Line data Source code
1 : /*
2 : * Written by Solar Designer and placed in the public domain.
3 : * See crypt_blowfish.c for more information.
4 : *
5 : * contrib/pgcrypto/crypt-gensalt.c
6 : *
7 : * This file contains salt generation functions for the traditional and
8 : * other common crypt(3) algorithms, except for bcrypt which is defined
9 : * entirely in crypt_blowfish.c.
10 : *
11 : * Put bcrypt generator also here as crypt-blowfish.c
12 : * may not be compiled always. -- marko
13 : */
14 :
15 : #include "postgres.h"
16 :
17 : #include "px-crypt.h"
18 :
19 : typedef unsigned int BF_word;
20 :
21 : static unsigned char _crypt_itoa64[64 + 1] =
22 : "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
23 :
24 : char *
25 1 : _crypt_gensalt_traditional_rn(unsigned long count,
26 : const char *input, int size, char *output, int output_size)
27 : {
28 1 : if (size < 2 || output_size < 2 + 1 || (count && count != 25))
29 : {
30 0 : if (output_size > 0)
31 0 : output[0] = '\0';
32 0 : return NULL;
33 : }
34 :
35 1 : output[0] = _crypt_itoa64[(unsigned int) input[0] & 0x3f];
36 1 : output[1] = _crypt_itoa64[(unsigned int) input[1] & 0x3f];
37 1 : output[2] = '\0';
38 :
39 1 : return output;
40 : }
41 :
42 : char *
43 1 : _crypt_gensalt_extended_rn(unsigned long count,
44 : const char *input, int size, char *output, int output_size)
45 : {
46 : unsigned long value;
47 :
48 : /* Even iteration counts make it easier to detect weak DES keys from a look
49 : * at the hash, so they should be avoided */
50 1 : if (size < 3 || output_size < 1 + 4 + 4 + 1 ||
51 1 : (count && (count > 0xffffff || !(count & 1))))
52 : {
53 0 : if (output_size > 0)
54 0 : output[0] = '\0';
55 0 : return NULL;
56 : }
57 :
58 1 : if (!count)
59 0 : count = 725;
60 :
61 1 : output[0] = '_';
62 1 : output[1] = _crypt_itoa64[count & 0x3f];
63 1 : output[2] = _crypt_itoa64[(count >> 6) & 0x3f];
64 1 : output[3] = _crypt_itoa64[(count >> 12) & 0x3f];
65 1 : output[4] = _crypt_itoa64[(count >> 18) & 0x3f];
66 1 : value = (unsigned long) (unsigned char) input[0] |
67 1 : ((unsigned long) (unsigned char) input[1] << 8) |
68 1 : ((unsigned long) (unsigned char) input[2] << 16);
69 1 : output[5] = _crypt_itoa64[value & 0x3f];
70 1 : output[6] = _crypt_itoa64[(value >> 6) & 0x3f];
71 1 : output[7] = _crypt_itoa64[(value >> 12) & 0x3f];
72 1 : output[8] = _crypt_itoa64[(value >> 18) & 0x3f];
73 1 : output[9] = '\0';
74 :
75 1 : return output;
76 : }
77 :
78 : char *
79 1 : _crypt_gensalt_md5_rn(unsigned long count,
80 : const char *input, int size, char *output, int output_size)
81 : {
82 : unsigned long value;
83 :
84 1 : if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000))
85 : {
86 0 : if (output_size > 0)
87 0 : output[0] = '\0';
88 0 : return NULL;
89 : }
90 :
91 1 : output[0] = '$';
92 1 : output[1] = '1';
93 1 : output[2] = '$';
94 1 : value = (unsigned long) (unsigned char) input[0] |
95 1 : ((unsigned long) (unsigned char) input[1] << 8) |
96 1 : ((unsigned long) (unsigned char) input[2] << 16);
97 1 : output[3] = _crypt_itoa64[value & 0x3f];
98 1 : output[4] = _crypt_itoa64[(value >> 6) & 0x3f];
99 1 : output[5] = _crypt_itoa64[(value >> 12) & 0x3f];
100 1 : output[6] = _crypt_itoa64[(value >> 18) & 0x3f];
101 1 : output[7] = '\0';
102 :
103 1 : if (size >= 6 && output_size >= 3 + 4 + 4 + 1)
104 : {
105 1 : value = (unsigned long) (unsigned char) input[3] |
106 1 : ((unsigned long) (unsigned char) input[4] << 8) |
107 1 : ((unsigned long) (unsigned char) input[5] << 16);
108 1 : output[7] = _crypt_itoa64[value & 0x3f];
109 1 : output[8] = _crypt_itoa64[(value >> 6) & 0x3f];
110 1 : output[9] = _crypt_itoa64[(value >> 12) & 0x3f];
111 1 : output[10] = _crypt_itoa64[(value >> 18) & 0x3f];
112 1 : output[11] = '\0';
113 : }
114 :
115 1 : return output;
116 : }
117 :
118 :
119 :
120 : static unsigned char BF_itoa64[64 + 1] =
121 : "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
122 :
123 : static void
124 1 : BF_encode(char *dst, const BF_word *src, int size)
