mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2025-03-19 20:00:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Introduce SHA1 implementations in the cryptohash infrastructure

Browse Source 
With this commit, SHA1 goes through the implementation provided by
OpenSSL via EVP when building the backend with it, and uses as fallback
implementation KAME which was located in pgcrypto and already shaped for
an integration with a set of init, update and final routines.
Structures and routines have been renamed to make things consistent with
the fallback implementations of MD5 and SHA2.

uuid-ossp has used for ages a shortcut with pgcrypto to fetch a copy of
SHA1 if needed.  This was built depending on the build options within
./configure, so this cleans up some code and removes the build
dependency between pgcrypto and uuid-ossp.

Note that this will help with the refactoring of HMAC, as pgcrypto
offers the option to use MD5, SHA1 or SHA2, so only the second option
was missing to make that possible.

Author: Michael Paquier
Reviewed-by: Heikki Linnakangas
Discussion: https://postgr.es/m/X9HXKTgrvJvYO7Oh@paquier.xyz
This commit is contained in:
Michael Paquier 2021-01-23 11:33:04 +09:00
parent 3fc81ce459
commit a8ed6bb8f4
18 changed files with 479 additions and 424 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
configure vendored
View File

@ -705,7 +705,6 @@ XML2_LIBS
XML2_CFLAGS
XML2_CONFIG
with_libxml
UUID_EXTRA_OBJS
with_uuid
with_readline
with_systemd
@ -8303,30 +8302,26 @@ if test "$with_ossp_uuid" = yes ; then
with_uuid=ossp
fi
if test "$with_uuid" = bsd ; then
if test "$with_uuid" != no ; then
if test "$with_uuid" = bsd ; then
$as_echo "#define HAVE_UUID_BSD 1" >>confdefs.h
UUID_EXTRA_OBJS="sha1.o"
elif test "$with_uuid" = e2fs ; then
elif test "$with_uuid" = e2fs ; then
$as_echo "#define HAVE_UUID_E2FS 1" >>confdefs.h
UUID_EXTRA_OBJS="sha1.o"
elif test "$with_uuid" = ossp ; then
elif test "$with_uuid" = ossp ; then
$as_echo "#define HAVE_UUID_OSSP 1" >>confdefs.h
UUID_EXTRA_OBJS=""
elif test "$with_uuid" = no ; then
UUID_EXTRA_OBJS=""
else
as_fn_error $? "--with-uuid must specify one of bsd, e2fs, or ossp" "$LINENO" 5
else
as_fn_error $? "--with-uuid must specify one of bsd, e2fs, or ossp" "$LINENO" 5
fi
fi
#
# XML
#

24
configure.ac
View File

@ -919,22 +919,18 @@ if test "$with_ossp_uuid" = yes ; then
with_uuid=ossp
fi
if test "$with_uuid" = bsd ; then
AC_DEFINE([HAVE_UUID_BSD], 1, [Define to 1 if you have BSD UUID support.])
UUID_EXTRA_OBJS="sha1.o"
elif test "$with_uuid" = e2fs ; then
AC_DEFINE([HAVE_UUID_E2FS], 1, [Define to 1 if you have E2FS UUID support.])
UUID_EXTRA_OBJS="sha1.o"
elif test "$with_uuid" = ossp ; then
AC_DEFINE([HAVE_UUID_OSSP], 1, [Define to 1 if you have OSSP UUID support.])
UUID_EXTRA_OBJS=""
elif test "$with_uuid" = no ; then
UUID_EXTRA_OBJS=""
else
AC_MSG_ERROR([--with-uuid must specify one of bsd, e2fs, or ossp])
if test "$with_uuid" != no ; then
if test "$with_uuid" = bsd ; then
AC_DEFINE([HAVE_UUID_BSD], 1, [Define to 1 if you have BSD UUID support.])
elif test "$with_uuid" = e2fs ; then
AC_DEFINE([HAVE_UUID_E2FS], 1, [Define to 1 if you have E2FS UUID support.])
elif test "$with_uuid" = ossp ; then
AC_DEFINE([HAVE_UUID_OSSP], 1, [Define to 1 if you have OSSP UUID support.])
else
AC_MSG_ERROR([--with-uuid must specify one of bsd, e2fs, or ossp])
fi
fi
AC_SUBST(with_uuid)
AC_SUBST(UUID_EXTRA_OBJS)
#

2
contrib/pgcrypto/Makefile
View File

@ -1,6 +1,6 @@
# contrib/pgcrypto/Makefile
INT_SRCS = sha1.c internal.c internal-sha2.c blf.c rijndael.c \
INT_SRCS = internal.c internal-sha2.c blf.c rijndael.c \
pgp-mpi-internal.c imath.c
INT_TESTS = sha2

