1 /*
2 * contrib/pgcrypto/crypt-blowfish.c
3 *
4 * This code comes from John the Ripper password cracker, with reentrant
5 * and crypt(3) interfaces added, but optimizations specific to password
6 * cracking removed.
7 *
8 * Written by Solar Designer <solar at openwall.com> in 1998-2002 and
9 * placed in the public domain.
10 *
11 * There's absolutely no warranty.
12 *
13 * It is my intent that you should be able to use this on your system,
14 * as a part of a software package, or anywhere else to improve security,
15 * ensure compatibility, or for any other purpose. I would appreciate
16 * it if you give credit where it is due and keep your modifications in
17 * the public domain as well, but I don't require that in order to let
18 * you place this code and any modifications you make under a license
19 * of your choice.
20 *
21 * This implementation is compatible with OpenBSD bcrypt.c (version 2a)
22 * by Niels Provos <provos at citi.umich.edu>, and uses some of his
23 * ideas. The password hashing algorithm was designed by David Mazieres
24 * <dm at lcs.mit.edu>.
25 *
26 * There's a paper on the algorithm that explains its design decisions:
27 *
28 * http://www.usenix.org/events/usenix99/provos.html
29 *
30 * Some of the tricks in BF_ROUND might be inspired by Eric Young's
31 * Blowfish library (I can't be sure if I would think of something if I
32 * hadn't seen his code).
33 */
34
35 #include "postgres.h"
36 #include "miscadmin.h"
37
38 #include "px-crypt.h"
39 #include "px.h"
40
41 #ifdef __i386__
42 #define BF_ASM 0 /* 1 */
43 #define BF_SCALE 1
44 #elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__)
45 #define BF_ASM 0
46 #define BF_SCALE 1
47 #else
48 #define BF_ASM 0
49 #define BF_SCALE 0
50 #endif
51
52 typedef unsigned int BF_word;
53 typedef signed int BF_word_signed;
54
55 /* Number of Blowfish rounds, this is also hardcoded into a few places */
56 #define BF_N 16
57
58 typedef BF_word BF_key[BF_N + 2];
59
60 typedef struct
61 {
62 BF_word S[4][0x100];
63 BF_key P;
64 } BF_ctx;
65
66 /*
67 * Magic IV for 64 Blowfish encryptions that we do at the end.
68 * The string is "OrpheanBeholderScryDoubt" on big-endian.
69 */
70 static BF_word BF_magic_w[6] = {
71 0x4F727068, 0x65616E42, 0x65686F6C,
72 0x64657253, 0x63727944, 0x6F756274
73 };
74
75 /*
76 * P-box and S-box tables initialized with digits of Pi.
77 */
78 static BF_ctx BF_init_state = {
79 {
80 {
81 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
82 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
83 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
84 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
85 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
86 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
87 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
88 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
89 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
90 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
91 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
92 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
93 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
94 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
95 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
96 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
97 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
98 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
99 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
100 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
101 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
102 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
103 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
104 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
105 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
106 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
107 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
108 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
109 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
110 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
111 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
112 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
113 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
114 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
115 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
116 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
117 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
118 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
119 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
120 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
121 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
122 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
123 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
124 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
125 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
126 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
127 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
128 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
129 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
130 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
131 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
132 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
133 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
134 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
135 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
136 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
