PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
px-crypt.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define PX_MAX_CRYPT   128
 
#define PX_MAX_SALT_LEN   128
 
#define PX_XDES_ROUNDS   (29 * 25)
 
#define PX_BF_ROUNDS   6
 

Functions

char * px_crypt (const char *psw, const char *salt, char *buf, unsigned buflen)
 
int px_gen_salt (const char *salt_type, char *dst, int rounds)
 
char * _crypt_gensalt_traditional_rn (unsigned long count, const char *input, int size, char *output, int output_size)
 
char * _crypt_gensalt_extended_rn (unsigned long count, const char *input, int size, char *output, int output_size)
 
char * _crypt_gensalt_md5_rn (unsigned long count, const char *input, int size, char *output, int output_size)
 
char * _crypt_gensalt_blowfish_rn (unsigned long count, const char *input, int size, char *output, int output_size)
 
char * _crypt_blowfish_rn (const char *key, const char *setting, char *output, int size)
 
char * px_crypt_des (const char *key, const char *setting)
 
char * px_crypt_md5 (const char *pw, const char *salt, char *dst, unsigned dstlen)
 

Macro Definition Documentation

#define PX_BF_ROUNDS   6

Definition at line 46 of file px-crypt.h.

#define PX_MAX_CRYPT   128

Definition at line 36 of file px-crypt.h.

Referenced by pg_crypt().

#define PX_MAX_SALT_LEN   128

Definition at line 39 of file px-crypt.h.

Referenced by pg_gen_salt(), pg_gen_salt_rounds(), and px_gen_salt().

#define PX_XDES_ROUNDS   (29 * 25)

Definition at line 43 of file px-crypt.h.

Function Documentation

char* _crypt_blowfish_rn ( const char *  key,
const char *  setting,
char *  output,
int  size 
)

Definition at line 580 of file crypt-blowfish.c.

References BF_atoi64, BF_body, BF_decode(), BF_encode(), BF_ENCRYPT, BF_itoa64, BF_magic_w, BF_N, BF_set_key(), BF_swap(), CHECK_FOR_INTERRUPTS, ereport, errcode(), errmsg(), ERROR, i, NULL, output(), px_memset(), R, and BF_ctx::S.

Referenced by run_crypt_bf().

