mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-12-09 08:10:09 +08:00
2518e27334
* remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
547 lines
9.4 KiB
C
547 lines
9.4 KiB
C
/*
|
|
* internal.c
|
|
* Wrapper for builtin functions
|
|
*
|
|
* Copyright (c) 2001 Marko Kreen
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* $Id: internal.c,v 1.4 2001/08/21 00:42:41 momjian Exp $
|
|
*/
|
|
|
|
|
|
#include <postgres.h>
|
|
|
|
#include "px.h"
|
|
|
|
#include "md5.h"
|
|
#include "sha1.h"
|
|
#include "blf.h"
|
|
#include "rijndael.h"
|
|
|
|
#ifndef MD5_DIGEST_LENGTH
|
|
#define MD5_DIGEST_LENGTH 16
|
|
#endif
|
|
|
|
#ifndef SHA1_DIGEST_LENGTH
|
|
#ifdef SHA1_RESULTLEN
|
|
#define SHA1_DIGEST_LENGTH SHA1_RESULTLEN
|
|
#else
|
|
#define SHA1_DIGEST_LENGTH 20
|
|
#endif
|
|
#endif
|
|
|
|
#define SHA1_BLOCK_SIZE 64
|
|
#define MD5_BLOCK_SIZE 64
|
|
|
|
static void init_md5(PX_MD * h);
|
|
static void init_sha1(PX_MD * h);
|
|
|
|
static struct int_digest
|
|
{
|
|
char *name;
|
|
void (*init) (PX_MD * h);
|
|
} int_digest_list[] =
|
|
{
|
|
{ "md5", init_md5 },
|
|
{ "sha1", init_sha1 },
|
|
{ NULL, NULL }
|
|
};
|
|
|
|
/* MD5 */
|
|
|
|
static uint
|
|
int_md5_len(PX_MD * h)
|
|
{
|
|
return MD5_DIGEST_LENGTH;
|
|
}
|
|
|
|
static uint
|
|
int_md5_block_len(PX_MD * h)
|
|
{
|
|
return MD5_BLOCK_SIZE;
|
|
}
|
|
|
|
static void
|
|
int_md5_update(PX_MD * h, const uint8 * data, uint dlen)
|
|
{
|
|
MD5_CTX *ctx = (MD5_CTX *) h->p.ptr;
|
|
|
|
MD5Update(ctx, data, dlen);
|
|
}
|
|
|
|
static void
|
|
int_md5_reset(PX_MD * h)
|
|
{
|
|
MD5_CTX *ctx = (MD5_CTX *) h->p.ptr;
|
|
|
|
MD5Init(ctx);
|
|
}
|
|
|
|
static void
|
|
int_md5_finish(PX_MD * h, uint8 * dst)
|
|
{
|
|
MD5_CTX *ctx = (MD5_CTX *) h->p.ptr;
|
|
|
|
MD5Final(dst, ctx);
|
|
}
|
|
|
|
static void
|
|
int_md5_free(PX_MD * h)
|
|
{
|
|
MD5_CTX *ctx = (MD5_CTX *) h->p.ptr;
|
|
|
|
px_free(ctx);
|
|
px_free(h);
|
|
}
|
|
|
|
/* SHA1 */
|
|
|
|
static uint
|
|
int_sha1_len(PX_MD * h)
|
|
{
|
|
return SHA1_DIGEST_LENGTH;
|
|
}
|
|
|
|
static uint
|
|
int_sha1_block_len(PX_MD * h)
|
|
{
|
|
return SHA1_BLOCK_SIZE;
|
|
}
|
|
|
|
static void
|
|
int_sha1_update(PX_MD * h, const uint8 * data, uint dlen)
|
|
{
|
|
SHA1_CTX *ctx = (SHA1_CTX *) h->p.ptr;
|
|
|
|
SHA1Update(ctx, (const char *)data, dlen);
|
|
}
|
|
|
|
static void
|
|
int_sha1_reset(PX_MD * h)
|
|
{
|
|
SHA1_CTX *ctx = (SHA1_CTX *) h->p.ptr;
|
|
|
|
SHA1Init(ctx);
|
|
}
|
|
|
|
static void
|
|
int_sha1_finish(PX_MD * h, uint8 * dst)
|
|
{
|
|
SHA1_CTX *ctx = (SHA1_CTX *) h->p.ptr;
|
|
|
|
SHA1Final(dst, ctx);