137 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
138 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
139 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
140 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
141 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
142 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
143 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
144 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a
145 }, {
146 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
147 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
148 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
149 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
150 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
151 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
152 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
153 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
154 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
155 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
156 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
157 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
158 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
159 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
160 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
161 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
162 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
163 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
164 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
165 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
166 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
167 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
168 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
169 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
170 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
171 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
172 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
173 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
174 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
175 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
176 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
177 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
178 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
179 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
180 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
181 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
182 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
183 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
184 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
185 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
186 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
187 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
188 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
189 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
190 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
191 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
192 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
193 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
194 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
195 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
196 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
197 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
198 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
199 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
200 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
201 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
202 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
203 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
204 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
205 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
206 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
207 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
208 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
209 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7
210 }, {
211 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
212 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
213 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
214 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
215 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
216 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
217 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
218 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
219 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
220 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
221 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
222 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
223 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
224 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
225 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
226 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
227 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
228 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
229 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
230 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
231 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
232 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
233 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
234 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
235 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
236 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
237 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
238 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
239 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
240 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
241 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
242 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
243 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
244 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
245 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
246 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
247 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
248 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
249 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
250 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
251 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
252 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
253 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
254 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
255 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
256 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
257 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
258 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
259 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
260 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
261 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
262 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
263 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
264 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
265 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
266 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
267 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
268 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
269 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
270 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
271 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
272 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
273 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
274 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0
275 }, {
276 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
277 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
278 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
279 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
280 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
281 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
282 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
283 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
284 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
285 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
286 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
287 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
288 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
289 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
290 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
291 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
292 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
293 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
294 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
295 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
296 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
297 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
298 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
299 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
300 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
301 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
302 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
303 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
304 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
305 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
306 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
307 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
308 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
309 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
310 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
311 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
312 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
313 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
314 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
315 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
316 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
317 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
318 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
319 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
320 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
321 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
322 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
323 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
324 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
325 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
326 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
327 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
328 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
329 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
330 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
331 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
332 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