34
contrib/pgcrypto/internal.c
View File

@ -36,18 +36,10 @@
#include "blf.h"
#include "px.h"
#include "rijndael.h"
#include "sha1.h"
#include "common/cryptohash.h"
#include "common/md5.h"
#ifndef SHA1_DIGEST_LENGTH
#ifdef SHA1_RESULTLEN
#define SHA1_DIGEST_LENGTH SHA1_RESULTLEN
#else
#define SHA1_DIGEST_LENGTH 20
#endif
#endif
#include "common/sha1.h"
#define SHA1_BLOCK_SIZE 64
#define MD5_BLOCK_SIZE 64
@ -144,34 +136,36 @@ int_sha1_block_len(PX_MD *h)
static void
int_sha1_update(PX_MD *h, const uint8 *data, unsigned dlen)
{
SHA1_CTX *ctx = (SHA1_CTX *) h->p.ptr;
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
SHA1Update(ctx, data, dlen);
if (pg_cryptohash_update(ctx, data, dlen) < 0)
elog(ERROR, "could not update %s context", "SHA1");
}
static void
int_sha1_reset(PX_MD *h)
{
SHA1_CTX *ctx = (SHA1_CTX *) h->p.ptr;
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
SHA1Init(ctx);
if (pg_cryptohash_init(ctx) < 0)
elog(ERROR, "could not initialize %s context", "SHA1");
}
static void
int_sha1_finish(PX_MD *h, uint8 *dst)
{
SHA1_CTX *ctx = (SHA1_CTX *) h->p.ptr;
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
SHA1Final(dst, ctx);
if (pg_cryptohash_final(ctx, dst) < 0)
elog(ERROR, "could not finalize %s context", "SHA1");
}
static void
int_sha1_free(PX_MD *h)
{
SHA1_CTX *ctx = (SHA1_CTX *) h->p.ptr;
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
px_memset(ctx, 0, sizeof(*ctx));
pfree(ctx);
pg_cryptohash_free(ctx);
pfree(h);
}
@ -199,9 +193,9 @@ init_md5(PX_MD *md)
static void
init_sha1(PX_MD *md)
{
SHA1_CTX *ctx;
pg_cryptohash_ctx *ctx;
ctx = palloc0(sizeof(*ctx));
ctx = pg_cryptohash_create(PG_SHA1);
md->p.ptr = ctx;