582 {
583  struct
584  {
585  BF_ctx ctx;
586  BF_key expanded_key;
587  union
588  {
589  BF_word salt[4];
590  BF_word output[6];
591  } binary;
592  } data;
593  BF_word L,
594  R;
595  BF_word tmp1,
596  tmp2,
597  tmp3,
598  tmp4;
599  BF_word *ptr;
600  BF_word count;
601  int i;
602 
603  if (size < 7 + 22 + 31 + 1)
604  return NULL;
605 
606  /*
607  * Blowfish salt value must be formatted as follows: "$2a$" or "$2x$", a
608  * two digit cost parameter, "$", and 22 digits from the alphabet
609  * "./0-9A-Za-z". -- from the PHP crypt docs. Apparently we enforce a few
610  * more restrictions on the count in the salt as well.
611  */
612  if (strlen(setting) < 29)
613  ereport(ERROR,
614  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
615  errmsg("invalid salt")));
616 
617  if (setting[0] != '$' ||
618  setting[1] != '2' ||
619  (setting[2] != 'a' && setting[2] != 'x') ||
620  setting[3] != '$' ||
621  setting[4] < '0' || setting[4] > '3' ||
622  setting[5] < '0' || setting[5] > '9' ||
623  (setting[4] == '3' && setting[5] > '1') ||
624  setting[6] != '$')
625  {
626  ereport(ERROR,
627  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
628  errmsg("invalid salt")));
629  }
630 
631  count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
632  if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
633  {
634  px_memset(data.binary.salt, 0, sizeof(data.binary.salt));
635  ereport(ERROR,
636  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
637  errmsg("invalid salt")));
638  }
639  BF_swap(data.binary.salt, 4);
640 
641  BF_set_key(key, data.expanded_key, data.ctx.P, setting[2] == 'x');
642 
643  memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S));
644 
645  L = R = 0;
646  for (i = 0; i < BF_N + 2; i += 2)
647  {
648  L ^= data.binary.salt[i & 2];
649  R ^= data.binary.salt[(i & 2) + 1];
650  BF_ENCRYPT;
651  data.ctx.P[i] = L;
652  data.ctx.P[i + 1] = R;
653  }
654 
655  ptr = data.ctx.S[0];
656  do
657  {
658  ptr += 4;
659  L ^= data.binary.salt[(BF_N + 2) & 3];
660  R ^= data.binary.salt[(BF_N + 3) & 3];
661  BF_ENCRYPT;
662  *(ptr - 4) = L;
663  *(ptr - 3) = R;
664 
665  L ^= data.binary.salt[(BF_N + 4) & 3];
666  R ^= data.binary.salt[(BF_N + 5) & 3];
667  BF_ENCRYPT;
668  *(ptr - 2) = L;
669  *(ptr - 1) = R;
670  } while (ptr < &data.ctx.S[3][0xFF]);
671 
672  do
673  {
675 
676  data.ctx.P[0] ^= data.expanded_key[0];
677  data.ctx.P[1] ^= data.expanded_key[1];
678  data.ctx.P[2] ^= data.expanded_key[2];
679  data.ctx.P[3] ^= data.expanded_key[3];
680  data.ctx.P[4] ^= data.expanded_key[4];
681  data.ctx.P[5] ^= data.expanded_key[5];
682  data.ctx.P[6] ^= data.expanded_key[6];
683  data.ctx.P[7] ^= data.expanded_key[7];
684  data.ctx.P[8] ^= data.expanded_key[8];
685  data.ctx.P[9] ^= data.expanded_key[9];
686  data.ctx.P[10] ^= data.expanded_key[10];
687  data.ctx.P[11] ^= data.expanded_key[11];
688  data.ctx.P[12] ^= data.expanded_key[12];
689  data.ctx.P[13] ^= data.expanded_key[13];
690  data.ctx.P[14] ^= data.expanded_key[14];
691  data.ctx.P[15] ^= data.expanded_key[15];
692  data.ctx.P[16] ^= data.expanded_key[16];
693  data.ctx.P[17] ^= data.expanded_key[17];
694 
695  BF_body();
696 
697  tmp1 = data.binary.salt[0];
698  tmp2 = data.binary.salt[1];
699  tmp3 = data.binary.salt[2];
700  tmp4 = data.binary.salt[3];
701  data.ctx.P[0] ^= tmp1;
702  data.ctx.P[1] ^= tmp2;
703  data.ctx.P[2] ^= tmp3;
704  data.ctx.P[3] ^= tmp4;
705  data.ctx.P[4] ^= tmp1;
706  data.ctx.P[5] ^= tmp2;
707  data.ctx.P[6] ^= tmp3;
708  data.ctx.P[7] ^= tmp4;
709  data.ctx.P[8] ^= tmp1;
710  data.ctx.P[9] ^= tmp2;
711  data.ctx.P[10] ^= tmp3;
712  data.ctx.P[11] ^= tmp4;
713  data.ctx.P[12] ^= tmp1;
714  data.ctx.P[13] ^= tmp2;
715  data.ctx.P[14] ^= tmp3;
716  data.ctx.P[15] ^= tmp4;
717  data.ctx.P[16] ^= tmp1;
718  data.ctx.P[17] ^= tmp2;
719 
720  BF_body();
721  } while (--count);
722 
723  for (i = 0; i < 6; i += 2)
724  {
725  L = BF_magic_w[i];
726  R = BF_magic_w[i + 1];
727 
728  count = 64;
729  do
730  {
731  BF_ENCRYPT;
732  } while (--count);
733 
734  data.binary.output[i] = L;
735  data.binary.output[i + 1] = R;
736  }
737 
738  memcpy(output, setting, 7 + 22 - 1);
739  output[7 + 22 - 1] = BF_itoa64[(int)
740  BF_atoi64[(int) setting[7 + 22 - 1] - 0x20] & 0x30];
741 
742 /* This has to be bug-compatible with the original implementation, so
743  * only encode 23 of the 24 bytes. :-) */
744  BF_swap(data.binary.output, 6);
745  BF_encode(&output[7 + 22], data.binary.output, 23);
746  output[7 + 22 + 31] = '\0';
747 
748 /* Overwrite the most obvious sensitive data we have on the stack. Note
749  * that this does not guarantee there's no sensitive data left on the
750  * stack and/or in registers; I'm not aware of portable code that does. */
751  px_memset(&data, 0, sizeof(data));
752 
753  return output;
754 }
BF_word S[4][0x100]
#define R(b, x)
Definition: sha2.c:106
static void BF_swap(BF_word *x, int count)
static int BF_decode(BF_word *dst, const char *src, int size)
static void output(uint64 loop_count)
int errcode(int sqlerrcode)
Definition: elog.c:575
static void BF_set_key(const char *key, BF_key expanded, BF_key initial, int sign_extension_bug)
unsigned int BF_word
#define ERROR
Definition: elog.h:43
static unsigned char BF_itoa64[64+1]
#define BF_ENCRYPT
static void BF_encode(char *dst, const BF_word *src, int size)
#define ereport(elevel, rest)
Definition: elog.h:122
#define BF_body()
BF_word BF_key[BF_N+2]
static BF_word BF_magic_w[6]
#define NULL
Definition: c.h:226
#define BF_N
int errmsg(const char *fmt,...)
Definition: elog.c:797
static BF_ctx BF_init_state
int i
#define CHECK_FOR_INTERRUPTS()
Definition: miscadmin.h:97
static unsigned char BF_atoi64[0x60]
void px_memset(void *ptr, int c, size_t len)
Definition: px.c:134
char* _crypt_gensalt_blowfish_rn ( unsigned long  count,
const char *  input,
int  size,
char *  output,
int  output_size 
)