333 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
334 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
335 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
336 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
337 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
338 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
339 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6
340 }
341 }, {
342 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
343 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
344 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
345 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
346 0x9216d5d9, 0x8979fb1b
347 }
348 };
349
350 static unsigned char BF_itoa64[64 + 1] =
351 "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
352
353 static unsigned char BF_atoi64[0x60] = {
354 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 0, 1,
355 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 64, 64, 64, 64, 64,
356 64, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
357 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 64, 64, 64, 64, 64,
358 64, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42,
359 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 64, 64, 64, 64, 64
360 };
361
362 #define BF_safe_atoi64(dst, src) \
363 do { \
364 tmp = (unsigned char)(src); \
365 if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
366 tmp = BF_atoi64[tmp]; \
367 if (tmp > 63) return -1; \
368 (dst) = tmp; \
369 } while (0)
370
371 static int
BF_decode(BF_word * dst,const char * src,int size)372 BF_decode(BF_word *dst, const char *src, int size)
373 {
374 unsigned char *dptr = (unsigned char *) dst;
375 unsigned char *end = dptr + size;
376 const unsigned char *sptr = (const unsigned char *) src;
377 unsigned int tmp,
378 c1,
379 c2,
380 c3,
381 c4;
382
383 do
384 {
385 BF_safe_atoi64(c1, *sptr++);
386 BF_safe_atoi64(c2, *sptr++);
387 *dptr++ = (c1 << 2) | ((c2 & 0x30) >> 4);
388 if (dptr >= end)
389 break;
390
391 BF_safe_atoi64(c3, *sptr++);
392 *dptr++ = ((c2 & 0x0F) << 4) | ((c3 & 0x3C) >> 2);
393 if (dptr >= end)
394 break;
395
396 BF_safe_atoi64(c4, *sptr++);
397 *dptr++ = ((c3 & 0x03) << 6) | c4;
398 } while (dptr < end);
399
400 return 0;
401 }
402
403 static void
BF_encode(char * dst,const BF_word * src,int size)404 BF_encode(char *dst, const BF_word *src, int size)
405 {
406 const unsigned char *sptr = (const unsigned char *) src;
407 const unsigned char *end = sptr + size;
408 unsigned char *dptr = (unsigned char *) dst;
409 unsigned int c1,
410 c2;
411
412 do
413 {
414 c1 = *sptr++;
415 *dptr++ = BF_itoa64[c1 >> 2];
416 c1 = (c1 & 0x03) << 4;
417 if (sptr >= end)
418 {
419 *dptr++ = BF_itoa64[c1];
420 break;
421 }
422
423 c2 = *sptr++;
424 c1 |= c2 >> 4;
425 *dptr++ = BF_itoa64[c1];
426 c1 = (c2 & 0x0f) << 2;
427 if (sptr >= end)
428 {
429 *dptr++ = BF_itoa64[c1];
430 break;
431 }
432
433 c2 = *sptr++;
434 c1 |= c2 >> 6;
435 *dptr++ = BF_itoa64[c1];
436 *dptr++ = BF_itoa64[c2 & 0x3f];
437 } while (sptr < end);
438 }
439
440 static void
BF_swap(BF_word * x,int count)441 BF_swap(BF_word *x, int count)
442 {
443 /* Swap on little-endian hardware, else do nothing */
444 #ifndef WORDS_BIGENDIAN
445 BF_word tmp;
446
447 do
448 {
449 tmp = *x;
450 tmp = (tmp << 16) | (tmp >> 16);
451 *x++ = ((tmp & 0x00FF00FF) << 8) | ((tmp >> 8) & 0x00FF00FF);
452 } while (--count);
453 #endif
454 }
455
456 #if BF_SCALE
457 /* Architectures which can shift addresses left by 2 bits with no extra cost */
458 #define BF_ROUND(L, R, N) \
459 tmp1 = (L) & 0xFF; \
460 tmp2 = (L) >> 8; \
461 tmp2 &= 0xFF; \
462 tmp3 = (L) >> 16; \
463 tmp3 &= 0xFF; \
464 tmp4 = (L) >> 24; \
465 tmp1 = data.ctx.S[3][tmp1]; \
466 tmp2 = data.ctx.S[2][tmp2]; \
467 tmp3 = data.ctx.S[1][tmp3]; \
468 tmp3 += data.ctx.S[0][tmp4]; \
469 tmp3 ^= tmp2; \
470 (R) ^= data.ctx.P[(N) + 1]; \
471 tmp3 += tmp1; \
472 (R) ^= tmp3
473 #else
474 /* Architectures with no complicated addressing modes supported */
475 #define BF_INDEX(S, i) \
476 (*((BF_word *)(((unsigned char *)(S)) + (i))))
477 #define BF_ROUND(L, R, N) \
478 tmp1 = (L) & 0xFF; \
479 tmp1 <<= 2; \
480 tmp2 = (L) >> 6; \
481 tmp2 &= 0x3FC; \
482 tmp3 = (L) >> 14; \
483 tmp3 &= 0x3FC; \
484 tmp4 = (L) >> 22; \
485 tmp4 &= 0x3FC; \
486 tmp1 = BF_INDEX(data.ctx.S[3], tmp1); \
487 tmp2 = BF_INDEX(data.ctx.S[2], tmp2); \
488 tmp3 = BF_INDEX(data.ctx.S[1], tmp3); \
489 tmp3 += BF_INDEX(data.ctx.S[0], tmp4); \
490 tmp3 ^= tmp2; \
491 (R) ^= data.ctx.P[(N) + 1]; \
492 tmp3 += tmp1; \
493 (R) ^= tmp3
494 #endif
495
496 /*
497 * Encrypt one block, BF_N is hardcoded here.
498 */
499 #define BF_ENCRYPT \
500 L ^= data.ctx.P[0]; \
501 BF_ROUND(L, R, 0); \
502 BF_ROUND(R, L, 1); \
503 BF_ROUND(L, R, 2); \
504 BF_ROUND(R, L, 3); \
505 BF_ROUND(L, R, 4); \
506 BF_ROUND(R, L, 5); \
507 BF_ROUND(L, R, 6); \
508 BF_ROUND(R, L, 7); \
509 BF_ROUND(L, R, 8); \
510 BF_ROUND(R, L, 9); \
511 BF_ROUND(L, R, 10); \
512 BF_ROUND(R, L, 11); \
513 BF_ROUND(L, R, 12); \
514 BF_ROUND(R, L, 13); \
515 BF_ROUND(L, R, 14); \
516 BF_ROUND(R, L, 15); \
517 tmp4 = R; \
518 R = L; \
519 L = tmp4 ^ data.ctx.P[BF_N + 1]
520
521 #if BF_ASM
522
523 extern void _BF_body_r(BF_ctx *ctx);
524
525 #define BF_body() \
526 _BF_body_r(&data.ctx)
527 #else
528
529 #define BF_body() \
530 do { \
531 L = R = 0; \
532 ptr = data.ctx.P; \
533 do { \
534 ptr += 2; \
535 BF_ENCRYPT; \
536 *(ptr - 2) = L; \
537 *(ptr - 1) = R; \
538 } while (ptr < &data.ctx.P[BF_N + 2]); \
539 \
540 ptr = data.ctx.S[0]; \
541 do { \
542 ptr += 2; \
543 BF_ENCRYPT; \
544 *(ptr - 2) = L; \