331
contrib/pgcrypto/sha1.c
View File

@ -1,331 +0,0 @@
/* $KAME: sha1.c,v 1.3 2000/02/22 14:01:18 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* contrib/pgcrypto/sha1.c
*/
/*
* FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
* based on: http://www.itl.nist.gov/fipspubs/fip180-1.htm
* implemented by Jun-ichiro itojun Itoh <itojun@itojun.org>
*/
#include "postgres.h"
#include <sys/param.h>
#include "sha1.h"
/* constant table */
static uint32 _K[] = {0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6};
#define K(t) _K[(t) / 20]
#define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d)))
#define F1(b, c, d) (((b) ^ (c)) ^ (d))
#define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
#define F3(b, c, d) (((b) ^ (c)) ^ (d))
#define S(n, x) (((x) << (n)) | ((x) >> (32 - (n))))
#define H(n) (ctxt->h.b32[(n)])
#define COUNT (ctxt->count)
#define BCOUNT (ctxt->c.b64[0] / 8)
#define W(n) (ctxt->m.b32[(n)])
#define PUTPAD(x) \
do { \
ctxt->m.b8[(COUNT % 64)] = (x); \
COUNT++; \
COUNT %= 64; \
if (COUNT % 64 == 0) \
sha1_step(ctxt); \
} while (0)
static void sha1_step(struct sha1_ctxt *);
static void
sha1_step(struct sha1_ctxt *ctxt)
{
uint32 a,
b,
c,
d,
e;
size_t t,
s;
uint32 tmp;
#ifndef WORDS_BIGENDIAN
struct sha1_ctxt tctxt;
memmove(&tctxt.m.b8[0], &ctxt->m.b8[0], 64);
ctxt->m.b8[0] = tctxt.m.b8[3];
ctxt->m.b8[1] = tctxt.m.b8[2];
ctxt->m.b8[2] = tctxt.m.b8[1];
ctxt->m.b8[3] = tctxt.m.b8[0];
ctxt->m.b8[4] = tctxt.m.b8[7];
ctxt->m.b8[5] = tctxt.m.b8[6];
ctxt->m.b8[6] = tctxt.m.b8[5];
ctxt->m.b8[7] = tctxt.m.b8[4];
ctxt->m.b8[8] = tctxt.m.b8[11];
ctxt->m.b8[9] = tctxt.m.b8[10];
ctxt->m.b8[10] = tctxt.m.b8[9];
ctxt->m.b8[11] = tctxt.m.b8[8];
ctxt->m.b8[12] = tctxt.m.b8[15];
ctxt->m.b8[13] = tctxt.m.b8[14];
ctxt->m.b8[14] = tctxt.m.b8[13];
ctxt->m.b8[15] = tctxt.m.b8[12];
ctxt->m.b8[16] = tctxt.m.b8[19];
ctxt->m.b8[17] = tctxt.m.b8[18];
ctxt->m.b8[18] = tctxt.m.b8[17];
ctxt->m.b8[19] = tctxt.m.b8[16];
ctxt->m.b8[20] = tctxt.m.b8[23];
ctxt->m.b8[21] = tctxt.m.b8[22];
ctxt->m.b8[22] = tctxt.m.b8[21];
ctxt->m.b8[23] = tctxt.m.b8[20];
ctxt->m.b8[24] = tctxt.m.b8[27];
ctxt->m.b8[25] = tctxt.m.b8[26];
ctxt->m.b8[26] = tctxt.m.b8[25];
ctxt->m.b8[27] = tctxt.m.b8[24];
ctxt->m.b8[28] = tctxt.m.b8[31];
ctxt->m.b8[29] = tctxt.m.b8[30];
ctxt->m.b8[30] = tctxt.m.b8[29];
ctxt->m.b8[31] = tctxt.m.b8[28];
ctxt->m.b8[32] = tctxt.m.b8[35];
ctxt->m.b8[33] = tctxt.m.b8[34];
ctxt->m.b8[34] = tctxt.m.b8[33];
ctxt->m.b8[35] = tctxt.m.b8[32];
ctxt->m.b8[36] = tctxt.m.b8[39];
ctxt->m.b8[37] = tctxt.m.b8[38];
ctxt->m.b8[38] = tctxt.m.b8[37];
ctxt->m.b8[39] = tctxt.m.b8[36];
ctxt->m.b8[40] = tctxt.m.b8[43];
ctxt->m.b8[41] = tctxt.m.b8[42];
ctxt->m.b8[42] = tctxt.m.b8[41];
ctxt->m.b8[43] = tctxt.m.b8[40];
ctxt->m.b8[44] = tctxt.m.b8[47];
ctxt->m.b8[45] = tctxt.m.b8[46];
ctxt->m.b8[46] = tctxt.m.b8[45];
ctxt->m.b8[47] = tctxt.m.b8[44];
ctxt->m.b8[48] = tctxt.m.b8[51];
ctxt->m.b8[49] = tctxt.m.b8[50];
ctxt->m.b8[50] = tctxt.m.b8[49];
ctxt->m.b8[51] = tctxt.m.b8[48];
ctxt->m.b8[52] = tctxt.m.b8[55];
ctxt->m.b8[53] = tctxt.m.b8[54];
ctxt->m.b8[54] = tctxt.m.b8[53];
ctxt->m.b8[55] = tctxt.m.b8[52];
ctxt->m.b8[56] = tctxt.m.b8[59];
ctxt->m.b8[57] = tctxt.m.b8[58];
ctxt->m.b8[58] = tctxt.m.b8[57];