Definition at line 161 of file crypt-gensalt.c.

References BF_encode(), NULL, and output().

163 {
164  if (size < 16 || output_size < 7 + 22 + 1 ||
165  (count && (count < 4 || count > 31)))
166  {
167  if (output_size > 0)
168  output[0] = '\0';
169  return NULL;
170  }
171 
172  if (!count)
173  count = 5;
174 
175  output[0] = '$';
176  output[1] = '2';
177  output[2] = 'a';
178  output[3] = '$';
179  output[4] = '0' + count / 10;
180  output[5] = '0' + count % 10;
181  output[6] = '$';
182 
183  BF_encode(&output[7], (const BF_word *) input, 16);
184  output[7 + 22] = '\0';
185 
186  return output;
187 }
static void output(uint64 loop_count)
unsigned int BF_word
static void BF_encode(char *dst, const BF_word *src, int size)
#define NULL
Definition: c.h:226
char* _crypt_gensalt_extended_rn ( unsigned long  count,
const char *  input,
int  size,
char *  output,
int  output_size 
)

Definition at line 43 of file crypt-gensalt.c.

References _crypt_itoa64, NULL, output(), and value.

45 {
46  unsigned long value;
47 
48 /* Even iteration counts make it easier to detect weak DES keys from a look
49  * at the hash, so they should be avoided */
50  if (size < 3 || output_size < 1 + 4 + 4 + 1 ||
51  (count && (count > 0xffffff || !(count & 1))))
52  {
53  if (output_size > 0)
54  output[0] = '\0';
55  return NULL;
56  }
57 
58  if (!count)
59  count = 725;
60 
61  output[0] = '_';
62  output[1] = _crypt_itoa64[count & 0x3f];
63  output[2] = _crypt_itoa64[(count >> 6) & 0x3f];
64  output[3] = _crypt_itoa64[(count >> 12) & 0x3f];
65  output[4] = _crypt_itoa64[(count >> 18) & 0x3f];
66  value = (unsigned long) (unsigned char) input[0] |
67  ((unsigned long) (unsigned char) input[1] << 8) |
68  ((unsigned long) (unsigned char) input[2] << 16);
69  output[5] = _crypt_itoa64[value & 0x3f];
70  output[6] = _crypt_itoa64[(value >> 6) & 0x3f];
71  output[7] = _crypt_itoa64[(value >> 12) & 0x3f];
72  output[8] = _crypt_itoa64[(value >> 18) & 0x3f];
73  output[9] = '\0';
74 
75  return output;
76 }
static struct @76 value
static void output(uint64 loop_count)
static unsigned char _crypt_itoa64[64+1]
Definition: crypt-gensalt.c:21
#define NULL
Definition: c.h:226
char* _crypt_gensalt_md5_rn ( unsigned long  count,
const char *  input,
int  size,
char *  output,
int  output_size 
)

Definition at line 79 of file crypt-gensalt.c.

