PostgreSQL Source Code  git master
crypt-gensalt.c
Go to the documentation of this file.
1 /*
2  * Written by Solar Designer and placed in the public domain.
3  * See crypt_blowfish.c for more information.
4  *
5  * contrib/pgcrypto/crypt-gensalt.c
6  *
7  * This file contains salt generation functions for the traditional and
8  * other common crypt(3) algorithms, except for bcrypt which is defined
9  * entirely in crypt_blowfish.c.
10  *
11  * Put bcrypt generator also here as crypt-blowfish.c
12  * may not be compiled always. -- marko
13  */
14 
15 #include "postgres.h"
16 
17 #include "px-crypt.h"
18 
19 typedef unsigned int BF_word;
20 
21 static unsigned char _crypt_itoa64[64 + 1] =
22 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
23 
24 char *
25 _crypt_gensalt_traditional_rn(unsigned long count,
26  const char *input, int size, char *output, int output_size)
27 {
28  if (size < 2 || output_size < 2 + 1 || (count && count != 25))
29  {
30  if (output_size > 0)
31  output[0] = '\0';
32  return NULL;
33  }
34 
35  output[0] = _crypt_itoa64[(unsigned int) input[0] & 0x3f];
36  output[1] = _crypt_itoa64[(unsigned int) input[1] & 0x3f];
37  output[2] = '\0';
38 
39  return output;
40 }
41 
42 char *
43 _crypt_gensalt_extended_rn(unsigned long count,
44  const char *input, int size, char *output, int output_size)
45 {
46  unsigned long value;
47 
48 /* Even iteration counts make it easier to detect weak DES keys from a look
49  * at the hash, so they should be avoided */
50  if (size < 3 || output_size < 1 + 4 + 4 + 1 ||
51  (count && (count > 0xffffff || !(count & 1))))
52  {
53  if (output_size > 0)
54  output[0] = '\0';
55  return NULL;
56  }
57 
58  if (!count)
59  count = 725;
60 
61  output[0] = '_';
62  output[1] = _crypt_itoa64[count & 0x3f];
63  output[2] = _crypt_itoa64[(count >> 6) & 0x3f];
64  output[3] = _crypt_itoa64[(count >> 12) & 0x3f];
65  output[4] = _crypt_itoa64[(count >> 18) & 0x3f];
66  value = (unsigned long) (unsigned char) input[0] |
67  ((unsigned long) (unsigned char) input[1] << 8) |
68  ((unsigned long) (unsigned char) input[2] << 16);
69  output[5] = _crypt_itoa64[value & 0x3f];
70  output[6] = _crypt_itoa64[(value >> 6) & 0x3f];
71  output[7] = _crypt_itoa64[(value >> 12) & 0x3f];
72  output[8] = _crypt_itoa64[(value >> 18) & 0x3f];
73  output[9] = '\0';
74 
75  return output;
76 }
77 
78 char *
79 _crypt_gensalt_md5_rn(unsigned long count,
80  const char *input, int size, char *output, int output_size)
81 {
82  unsigned long value;
83 
84  if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000))
85  {
86  if (output_size > 0)
87  output[0] = '\0';
88  return NULL;
89  }
90 
91  output[0] = '$';
92  output[1] = '1';
93  output[2] = '$';
94  value = (unsigned long) (unsigned char) input[0] |
95  ((unsigned long) (unsigned char) input[1] << 8) |
96  ((unsigned long) (unsigned char) input[2] << 16);
97  output[3] = _crypt_itoa64[value & 0x3f];
98  output[4] = _crypt_itoa64[(value >> 6) & 0x3f];
99  output[5] = _crypt_itoa64[(value >> 12) & 0x3f];
100  output[6] = _crypt_itoa64[(value >> 18) & 0x3f];
101  output[7] = '\0';
102 
103  if (size >= 6 && output_size >= 3 + 4 + 4 + 1)
104  {
105  value = (unsigned long) (unsigned char) input[3] |
106  ((unsigned long) (unsigned char) input[4] << 8) |
107  ((unsigned long) (unsigned char) input[5] << 16);
108  output[7] = _crypt_itoa64[value & 0x3f];
109  output[8] = _crypt_itoa64[(value >> 6) & 0x3f];
110  output[9] = _crypt_itoa64[(value >> 12) & 0x3f];
111  output[10] = _crypt_itoa64[(value >> 18) & 0x3f];
112  output[11] = '\0';
113  }
114 
115  return output;
116 }
117 
118 
119 
120 static unsigned char BF_itoa64[64 + 1] =
121 "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
122 
123 static void
124 BF_encode(char *dst, const BF_word *src, int size)
125 {
126  const unsigned char *sptr = (const unsigned char *) src;
127  const unsigned char *end = sptr + size;
128  unsigned char *dptr = (unsigned char *) dst;
129  unsigned int c1,
130  c2;
131 
132  do
133  {
134  c1 = *sptr++;
135  *dptr++ = BF_itoa64[c1 >> 2];
136  c1 = (c1 & 0x03) << 4;
137  if (sptr >= end)
138  {
139  *dptr++ = BF_itoa64[c1];
140  break;
141  }
142 
143  c2 = *sptr++;
144  c1 |= c2 >> 4;
145  *dptr++ = BF_itoa64[c1];
146  c1 = (c2 & 0x0f) << 2;
147  if (sptr >= end)
148  {
149  *dptr++ = BF_itoa64[c1];
150  break;
151  }
152 
153  c2 = *sptr++;
154  c1 |= c2 >> 6;
155  *dptr++ = BF_itoa64[c1];
156  *dptr++ = BF_itoa64[c2 & 0x3f];
157  } while (sptr < end);
158 }
159 
160 char *
161 _crypt_gensalt_blowfish_rn(unsigned long count,
162  const char *input, int size, char *output, int output_size)
163 {
164  if (size < 16 || output_size < 7 + 22 + 1 ||
165  (count && (count < 4 || count > 31)))
166  {
167  if (output_size > 0)
168  output[0] = '\0';
169  return NULL;
170  }
171 
172  if (!count)
173  count = 5;
174 
175  output[0] = '$';
176  output[1] = '2';
177  output[2] = 'a';
178  output[3] = '$';
179  output[4] = '0' + count / 10;
180  output[5] = '0' + count % 10;
181  output[6] = '$';
182 
183  BF_encode(&output[7], (const BF_word *) input, 16);
184  output[7 + 22] = '\0';
185 
186  return output;
187 }
static void output(uint64 loop_count)
char * _crypt_gensalt_md5_rn(unsigned long count, const char *input, int size, char *output, int output_size)
Definition: crypt-gensalt.c:79
unsigned int BF_word
static unsigned char BF_itoa64[64+1]
static void BF_encode(char *dst, const BF_word *src, int size)
static struct @121 value
unsigned int BF_word
Definition: crypt-gensalt.c:19
char * _crypt_gensalt_traditional_rn(unsigned long count, const char *input, int size, char *output, int output_size)
Definition: crypt-gensalt.c:25
char * _crypt_gensalt_blowfish_rn(unsigned long count, const char *input, int size, char *output, int output_size)
static unsigned char _crypt_itoa64[64+1]
Definition: crypt-gensalt.c:21
char * _crypt_gensalt_extended_rn(unsigned long count, const char *input, int size, char *output, int output_size)
Definition: crypt-gensalt.c:43