Line data Source code
1 : /*
2 : * Written by Solar Designer and placed in the public domain.
3 : * See crypt_blowfish.c for more information.
4 : *
5 : * contrib/pgcrypto/crypt-gensalt.c
6 : *
7 : * This file contains salt generation functions for the traditional and
8 : * other common crypt(3) algorithms, except for bcrypt which is defined
9 : * entirely in crypt_blowfish.c.
10 : *
11 : * Put bcrypt generator also here as crypt-blowfish.c
12 : * may not be compiled always. -- marko
13 : */
14 :
15 : #include "postgres.h"
16 :
17 : #include "px-crypt.h"
18 :
19 : typedef unsigned int BF_word;
20 :
21 : static unsigned char _crypt_itoa64[64 + 1] =
22 : "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
23 :
24 : char *
25 0 : _crypt_gensalt_traditional_rn(unsigned long count,
26 : const char *input, int size, char *output, int output_size)
27 : {
28 0 : if (size < 2 || output_size < 2 + 1 || (count && count != 25))
29 : {
30 0 : if (output_size > 0)
31 0 : output[0] = '\0';
32 0 : return NULL;
33 : }
34 :
35 0 : output[0] = _crypt_itoa64[(unsigned int) input[0] & 0x3f];
36 0 : output[1] = _crypt_itoa64[(unsigned int) input[1] & 0x3f];
37 0 : output[2] = '\0';
38 :
39 0 : return output;
40 0 : }
41 :
42 : char *
43 0 : _crypt_gensalt_extended_rn(unsigned long count,
44 : const char *input, int size, char *output, int output_size)
45 : {
46 0 : unsigned long value;
47 :
48 : /* Even iteration counts make it easier to detect weak DES keys from a look
49 : * at the hash, so they should be avoided */
50 0 : if (size < 3 || output_size < 1 + 4 + 4 + 1 ||
51 0 : (count && (count > 0xffffff || !(count & 1))))
52 : {
53 0 : if (output_size > 0)
54 0 : output[0] = '\0';
55 0 : return NULL;
56 : }
57 :
58 0 : if (!count)
59 0 : count = 725;
60 :
61 0 : output[0] = '_';
62 0 : output[1] = _crypt_itoa64[count & 0x3f];
63 0 : output[2] = _crypt_itoa64[(count >> 6) & 0x3f];
64 0 : output[3] = _crypt_itoa64[(count >> 12) & 0x3f];
65 0 : output[4] = _crypt_itoa64[(count >> 18) & 0x3f];
66 0 : value = (unsigned long) (unsigned char) input[0] |
67 0 : ((unsigned long) (unsigned char) input[1] << 8) |
68 0 : ((unsigned long) (unsigned char) input[2] << 16);
69 0 : output[5] = _crypt_itoa64[value & 0x3f];
70 0 : output[6] = _crypt_itoa64[(value >> 6) & 0x3f];
71 0 : output[7] = _crypt_itoa64[(value >> 12) & 0x3f];
72 0 : output[8] = _crypt_itoa64[(value >> 18) & 0x3f];
73 0 : output[9] = '\0';
74 :
75 0 : return output;
76 0 : }
77 :
78 : char *
79 0 : _crypt_gensalt_md5_rn(unsigned long count,
80 : const char *input, int size, char *output, int output_size)
81 : {
82 0 : unsigned long value;
83 :
84 0 : if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000))
85 : {
86 0 : if (output_size > 0)
87 0 : output[0] = '\0';
88 0 : return NULL;
89 : }
90 :
91 0 : output[0] = '$';
92 0 : output[1] = '1';
93 0 : output[2] = '$';
94 0 : value = (unsigned long) (unsigned char) input[0] |
95 0 : ((unsigned long) (unsigned char) input[1] << 8) |
96 0 : ((unsigned long) (unsigned char) input[2] << 16);
97 0 : output[3] = _crypt_itoa64[value & 0x3f];
98 0 : output[4] = _crypt_itoa64[(value >> 6) & 0x3f];
99 0 : output[5] = _crypt_itoa64[(value >> 12) & 0x3f];
100 0 : output[6] = _crypt_itoa64[(value >> 18) & 0x3f];
101 0 : output[7] = '\0';
102 :
103 0 : if (size >= 6 && output_size >= 3 + 4 + 4 + 1)
104 : {
105 0 : value = (unsigned long) (unsigned char) input[3] |
106 0 : ((unsigned long) (unsigned char) input[4] << 8) |
107 0 : ((unsigned long) (unsigned char) input[5] << 16);
108 0 : output[7] = _crypt_itoa64[value & 0x3f];
109 0 : output[8] = _crypt_itoa64[(value >> 6) & 0x3f];
110 0 : output[9] = _crypt_itoa64[(value >> 12) & 0x3f];
111 0 : output[10] = _crypt_itoa64[(value >> 18) & 0x3f];
112 0 : output[11] = '\0';
113 0 : }
114 :
115 0 : return output;
116 0 : }
117 :
118 :
119 :
120 : static unsigned char BF_itoa64[64 + 1] =
121 : "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
122 :
123 : static void
124 0 : BF_encode(char *dst, const BF_word *src, int size)