References _crypt_itoa64, NULL, output(), and value.

81 {
82  unsigned long value;
83 
84  if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000))
85  {
86  if (output_size > 0)
87  output[0] = '\0';
88  return NULL;
89  }
90 
91  output[0] = '$';
92  output[1] = '1';
93  output[2] = '$';
94  value = (unsigned long) (unsigned char) input[0] |
95  ((unsigned long) (unsigned char) input[1] << 8) |
96  ((unsigned long) (unsigned char) input[2] << 16);
97  output[3] = _crypt_itoa64[value & 0x3f];
98  output[4] = _crypt_itoa64[(value >> 6) & 0x3f];
99  output[5] = _crypt_itoa64[(value >> 12) & 0x3f];
100  output[6] = _crypt_itoa64[(value >> 18) & 0x3f];
101  output[7] = '\0';
102 
103  if (size >= 6 && output_size >= 3 + 4 + 4 + 1)
104  {
105  value = (unsigned long) (unsigned char) input[3] |
106  ((unsigned long) (unsigned char) input[4] << 8) |
107  ((unsigned long) (unsigned char) input[5] << 16);
108  output[7] = _crypt_itoa64[value & 0x3f];
109  output[8] = _crypt_itoa64[(value >> 6) & 0x3f];
110  output[9] = _crypt_itoa64[(value >> 12) & 0x3f];
111  output[10] = _crypt_itoa64[(value >> 18) & 0x3f];
112  output[11] = '\0';
113  }
114 
115  return output;
116 }
static struct @76 value
static void output(uint64 loop_count)
static unsigned char _crypt_itoa64[64+1]
Definition: crypt-gensalt.c:21
#define NULL
Definition: c.h:226
char* _crypt_gensalt_traditional_rn ( unsigned long  count,
const char *  input,
int  size,
char *  output,
int  output_size 
)

Definition at line 25 of file crypt-gensalt.c.

References _crypt_itoa64, NULL, and output().

27 {
28  if (size < 2 || output_size < 2 + 1 || (count && count != 25))
29  {
30  if (output_size > 0)
31  output[0] = '\0';
32  return NULL;
33  }
34 
35  output[0] = _crypt_itoa64[(unsigned int) input[0] & 0x3f];
36  output[1] = _crypt_itoa64[(unsigned int) input[1] & 0x3f];
37  output[2] = '\0';
38 
39  return output;
40 }
static void output(uint64 loop_count)
static unsigned char _crypt_itoa64[64+1]
Definition: crypt-gensalt.c:21
#define NULL
Definition: c.h:226
char* px_crypt ( const char *  psw,
const char *  salt,
char *  buf,
unsigned  buflen 
)

Definition at line 92 of file px-crypt.c.

References px_crypt_algo::crypt, px_crypt_algo::id, px_crypt_algo::id_len, and NULL.

Referenced by pg_crypt().

93 {
94  const struct px_crypt_algo *c;
95 
96  for (c = px_crypt_list; c->id; c++)
97  {
98  if (!c->id_len)
99  break;
100  if (strncmp(salt, c->id, c->id_len) == 0)
101  break;
102  }
103 
104  if (c->crypt == NULL)
105  return NULL;
106 
107  return c->crypt(psw, salt, buf, len);
108 }
static const struct px_crypt_algo px_crypt_list[]
Definition: px-crypt.c:81
char *(* crypt)(const char *psw, const char *salt, char *buf, unsigned len)
Definition: px-crypt.c:76
char * c
static char * buf
Definition: pg_test_fsync.c:65
unsigned id_len
Definition: px-crypt.c:75
#define NULL
Definition: c.h:226
char * id
Definition: px-crypt.c:74
char* px_crypt_des ( const char *  key,
const char *  setting 
)

Definition at line 654 of file crypt-des.c.

References _crypt_a64, _PASSWORD_EFMT1, ascii_to_bin(), des_cipher(), des_init(), des_initialised, des_setkey(), do_des(), ereport, errcode(), errmsg(), ERROR, i, NULL, output(), setup_salt(), and StrNCpy.

Referenced by run_crypt_des().