ctxt->m.b8[59] = tctxt.m.b8[56];
ctxt->m.b8[60] = tctxt.m.b8[63];
ctxt->m.b8[61] = tctxt.m.b8[62];
ctxt->m.b8[62] = tctxt.m.b8[61];
ctxt->m.b8[63] = tctxt.m.b8[60];
#endif
a = H(0);
b = H(1);
c = H(2);
d = H(3);
e = H(4);
for (t = 0; t < 20; t++)
{
s = t & 0x0f;
if (t >= 16)
W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t);
e = d;
d = c;
c = S(30, b);
b = a;
a = tmp;
}
for (t = 20; t < 40; t++)
{
s = t & 0x0f;
W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t);
e = d;
d = c;
c = S(30, b);
b = a;
a = tmp;
}
for (t = 40; t < 60; t++)
{
s = t & 0x0f;
W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t);
e = d;
d = c;
c = S(30, b);
b = a;
a = tmp;
}
for (t = 60; t < 80; t++)
{
s = t & 0x0f;
W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t);
e = d;
d = c;
c = S(30, b);
b = a;
a = tmp;
}
H(0) = H(0) + a;
H(1) = H(1) + b;
H(2) = H(2) + c;
H(3) = H(3) + d;
H(4) = H(4) + e;
memset(&ctxt->m.b8[0], 0, 64);
}
/*------------------------------------------------------------*/
void
sha1_init(struct sha1_ctxt *ctxt)
{
memset(ctxt, 0, sizeof(struct sha1_ctxt));
H(0) = 0x67452301;
H(1) = 0xefcdab89;
H(2) = 0x98badcfe;
H(3) = 0x10325476;
H(4) = 0xc3d2e1f0;
}
void
sha1_pad(struct sha1_ctxt *ctxt)
{
size_t padlen; /* pad length in bytes */
size_t padstart;
PUTPAD(0x80);
padstart = COUNT % 64;
padlen = 64 - padstart;
if (padlen < 8)
{
memset(&ctxt->m.b8[padstart], 0, padlen);
COUNT += padlen;
COUNT %= 64;
sha1_step(ctxt);
padstart = COUNT % 64; /* should be 0 */
padlen = 64 - padstart; /* should be 64 */
}
memset(&ctxt->m.b8[padstart], 0, padlen - 8);
COUNT += (padlen - 8);
COUNT %= 64;
#ifdef WORDS_BIGENDIAN
PUTPAD(ctxt->c.b8[0]);
PUTPAD(ctxt->c.b8[1]);
PUTPAD(ctxt->c.b8[2]);
PUTPAD(ctxt->c.b8[3]);
PUTPAD(ctxt->c.b8[4]);
PUTPAD(ctxt->c.b8[5]);
PUTPAD(ctxt->c.b8[6]);
PUTPAD(ctxt->c.b8[7]);
#else
PUTPAD(ctxt->c.b8[7]);
PUTPAD(ctxt->c.b8[6]);
PUTPAD(ctxt->c.b8[5]);
PUTPAD(ctxt->c.b8[4]);
PUTPAD(ctxt->c.b8[3]);
PUTPAD(ctxt->c.b8[2]);
PUTPAD(ctxt->c.b8[1]);
PUTPAD(ctxt->c.b8[0]);
#endif
}
void
sha1_loop(struct sha1_ctxt *ctxt, const uint8 *input0, size_t len)
{
const uint8 *input;
size_t gaplen;
size_t gapstart;
size_t off;
size_t copysiz;
input = (const uint8 *) input0;
off = 0;
while (off < len)
{
gapstart = COUNT % 64;
gaplen = 64 - gapstart;
copysiz = (gaplen < len - off) ? gaplen : len - off;
memmove(&ctxt->m.b8[gapstart], &input[off], copysiz);
COUNT += copysiz;
COUNT %= 64;
ctxt->c.b64[0] += copysiz * 8;
if (COUNT % 64 == 0)
sha1_step(ctxt);
off += copysiz;
}
}
void
sha1_result(struct sha1_ctxt *ctxt, uint8 *digest0)
{
uint8 *digest;
digest = (uint8 *) digest0;
sha1_pad(ctxt);
#ifdef WORDS_BIGENDIAN
memmove(digest, &ctxt->h.b8[0], 20);
#else
digest[0] = ctxt->h.b8[3];
digest[1] = ctxt->h.b8[2];
digest[2] = ctxt->h.b8[1];
digest[3] = ctxt->h.b8[0];
digest[4] = ctxt->h.b8[7];
digest[5] = ctxt->h.b8[6];
digest[6] = ctxt->h.b8[5];
digest[7] = ctxt->h.b8[4];
digest[8] = ctxt->h.b8[11];
digest[9] = ctxt->h.b8[10];
digest[10] = ctxt->h.b8[9];
digest[11] = ctxt->h.b8[8];
digest[12] = ctxt->h.b8[15];
digest[13] = ctxt->h.b8[14];
digest[14] = ctxt->h.b8[13];
digest[15] = ctxt->h.b8[12];
digest[16] = ctxt->h.b8[19];
digest[17] = ctxt->h.b8[18];
digest[18] = ctxt->h.b8[17];
digest[19] = ctxt->h.b8[16];
#endif
}