125 : {
126 1 : const unsigned char *sptr = (const unsigned char *) src;
127 1 : const unsigned char *end = sptr + size;
128 1 : unsigned char *dptr = (unsigned char *) dst;
129 : unsigned int c1,
130 : c2;
131 :
132 : do
133 : {
134 6 : c1 = *sptr++;
135 6 : *dptr++ = BF_itoa64[c1 >> 2];
136 6 : c1 = (c1 & 0x03) << 4;
137 6 : if (sptr >= end)
138 : {
139 1 : *dptr++ = BF_itoa64[c1];
140 1 : break;
141 : }
142 :
143 5 : c2 = *sptr++;
144 5 : c1 |= c2 >> 4;
145 5 : *dptr++ = BF_itoa64[c1];
146 5 : c1 = (c2 & 0x0f) << 2;
147 5 : if (sptr >= end)
148 : {
149 0 : *dptr++ = BF_itoa64[c1];
150 0 : break;
151 : }
152 :
153 5 : c2 = *sptr++;
154 5 : c1 |= c2 >> 6;
155 5 : *dptr++ = BF_itoa64[c1];
156 5 : *dptr++ = BF_itoa64[c2 & 0x3f];
157 5 : } while (sptr < end);
158 1 : }
159 :
160 : char *
161 1 : _crypt_gensalt_blowfish_rn(unsigned long count,
162 : const char *input, int size, char *output, int output_size)
163 : {
164 1 : if (size < 16 || output_size < 7 + 22 + 1 ||
165 1 : (count && (count < 4 || count > 31)))
166 : {
167 0 : if (output_size > 0)
168 0 : output[0] = '\0';
169 0 : return NULL;
170 : }
171 :
172 1 : if (!count)
173 0 : count = 5;
174 :
175 1 : output[0] = '$';
176 1 : output[1] = '2';
177 1 : output[2] = 'a';
178 1 : output[3] = '$';
179 1 : output[4] = '0' + count / 10;
180 1 : output[5] = '0' + count % 10;
181 1 : output[6] = '$';
182 :
183 1 : BF_encode(&output[7], (const BF_word *) input, 16);
184 1 : output[7 + 22] = '\0';
185 :
186 1 : return output;
187 : }
188 :
189 : /*
190 : * Helper for _crypt_gensalt_sha256_rn and _crypt_gensalt_sha512_rn
191 : */
192 : static char *
193 4 : _crypt_gensalt_sha(unsigned long count,
194 : const char *input, int size, char *output, int output_size)
195 : {
196 4 : char *s_ptr = output;
197 4 : unsigned int result_bufsize = PX_SHACRYPT_SALT_BUF_LEN;
198 : int rc;
199 :
200 : /* output buffer must be allocated with PX_MAX_SALT_LEN bytes */
201 4 : if (PX_MAX_SALT_LEN < result_bufsize)
202 0 : ereport(ERROR,
203 : errcode(ERRCODE_SYNTAX_ERROR),
204 : errmsg("invalid size of salt"));
205 :
206 : /*
207 : * Care must be taken to not exceed the buffer size allocated for the
208 : * input character buffer.
209 : */
210 4 : if ((PX_SHACRYPT_SALT_MAX_LEN != size) || (output_size < size))
211 0 : ereport(ERROR,
212 : errcode(ERRCODE_INTERNAL_ERROR),
213 : errmsg("invalid length of salt buffer"));
214 :
215 : /* Skip magic bytes, set by callers */
216 4 : s_ptr += 3;
217 4 : if ((rc = pg_snprintf(s_ptr, 18, "rounds=%lu$", count)) <= 0)
218 0 : ereport(ERROR,
219 : errcode(ERRCODE_INTERNAL_ERROR),
220 : errmsg("cannot format salt string"));
221 :
222 : /* s_ptr should now be positioned at the start of the salt string */
223 4 : s_ptr += rc;
224 :
225 : /*
226 : * Normalize salt string
227 : *
228 : * size of input buffer was checked above to not exceed
229 : * PX_SHACRYPT_SALT_LEN_MAX.
230 : */
231 68 : for (int i = 0; i < size; i++)
232 : {
233 64 : *s_ptr = _crypt_itoa64[input[i] & 0x3f];
234 64 : s_ptr++;
235 : }
236 :
237 : /* We're done */
238 4 : return output;
239 : }
240 :
241 : /* gen_list->gen function for sha512 */
242 : char *
243 2 : _crypt_gensalt_sha512_rn(unsigned long count,
244 : char const *input, int size,
245 : char *output, int output_size)
246 : {
247 2 : memset(output, 0, output_size);
248 : /* set magic byte for sha512crypt */
249 2 : output[0] = '$';
250 2 : output[1] = '6';
251 2 : output[2] = '$';
252 :
253 2 : return _crypt_gensalt_sha(count, input, size, output, output_size);
254 : }
255 :
256 : /* gen_list->gen function for sha256 */
257 : char *
258 2 : _crypt_gensalt_sha256_rn(unsigned long count,
259 : const char *input, int size,
260 : char *output, int output_size)
261 : {
262 2 : memset(output, 0, output_size);
263 : /* set magic byte for sha256crypt */
264 2 : output[0] = '$';
265 2 : output[1] = '5';
266 2 : output[2] = '$';
267 :
268 2 : return _crypt_gensalt_sha(count, input, size, output, output_size);
269 : }
|