655 {
656  int i;
657  uint32 count,
658  salt,
659  l,
660  r0,
661  r1,
662  keybuf[2];
663  char *p;
664  uint8 *q;
665  static char output[21];
666 
667  if (!des_initialised)
668  des_init();
669 
670 
671  /*
672  * Copy the key, shifting each character up by one bit and padding with
673  * zeros.
674  */
675  q = (uint8 *) keybuf;
676  while (q - (uint8 *) keybuf - 8)
677  {
678  *q++ = *key << 1;
679  if (*key != '\0')
680  key++;
681  }
682  if (des_setkey((char *) keybuf))
683  return (NULL);
684 
685 #ifndef DISABLE_XDES
686  if (*setting == _PASSWORD_EFMT1)
687  {
688  /*
689  * "new"-style: setting must be a 9-character (underscore, then 4
690  * bytes of count, then 4 bytes of salt) string. See CRYPT(3) under
691  * the "Extended crypt" heading for further details.
692  *
693  * Unlimited characters of the input key are used. This is known as
694  * the "Extended crypt" DES method.
695  *
696  */
697  if (strlen(setting) < 9)
698  ereport(ERROR,
699  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
700  errmsg("invalid salt")));
701 
702  for (i = 1, count = 0L; i < 5; i++)
703  count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
704 
705  for (i = 5, salt = 0L; i < 9; i++)
706  salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
707 
708  while (*key)
709  {
710  /*
711  * Encrypt the key with itself.
712  */
713  if (des_cipher((char *) keybuf, (char *) keybuf, 0L, 1))
714  return (NULL);
715 
716  /*
717  * And XOR with the next 8 characters of the key.
718  */
719  q = (uint8 *) keybuf;
720  while (q - (uint8 *) keybuf - 8 && *key)
721  *q++ ^= *key++ << 1;
722 
723  if (des_setkey((char *) keybuf))
724  return (NULL);
725  }
726  StrNCpy(output, setting, 10);
727 
728  /*
729  * Double check that we weren't given a short setting. If we were, the
730  * above code will probably have created weird values for count and
731  * salt, but we don't really care. Just make sure the output string
732  * doesn't have an extra NUL in it.
733  */
734  p = output + strlen(output);
735  }
736  else
737 #endif /* !DISABLE_XDES */
738  {
739  /*
740  * "old"-style: setting - 2 bytes of salt key - only up to the first 8
741  * characters of the input key are used.
742  */
743  count = 25;
744 
745  if (strlen(setting) < 2)
746  ereport(ERROR,
747  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
748  errmsg("invalid salt")));
749 
750  salt = (ascii_to_bin(setting[1]) << 6)
751  | ascii_to_bin(setting[0]);
752 
753  output[0] = setting[0];
754 
755  /*
756  * If the encrypted password that the salt was extracted from is only
757  * 1 character long, the salt will be corrupted. We need to ensure
758  * that the output string doesn't have an extra NUL in it!
759  */
760  output[1] = setting[1] ? setting[1] : output[0];
761 
762  p = output + 2;
763  }
764  setup_salt(salt);
765 
766  /*
767  * Do it.
768  */
769  if (do_des(0L, 0L, &r0, &r1, count))
770  return (NULL);
771 
772  /*
773  * Now encode the result...
774  */
775  l = (r0 >> 8);
776  *p++ = _crypt_a64[(l >> 18) & 0x3f];
777  *p++ = _crypt_a64[(l >> 12) & 0x3f];
778  *p++ = _crypt_a64[(l >> 6) & 0x3f];
779  *p++ = _crypt_a64[l & 0x3f];
780 
781  l = (r0 << 16) | ((r1 >> 16) & 0xffff);
782  *p++ = _crypt_a64[(l >> 18) & 0x3f];
783  *p++ = _crypt_a64[(l >> 12) & 0x3f];
784  *p++ = _crypt_a64[(l >> 6) & 0x3f];
785  *p++ = _crypt_a64[l & 0x3f];
786 
787  l = r1 << 2;
788  *p++ = _crypt_a64[(l >> 12) & 0x3f];
789  *p++ = _crypt_a64[(l >> 6) & 0x3f];
790  *p++ = _crypt_a64[l & 0x3f];
791  *p = 0;
792 
793  return (output);
794 }
static const char _crypt_a64[]
Definition: crypt-des.c:74
static void output(uint64 loop_count)
unsigned char uint8
Definition: c.h:263
static int des_initialised
Definition: crypt-des.c:191
int errcode(int sqlerrcode)
Definition: elog.c:575
static int des_setkey(const char *key)
Definition: crypt-des.c:399
static void des_init(void)
Definition: crypt-des.c:224
static int do_des(uint32 l_in, uint32 r_in, uint32 *l_out, uint32 *r_out, int count)
Definition: crypt-des.c:486
static int des_cipher(const char *in, char *out, long salt, int count)
Definition: crypt-des.c:620
#define ERROR
Definition: elog.h:43
static int ascii_to_bin(char ch)
Definition: crypt-des.c:206
unsigned int uint32
Definition: c.h:265
#define ereport(elevel, rest)
Definition: elog.h:122
#define NULL
Definition: c.h:226
#define StrNCpy(dst, src, len)
Definition: c.h:826
static void setup_salt(long salt)
Definition: crypt-des.c:376
int errmsg(const char *fmt,...)
Definition: elog.c:797
int i
#define _PASSWORD_EFMT1
Definition: crypt-des.c:72
char* px_crypt_md5 ( const char *  pw,
const char *  salt,
char *  dst,
unsigned  dstlen 
)

