PostgreSQL Source Code  git master
crypt-blowfish.c
Go to the documentation of this file.
1 /*
2  * contrib/pgcrypto/crypt-blowfish.c
3  *
4  * This code comes from John the Ripper password cracker, with reentrant
5  * and crypt(3) interfaces added, but optimizations specific to password
6  * cracking removed.
7  *
8  * Written by Solar Designer <solar at openwall.com> in 1998-2002 and
9  * placed in the public domain.
10  *
11  * There's absolutely no warranty.
12  *
13  * It is my intent that you should be able to use this on your system,
14  * as a part of a software package, or anywhere else to improve security,
15  * ensure compatibility, or for any other purpose. I would appreciate
16  * it if you give credit where it is due and keep your modifications in
17  * the public domain as well, but I don't require that in order to let
18  * you place this code and any modifications you make under a license
19  * of your choice.
20  *
21  * This implementation is compatible with OpenBSD bcrypt.c (version 2a)
22  * by Niels Provos <provos at citi.umich.edu>, and uses some of his
23  * ideas. The password hashing algorithm was designed by David Mazieres
24  * <dm at lcs.mit.edu>.
25  *
26  * There's a paper on the algorithm that explains its design decisions:
27  *
28  * http://www.usenix.org/events/usenix99/provos.html
29  *
30  * Some of the tricks in BF_ROUND might be inspired by Eric Young's
31  * Blowfish library (I can't be sure if I would think of something if I
32  * hadn't seen his code).
33  */
34 
35 #include "postgres.h"
36 #include "miscadmin.h"
37 
38 #include "px-crypt.h"
39 #include "px.h"
40 
41 #ifdef __i386__
42 #define BF_ASM 0 /* 1 */
43 #define BF_SCALE 1
44 #elif defined(__x86_64__)
45 #define BF_ASM 0
46 #define BF_SCALE 1
47 #else
48 #define BF_ASM 0
49 #define BF_SCALE 0
50 #endif
51 
52 typedef unsigned int BF_word;
53 typedef signed int BF_word_signed;
54 
55 /* Number of Blowfish rounds, this is also hardcoded into a few places */
56 #define BF_N 16
57 
58 typedef BF_word BF_key[BF_N + 2];
59 
60 typedef struct
61 {
62  BF_word S[4][0x100];
64 } BF_ctx;
65 
66 /*
67  * Magic IV for 64 Blowfish encryptions that we do at the end.
68  * The string is "OrpheanBeholderScryDoubt" on big-endian.
69  */
70 static BF_word BF_magic_w[6] = {
71  0x4F727068, 0x65616E42, 0x65686F6C,
72  0x64657253, 0x63727944, 0x6F756274
73 };
74 
75 /*
76  * P-box and S-box tables initialized with digits of Pi.
77  */
79  {
80  {
81  0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
82  0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
83  0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
84  0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
85  0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
86  0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
87  0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
88  0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
89  0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
90  0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
91  0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
92  0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
93  0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
94  0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
95  0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
96  0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
97  0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
98  0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
99  0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
100  0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
101  0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
102  0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
103  0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
104  0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
105  0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
106  0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
107  0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
108  0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
109  0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
110  0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
111  0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
112  0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
113  0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
114  0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
115  0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
116  0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
117  0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
118  0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
119  0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
120  0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
121  0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
122  0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
123  0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
124  0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
125  0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
126  0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
127  0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
128  0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
129  0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
130  0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
131  0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
132  0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
133  0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
134  0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
135  0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
136  0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
137  0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
138  0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
139  0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