1
contrib/uuid-ossp/.gitignore vendored
View File

@ -1,4 +1,3 @@
/sha1.c
# Generated subdirectories
/log/
/results/

6
contrib/uuid-ossp/Makefile
View File

@ -2,7 +2,6 @@
MODULE_big = uuid-ossp
OBJS = \
$(UUID_EXTRA_OBJS) \
$(WIN32RES) \
uuid-ossp.o
@ -19,8 +18,6 @@ pgcrypto_src = $(top_srcdir)/contrib/pgcrypto
PG_CPPFLAGS = -I$(pgcrypto_src)
EXTRA_CLEAN = sha1.c
ifdef USE_PGXS
PG_CONFIG = pg_config
PGXS := $(shell $(PG_CONFIG) --pgxs)
@ -31,6 +28,3 @@ top_builddir = ../..
include $(top_builddir)/src/Makefile.global
include $(top_srcdir)/contrib/contrib-global.mk
endif
sha1.c: % : $(pgcrypto_src)/%
rm -f $@ && $(LN_S) $< .

27
contrib/uuid-ossp/uuid-ossp.c
View File

@ -15,6 +15,7 @@
#include "fmgr.h"
#include "common/cryptohash.h"
#include "common/sha1.h"
#include "port/pg_bswap.h"
#include "utils/builtins.h"
#include "utils/uuid.h"
@ -40,15 +41,6 @@
#undef uuid_hash
/*
* Some BSD variants offer sha1 implementation but Linux does not, so we use
* a copy from pgcrypto. Not needed with OSSP, though.
*/
#ifndef HAVE_UUID_OSSP
#include "sha1.h"
#endif
/* Check our UUID length against OSSP's; better both be 16 */
#if defined(HAVE_UUID_OSSP) && (UUID_LEN != UUID_LEN_BIN)
#error UUID length mismatch
@ -338,13 +330,18 @@ uuid_generate_internal(int v, unsigned char *ns, const char *ptr, int len)
}
else
{
SHA1_CTX ctx;
unsigned char sha1result[SHA1_RESULTLEN];
pg_cryptohash_ctx *ctx = pg_cryptohash_create(PG_SHA1);
unsigned char sha1result[SHA1_DIGEST_LENGTH];
if (pg_cryptohash_init(ctx) < 0)
elog(ERROR, "could not initialize %s context", "SHA1");
if (pg_cryptohash_update(ctx, ns, sizeof(uu)) < 0 ||
pg_cryptohash_update(ctx, (unsigned char *) ptr, len) < 0)
elog(ERROR, "could not update %s context", "SHA1");
if (pg_cryptohash_final(ctx, sha1result) < 0)
elog(ERROR, "could not finalize %s context", "SHA1");
pg_cryptohash_free(ctx);
SHA1Init(&ctx);
SHA1Update(&ctx, ns, sizeof(uu));
SHA1Update(&ctx, (unsigned char *) ptr, len);
SHA1Final(sha1result, &ctx);
memcpy(&uu, sha1result, sizeof(uu));
}

1
src/Makefile.global.in
View File

@ -289,7 +289,6 @@ LIBS = @LIBS@
LDAP_LIBS_FE = @LDAP_LIBS_FE@
LDAP_LIBS_BE = @LDAP_LIBS_BE@
UUID_LIBS = @UUID_LIBS@
UUID_EXTRA_OBJS = @UUID_EXTRA_OBJS@
LLVM_LIBS=@LLVM_LIBS@
LD = @LD@
with_gnu_ld = @with_gnu_ld@

1
src/common/Makefile
View File

@ -88,6 +88,7 @@ else
OBJS_COMMON += \
cryptohash.o \
md5.o \
sha1.o \
sha2.o
endif

11
src/common/cryptohash.c
View File

@ -25,6 +25,7 @@
#include "common/cryptohash.h"
#include "md5_int.h"
#include "sha1_int.h"
#include "sha2_int.h"
/*
@ -47,6 +48,7 @@ struct pg_cryptohash_ctx
union
{
pg_md5_ctx md5;
pg_sha1_ctx sha1;
pg_sha224_ctx sha224;
pg_sha256_ctx sha256;
pg_sha384_ctx sha384;
@ -97,6 +99,9 @@ pg_cryptohash_init(pg_cryptohash_ctx *ctx)
case PG_MD5:
pg_md5_init(&ctx->data.md5);
break;
case PG_SHA1:
pg_sha1_init(&ctx->data.sha1);
break;
case PG_SHA224:
pg_sha224_init(&ctx->data.sha224);
break;
@ -132,6 +137,9 @@ pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
case PG_MD5:
pg_md5_update(&ctx->data.md5, data, len);
break;
case PG_SHA1:
pg_sha1_update(&ctx->data.sha1, data, len);
break;
case PG_SHA224:
pg_sha224_update(&ctx->data.sha224, data, len);
break;
@ -167,6 +175,9 @@ pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest)
case PG_MD5:
pg_md5_final(&ctx->data.md5, dest);
break;
case PG_SHA1:
pg_sha1_final(&ctx->data.sha1, dest);
break;
case PG_SHA224:
pg_sha224_final(&ctx->data.sha224, dest);
break;

3
src/common/cryptohash_openssl.c
View File

@ -131,6 +131,9 @@ pg_cryptohash_init(pg_cryptohash_ctx *ctx)
case PG_MD5:
status = EVP_DigestInit_ex(ctx->evpctx, EVP_md5(), NULL);
break;
case PG_SHA1:
status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha1(), NULL);
break;
case PG_SHA224:
status = EVP_DigestInit_ex(ctx->evpctx, EVP_sha224(), NULL);
break;