Definition at line 34 of file crypt-md5.c.

References _crypt_to64(), i, MD5_SIZE, NULL, px_find_digest(), px_md_finish, px_md_free, px_md_reset, px_md_update, and px_memset().

Referenced by run_crypt_md5().

35 {
36  static char *magic = "$1$"; /* This string is magic for this algorithm.
37  * Having it this way, we can get better later
38  * on */
39  static char *p;
40  static const char *sp,
41  *ep;
42  unsigned char final[MD5_SIZE];
43  int sl,
44  pl,
45  i;
46  PX_MD *ctx,
47  *ctx1;
48  int err;
49  unsigned long l;
50 
51  if (!passwd || dstlen < 120)
52  return NULL;
53 
54  /* Refine the Salt first */
55  sp = salt;
56 
57  /* If it starts with the magic string, then skip that */
58  if (strncmp(sp, magic, strlen(magic)) == 0)
59  sp += strlen(magic);
60 
61  /* It stops at the first '$', max 8 chars */
62  for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
63  continue;
64 
65  /* get the length of the true salt */
66  sl = ep - sp;
67 
68  /* */
69  err = px_find_digest("md5", &ctx);
70  if (err)
71  return NULL;
72  err = px_find_digest("md5", &ctx1);
73 
74  /* The password first, since that is what is most unknown */
75  px_md_update(ctx, (const uint8 *) pw, strlen(pw));
76 
77  /* Then our magic string */
78  px_md_update(ctx, (uint8 *) magic, strlen(magic));
79 
80  /* Then the raw salt */
81  px_md_update(ctx, (const uint8 *) sp, sl);
82 
83  /* Then just as many characters of the MD5(pw,salt,pw) */
84  px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
85  px_md_update(ctx1, (const uint8 *) sp, sl);
86  px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
87  px_md_finish(ctx1, final);
88  for (pl = strlen(pw); pl > 0; pl -= MD5_SIZE)
89  px_md_update(ctx, final, pl > MD5_SIZE ? MD5_SIZE : pl);
90 
91  /* Don't leave anything around in vm they could use. */
92  px_memset(final, 0, sizeof final);
93 
94  /* Then something really weird... */
95  for (i = strlen(pw); i; i >>= 1)
96  if (i & 1)
97  px_md_update(ctx, final, 1);
98  else
99  px_md_update(ctx, (const uint8 *) pw, 1);
100 
101  /* Now make the output string */
102  strcpy(passwd, magic);
103  strncat(passwd, sp, sl);
104  strcat(passwd, "$");
105 
106  px_md_finish(ctx, final);
107 
108  /*
109  * and now, just to make sure things don't run too fast On a 60 Mhz
110  * Pentium this takes 34 msec, so you would need 30 seconds to build a
111  * 1000 entry dictionary...
112  */
113  for (i = 0; i < 1000; i++)
114  {
115  px_md_reset(ctx1);
116  if (i & 1)
117  px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
118  else
119  px_md_update(ctx1, final, MD5_SIZE);
120 
121  if (i % 3)
122  px_md_update(ctx1, (const uint8 *) sp, sl);
123 
124  if (i % 7)
125  px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
126 
127  if (i & 1)
128  px_md_update(ctx1, final, MD5_SIZE);
129  else
130  px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
131  px_md_finish(ctx1, final);
132  }
133 
134  p = passwd + strlen(passwd);
135 
136  l = (final[0] << 16) | (final[6] << 8) | final[12];
137  _crypt_to64(p, l, 4);
138  p += 4;
139  l = (final[1] << 16) | (final[7] << 8) | final[13];
140  _crypt_to64(p, l, 4);
141  p += 4;
142  l = (final[2] << 16) | (final[8] << 8) | final[14];
143  _crypt_to64(p, l, 4);
144  p += 4;
145  l = (final[3] << 16) | (final[9] << 8) | final[15];
146  _crypt_to64(p, l, 4);
147  p += 4;
148  l = (final[4] << 16) | (final[10] << 8) | final[5];
149  _crypt_to64(p, l, 4);
150  p += 4;
151  l = final[11];
152  _crypt_to64(p, l, 2);
153  p += 2;
154  *p = '\0';
155 
156  /* Don't leave anything around in vm they could use. */
157  px_memset(final, 0, sizeof final);
158 
159  px_md_free(ctx1);
160  px_md_free(ctx);
161 
162  return passwd;
163 }
#define MD5_SIZE
Definition: crypt-md5.c:14
#define px_md_update(md, data, dlen)
Definition: px.h:209
unsigned char uint8
Definition: c.h:263
#define px_md_finish(md, buf)
Definition: px.h:210
#define px_md_reset(md)
Definition: px.h:208
Definition: px.h:114
#define px_md_free(md)
Definition: px.h:211
static void _crypt_to64(char *s, unsigned long v, int n)
Definition: crypt-md5.c:20
#define NULL
Definition: c.h:226
int i
int px_find_digest(const char *name, PX_MD **res)
Definition: internal.c:578
void px_memset(void *ptr, int c, size_t len)
Definition: px.c:134
int px_gen_salt ( const char *  salt_type,
char *  dst,
int  rounds 
)

