PostgreSQL Source Code: contrib/pgcrypto/crypt-gensalt.c Source File

PostgreSQL Source Code git master
crypt-gensalt.c
Go to the documentation of this file.
1/*
2 * Written by Solar Designer and placed in the public domain.
3 * See crypt_blowfish.c for more information.
4 *
5 * contrib/pgcrypto/crypt-gensalt.c
6 *
7 * This file contains salt generation functions for the traditional and
8 * other common crypt(3) algorithms, except for bcrypt which is defined
9 * entirely in crypt_blowfish.c.
10 *
11 * Put bcrypt generator also here as crypt-blowfish.c
12 * may not be compiled always. -- marko
13 */
14
15#include "postgres.h"
16
17#include "px-crypt.h"
18
19 typedef unsigned int BF_word;
20
21 static unsigned char _crypt_itoa64[64 + 1] =
22"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
23
24char *
25 _crypt_gensalt_traditional_rn(unsigned long count,
26 const char *input, int size, char *output, int output_size)
27{
28 if (size < 2 || output_size < 2 + 1 || (count && count != 25))
29 {
30 if (output_size > 0)
31 output[0] = '0円';
32 return NULL;
33 }
34
35 output[0] = _crypt_itoa64[(unsigned int) input[0] & 0x3f];
36 output[1] = _crypt_itoa64[(unsigned int) input[1] & 0x3f];
37 output[2] = '0円';
38
39 return output;
40}
41
42char *
43 _crypt_gensalt_extended_rn(unsigned long count,
44 const char *input, int size, char *output, int output_size)
45{
46 unsigned long value;
47
48/* Even iteration counts make it easier to detect weak DES keys from a look
49 * at the hash, so they should be avoided */
50 if (size < 3 || output_size < 1 + 4 + 4 + 1 ||
51 (count && (count > 0xffffff || !(count & 1))))
52 {
53 if (output_size > 0)
54 output[0] = '0円';
55 return NULL;
56 }
57
58 if (!count)
59 count = 725;
60
61 output[0] = '_';
62 output[1] = _crypt_itoa64[count & 0x3f];
63 output[2] = _crypt_itoa64[(count >> 6) & 0x3f];
64 output[3] = _crypt_itoa64[(count >> 12) & 0x3f];
65 output[4] = _crypt_itoa64[(count >> 18) & 0x3f];
66 value = (unsigned long) (unsigned char) input[0] |
67 ((unsigned long) (unsigned char) input[1] << 8) |
68 ((unsigned long) (unsigned char) input[2] << 16);
69 output[5] = _crypt_itoa64[value & 0x3f];
70 output[6] = _crypt_itoa64[(value >> 6) & 0x3f];
71 output[7] = _crypt_itoa64[(value >> 12) & 0x3f];
72 output[8] = _crypt_itoa64[(value >> 18) & 0x3f];
73 output[9] = '0円';
74
75 return output;
76}
77
78char *
79 _crypt_gensalt_md5_rn(unsigned long count,
80 const char *input, int size, char *output, int output_size)
81{
82 unsigned long value;
83
84 if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000))
85 {
86 if (output_size > 0)
87 output[0] = '0円';
88 return NULL;
89 }
90
91 output[0] = '$';
92 output[1] = '1';
93 output[2] = '$';
94 value = (unsigned long) (unsigned char) input[0] |
95 ((unsigned long) (unsigned char) input[1] << 8) |
96 ((unsigned long) (unsigned char) input[2] << 16);
97 output[3] = _crypt_itoa64[value & 0x3f];
98 output[4] = _crypt_itoa64[(value >> 6) & 0x3f];
99 output[5] = _crypt_itoa64[(value >> 12) & 0x3f];
100 output[6] = _crypt_itoa64[(value >> 18) & 0x3f];
101 output[7] = '0円';
102
103 if (size >= 6 && output_size >= 3 + 4 + 4 + 1)
104 {
105 value = (unsigned long) (unsigned char) input[3] |
106 ((unsigned long) (unsigned char) input[4] << 8) |
107 ((unsigned long) (unsigned char) input[5] << 16);
108 output[7] = _crypt_itoa64[value & 0x3f];
109 output[8] = _crypt_itoa64[(value >> 6) & 0x3f];
110 output[9] = _crypt_itoa64[(value >> 12) & 0x3f];
111 output[10] = _crypt_itoa64[(value >> 18) & 0x3f];
112 output[11] = '0円';
113 }
114
115 return output;
116}
117
118
119
120 static unsigned char BF_itoa64[64 + 1] =
121"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
122
123static void
124 BF_encode(char *dst, const BF_word *src, int size)
125{
126 const unsigned char *sptr = (const unsigned char *) src;
127 const unsigned char *end = sptr + size;
128 unsigned char *dptr = (unsigned char *) dst;
129 unsigned int c1,
130 c2;
131
132 do
133 {
134 c1 = *sptr++;
135 *dptr++ = BF_itoa64[c1 >> 2];
136 c1 = (c1 & 0x03) << 4;
137 if (sptr >= end)
138 {
139 *dptr++ = BF_itoa64[c1];
140 break;
141 }
142
143 c2 = *sptr++;
144 c1 |= c2 >> 4;
145 *dptr++ = BF_itoa64[c1];
146 c1 = (c2 & 0x0f) << 2;
147 if (sptr >= end)
148 {
149 *dptr++ = BF_itoa64[c1];
150 break;
151 }
152
153 c2 = *sptr++;
154 c1 |= c2 >> 6;
155 *dptr++ = BF_itoa64[c1];
156 *dptr++ = BF_itoa64[c2 & 0x3f];
157 } while (sptr < end);
158}
159
160char *
161 _crypt_gensalt_blowfish_rn(unsigned long count,
162 const char *input, int size, char *output, int output_size)
163{
164 if (size < 16 || output_size < 7 + 22 + 1 ||
165 (count && (count < 4 || count > 31)))
166 {
167 if (output_size > 0)
168 output[0] = '0円';
169 return NULL;
170 }
171
172 if (!count)
173 count = 5;
174
175 output[0] = '$';
176 output[1] = '2';
177 output[2] = 'a';
178 output[3] = '$';
179 output[4] = '0' + count / 10;
180 output[5] = '0' + count % 10;
181 output[6] = '$';
182
183 BF_encode(&output[7], (const BF_word *) input, 16);
184 output[7 + 22] = '0円';
185
186 return output;
187}
188
189/*
190 * Helper for _crypt_gensalt_sha256_rn and _crypt_gensalt_sha512_rn
191 */
192static char *
193 _crypt_gensalt_sha(unsigned long count,
194 const char *input, int size, char *output, int output_size)
195{
196 char *s_ptr = output;
197 unsigned int result_bufsize = PX_SHACRYPT_SALT_BUF_LEN;
198 int rc;
199
200 /* output buffer must be allocated with PX_MAX_SALT_LEN bytes */
201 if (PX_MAX_SALT_LEN < result_bufsize)
202 ereport(ERROR,
203 errcode(ERRCODE_SYNTAX_ERROR),
204 errmsg("invalid size of salt"));
205
206 /*
207 * Care must be taken to not exceed the buffer size allocated for the
208 * input character buffer.