125 : {
126 0 : const unsigned char *sptr = (const unsigned char *) src;
127 0 : const unsigned char *end = sptr + size;
128 0 : unsigned char *dptr = (unsigned char *) dst;
129 0 : unsigned int c1,
130 : c2;
131 :
132 0 : do
133 : {
134 0 : c1 = *sptr++;
135 0 : *dptr++ = BF_itoa64[c1 >> 2];
136 0 : c1 = (c1 & 0x03) << 4;
137 0 : if (sptr >= end)
138 : {
139 0 : *dptr++ = BF_itoa64[c1];
140 0 : break;
141 : }
142 :
143 0 : c2 = *sptr++;
144 0 : c1 |= c2 >> 4;
145 0 : *dptr++ = BF_itoa64[c1];
146 0 : c1 = (c2 & 0x0f) << 2;
147 0 : if (sptr >= end)
148 : {
149 0 : *dptr++ = BF_itoa64[c1];
150 0 : break;
151 : }
152 :
153 0 : c2 = *sptr++;
154 0 : c1 |= c2 >> 6;
155 0 : *dptr++ = BF_itoa64[c1];
156 0 : *dptr++ = BF_itoa64[c2 & 0x3f];
157 0 : } while (sptr < end);
158 0 : }
159 :
160 : char *
161 0 : _crypt_gensalt_blowfish_rn(unsigned long count,
162 : const char *input, int size, char *output, int output_size)
163 : {
164 0 : if (size < 16 || output_size < 7 + 22 + 1 ||
165 0 : (count && (count < 4 || count > 31)))
166 : {
167 0 : if (output_size > 0)
168 0 : output[0] = '\0';
169 0 : return NULL;
170 : }
171 :
172 0 : if (!count)
173 0 : count = 5;
174 :
175 0 : output[0] = '$';
176 0 : output[1] = '2';
177 0 : output[2] = 'a';
178 0 : output[3] = '$';
179 0 : output[4] = '0' + count / 10;
180 0 : output[5] = '0' + count % 10;
181 0 : output[6] = '$';
182 :
183 0 : BF_encode(&output[7], (const BF_word *) input, 16);
184 0 : output[7 + 22] = '\0';
185 :
186 0 : return output;
187 0 : }
188 :
189 : /*
190 : * Helper for _crypt_gensalt_sha256_rn and _crypt_gensalt_sha512_rn
191 : */
192 : static char *
193 0 : _crypt_gensalt_sha(unsigned long count,
194 : const char *input, int size, char *output, int output_size)
195 : {
196 0 : char *s_ptr = output;
197 0 : unsigned int result_bufsize = PX_SHACRYPT_SALT_BUF_LEN;
198 0 : int rc;
199 :
200 : /* output buffer must be allocated with PX_MAX_SALT_LEN bytes */
201 0 : if (PX_MAX_SALT_LEN < result_bufsize)
202 0 : ereport(ERROR,
203 : errcode(ERRCODE_SYNTAX_ERROR),
204 : errmsg("invalid size of salt"));
205 :
206 : /*
207 : * Care must be taken to not exceed the buffer size allocated for the
208 : * input character buffer.
209 : */
210 0 : if ((PX_SHACRYPT_SALT_MAX_LEN != size) || (output_size < size))
211 0 : ereport(ERROR,
212 : errcode(ERRCODE_INTERNAL_ERROR),
213 : errmsg("invalid length of salt buffer"));
214 :
215 : /* Skip magic bytes, set by callers */
216 0 : s_ptr += 3;
217 0 : if ((rc = pg_snprintf(s_ptr, 18, "rounds=%lu$", count)) <= 0)
218 0 : ereport(ERROR,
219 : errcode(ERRCODE_INTERNAL_ERROR),
220 : errmsg("cannot format salt string"));
221 :
222 : /* s_ptr should now be positioned at the start of the salt string */
223 0 : s_ptr += rc;
224 :
225 : /*
226 : * Normalize salt string
227 : *
228 : * size of input buffer was checked above to not exceed
229 : * PX_SHACRYPT_SALT_LEN_MAX.
230 : */
231 0 : for (int i = 0; i < size; i++)
232 : {
233 0 : *s_ptr = _crypt_itoa64[input[i] & 0x3f];
234 0 : s_ptr++;
235 0 : }
236 :
237 : /* We're done */
238 0 : return output;
239 0 : }
240 :
241 : /* gen_list->gen function for sha512 */
242 : char *
243 0 : _crypt_gensalt_sha512_rn(unsigned long count,
244 : char const *input, int size,
245 : char *output, int output_size)
246 : {
247 0 : memset(output, 0, output_size);
248 : /* set magic byte for sha512crypt */
249 0 : output[0] = '$';
250 0 : output[1] = '6';
251 0 : output[2] = '$';
252 :
253 0 : return _crypt_gensalt_sha(count, input, size, output, output_size);
254 : }
255 :
256 : /* gen_list->gen function for sha256 */
257 : char *
258 0 : _crypt_gensalt_sha256_rn(unsigned long count,
259 : const char *input, int size,
260 : char *output, int output_size)
261 : {
262 0 : memset(output, 0, output_size);
263 : /* set magic byte for sha256crypt */
264 0 : output[0] = '$';
265 0 : output[1] = '5';
266 0 : output[2] = '$';
267 :
268 0 : return _crypt_gensalt_sha(count, input, size, output, output_size);
269 : }
|