|
|
}
|
|
|
|
static void
|
|
int_sha1_free(PX_MD * h)
|
|
{
|
|
SHA1_CTX *ctx = (SHA1_CTX *) h->p.ptr;
|
|
|
|
px_free(ctx);
|
|
px_free(h);
|
|
}
|
|
|
|
/* init functions */
|
|
|
|
static void
|
|
init_md5(PX_MD * md)
|
|
{
|
|
MD5_CTX *ctx;
|
|
|
|
ctx = px_alloc(sizeof(*ctx));
|
|
|
|
md->p.ptr = ctx;
|
|
|
|
md->result_size = int_md5_len;
|
|
md->block_size = int_md5_block_len;
|
|
md->reset = int_md5_reset;
|
|
md->update = int_md5_update;
|
|
md->finish = int_md5_finish;
|
|
md->free = int_md5_free;
|
|
|
|
md->reset(md);
|
|
}
|
|
|
|
static void
|
|
init_sha1(PX_MD * md)
|
|
{
|
|
SHA1_CTX *ctx;
|
|
|
|
ctx = px_alloc(sizeof(*ctx));
|
|
|
|
md->p.ptr = ctx;
|
|
|
|
md->result_size = int_sha1_len;
|
|
md->block_size = int_sha1_block_len;
|
|
md->reset = int_sha1_reset;
|
|
md->update = int_sha1_update;
|
|
md->finish = int_sha1_finish;
|
|
md->free = int_sha1_free;
|
|
|
|
md->reset(md);
|
|
}
|
|
|
|
/*
|
|
* ciphers generally
|
|
*/
|
|
|
|
#define INT_MAX_KEY (512/8)
|
|
#define INT_MAX_IV (128/8)
|
|
|
|
struct int_ctx {
|
|
uint8 keybuf[INT_MAX_KEY];
|
|
uint8 iv[INT_MAX_IV];
|
|
union {
|
|
blf_ctx bf;
|
|
rijndael_ctx rj;
|
|
} ctx;
|
|
uint keylen;
|
|
int is_init;
|
|
int mode;
|
|
};
|
|
|
|
static void intctx_free(PX_Cipher *c)
|
|
{
|
|
struct int_ctx *cx = (struct int_ctx *)c->ptr;
|
|
if (cx) {
|
|
memset(cx, 0, sizeof *cx);
|
|
px_free(cx);
|
|
}
|
|
px_free(c);
|
|
}
|
|
|
|
/*
|
|
* AES/rijndael
|
|
*/
|
|
|
|
#define MODE_ECB 0
|
|
#define MODE_CBC 1
|
|
|
|
static uint rj_block_size(PX_Cipher *c)
|
|
{
|
|
return 128/8;
|
|
}
|
|
|
|
static uint rj_key_size(PX_Cipher *c)
|
|
{
|
|
return 256/8;
|
|
}
|
|
|
|
static uint rj_iv_size(PX_Cipher *c)
|
|
{
|
|
return 128/8;
|
|
}
|
|
|
|
static int rj_init(PX_Cipher *c, const uint8 *key, uint klen, const uint8 *iv)
|
|
{
|
|
struct int_ctx *cx = (struct int_ctx *)c->ptr;
|
|
|
|
if (klen <= 128/8)
|
|
cx->keylen = 128/8;
|
|
else if (klen <= 192/8)
|
|
cx->keylen = 192/8;
|
|
else if (klen <= 256/8)
|
|
cx->keylen = 256/8;
|
|
else
|
|
return -1;
|
|
|
|
memcpy(&cx->keybuf, key, klen);
|
|
|
|
if (iv)
|
|
memcpy(cx->iv, iv, 128/8);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int rj_real_init(struct int_ctx *cx, int dir)
|
|
{
|
|
aes_set_key(&cx->ctx.rj, cx->keybuf, cx->keylen*8, dir);
|
|
return 0;
|
|
}
|
|
|
|
static int rj_encrypt(PX_Cipher *c, const uint8 *data, uint dlen, uint8 *res)
|
|
{
|
|
struct int_ctx *cx = (struct int_ctx *)c->ptr;
|
|
|
|
if (!cx->is_init) {
|
|
if (rj_real_init(cx, 1))
|
|
return -1;
|
|
}
|
|
|
|
if (dlen == 0)
|
|
return 0;
