PostgreSQL Source Code git master
pgp-s2k.c
Go to the documentation of this file.
1/*
2 * pgp-s2k.c
3 * OpenPGP string2key functions.
4 *
5 * Copyright (c) 2005 Marko Kreen
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * contrib/pgcrypto/pgp-s2k.c
30 */
31
32#include "postgres.h"
33
34#include "pgp.h"
35#include "px.h"
36
37static int
39 unsigned key_len)
40{
41 unsigned md_rlen;
43 unsigned preload;
44 unsigned remain;
45 uint8 *dst = s2k->key;
46
47 md_rlen = px_md_result_size(md);
48
49 remain = s2k->key_len;
50 preload = 0;
51 while (remain > 0)
52 {
53 px_md_reset(md);
54
55 if (preload)
56 {
57 memset(buf, 0, preload);
58 px_md_update(md, buf, preload);
59 }
60 preload++;
61
62 px_md_update(md, key, key_len);
63 px_md_finish(md, buf);
64
65 if (remain > md_rlen)
66 {
67 memcpy(dst, buf, md_rlen);
68 dst += md_rlen;
69 remain -= md_rlen;
70 }
71 else
72 {
73 memcpy(dst, buf, remain);
74 remain = 0;
75 }
76 }
77 px_memset(buf, 0, sizeof(buf));
78 return 0;
79}
80
81static int
82calc_s2k_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, unsigned key_len)
83{
84 unsigned md_rlen;
86 unsigned preload = 0;
87 uint8 *dst;
88 unsigned remain;
89
90 md_rlen = px_md_result_size(md);
91
92 dst = s2k->key;
93 remain = s2k->key_len;
94 while (remain > 0)
95 {
96 px_md_reset(md);
97
98 if (preload > 0)
99 {
100 memset(buf, 0, preload);
101 px_md_update(md, buf, preload);
102 }
103 preload++;
104
105 px_md_update(md, s2k->salt, PGP_S2K_SALT);
106 px_md_update(md, key, key_len);
107 px_md_finish(md, buf);
108
109 if (remain > md_rlen)
110 {
111 memcpy(dst, buf, md_rlen);
112 remain -= md_rlen;
113 dst += md_rlen;
114 }
115 else
116 {
117 memcpy(dst, buf, remain);
118 remain = 0;
119 }
120 }
121 px_memset(buf, 0, sizeof(buf));
122 return 0;
123}
124
125static int
127 unsigned key_len)
128{
129 unsigned md_rlen;
131 uint8 *dst;
132 unsigned preload = 0;
133 unsigned remain,
134 c,
135 curcnt,
136 count;
137
138 count = s2k_decode_count(s2k->iter);
139
140 md_rlen = px_md_result_size(md);
141
142 remain = s2k->key_len;
143 dst = s2k->key;
144 while (remain > 0)
145 {
146 px_md_reset(md);
147
148 if (preload)
149 {
150 memset(buf, 0, preload);
151 px_md_update(md, buf, preload);
152 }
153 preload++;
154
155 px_md_update(md, s2k->salt, PGP_S2K_SALT);
156 px_md_update(md, key, key_len);
157 curcnt = PGP_S2K_SALT + key_len;
158
159 while (curcnt < count)
160 {
161 if (curcnt + PGP_S2K_SALT < count)
162 c = PGP_S2K_SALT;
163 else
164 c = count - curcnt;
165 px_md_update(md, s2k->salt, c);
166 curcnt += c;
167
168 if (curcnt + key_len < count)
169 c = key_len;
170 else if (curcnt < count)
171 c = count - curcnt;
172 else
173 break;
174 px_md_update(md, key, c);
175 curcnt += c;
176 }
177 px_md_finish(md, buf);
178
179 if (remain > md_rlen)
180 {
181 memcpy(dst, buf, md_rlen);
182 remain -= md_rlen;
183 dst += md_rlen;
184 }
185 else
186 {
187 memcpy(dst, buf, remain);
188 remain = 0;
189 }
190 }
191 px_memset(buf, 0, sizeof(buf));
192 return 0;
193}
194
195/*
196 * Decide PGP_S2K_ISALTED iteration count (in OpenPGP one-byte representation)
197 *
198 * Too small: weak
199 * Too big: slow
200 * gpg defaults to 96 => 65536 iters
201 *
202 * For our default (count=-1) we let it float a bit: 96 + 32 => between 65536
203 * and 262144 iterations.
204 *
205 * Otherwise, find the smallest number which provides at least the specified
206 * iteration count.