369
src/common/sha1.c Normal file
View File

@ -0,0 +1,369 @@
/*-------------------------------------------------------------------------
*
* sha1.c
* Implements the SHA1 Secure Hash Algorithm
*
* Fallback implementation of SHA1, as specified in RFC 3174.
*
* Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
* src/common/sha1.c
*
*-------------------------------------------------------------------------
*/
/* $KAME: sha1.c,v 1.3 2000/02/22 14:01:18 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
* based on: http://www.itl.nist.gov/fipspubs/fip180-1.htm
* implemented by Jun-ichiro itojun Itoh <itojun@itojun.org>
*/
#ifndef FRONTEND
#include "postgres.h"
#else
#include "postgres_fe.h"
#endif
#include <sys/param.h>
#include "sha1_int.h"
/* constant table */
static uint32 _K[] = {0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6};
#define K(t) _K[(t) / 20]
#define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d)))
#define F1(b, c, d) (((b) ^ (c)) ^ (d))
#define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
#define F3(b, c, d) (((b) ^ (c)) ^ (d))
#define S(n, x) (((x) << (n)) | ((x) >> (32 - (n))))
#define H(n) (ctx->h.b32[(n)])
#define COUNT (ctx->count)
#define BCOUNT (ctx->c.b64[0] / 8)
#define W(n) (ctx->m.b32[(n)])
#define PUTPAD(x) \
do { \
ctx->m.b8[(COUNT % 64)] = (x); \
COUNT++; \
COUNT %= 64; \
if (COUNT % 64 == 0) \
sha1_step(ctx); \
} while (0)
static void
sha1_step(pg_sha1_ctx *ctx)
{
uint32 a,
b,
c,
d,
e;
size_t t,
s;
uint32 tmp;
#ifndef WORDS_BIGENDIAN
pg_sha1_ctx tctx;
memmove(&tctx.m.b8[0], &ctx->m.b8[0], 64);
ctx->m.b8[0] = tctx.m.b8[3];
ctx->m.b8[1] = tctx.m.b8[2];
ctx->m.b8[2] = tctx.m.b8[1];
ctx->m.b8[3] = tctx.m.b8[0];
ctx->m.b8[4] = tctx.m.b8[7];
ctx->m.b8[5] = tctx.m.b8[6];
ctx->m.b8[6] = tctx.m.b8[5];
ctx->m.b8[7] = tctx.m.b8[4];
ctx->m.b8[8] = tctx.m.b8[11];
ctx->m.b8[9] = tctx.m.b8[10];
ctx->m.b8[10] = tctx.m.b8[9];
ctx->m.b8[11] = tctx.m.b8[8];
ctx->m.b8[12] = tctx.m.b8[15];
ctx->m.b8[13] = tctx.m.b8[14];
ctx->m.b8[14] = tctx.m.b8[13];
ctx->m.b8[15] = tctx.m.b8[12];
ctx->m.b8[16] = tctx.m.b8[19];
ctx->m.b8[17] = tctx.m.b8[18];
ctx->m.b8[18] = tctx.m.b8[17];
ctx->m.b8[19] = tctx.m.b8[16];
ctx->m.b8[20] = tctx.m.b8[23];
ctx->m.b8[21] = tctx.m.b8[22];
ctx->m.b8[22] = tctx.m.b8[21];
ctx->m.b8[23] = tctx.m.b8[20];
ctx->m.b8[24] = tctx.m.b8[27];
ctx->m.b8[25] = tctx.m.b8[26];
ctx->m.b8[26] = tctx.m.b8[25];
ctx->m.b8[27] = tctx.m.b8[24];
ctx->m.b8[28] = tctx.m.b8[31];
ctx->m.b8[29] = tctx.m.b8[30];
ctx->m.b8[30] = tctx.m.b8[29];
ctx->m.b8[31] = tctx.m.b8[28];
ctx->m.b8[32] = tctx.m.b8[35];
ctx->m.b8[33] = tctx.m.b8[34];
ctx->m.b8[34] = tctx.m.b8[33];
ctx->m.b8[35] = tctx.m.b8[32];
ctx->m.b8[36] = tctx.m.b8[39];
ctx->m.b8[37] = tctx.m.b8[38];
ctx->m.b8[38] = tctx.m.b8[37];
ctx->m.b8[39] = tctx.m.b8[36];
ctx->m.b8[40] = tctx.m.b8[43];
ctx->m.b8[41] = tctx.m.b8[42];
ctx->m.b8[42] = tctx.m.b8[41];
ctx->m.b8[43] = tctx.m.b8[40];
ctx->m.b8[44] = tctx.m.b8[47];
ctx->m.b8[45] = tctx.m.b8[46];
ctx->m.b8[46] = tctx.m.b8[45];
ctx->m.b8[47] = tctx.m.b8[44];
ctx->m.b8[48] = tctx.m.b8[51];
ctx->m.b8[49] = tctx.m.b8[50];
ctx->m.b8[50] = tctx.m.b8[49];
ctx->m.b8[51] = tctx.m.b8[48];
ctx->m.b8[52] = tctx.m.b8[55];
ctx->m.b8[53] = tctx.m.b8[54];
ctx->m.b8[54] = tctx.m.b8[53];
ctx->m.b8[55] = tctx.m.b8[52];
ctx->m.b8[56] = tctx.m.b8[59];
ctx->m.b8[57] = tctx.m.b8[58];
ctx->m.b8[58] = tctx.m.b8[57];
ctx->m.b8[59] = tctx.m.b8[56];