140  0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
141  0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
142  0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
143  0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
144  0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a
145  }, {
146  0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
147  0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
148  0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
149  0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
150  0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
151  0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
152  0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
153  0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
154  0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
155  0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
156  0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
157  0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
158  0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
159  0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
160  0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
161  0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
162  0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
163  0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
164  0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
165  0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
166  0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
167  0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
168  0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
169  0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
170  0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
171  0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
172  0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
173  0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
174  0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
175  0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
176  0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
177  0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
178  0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
179  0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
180  0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
181  0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
182  0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
183  0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
184  0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
185  0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
186  0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
187  0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
188  0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
189  0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
190  0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
191  0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
192  0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
193  0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
194  0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
195  0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
196  0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
197  0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
198  0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
199  0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
200  0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
201  0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
202  0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
203  0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
204  0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
205  0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
206  0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
207  0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
208  0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
209  0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7
210  }, {
211  0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
212  0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
213  0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
214  0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
215  0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
216  0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
217  0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
218  0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
219  0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
220  0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
221  0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
222  0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
223  0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
224  0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
225  0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
226  0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
227  0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
228  0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
229  0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
230  0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
231  0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
232  0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
233  0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
234  0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
235  0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
236  0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
237  0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
238  0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
239  0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
240  0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
241  0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
242  0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
243  0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
244  0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
245  0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
246  0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
247  0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
248  0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
249  0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
250  0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
251  0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
252  0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
253  0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
254  0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
255  0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
256  0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
257  0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
258  0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
259  0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
260  0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
261  0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
262  0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
263  0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
264  0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
265  0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
266  0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
267  0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
268  0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
269  0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
270  0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
271  0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
272  0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
273  0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
274  0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0
275  }, {
276  0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
277  0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
278  0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
279  0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
280  0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
281  0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
282  0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
283  0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
284  0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
285  0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
286  0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
287  0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
288  0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
289  0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
290  0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
291  0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
292  0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
293  0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
294  0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
295  0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
296  0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
297  0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
298  0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
299  0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
300  0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
301  0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
302  0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
303  0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
304  0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
305  0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
306  0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
307  0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
308  0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
309  0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
310  0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
311  0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
312  0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
313  0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
314  0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
315  0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
316  0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
317  0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
318  0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
319  0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
320  0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
321  0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
322  0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
323  0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
324  0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
325  0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
326  0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
327  0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
328  0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
329  0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
330  0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
331  0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
332  0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
333  0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
334  0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
335  0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
336  0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
337  0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
338  0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
339  0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6
340  }
341  }, {
342  0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
343  0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
