mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-12-27 08:39:28 +08:00
2518e27334
* remove support for encode() as it is in main tree now * remove krb5.c * new 'PX library' architecture * remove BSD license from my code to let the general PostgreSQL one to apply * md5, sha1: ANSIfy, use const where appropriate * various other formatting and clarity changes * hmac() * UN*X-like crypt() - system or internal crypt * Internal crypt: DES, Extended DES, MD5, Blowfish crypt-des.c, crypt-md5.c from FreeBSD crypt-blowfish.c from Solar Designer * gen_salt() for crypt() - Blowfish, MD5, DES, Extended DES * encrypt(), decrypt(), encrypt_iv(), decrypt_iv() * Cipher support in mhash.c, openssl.c * internal: Blowfish, Rijndael-128 ciphers * blf.[ch], rijndael.[ch] from OpenBSD * there will be generated file rijndael-tbl.inc. Marko Kreen
343 lines
6.5 KiB
C
343 lines
6.5 KiB
C
/*
|
|
* mhash.c
|
|
* Wrapper for mhash and mcrypt libraries.
|
|
*
|
|
* Copyright (c) 2001 Marko Kreen
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* $Id: mhash.c,v 1.4 2001/08/21 00:42:41 momjian Exp $
|
|
*/
|
|
|
|
#include <postgres.h>
|
|
|
|
#include "px.h"
|
|
|
|
#include <mhash.h>
|
|
#include <mcrypt.h>
|
|
|
|
#define MAX_KEY_LENGTH 512
|
|
#define MAX_IV_LENGTH 128
|
|
|
|
#define DEF_KEY_LEN 16
|
|
|
|
|
|
/* DIGEST */
|
|
|
|
static uint
|
|
digest_result_size(PX_MD * h)
|
|
{
|
|
MHASH mh = (MHASH) h->p.ptr;
|
|
hashid id = mhash_get_mhash_algo(mh);
|
|
|
|
return mhash_get_block_size(id);
|
|
}
|
|
|
|
static uint
|
|
digest_block_size(PX_MD * h)
|
|
{
|
|
MHASH mh = (MHASH) h->p.ptr;
|
|
hashid id = mhash_get_mhash_algo(mh);
|
|
|
|
return mhash_get_hash_pblock(id);
|
|
}
|
|
|
|
static void
|
|
digest_reset(PX_MD * h)
|
|
{
|
|
MHASH mh = (MHASH) h->p.ptr;
|
|
hashid id = mhash_get_mhash_algo(mh);
|
|
uint8 *res = mhash_end(mh);
|
|
|
|
mhash_free(res);
|
|
mh = mhash_init(id);
|
|
h->p.ptr = mh;
|
|
}
|
|
|
|
static void
|
|
digest_update(PX_MD * h, const uint8 * data, uint dlen)
|
|
{
|
|
MHASH mh = (MHASH) h->p.ptr;
|
|
|
|
mhash(mh, data, dlen);
|
|
}
|
|
|
|
static void
|
|
digest_finish(PX_MD * h, uint8 * dst)
|
|
{
|
|
MHASH mh = (MHASH) h->p.ptr;
|
|
uint hlen = digest_result_size(h);
|
|
hashid id = mhash_get_mhash_algo(mh);
|
|
uint8 *buf = mhash_end(mh);
|
|
|
|
memcpy(dst, buf, hlen);
|
|
mhash_free(buf);
|
|
|
|
mh = mhash_init(id);
|
|
h->p.ptr = mh;
|
|
}
|
|
|
|
static void
|
|
digest_free(PX_MD * h)
|
|
{
|
|
MHASH mh = (MHASH) h->p.ptr;
|
|
uint8 *buf = mhash_end(mh);
|
|
|
|
mhash_free(buf);
|
|
|
|
px_free(h);
|
|
}
|
|
|
|
/* ENCRYPT / DECRYPT */
|
|
|
|
static uint
|
|
cipher_block_size(PX_Cipher *c)
|
|
{
|
|
MCRYPT ctx = (MCRYPT)c->ptr;
|
|
return mcrypt_enc_get_block_size(ctx);
|
|
}
|
|
|
|
static uint
|
|
cipher_key_size(PX_Cipher *c)
|
|
{
|
|
MCRYPT ctx = (MCRYPT)c->ptr;
|
|
return mcrypt_enc_get_key_size(ctx);
|
|
}
|
|
|
|
static uint
|
|
cipher_iv_size(PX_Cipher *c)
|
|
{
|
|
MCRYPT ctx = (MCRYPT)c->ptr;
|
|
return mcrypt_enc_mode_has_iv(ctx)
|
|
? mcrypt_enc_get_iv_size(ctx) : 0;
|
|
}
|
|
|
|
static int
|
|
cipher_init(PX_Cipher *c, const uint8 *key, uint klen, const uint8 *iv)
|
|
{
|
|
int err;
|
|
MCRYPT ctx = (MCRYPT)c->ptr;
|
|
|
|
err = mcrypt_generic_init(ctx, (char *)key, klen, (char*)iv);
|
|
if (err < 0)
|
|
elog(ERROR, "mcrypt_generic_init error: %s", mcrypt_strerror(err));
|
|
|
|
c->pstat = 1;
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
cipher_encrypt(PX_Cipher *c, const uint8 *data, uint dlen, uint8 *res)
|
|
{
|
|
int err;
|
|
MCRYPT ctx = (MCRYPT)c->ptr;
|
|
|
|
memcpy(res, data, dlen);
|
|
|
|
