib/OpenSSL/Makefile
@@ -10,7 +10,7 @@ LIB_GCC		= $(shell $(CC) -print-libgcc-file-name)
 EFI_LIBS	= -lefi -lgnuefi $(LIB_GCC)
 
 CFLAGS		= -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \
-		  -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -DSIXTY_FOUR_BIT_LONG -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
+		  -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -DSIXTY_FOUR_BIT_LONG -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
 ifeq ($(ARCH),x86_64)
 	CFLAGS	+= -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
 endif
diff --git a/MokManager.c b/MokManager.c
index 66e33ce..4cf836f 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -638,7 +638,7 @@ static EFI_STATUS match_password (PASSWORD_CRYPT *pw_crypt,
 				  UINT8 *auth, CHAR16 *prompt)
 {
 	EFI_STATUS status;
-	UINT8 hash[SHA256_DIGEST_SIZE];
+	UINT8 hash[128];
 	UINT8 *auth_hash;
 	UINT32 auth_size;
 	CHAR16 password[PASSWORD_MAX];
@@ -647,14 +647,10 @@ static EFI_STATUS match_password (PASSWORD_CRYPT *pw_crypt,
 	int i;
 
 	if (pw_crypt) {
-		/*
-		 * Only support sha256 now
-		 */
-		if(pw_crypt->method != SHA256_BASED)
-			return EFI_INVALID_PARAMETER;
 		auth_hash = pw_crypt->hash;
-		/* FIXME assign auth_size according to pw_crypt->method */
-		auth_size = SHA256_DIGEST_SIZE;
+		auth_size = get_hash_size (pw_crypt->method);
+		if (auth_size == 0)
+			return EFI_INVALID_PARAMETER;
 	} else if (auth) {
 		auth_hash = auth;
 		auth_size = SHA256_DIGEST_SIZE;
diff --git a/PasswordCrypt.c b/PasswordCrypt.c
index bde23ed..a62512e 100644
--- a/PasswordCrypt.c
+++ b/PasswordCrypt.c
@@ -2,8 +2,30 @@
 #include <efilib.h>
 #include <Library/BaseCryptLib.h>
 #include <openssl/sha.h>
+#include <openssl/md5.h>
 #include "PasswordCrypt.h"
 
+
+UINT16 get_hash_size (const UINT16 method)
+{
+	switch (method) {
+	case TRANDITIONAL_DES:
+		return 64 / 8; /* per "man crypt" */
+	case EXTEND_BSDI_DES:
+		return 64 / 8; /* per "man crypt" */
+	case MD5_BASED:
+		return MD5_DIGEST_LENGTH;
+	case SHA256_BASED:
+		return SHA256_DIGEST_LENGTH;
+	case SHA512_BASED:
+		return SHA512_DIGEST_LENGTH;
+	case BLOWFISH_BASED:
+		return 184 / 8; /* per "man crypt" */
+	}
+
+	return 0;
+}
+
 static EFI_STATUS sha256_crypt (const char *key,  UINT32 key_len,
 				const char *salt, UINT32 salt_size,
 				const UINT32 rounds, UINT8 *hash)
@@ -91,6 +113,94 @@ static EFI_STATUS sha256_crypt (const char *key,  UINT32 key_len,
 	return EFI_SUCCESS;
 }
 