344  0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
345  0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
346  0x9216d5d9, 0x8979fb1b
347  }
348 };
349 
350 static unsigned char BF_itoa64[64 + 1] =
351 "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
352 
353 static unsigned char BF_atoi64[0x60] = {
354  64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 0, 1,
355  54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 64, 64, 64, 64, 64,
356  64, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
357  17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 64, 64, 64, 64, 64,
358  64, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42,
359  43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 64, 64, 64, 64, 64
360 };
361 
362 #define BF_safe_atoi64(dst, src) \
363 do { \
364  tmp = (unsigned char)(src); \
365  if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
366  tmp = BF_atoi64[tmp]; \
367  if (tmp > 63) return -1; \
368  (dst) = tmp; \
369 } while (0)
370 
371 static int
372 BF_decode(BF_word *dst, const char *src, int size)
373 {
374  unsigned char *dptr = (unsigned char *) dst;
375  unsigned char *end = dptr + size;
376  const unsigned char *sptr = (const unsigned char *) src;
377  unsigned int tmp,
378  c1,
379  c2,
380  c3,
381  c4;
382 
383  do
384  {
385  BF_safe_atoi64(c1, *sptr++);
386  BF_safe_atoi64(c2, *sptr++);
387  *dptr++ = (c1 << 2) | ((c2 & 0x30) >> 4);
388  if (dptr >= end)
389  break;
390 
391  BF_safe_atoi64(c3, *sptr++);
392  *dptr++ = ((c2 & 0x0F) << 4) | ((c3 & 0x3C) >> 2);
393  if (dptr >= end)
394  break;
395 
396  BF_safe_atoi64(c4, *sptr++);
397  *dptr++ = ((c3 & 0x03) << 6) | c4;
398  } while (dptr < end);
399 
400  return 0;
401 }
402 
403 static void
404 BF_encode(char *dst, const BF_word *src, int size)
405 {
406  const unsigned char *sptr = (const unsigned char *) src;
407  const unsigned char *end = sptr + size;
408  unsigned char *dptr = (unsigned char *) dst;
409  unsigned int c1,
410  c2;
411 
412  do
413  {
414  c1 = *sptr++;
415  *dptr++ = BF_itoa64[c1 >> 2];
416  c1 = (c1 & 0x03) << 4;
417  if (sptr >= end)
418  {
419  *dptr++ = BF_itoa64[c1];
420  break;
421  }
422 
423  c2 = *sptr++;
424  c1 |= c2 >> 4;
425  *dptr++ = BF_itoa64[c1];
426  c1 = (c2 & 0x0f) << 2;
427  if (sptr >= end)
428  {
429  *dptr++ = BF_itoa64[c1];
430  break;
431  }
432 
433  c2 = *sptr++;
434  c1 |= c2 >> 6;
435  *dptr++ = BF_itoa64[c1];
436  *dptr++ = BF_itoa64[c2 & 0x3f];
437  } while (sptr < end);
438 }
439 
440 static void
441 BF_swap(BF_word *x, int count)
442 {
443  /* Swap on little-endian hardware, else do nothing */
444 #ifndef WORDS_BIGENDIAN
445  BF_word tmp;
446 
447  do
448  {
449  tmp = *x;
450  tmp = (tmp << 16) | (tmp >> 16);
451  *x++ = ((tmp & 0x00FF00FF) << 8) | ((tmp >> 8) & 0x00FF00FF);
452  } while (--count);
453 #endif
454 }
455 
456 #if BF_SCALE
457 /* Architectures which can shift addresses left by 2 bits with no extra cost */
458 #define BF_ROUND(L, R, N) \
459  tmp1 = (L) & 0xFF; \
460  tmp2 = (L) >> 8; \
461  tmp2 &= 0xFF; \
462  tmp3 = (L) >> 16; \
463  tmp3 &= 0xFF; \
464  tmp4 = (L) >> 24; \
465  tmp1 = data.ctx.S[3][tmp1]; \
466  tmp2 = data.ctx.S[2][tmp2]; \
467  tmp3 = data.ctx.S[1][tmp3]; \
468  tmp3 += data.ctx.S[0][tmp4]; \
469  tmp3 ^= tmp2; \
470  (R) ^= data.ctx.P[(N) + 1]; \
471  tmp3 += tmp1; \
472  (R) ^= tmp3
473 #else
474 /* Architectures with no complicated addressing modes supported */
475 #define BF_INDEX(S, i) \
476  (*((BF_word *)(((unsigned char *)(S)) + (i))))
477 #define BF_ROUND(L, R, N) \
478  tmp1 = (L) & 0xFF; \
479  tmp1 <<= 2; \
480  tmp2 = (L) >> 6; \
481  tmp2 &= 0x3FC; \
482  tmp3 = (L) >> 14; \
483  tmp3 &= 0x3FC; \
484  tmp4 = (L) >> 22; \
485  tmp4 &= 0x3FC; \
486  tmp1 = BF_INDEX(data.ctx.S[3], tmp1); \
487  tmp2 = BF_INDEX(data.ctx.S[2], tmp2); \
488  tmp3 = BF_INDEX(data.ctx.S[1], tmp3); \
489  tmp3 += BF_INDEX(data.ctx.S[0], tmp4); \
490  tmp3 ^= tmp2; \
491  (R) ^= data.ctx.P[(N) + 1]; \
492  tmp3 += tmp1; \
493  (R) ^= tmp3
494 #endif
495 
496 /*
497  * Encrypt one block, BF_N is hardcoded here.
498  */
499 #define BF_ENCRYPT \
500  L ^= data.ctx.P[0]; \
501  BF_ROUND(L, R, 0); \
502  BF_ROUND(R, L, 1); \
503  BF_ROUND(L, R, 2); \
504  BF_ROUND(R, L, 3); \
505  BF_ROUND(L, R, 4); \
506  BF_ROUND(R, L, 5); \
507  BF_ROUND(L, R, 6); \
508  BF_ROUND(R, L, 7); \
509  BF_ROUND(L, R, 8); \
510  BF_ROUND(R, L, 9); \
511  BF_ROUND(L, R, 10); \
512  BF_ROUND(R, L, 11); \
513  BF_ROUND(L, R, 12); \
514  BF_ROUND(R, L, 13); \
515  BF_ROUND(L, R, 14); \
516  BF_ROUND(R, L, 15); \
517  tmp4 = R; \
518  R = L; \
519  L = tmp4 ^ data.ctx.P[BF_N + 1]
520 
521 #if BF_ASM
522 
523 extern void _BF_body_r(BF_ctx *ctx);
524 
525 #define BF_body() \
526  _BF_body_r(&data.ctx)
527 #else
528 
529 #define BF_body() \
530 do { \
531  L = R = 0; \
532  ptr = data.ctx.P; \
533  do { \
534  ptr += 2; \
535  BF_ENCRYPT; \
536  *(ptr - 2) = L; \
537  *(ptr - 1) = R; \
538  } while (ptr < &data.ctx.P[BF_N + 2]); \
539 \
540  ptr = data.ctx.S[0]; \
541  do { \
542  ptr += 2; \
543  BF_ENCRYPT; \
544  *(ptr - 2) = L; \
545  *(ptr - 1) = R; \
546  } while (ptr < &data.ctx.S[3][0xFF]); \
547 } while (0)
548 #endif
549 
550 static void
551 BF_set_key(const char *key, BF_key expanded, BF_key initial,
552  int sign_extension_bug)
553 {
554  const char *ptr = key;
555  int i,
556  j;
557  BF_word tmp;
558 
559  for (i = 0; i < BF_N + 2; i++)
560  {
561  tmp = 0;
562  for (j = 0; j < 4; j++)
563  {
564  tmp <<= 8;
565  if (sign_extension_bug)
566  tmp |= (BF_word_signed) (signed char) *ptr;
567  else
568  tmp |= (unsigned char) *ptr;
569 
570  if (!*ptr)
571  ptr = key;
572  else
573  ptr++;
574  }
575 
576  expanded[i] = tmp;
577  initial[i] = BF_init_state.P[i] ^ tmp;
578  }
579 }
580 
581 char *
582 _crypt_blowfish_rn(const char *key, const char *setting,
583  char *output, int size)
584 {
585  struct
586  {
587  BF_ctx ctx;
588  BF_key expanded_key;
589  union