err = mcrypt_generic(ctx, res, dlen);
|
|
if (err < 0)
|
|
elog(ERROR, "mcrypt_generic error: %s", mcrypt_strerror(err));
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
cipher_decrypt(PX_Cipher *c, const uint8 *data, uint dlen, uint8 *res)
|
|
{
|
|
int err;
|
|
MCRYPT ctx = (MCRYPT)c->ptr;
|
|
|
|
memcpy(res, data, dlen);
|
|
|
|
err = mdecrypt_generic(ctx, res, dlen);
|
|
if (err < 0)
|
|
elog(ERROR, "mdecrypt_generic error: %s", mcrypt_strerror(err));
|
|
return 0;
|
|
}
|
|
|
|
|
|
static void
|
|
cipher_free(PX_Cipher *c)
|
|
{
|
|
MCRYPT ctx = (MCRYPT)c->ptr;
|
|
|
|
if (c->pstat)
|
|
mcrypt_generic_end(ctx);
|
|
else
|
|
mcrypt_module_close(ctx);
|
|
|
|
px_free(c);
|
|
}
|
|
|
|
/* Helper functions */
|
|
|
|
static int
|
|
find_hashid(const char *name)
|
|
{
|
|
int res = -1;
|
|
size_t hnum,
|
|
b,
|
|
i;
|
|
char *mname;
|
|
|
|
hnum = mhash_count();
|
|
for (i = 0; i <= hnum; i++)
|
|
{
|
|
mname = mhash_get_hash_name(i);
|
|
if (mname == NULL)
|
|
continue;
|
|
b = strcasecmp(name, mname);
|
|
free(mname);
|
|
if (!b)
|
|
{
|
|
res = i;
|
|
break;
|
|
}
|
|
}
|
|
|
|
return res;
|
|
}
|
|
|
|
static char *modes[] = {
|
|
"ecb", "cbc", "cfb", "ofb", "nofb", "stream",
|
|
"ofb64", "cfb64", NULL
|
|
};
|
|
|
|
static PX_Alias aliases[] = {
|
|
{"bf", "blowfish" },
|
|
{"3des", "tripledes" },
|
|
{"des3", "tripledes" },
|
|
{"aes", "rijndael-128" },
|
|
{"rijndael", "rijndael-128" },
|
|
{"aes-128", "rijndael-128" },
|
|
{"aes-192", "rijndael-192" },
|
|
{"aes-256", "rijndael-256" },
|
|
{ NULL, NULL }
|
|
};
|
|
|
|
static PX_Alias mode_aliases[] = {
|
|
#if 0 /* N/A */
|
|
{ "cfb", "ncfb" },
|
|
{ "ofb", "nofb" },
|
|
{ "cfb64", "ncfb" },
|
|
#endif
|
|
/* { "ofb64", "nofb" }, not sure it works */
|
|
{ "cfb8", "cfb" },
|
|
{ "ofb8", "ofb" },
|
|
{ NULL, NULL }
|
|
};
|
|
|
|
static int is_mode(char *s)
|
|
{
|
|
char **p;
|
|
|
|
if (*s >= '0' && *s <= '9')
|
|
return 0;
|
|
|
|
for (p = modes; *p; p++)
|
|
if (!strcmp(s, *p))
|
|
return 1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* PUBLIC FUNCTIONS */
|
|
|
|
int
|
|
px_find_digest(const char *name, PX_MD **res)
|
|
{
|
|
PX_MD *h;
|
|
MHASH mh;
|
|
int i;
|
|
|
|
i = find_hashid(name);
|
|
if (i < 0)
|
|
return -1;
|
|
|
|
mh = mhash_init(i);
|
|
h = px_alloc(sizeof(*h));
|
|
h->p.ptr = (void *) mh;
|
|
|
|
h->result_size = digest_result_size;
|
|
h->block_size = digest_block_size;
|
|
h->reset = digest_reset;
|
|
h->update = digest_update;
|
|
h->finish = digest_finish;
|
|
h->free = digest_free;
|
|
|
|
*res = h;
|
|
return 0;
|
|
}
|
|
|
|
|
|
int
|
|
px_find_cipher(const char *name, PX_Cipher **res)
|
|
{
|
|
char nbuf[PX_MAX_NAMELEN + 1];
|
|
const char *mode = NULL;
|
|
char *p;
|
|
MCRYPT ctx;
|
|
|
|
PX_Cipher *c;
|
|
|
|
strcpy(nbuf, name);
|
|
|
|
if ((p = strrchr(nbuf, '-')) != NULL) {
|
|
if (is_mode(p + 1)) {
|
|
mode = p + 1;
|
|
*p = 0;
|
|
}
|
|
}
|
|
|
|
name = px_resolve_alias(aliases, nbuf);
|
|
|
|
if (!mode) {
|
|
mode = "cbc";
|
|
/*
|
|
if (mcrypt_module_is_block_algorithm(name, NULL))
|
|
mode = "cbc";
|
|
else
|
|
mode = "stream";
|
|
*/
|
|
}
|
|
mode = px_resolve_alias(mode_aliases, mode);
|
|
|
|
ctx = mcrypt_module_open((char*)name, NULL, (char*)mode, NULL);
|
|
if (ctx == (void*)MCRYPT_FAILED)
|
|
return -1;
|
|
|
|
c = palloc(sizeof *c);
|
|
c->iv_size = cipher_iv_size;
|
|
c->key_size = cipher_key_size;
|
|
c->block_size = cipher_block_size;
|
|
c->init = cipher_init;
|
|
c->encrypt = cipher_encrypt;
|
|
c->decrypt = cipher_decrypt;
|
|
c->free = cipher_free;
|
|
c->ptr = ctx;
|
|
c->pstat = 0;
|
|
|
|
*res = c;
|
|
return 0;
|
|
}
|
|
|