ctx->m.b8[60] = tctx.m.b8[63];
ctx->m.b8[61] = tctx.m.b8[62];
ctx->m.b8[62] = tctx.m.b8[61];
ctx->m.b8[63] = tctx.m.b8[60];
#endif
a = H(0);
b = H(1);
c = H(2);
d = H(3);
e = H(4);
for (t = 0; t < 20; t++)
{
s = t & 0x0f;
if (t >= 16)
W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t);
e = d;
d = c;
c = S(30, b);
b = a;
a = tmp;
}
for (t = 20; t < 40; t++)
{
s = t & 0x0f;
W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t);
e = d;
d = c;
c = S(30, b);
b = a;
a = tmp;
}
for (t = 40; t < 60; t++)
{
s = t & 0x0f;
W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t);
e = d;
d = c;
c = S(30, b);
b = a;
a = tmp;
}
for (t = 60; t < 80; t++)
{
s = t & 0x0f;
W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t);
e = d;
d = c;
c = S(30, b);
b = a;
a = tmp;
}
H(0) = H(0) + a;
H(1) = H(1) + b;
H(2) = H(2) + c;
H(3) = H(3) + d;
H(4) = H(4) + e;
memset(&ctx->m.b8[0], 0, 64);
}
static void
sha1_pad(pg_sha1_ctx *ctx)
{
size_t padlen; /* pad length in bytes */
size_t padstart;
PUTPAD(0x80);
padstart = COUNT % 64;
padlen = 64 - padstart;
if (padlen < 8)
{
memset(&ctx->m.b8[padstart], 0, padlen);
COUNT += padlen;
COUNT %= 64;
sha1_step(ctx);
padstart = COUNT % 64; /* should be 0 */
padlen = 64 - padstart; /* should be 64 */
}
memset(&ctx->m.b8[padstart], 0, padlen - 8);
COUNT += (padlen - 8);
COUNT %= 64;
#ifdef WORDS_BIGENDIAN
PUTPAD(ctx->c.b8[0]);
PUTPAD(ctx->c.b8[1]);
PUTPAD(ctx->c.b8[2]);
PUTPAD(ctx->c.b8[3]);
PUTPAD(ctx->c.b8[4]);
PUTPAD(ctx->c.b8[5]);
PUTPAD(ctx->c.b8[6]);
PUTPAD(ctx->c.b8[7]);
#else
PUTPAD(ctx->c.b8[7]);
PUTPAD(ctx->c.b8[6]);
PUTPAD(ctx->c.b8[5]);
PUTPAD(ctx->c.b8[4]);
PUTPAD(ctx->c.b8[3]);
PUTPAD(ctx->c.b8[2]);
PUTPAD(ctx->c.b8[1]);
PUTPAD(ctx->c.b8[0]);
#endif
}
static void
sha1_result(uint8 *digest0, pg_sha1_ctx *ctx)
{
uint8 *digest;
digest = (uint8 *) digest0;
#ifdef WORDS_BIGENDIAN
memmove(digest, &ctx->h.b8[0], 20);
#else
digest[0] = ctx->h.b8[3];
digest[1] = ctx->h.b8[2];
digest[2] = ctx->h.b8[1];
digest[3] = ctx->h.b8[0];
digest[4] = ctx->h.b8[7];
digest[5] = ctx->h.b8[6];
digest[6] = ctx->h.b8[5];
digest[7] = ctx->h.b8[4];
digest[8] = ctx->h.b8[11];
digest[9] = ctx->h.b8[10];
digest[10] = ctx->h.b8[9];
digest[11] = ctx->h.b8[8];
digest[12] = ctx->h.b8[15];
digest[13] = ctx->h.b8[14];
digest[14] = ctx->h.b8[13];
digest[15] = ctx->h.b8[12];
digest[16] = ctx->h.b8[19];
digest[17] = ctx->h.b8[18];
digest[18] = ctx->h.b8[17];
digest[19] = ctx->h.b8[16];
#endif
}
/* External routines for this SHA1 implementation */
/*
* pg_sha1_init
*
* Initialize a SHA1 context.
*/
void
pg_sha1_init(pg_sha1_ctx *ctx)
{
memset(ctx, 0, sizeof(pg_sha1_ctx));
H(0) = 0x67452301;
H(1) = 0xefcdab89;
H(2) = 0x98badcfe;
H(3) = 0x10325476;
H(4) = 0xc3d2e1f0;
}
/*
* pg_sha1_update
*
* Update a SHA1 context.
*/
void
pg_sha1_update(pg_sha1_ctx *ctx, const uint8 *data, size_t len)
{
const uint8 *input;
size_t gaplen;
size_t gapstart;
size_t off;
size_t copysiz;
input = (const uint8 *) data;
off = 0;
while (off < len)
{
gapstart = COUNT % 64;
gaplen = 64 - gapstart;
copysiz = (gaplen < len - off) ? gaplen : len - off;
memmove(&ctx->m.b8[gapstart], &input[off], copysiz);
COUNT += copysiz;
COUNT %= 64;
ctx->c.b64[0] += copysiz * 8;
if (COUNT % 64 == 0)
sha1_step(ctx);
off += copysiz;
}
}
/*
* pg_sha1_final
*
* Finalize a SHA1 context.
*/
void
pg_sha1_final(pg_sha1_ctx *ctx, uint8 *dest)
{
sha1_pad(ctx);
sha1_result(dest, ctx);
}