Definition at line 134 of file px-crypt.c.

References generator::def_rounds, generator::gen, generator::input_len, generator::max_rounds, generator::min_rounds, generator::name, NULL, pg_backend_random(), pg_strcasecmp(), PX_MAX_SALT_LEN, px_memset(), PXE_BAD_SALT_ROUNDS, PXE_NO_RANDOM, and PXE_UNKNOWN_SALT_ALGO.

Referenced by pg_gen_salt(), and pg_gen_salt_rounds().

135 {
136  struct generator *g;
137  char *p;
138  char rbuf[16];
139 
140  for (g = gen_list; g->name; g++)
141  if (pg_strcasecmp(g->name, salt_type) == 0)
142  break;
143 
144  if (g->name == NULL)
145  return PXE_UNKNOWN_SALT_ALGO;
146 
147  if (g->def_rounds)
148  {
149  if (rounds == 0)
150  rounds = g->def_rounds;
151 
152  if (rounds < g->min_rounds || rounds > g->max_rounds)
153  return PXE_BAD_SALT_ROUNDS;
154  }
155 
156  if (!pg_backend_random(rbuf, g->input_len))
157  return PXE_NO_RANDOM;
158 
159  p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN);
160  px_memset(rbuf, 0, sizeof(rbuf));
161 
162  if (p == NULL)
163  return PXE_BAD_SALT_ROUNDS;
164 
165  return strlen(p);
166 }
int input_len
Definition: px-crypt.c:119
int min_rounds
Definition: px-crypt.c:121
#define PXE_NO_RANDOM
Definition: px.h:79
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
#define PX_MAX_SALT_LEN
Definition: px-crypt.h:39
#define PXE_UNKNOWN_SALT_ALGO
Definition: px.h:76
static struct generator gen_list[]
Definition: px-crypt.c:125
bool pg_backend_random(char *dst, int len)
static char * buf
Definition: pg_test_fsync.c:65
int max_rounds
Definition: px-crypt.c:122
#define NULL
Definition: c.h:226
#define PXE_BAD_SALT_ROUNDS
Definition: px.h:77
int def_rounds
Definition: px-crypt.c:120
char *(* gen)(unsigned long count, const char *input, int size, char *output, int output_size)
Definition: px-crypt.c:117
char * name
Definition: px-crypt.c:116
void px_memset(void *ptr, int c, size_t len)
Definition: px.c:134