|
|
|
|
if ((dlen & 15) || (((unsigned)res) & 3))
|
|
return -1;
|
|
|
|
memcpy(res, data, dlen);
|
|
|
|
if (cx->mode == MODE_CBC) {
|
|
aes_cbc_encrypt(&cx->ctx.rj, cx->iv, res, dlen);
|
|
memcpy(cx->iv, res + dlen - 16, 16);
|
|
} else
|
|
aes_ecb_encrypt(&cx->ctx.rj, res, dlen);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int rj_decrypt(PX_Cipher *c, const uint8 *data, uint dlen, uint8 *res)
|
|
{
|
|
struct int_ctx *cx = (struct int_ctx *)c->ptr;
|
|
|
|
if (!cx->is_init)
|
|
if (rj_real_init(cx, 0))
|
|
return -1;
|
|
|
|
if (dlen == 0)
|
|
return 0;
|
|
|
|
if ((dlen & 15) || (((unsigned)res) & 3))
|
|
return -1;
|
|
|
|
memcpy(res, data, dlen);
|
|
|
|
if (cx->mode == MODE_CBC) {
|
|
aes_cbc_decrypt(&cx->ctx.rj, cx->iv, res, dlen);
|
|
memcpy(cx->iv, data + dlen - 16, 16);
|
|
} else
|
|
aes_ecb_decrypt(&cx->ctx.rj, res, dlen);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* initializers
|
|
*/
|
|
|
|
static PX_Cipher * rj_load(int mode)
|
|
{
|
|
PX_Cipher *c;
|
|
struct int_ctx *cx;
|
|
|
|
c = px_alloc(sizeof *c);
|
|
memset(c, 0, sizeof *c);
|
|
|
|
c->block_size = rj_block_size;
|
|
c->key_size = rj_key_size;
|
|
c->iv_size = rj_iv_size;
|
|
c->init = rj_init;
|
|
c->encrypt = rj_encrypt;
|
|
c->decrypt = rj_decrypt;
|
|
c->free = intctx_free;
|
|
|
|
cx = px_alloc(sizeof *cx);
|
|
memset(cx, 0, sizeof *cx);
|
|
cx->mode = mode;
|
|
|
|
c->ptr = cx;
|
|
return c;
|
|
}
|
|
|
|
/*
|
|
* blowfish
|
|
*/
|
|
|
|
static uint bf_block_size(PX_Cipher *c)
|
|
{
|
|
return 8;
|
|
}
|
|
|
|
static uint bf_key_size(PX_Cipher *c)
|
|
{
|
|
return BLF_MAXKEYLEN;
|
|
}
|
|
|
|
static uint bf_iv_size(PX_Cipher *c)
|
|
{
|
|
return 8;
|
|
}
|
|
|
|
static int bf_init(PX_Cipher *c, const uint8 *key, uint klen, const uint8 *iv)
|
|
{
|
|
struct int_ctx *cx = (struct int_ctx *)c->ptr;
|
|
|
|
blf_key(&cx->ctx.bf, key, klen);
|
|
if (iv)
|
|
memcpy(cx->iv, iv, 8);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int bf_encrypt(PX_Cipher *c, const uint8 *data, uint dlen, uint8 *res)
|
|
{
|
|
struct int_ctx *cx = (struct int_ctx *)c->ptr;
|
|
|
|
if (dlen == 0)
|
|
return 0;
|
|
|
|
if ((dlen & 7) || (((unsigned)res) & 3))
|
|
return -1;
|
|
|
|
memcpy(res, data, dlen);
|
|
switch (cx->mode) {
|
|
case MODE_ECB:
|
|
blf_ecb_encrypt(&cx->ctx.bf, res, dlen);
|
|
break;
|
|
case MODE_CBC:
|
|
blf_cbc_encrypt(&cx->ctx.bf, cx->iv, res, dlen);
|
|
memcpy(cx->iv, res + dlen - 8, 8);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int bf_decrypt(PX_Cipher *c, const uint8 *data, uint dlen, uint8 *res)
|
|
{
|
|