590  {
591  BF_word salt[4];
592  BF_word output[6];
593  } binary;
594  } data;
595  BF_word L,
596  R;
597  BF_word tmp1,
598  tmp2,
599  tmp3,
600  tmp4;
601  BF_word *ptr;
602  BF_word count;
603  int i;
604 
605  if (size < 7 + 22 + 31 + 1)
606  return NULL;
607 
608  /*
609  * Blowfish salt value must be formatted as follows: "$2a$" or "$2x$", a
610  * two digit cost parameter, "$", and 22 digits from the alphabet
611  * "./0-9A-Za-z". -- from the PHP crypt docs. Apparently we enforce a few
612  * more restrictions on the count in the salt as well.
613  */
614  if (strlen(setting) < 29)
615  ereport(ERROR,
616  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
617  errmsg("invalid salt")));
618 
619  if (setting[0] != '$' ||
620  setting[1] != '2' ||
621  (setting[2] != 'a' && setting[2] != 'x') ||
622  setting[3] != '$' ||
623  setting[4] < '0' || setting[4] > '3' ||
624  setting[5] < '0' || setting[5] > '9' ||
625  (setting[4] == '3' && setting[5] > '1') ||
626  setting[6] != '$')
627  {
628  ereport(ERROR,
629  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
630  errmsg("invalid salt")));
631  }
632 
633  count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
634  if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
635  {
636  px_memset(data.binary.salt, 0, sizeof(data.binary.salt));
637  ereport(ERROR,
638  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
639  errmsg("invalid salt")));
640  }
641  BF_swap(data.binary.salt, 4);
642 
643  BF_set_key(key, data.expanded_key, data.ctx.P, setting[2] == 'x');
644 
645  memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S));
646 
647  L = R = 0;
648  for (i = 0; i < BF_N + 2; i += 2)
649  {
650  L ^= data.binary.salt[i & 2];
651  R ^= data.binary.salt[(i & 2) + 1];
652  BF_ENCRYPT;
653  data.ctx.P[i] = L;
654  data.ctx.P[i + 1] = R;
655  }
656 
657  ptr = data.ctx.S[0];
658  do
659  {
660  ptr += 4;
661  L ^= data.binary.salt[(BF_N + 2) & 3];
662  R ^= data.binary.salt[(BF_N + 3) & 3];
663  BF_ENCRYPT;
664  *(ptr - 4) = L;
665  *(ptr - 3) = R;
666 
667  L ^= data.binary.salt[(BF_N + 4) & 3];
668  R ^= data.binary.salt[(BF_N + 5) & 3];
669  BF_ENCRYPT;
670  *(ptr - 2) = L;
671  *(ptr - 1) = R;
672  } while (ptr < &data.ctx.S[3][0xFF]);
673 
674  do
675  {
677 
678  data.ctx.P[0] ^= data.expanded_key[0];
679  data.ctx.P[1] ^= data.expanded_key[1];
680  data.ctx.P[2] ^= data.expanded_key[2];
681  data.ctx.P[3] ^= data.expanded_key[3];
682  data.ctx.P[4] ^= data.expanded_key[4];
683  data.ctx.P[5] ^= data.expanded_key[5];
684  data.ctx.P[6] ^= data.expanded_key[6];
685  data.ctx.P[7] ^= data.expanded_key[7];
686  data.ctx.P[8] ^= data.expanded_key[8];
687  data.ctx.P[9] ^= data.expanded_key[9];
688  data.ctx.P[10] ^= data.expanded_key[10];
689  data.ctx.P[11] ^= data.expanded_key[11];
690  data.ctx.P[12] ^= data.expanded_key[12];
691  data.ctx.P[13] ^= data.expanded_key[13];
692  data.ctx.P[14] ^= data.expanded_key[14];
693  data.ctx.P[15] ^= data.expanded_key[15];
694  data.ctx.P[16] ^= data.expanded_key[16];
695  data.ctx.P[17] ^= data.expanded_key[17];
696 
697  BF_body();
698 
699  tmp1 = data.binary.salt[0];
700  tmp2 = data.binary.salt[1];
701  tmp3 = data.binary.salt[2];
702  tmp4 = data.binary.salt[3];
703  data.ctx.P[0] ^= tmp1;
704  data.ctx.P[1] ^= tmp2;
705  data.ctx.P[2] ^= tmp3;
706  data.ctx.P[3] ^= tmp4;
707  data.ctx.P[4] ^= tmp1;
708  data.ctx.P[5] ^= tmp2;
709  data.ctx.P[6] ^= tmp3;
710  data.ctx.P[7] ^= tmp4;
711  data.ctx.P[8] ^= tmp1;
712  data.ctx.P[9] ^= tmp2;
713  data.ctx.P[10] ^= tmp3;
714  data.ctx.P[11] ^= tmp4;
715  data.ctx.P[12] ^= tmp1;
716  data.ctx.P[13] ^= tmp2;
717  data.ctx.P[14] ^= tmp3;
718  data.ctx.P[15] ^= tmp4;
719  data.ctx.P[16] ^= tmp1;
720  data.ctx.P[17] ^= tmp2;
721 
722  BF_body();
723  } while (--count);
724 
725  for (i = 0; i < 6; i += 2)
726  {
727  L = BF_magic_w[i];
728  R = BF_magic_w[i + 1];
729 
730  count = 64;
731  do
732  {
733  BF_ENCRYPT;
734  } while (--count);
735 
736  data.binary.output[i] = L;
737  data.binary.output[i + 1] = R;
738  }
739 
740  memcpy(output, setting, 7 + 22 - 1);
741  output[7 + 22 - 1] = BF_itoa64[(int)
742  BF_atoi64[(int) setting[7 + 22 - 1] - 0x20] & 0x30];
743 
744 /* This has to be bug-compatible with the original implementation, so
745  * only encode 23 of the 24 bytes. :-) */
746  BF_swap(data.binary.output, 6);
747  BF_encode(&output[7 + 22], data.binary.output, 23);
748  output[7 + 22 + 31] = '\0';
749 
750 /* Overwrite the most obvious sensitive data we have on the stack. Note
751  * that this does not guarantee there's no sensitive data left on the
752  * stack and/or in registers; I'm not aware of portable code that does. */
753  px_memset(&data, 0, sizeof(data));
754 
755  return output;
756 }
signed int BF_word_signed
static int BF_decode(BF_word *dst, const char *src, int size)
static void BF_set_key(const char *key, BF_key expanded, BF_key initial, int sign_extension_bug)
static void BF_swap(BF_word *x, int count)
#define BF_safe_atoi64(dst, src)
char * _crypt_blowfish_rn(const char *key, const char *setting, char *output, int size)
#define BF_ENCRYPT
#define BF_N
static BF_word BF_magic_w[6]
static unsigned char BF_itoa64[64+1]
static unsigned char BF_atoi64[0x60]
static BF_ctx BF_init_state
static void BF_encode(char *dst, const BF_word *src, int size)
#define BF_body()
unsigned int BF_word
BF_word BF_key[BF_N+2]
int errcode(int sqlerrcode)
Definition: elog.c:853
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define ERROR
Definition: elog.h:39
#define ereport(elevel,...)
Definition: elog.h:149
FILE * output
int x
Definition: isn.c:70
int j
Definition: isn.c:73
int i
Definition: isn.c:72
#define CHECK_FOR_INTERRUPTS()
Definition: miscadmin.h:122
const void * data
void px_memset(void *ptr, int c, size_t len)
Definition: px.c:123
#define S(n, x)
Definition: sha1.c:73
#define R(b, x)
Definition: sha2.c:132
static pg_noinline void Size size
Definition: slab.c:607
BF_key P
BF_word S[4][0x100]