+static EFI_STATUS sha512_crypt (const char *key,  UINT32 key_len,
+				const char *salt, UINT32 salt_size,
+				const UINT32 rounds, UINT8 *hash)
+{
+	SHA512_CTX ctx, alt_ctx;
+	UINT8 alt_result[SHA512_DIGEST_LENGTH];
+	UINT8 tmp_result[SHA512_DIGEST_LENGTH];
+	UINT8 *cp, *p_bytes, *s_bytes;
+	UINTN cnt;
+
+	SHA512_Init(&ctx);
+	SHA512_Update(&ctx, key, key_len);
+	SHA512_Update(&ctx, salt, salt_size);
+
+	SHA512_Init(&alt_ctx);
+	SHA512_Update(&alt_ctx, key, key_len);
+	SHA512_Update(&alt_ctx, salt, salt_size);
+	SHA512_Update(&alt_ctx, key, key_len);
+
+	SHA512_Final(alt_result, &alt_ctx);
+
+	for (cnt = key_len; cnt > 64; cnt -= 64)
+		SHA512_Update(&ctx, alt_result, 64);
+	SHA512_Update(&ctx, alt_result, cnt);
+
+	for (cnt = key_len; cnt > 0; cnt >>= 1) {
+		if ((cnt & 1) != 0) {
+			SHA512_Update(&ctx, alt_result, 64);
+		} else {
+			SHA512_Update(&ctx, key, key_len);
+		}
+	}
+	SHA512_Final(alt_result, &ctx);
+
+	SHA512_Init(&alt_ctx);
+	for (cnt = 0; cnt < key_len; ++cnt)
+		SHA512_Update(&alt_ctx, key, key_len);
+	SHA512_Final(tmp_result, &alt_ctx);
+
+	cp = p_bytes = AllocatePool(key_len);
+	for (cnt = key_len; cnt >= 64; cnt -= 64) {
+		CopyMem(cp, tmp_result, 64);
+		cp += 64;
+	}
+	CopyMem(cp, tmp_result, cnt);
+
+	SHA512_Init(&alt_ctx);
+	for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
+		SHA512_Update(&alt_ctx, salt, salt_size);
+	SHA512_Final(tmp_result, &alt_ctx);
+
+	cp = s_bytes = AllocatePool(salt_size);
+	for (cnt = salt_size; cnt >= 64; cnt -= 64) {
+		CopyMem(cp, tmp_result, 64);
+		cp += 64;
+	}
+	CopyMem(cp, tmp_result, cnt);
+
+	for (cnt = 0; cnt < rounds; ++cnt) {
+		SHA512_Init(&ctx);
+
+		if ((cnt & 1) != 0)
+			SHA512_Update(&ctx, p_bytes, key_len);
+		else
+			SHA512_Update(&ctx, alt_result, 64);
+
+		if (cnt % 3 != 0)
+			SHA512_Update(&ctx, s_bytes, salt_size);
+
+		if (cnt % 7 != 0)
+			SHA512_Update(&ctx, p_bytes, key_len);
+
+		if ((cnt & 1) != 0)
+			SHA512_Update(&ctx, alt_result, 64);
+		else
+			SHA512_Update(&ctx, p_bytes, key_len);
+
+		SHA512_Final(alt_result, &ctx);
+	}
+
+	CopyMem(hash, alt_result, SHA512_DIGEST_LENGTH);
+
+	FreePool(p_bytes);
+	FreePool(s_bytes);
+
+	return EFI_SUCCESS;
+}
+
 EFI_STATUS password_crypt (const char *password, UINT32 pw_length,
 			   const PASSWORD_CRYPT *pw_crypt, UINT8 *hash)
 {
@@ -112,6 +222,10 @@ EFI_STATUS password_crypt (const char *password, UINT32 pw_length,
 				      hash);
 		break;
 	case SHA512_BASED:
+		status = sha512_crypt(password, pw_length, (char *)pw_crypt->salt,
+				      pw_crypt->salt_size, pw_crypt->iter_count,
+				      hash);
+		break;
 	case BLOWFISH_BASED:
 		/* TODO unsupported */
 		status = EFI_UNSUPPORTED;
diff --git a/PasswordCrypt.h b/PasswordCrypt.h
index c9e377a..144bf84 100644
--- a/PasswordCrypt.h
+++ b/PasswordCrypt.h
@@ -22,5 +22,6 @@ typedef struct {
 
 EFI_STATUS password_crypt (const char *password, UINT32 pw_length,
 			   const PASSWORD_CRYPT *pw_hash, UINT8 *hash);
+UINT16 get_hash_size (const UINT16 method);
 
 #endif /* __PASSWORD_CRYPT_H__ */