207 */
208static uint8
209decide_s2k_iter(unsigned rand_byte, int count)
210{
211 int iter;
212
213 if (count == -1)
214 return 96 + (rand_byte & 0x1F);
215 /* this is a bit brute-force, but should be quick enough */
216 for (iter = 0; iter <= 255; iter++)
217 if (s2k_decode_count(iter) >= count)
218 return iter;
219 return 255;
220}
221
222int
223pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count)
224{
225 int res = 0;
226 uint8 tmp;
227
228 s2k->mode = mode;
229 s2k->digest_algo = digest_algo;
230
231 switch (s2k->mode)
232 {
233 case PGP_S2K_SIMPLE:
234 break;
235 case PGP_S2K_SALTED:
237 return PXE_NO_RANDOM;
238 break;
239 case PGP_S2K_ISALTED:
241 return PXE_NO_RANDOM;
242 if (!pg_strong_random(&tmp, 1))
243 return PXE_NO_RANDOM;
244 s2k->iter = decide_s2k_iter(tmp, count);
245 break;
246 default:
248 }
249 return res;
250}
251
252int
254{
255 int res = 0;
256
257 GETBYTE(src, s2k->mode);
258 GETBYTE(src, s2k->digest_algo);
259 switch (s2k->mode)
260 {
261 case 0:
262 break;
263 case 1:
264 res = pullf_read_fixed(src, 8, s2k->salt);
265 break;
266 case 3:
267 res = pullf_read_fixed(src, 8, s2k->salt);
268 if (res < 0)
269 break;
270 GETBYTE(src, s2k->iter);
271 break;
272 default:
274 }
275 return res;
276}
277
278int
279pgp_s2k_process(PGP_S2K *s2k, int cipher, const uint8 *key, int key_len)
280{
281 int res;
282 PX_MD *md;
283
284 s2k->key_len = pgp_get_cipher_key_size(cipher);
285 if (s2k->key_len <= 0)
287
288 res = pgp_load_digest(s2k->digest_algo, &md);
289 if (res < 0)
290 return res;
291
292 switch (s2k->mode)
293 {
294 case 0:
295 res = calc_s2k_simple(s2k, md, key, key_len);
296 break;
297 case 1:
298 res = calc_s2k_salted(s2k, md, key, key_len);
299 break;
300 case 3:
301 res = calc_s2k_iter_salted(s2k, md, key, key_len);
302 break;
303 default:
305 }
306 px_md_free(md);
307 return res;
308}
uint8_t uint8
Definition: c.h:500
#define GETBYTE(x, i)
Definition: hstore_gist.c:40
int pullf_read_fixed(PullFilter *src, int len, uint8 *dst)
Definition: mbuf.c:301
static PgChecksumMode mode
Definition: pg_checksums.c:55
static char * buf
Definition: pg_test_fsync.c:72
int pgp_s2k_process(PGP_S2K *s2k, int cipher, const uint8 *key, int key_len)
Definition: pgp-s2k.c:279
static int calc_s2k_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, unsigned key_len)
Definition: pgp-s2k.c:82
int pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count)
Definition: pgp-s2k.c:223
int pgp_s2k_read(PullFilter *src, PGP_S2K *s2k)
Definition: pgp-s2k.c:253
static uint8 decide_s2k_iter(unsigned rand_byte, int count)
Definition: pgp-s2k.c:209
static int calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key, unsigned key_len)
Definition: pgp-s2k.c:38
static int calc_s2k_iter_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, unsigned key_len)
Definition: pgp-s2k.c:126
int pgp_get_cipher_key_size(int code)
Definition: pgp.c:137
int pgp_load_digest(int code, PX_MD **res)
Definition: pgp.c:173
#define PGP_MAX_DIGEST
Definition: pgp.h:114
@ PGP_S2K_ISALTED
Definition: pgp.h:41
@ PGP_S2K_SALTED
Definition: pgp.h:40
@ PGP_S2K_SIMPLE
Definition: pgp.h:39
#define s2k_decode_count(cval)
Definition: pgp.h:176
#define PGP_S2K_SALT
Definition: pgp.h:115
bool pg_strong_random(void *buf, size_t len)
char * c
void px_memset(void *ptr, int c, size_t len)
Definition: px.c:123
#define PXE_PGP_BAD_S2K_MODE
Definition: px.h:88
#define px_md_finish(md, buf)
Definition: px.h:206
#define px_md_free(md)
Definition: px.h:207
#define px_md_reset(md)
Definition: px.h:204
#define PXE_NO_RANDOM
Definition: px.h:63
#define px_md_update(md, data, dlen)
Definition: px.h:205
#define PXE_PGP_UNSUPPORTED_CIPHER
Definition: px.h:70
#define px_md_result_size(md)
Definition: px.h:202
Definition: pgp.h:123
uint8 digest_algo
Definition: pgp.h:125
uint8 mode
Definition: pgp.h:124
uint8 key_len
Definition: pgp.h:130
uint8 iter
Definition: pgp.h:127
uint8 salt[8]
Definition: pgp.h:126
uint8 key[PGP_MAX_KEY]
Definition: pgp.h:129
Definition: px.h:108