209 */
210 if ((PX_SHACRYPT_SALT_MAX_LEN != size) || (output_size < size))
211 ereport(ERROR,
212 errcode(ERRCODE_INTERNAL_ERROR),
213 errmsg("invalid length of salt buffer"));
214
215 /* Skip magic bytes, set by callers */
216 s_ptr += 3;
217 if ((rc = pg_snprintf(s_ptr, 18, "rounds=%lu$", count)) <= 0)
218 ereport(ERROR,
219 errcode(ERRCODE_INTERNAL_ERROR),
220 errmsg("cannot format salt string"));
221
222 /* s_ptr should now be positioned at the start of the salt string */
223 s_ptr += rc;
224
225 /*
226 * Normalize salt string
227 *
228 * size of input buffer was checked above to not exceed
229 * PX_SHACRYPT_SALT_LEN_MAX.
230 */
231 for (int i = 0; i < size; i++)
232 {
233 *s_ptr = _crypt_itoa64[input[i] & 0x3f];
234 s_ptr++;
235 }
236
237 /* We're done */
238 return output;
239}
240
241/* gen_list->gen function for sha512 */
242char *
243 _crypt_gensalt_sha512_rn(unsigned long count,
244 char const *input, int size,
245 char *output, int output_size)
246{
247 memset(output, 0, output_size);
248 /* set magic byte for sha512crypt */
249 output[0] = '$';
250 output[1] = '6';
251 output[2] = '$';
252
253 return _crypt_gensalt_sha(count, input, size, output, output_size);
254}
255
256/* gen_list->gen function for sha256 */
257char *
258 _crypt_gensalt_sha256_rn(unsigned long count,
259 const char *input, int size,
260 char *output, int output_size)
261{
262 memset(output, 0, output_size);
263 /* set magic byte for sha256crypt */
264 output[0] = '$';
265 output[1] = '5';
266 output[2] = '$';
267
268 return _crypt_gensalt_sha(count, input, size, output, output_size);
269}
unsigned int BF_word
Definition: crypt-blowfish.c:52
char * _crypt_gensalt_sha512_rn(unsigned long count, char const *input, int size, char *output, int output_size)
Definition: crypt-gensalt.c:243
char * _crypt_gensalt_traditional_rn(unsigned long count, const char *input, int size, char *output, int output_size)
Definition: crypt-gensalt.c:25
char * _crypt_gensalt_sha256_rn(unsigned long count, const char *input, int size, char *output, int output_size)
Definition: crypt-gensalt.c:258
static unsigned char _crypt_itoa64[64+1]
Definition: crypt-gensalt.c:21
char * _crypt_gensalt_md5_rn(unsigned long count, const char *input, int size, char *output, int output_size)
Definition: crypt-gensalt.c:79
static char * _crypt_gensalt_sha(unsigned long count, const char *input, int size, char *output, int output_size)
Definition: crypt-gensalt.c:193
static unsigned char BF_itoa64[64+1]
Definition: crypt-gensalt.c:120
static void BF_encode(char *dst, const BF_word *src, int size)
Definition: crypt-gensalt.c:124
unsigned int BF_word
Definition: crypt-gensalt.c:19
char * _crypt_gensalt_blowfish_rn(unsigned long count, const char *input, int size, char *output, int output_size)
Definition: crypt-gensalt.c:161
char * _crypt_gensalt_extended_rn(unsigned long count, const char *input, int size, char *output, int output_size)
Definition: crypt-gensalt.c:43
int errcode(int sqlerrcode)
Definition: elog.c:854
int errmsg(const char *fmt,...)
Definition: elog.c:1071
#define ERROR
Definition: elog.h:39
#define ereport(elevel,...)
Definition: elog.h:150
FILE * input
FILE * output
static struct @169 value
i
int i
Definition: isn.c:77
int int pg_snprintf(char *str, size_t count, const char *fmt,...) pg_attribute_printf(3
#define PX_SHACRYPT_SALT_BUF_LEN
Definition: px-crypt.h:55
#define PX_MAX_SALT_LEN
Definition: px-crypt.h:39
#define PX_SHACRYPT_SALT_MAX_LEN
Definition: px-crypt.h:49

AltStyle によって変換されたページ (->オリジナル) /