struct int_ctx *cx = (struct int_ctx *)c->ptr;
|
|
|
|
if (dlen == 0)
|
|
return 0;
|
|
|
|
if ((dlen & 7) || (((unsigned)res) & 3))
|
|
return -1;
|
|
|
|
memcpy(res, data, dlen);
|
|
switch (cx->mode) {
|
|
case MODE_ECB:
|
|
blf_ecb_decrypt(&cx->ctx.bf, res, dlen);
|
|
break;
|
|
case MODE_CBC:
|
|
blf_cbc_decrypt(&cx->ctx.bf, cx->iv, res, dlen);
|
|
memcpy(cx->iv, data + dlen - 8, 8);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static PX_Cipher * bf_load(int mode)
|
|
{
|
|
PX_Cipher *c;
|
|
struct int_ctx *cx;
|
|
|
|
c = px_alloc(sizeof *c);
|
|
memset(c, 0, sizeof *c);
|
|
|
|
c->block_size = bf_block_size;
|
|
c->key_size = bf_key_size;
|
|
c->iv_size = bf_iv_size;
|
|
c->init = bf_init;
|
|
c->encrypt = bf_encrypt;
|
|
c->decrypt = bf_decrypt;
|
|
c->free = intctx_free;
|
|
|
|
cx = px_alloc(sizeof *cx);
|
|
memset(cx, 0, sizeof *cx);
|
|
cx->mode = mode;
|
|
c->ptr = cx;
|
|
return c;
|
|
}
|
|
|
|
/* ciphers */
|
|
|
|
static PX_Cipher * rj_128_ecb()
|
|
{
|
|
return rj_load(MODE_ECB);
|
|
}
|
|
|
|
static PX_Cipher * rj_128_cbc()
|
|
{
|
|
return rj_load(MODE_CBC);
|
|
}
|
|
|
|
static PX_Cipher * bf_ecb_load()
|
|
{
|
|
return bf_load(MODE_ECB);
|
|
}
|
|
|
|
static PX_Cipher * bf_cbc_load()
|
|
{
|
|
return bf_load(MODE_CBC);
|
|
}
|
|
|
|
static struct {
|
|
char *name;
|
|
PX_Cipher *(*load)(void);
|
|
} int_ciphers [] = {
|
|
{ "bf-cbc", bf_cbc_load },
|
|
{ "bf-ecb", bf_ecb_load },
|
|
{ "aes-128-cbc", rj_128_cbc },
|
|
{ "aes-128-ecb", rj_128_ecb },
|
|
{ NULL, NULL }
|
|
};
|
|
|
|
static PX_Alias int_aliases [] = {
|
|
{ "bf", "bf-cbc" },
|
|
{ "blowfish", "bf-cbc" },
|
|
{ "aes", "aes-128-cbc" },
|
|
{ "aes-ecb", "aes-128-ecb" },
|
|
{ "aes-cbc", "aes-128-cbc" },
|
|
{ "aes-128", "aes-128-cbc" },
|
|
{ "rijndael", "aes-128-cbc" },
|
|
{ "rijndael-128", "aes-128-cbc" },
|
|
{ NULL, NULL }
|
|
};
|
|
|
|
/* PUBLIC FUNCTIONS */
|
|
|
|
int
|
|
px_find_digest(const char *name, PX_MD ** res)
|
|
{
|
|
struct int_digest *p;
|
|
PX_MD *h;
|
|
|
|
for (p = int_digest_list; p->name; p++)
|
|
if (!strcasecmp(p->name, name))
|
|
{
|
|
h = px_alloc(sizeof(*h));
|
|
p->init(h);
|
|
|
|
*res = h;
|
|
|
|
return 0;
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
int
|
|
px_find_cipher(const char *name, PX_Cipher **res)
|
|
{
|
|
int i;
|
|
PX_Cipher *c = NULL;
|
|
|
|
name = px_resolve_alias(int_aliases, name);
|
|
|
|
for (i = 0; int_ciphers[i].name; i++)
|
|
if (!strcmp(int_ciphers[i].name, name)) {
|
|
c = int_ciphers[i].load();
|
|
break;
|
|
}
|
|
|
|
if (c == NULL)
|
|
return -1;
|
|
|
|
*res = c;
|
|
return 0;
|
|
}
|
|
|
|
|