545 *(ptr - 1) = R; \
546 } while (ptr < &data.ctx.S[3][0xFF]); \
547 } while (0)
548 #endif
549
550 static void
BF_set_key(const char * key,BF_key expanded,BF_key initial,int sign_extension_bug)551 BF_set_key(const char *key, BF_key expanded, BF_key initial,
552 int sign_extension_bug)
553 {
554 const char *ptr = key;
555 int i,
556 j;
557 BF_word tmp;
558
559 for (i = 0; i < BF_N + 2; i++)
560 {
561 tmp = 0;
562 for (j = 0; j < 4; j++)
563 {
564 tmp <<= 8;
565 if (sign_extension_bug)
566 tmp |= (BF_word_signed) (signed char) *ptr;
567 else
568 tmp |= (unsigned char) *ptr;
569
570 if (!*ptr)
571 ptr = key;
572 else
573 ptr++;
574 }
575
576 expanded[i] = tmp;
577 initial[i] = BF_init_state.P[i] ^ tmp;
578 }
579 }
580
581 char *
_crypt_blowfish_rn(const char * key,const char * setting,char * output,int size)582 _crypt_blowfish_rn(const char *key, const char *setting,
583 char *output, int size)
584 {
585 struct
586 {
587 BF_ctx ctx;
588 BF_key expanded_key;
589 union
590 {
591 BF_word salt[4];
592 BF_word output[6];
593 } binary;
594 } data;
595 BF_word L,
596 R;
597 BF_word tmp1,
598 tmp2,
599 tmp3,
600 tmp4;
601 BF_word *ptr;
602 BF_word count;
603 int i;
604
605 if (size < 7 + 22 + 31 + 1)
606 return NULL;
607
608 /*
609 * Blowfish salt value must be formatted as follows: "$2a$" or "$2x$", a
610 * two digit cost parameter, "$", and 22 digits from the alphabet
611 * "./0-9A-Za-z". -- from the PHP crypt docs. Apparently we enforce a few
612 * more restrictions on the count in the salt as well.
613 */
614 if (strlen(setting) < 29)
615 ereport(ERROR,
616 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
617 errmsg("invalid salt")));
618
619 if (setting[0] != '$' ||
620 setting[1] != '2' ||
621 (setting[2] != 'a' && setting[2] != 'x') ||
622 setting[3] != '$' ||
623 setting[4] < '0' || setting[4] > '3' ||
624 setting[5] < '0' || setting[5] > '9' ||
625 (setting[4] == '3' && setting[5] > '1') ||
626 setting[6] != '$')
627 {
628 ereport(ERROR,
629 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
630 errmsg("invalid salt")));
631 }
632
633 count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
634 if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
635 {
636 px_memset(data.binary.salt, 0, sizeof(data.binary.salt));
637 ereport(ERROR,
638 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
639 errmsg("invalid salt")));
640 }
641 BF_swap(data.binary.salt, 4);
642
643 BF_set_key(key, data.expanded_key, data.ctx.P, setting[2] == 'x');
644
645 memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S));
646
647 L = R = 0;
648 for (i = 0; i < BF_N + 2; i += 2)
649 {
650 L ^= data.binary.salt[i & 2];
651 R ^= data.binary.salt[(i & 2) + 1];
652 BF_ENCRYPT;
653 data.ctx.P[i] = L;
654 data.ctx.P[i + 1] = R;
655 }
656
657 ptr = data.ctx.S[0];
658 do
659 {
660 ptr += 4;
661 L ^= data.binary.salt[(BF_N + 2) & 3];
662 R ^= data.binary.salt[(BF_N + 3) & 3];
663 BF_ENCRYPT;
664 *(ptr - 4) = L;
665 *(ptr - 3) = R;
666
667 L ^= data.binary.salt[(BF_N + 4) & 3];
668 R ^= data.binary.salt[(BF_N + 5) & 3];
669 BF_ENCRYPT;
670 *(ptr - 2) = L;
671 *(ptr - 1) = R;
672 } while (ptr < &data.ctx.S[3][0xFF]);
673
674 do
675 {
676 CHECK_FOR_INTERRUPTS();
677
678 data.ctx.P[0] ^= data.expanded_key[0];
679 data.ctx.P[1] ^= data.expanded_key[1];
680 data.ctx.P[2] ^= data.expanded_key[2];
681 data.ctx.P[3] ^= data.expanded_key[3];
682 data.ctx.P[4] ^= data.expanded_key[4];
683 data.ctx.P[5] ^= data.expanded_key[5];
684 data.ctx.P[6] ^= data.expanded_key[6];
685 data.ctx.P[7] ^= data.expanded_key[7];
686 data.ctx.P[8] ^= data.expanded_key[8];
687 data.ctx.P[9] ^= data.expanded_key[9];
688 data.ctx.P[10] ^= data.expanded_key[10];
689 data.ctx.P[11] ^= data.expanded_key[11];
690 data.ctx.P[12] ^= data.expanded_key[12];
691 data.ctx.P[13] ^= data.expanded_key[13];
692 data.ctx.P[14] ^= data.expanded_key[14];
693 data.ctx.P[15] ^= data.expanded_key[15];
694 data.ctx.P[16] ^= data.expanded_key[16];
695 data.ctx.P[17] ^= data.expanded_key[17];
696
697 BF_body();
698
699 tmp1 = data.binary.salt[0];
700 tmp2 = data.binary.salt[1];
701 tmp3 = data.binary.salt[2];
702 tmp4 = data.binary.salt[3];
703 data.ctx.P[0] ^= tmp1;
704 data.ctx.P[1] ^= tmp2;
705 data.ctx.P[2] ^= tmp3;
706 data.ctx.P[3] ^= tmp4;
707 data.ctx.P[4] ^= tmp1;
708 data.ctx.P[5] ^= tmp2;
709 data.ctx.P[6] ^= tmp3;
710 data.ctx.P[7] ^= tmp4;
711 data.ctx.P[8] ^= tmp1;
712 data.ctx.P[9] ^= tmp2;
713 data.ctx.P[10] ^= tmp3;
714 data.ctx.P[11] ^= tmp4;
715 data.ctx.P[12] ^= tmp1;
716 data.ctx.P[13] ^= tmp2;
717 data.ctx.P[14] ^= tmp3;
718 data.ctx.P[15] ^= tmp4;
719 data.ctx.P[16] ^= tmp1;
720 data.ctx.P[17] ^= tmp2;
721
722 BF_body();
723 } while (--count);
724
725 for (i = 0; i < 6; i += 2)
726 {
727 L = BF_magic_w[i];
728 R = BF_magic_w[i + 1];
729
730 count = 64;
731 do
732 {
733 BF_ENCRYPT;
734 } while (--count);
735
736 data.binary.output[i] = L;
737 data.binary.output[i + 1] = R;
738 }
739
740 memcpy(output, setting, 7 + 22 - 1);
741 output[7 + 22 - 1] = BF_itoa64[(int)
742 BF_atoi64[(int) setting[7 + 22 - 1] - 0x20] & 0x30];
743
744 /* This has to be bug-compatible with the original implementation, so
745 * only encode 23 of the 24 bytes. :-) */
746 BF_swap(data.binary.output, 6);
747 BF_encode(&output[7 + 22], data.binary.output, 23);
748 output[7 + 22 + 31] = '\0';
749
750 /* Overwrite the most obvious sensitive data we have on the stack. Note
751 * that this does not guarantee there's no sensitive data left on the
752 * stack and/or in registers; I'm not aware of portable code that does. */
753 px_memset(&data, 0, sizeof(data));
754
755 return output;
756 }
757