44
contrib/pgcrypto/sha1.h → src/common/sha1_int.h
View File

@ -1,4 +1,17 @@
/* contrib/pgcrypto/sha1.h */
/*-------------------------------------------------------------------------
*
* sha1_int.h
* Internal headers for fallback implementation of SHA1
*
* Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
* src/common/sha1_int.h
*
*-------------------------------------------------------------------------
*/
/* $KAME: sha1.h,v 1.4 2000/02/22 14:01:18 itojun Exp $ */
/*
@ -35,10 +48,12 @@
* implemented by Jun-ichiro itojun Itoh <itojun@itojun.org>
*/
#ifndef _NETINET6_SHA1_H_
#define _NETINET6_SHA1_H_
#ifndef PG_SHA1_INT_H
#define PG_SHA1_INT_H
struct sha1_ctxt
#include "common/sha1.h"
typedef struct
{
union
{
@ -56,20 +71,11 @@ struct sha1_ctxt
uint32 b32[16];
} m;
uint8 count;
};
} pg_sha1_ctx;
extern void sha1_init(struct sha1_ctxt *);
extern void sha1_pad(struct sha1_ctxt *);
extern void sha1_loop(struct sha1_ctxt *, const uint8 *, size_t);
extern void sha1_result(struct sha1_ctxt *, uint8 *);
/* Interface routines for SHA1 */
extern void pg_sha1_init(pg_sha1_ctx *ctx);
extern void pg_sha1_update(pg_sha1_ctx *ctx, const uint8 *data, size_t len);
extern void pg_sha1_final(pg_sha1_ctx *ctx, uint8 *dest);
/* compatibility with other SHA1 source codes */
typedef struct sha1_ctxt SHA1_CTX;
#define SHA1Init(x) sha1_init((x))
#define SHA1Update(x, y, z) sha1_loop((x), (y), (z))
#define SHA1Final(x, y) sha1_result((y), (x))
#define SHA1_RESULTLEN (160/8)
#endif /* _NETINET6_SHA1_H_ */
#endif /* PG_SHA1_INT_H */

1
src/include/common/cryptohash.h
View File

@ -19,6 +19,7 @@
typedef enum
{
PG_MD5 = 0,
PG_SHA1,
PG_SHA224,
PG_SHA256,
PG_SHA384,

19
src/include/common/sha1.h Normal file
View File

@ -0,0 +1,19 @@
/*-------------------------------------------------------------------------
*
* sha1.h
* Constants related to SHA1.
*
* Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* src/include/common/sha1.h
*
*-------------------------------------------------------------------------
*/
#ifndef PG_SHA1_H
#define PG_SHA1_H
/* Size of result generated by SHA1 computation */
#define SHA1_DIGEST_LENGTH 20
#endif /* PG_SHA1_H */

9
src/tools/msvc/Mkvcbuild.pm
View File

@ -136,6 +136,7 @@ sub mkvcbuild
{
push(@pgcommonallfiles, 'cryptohash.c');
push(@pgcommonallfiles, 'md5.c');
push(@pgcommonallfiles, 'sha1.c');
push(@pgcommonallfiles, 'sha2.c');
}
@ -465,10 +466,10 @@ sub mkvcbuild
else
{
$pgcrypto->AddFiles(
'contrib/pgcrypto', 'sha1.c',
'internal.c', 'internal-sha2.c',
'blf.c', 'rijndael.c',
'pgp-mpi-internal.c', 'imath.c');
'contrib/pgcrypto', 'internal.c',
'internal-sha2.c', 'blf.c',
'rijndael.c', 'pgp-mpi-internal.c',
'imath.c');
}
$pgcrypto->AddReference($postgres);
$pgcrypto->AddLibrary('ws2_32.lib');

1
src/tools/pgindent/typedefs.list
View File

@ -3214,6 +3214,7 @@ pg_md5_ctx
pg_on_exit_callback
pg_re_flags
pg_saslprep_rc
pg_sha1_ctx
pg_sha224_ctx
pg_sha256_ctx
pg_sha384_ctx