1 /*
2  *	md5.c
3  *
4  *	Implements	the  MD5 Message-Digest Algorithm as specified in
5  *	RFC  1321.  This  implementation  is a simple one, in that it
6  *	needs  every  input  byte  to  be  buffered  before doing any
7  *	calculations.  I  do  not  expect  this  file  to be used for
8  *	general  purpose  MD5'ing  of large amounts of data, only for
9  *	generating hashed passwords from limited input.
10  *
11  *	Sverre H. Huseby <sverrehu@online.no>
12  *
13  *	Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
14  *	Portions Copyright (c) 1994, Regents of the University of California
15  *
16  * IDENTIFICATION
17  *	  src/common/md5.c
18  */
19 
20 #ifndef FRONTEND
21 #include "postgres.h"
22 #else
23 #include "postgres_fe.h"
24 #endif
25 
26 #include "common/md5.h"
27 
28 
29 /*
30  *	PRIVATE FUNCTIONS
31  */
32 
33 
34 /*
35  *	The returned array is allocated using malloc.  the caller should free it
36  *	when it is no longer needed.
37  */
38 static uint8 *
39 createPaddedCopyWithLength(const uint8 *b, uint32 *l)
40 {
41 	uint8	   *ret;
42 	uint32		q;
43 	uint32		len,
44 				newLen448;
45 	uint32		len_high,
46 				len_low;		/* 64-bit value split into 32-bit sections */
47 
48 	len = ((b == NULL) ? 0 : *l);
49 	newLen448 = len + 64 - (len % 64) - 8;
50 	if (newLen448 <= len)
51 		newLen448 += 64;
52 
53 	*l = newLen448 + 8;
54 	if ((ret = (uint8 *) malloc(sizeof(uint8) * *l)) == NULL)
55 		return NULL;
56 
57 	if (b != NULL)
58 		memcpy(ret, b, sizeof(uint8) * len);
59 
60 	/* pad */
61 	ret[len] = 0x80;
62 	for (q = len + 1; q < newLen448; q++)
63 		ret[q] = 0x00;
64 
65 	/* append length as a 64 bit bitcount */
66 	len_low = len;
67 	/* split into two 32-bit values */
68 	/* we only look at the bottom 32-bits */
69 	len_high = len >> 29;
70 	len_low <<= 3;
71 	q = newLen448;
72 	ret[q++] = (len_low & 0xff);
73 	len_low >>= 8;
74 	ret[q++] = (len_low & 0xff);
75 	len_low >>= 8;
76 	ret[q++] = (len_low & 0xff);
77 	len_low >>= 8;
78 	ret[q++] = (len_low & 0xff);
79 	ret[q++] = (len_high & 0xff);
80 	len_high >>= 8;
81 	ret[q++] = (len_high & 0xff);
82 	len_high >>= 8;
83 	ret[q++] = (len_high & 0xff);
84 	len_high >>= 8;
85 	ret[q] = (len_high & 0xff);
86 
87 	return ret;
88 }
89 
90 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
91 #define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
92 #define H(x, y, z) ((x) ^ (y) ^ (z))
93 #define I(x, y, z) ((y) ^ ((x) | ~(z)))
94 #define ROT_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
95 
96 static void
97 doTheRounds(uint32 X[16], uint32 state[4])
98 {
99 	uint32		a,
100 				b,
101 				c,
102 				d;
103 
104 	a = state[0];
105 	b = state[1];
106 	c = state[2];
107 	d = state[3];
108 
109 	/* round 1 */
110 	a = b + ROT_LEFT((a + F(b, c, d) + X[0] + 0xd76aa478), 7);	/* 1 */
111 	d = a + ROT_LEFT((d + F(a, b, c) + X[1] + 0xe8c7b756), 12); /* 2 */
112 	c = d + ROT_LEFT((c + F(d, a, b) + X[2] + 0x242070db), 17); /* 3 */
113 	b = c + ROT_LEFT((b + F(c, d, a) + X[3] + 0xc1bdceee), 22); /* 4 */
114 	a = b + ROT_LEFT((a + F(b, c, d) + X[4] + 0xf57c0faf), 7);	/* 5 */
115 	d = a + ROT_LEFT((d + F(a, b, c) + X[5] + 0x4787c62a), 12); /* 6 */
116 	c = d + ROT_LEFT((c + F(d, a, b) + X[6] + 0xa8304613), 17); /* 7 */
117 	b = c + ROT_LEFT((b + F(c, d, a) + X[7] + 0xfd469501), 22); /* 8 */
118 	a = b + ROT_LEFT((a + F(b, c, d) + X[8] + 0x698098d8), 7);	/* 9 */
119 	d = a + ROT_LEFT((d + F(a, b, c) + X[9] + 0x8b44f7af), 12); /* 10 */
120 	c = d + ROT_LEFT((c + F(d, a, b) + X[10] + 0xffff5bb1), 17);	/* 11 */
121 	b = c + ROT_LEFT((b + F(c, d, a) + X[11] + 0x895cd7be), 22);	/* 12 */
122 	a = b + ROT_LEFT((a + F(b, c, d) + X[12] + 0x6b901122), 7); /* 13 */
123 	d = a + ROT_LEFT((d + F(a, b, c) + X[13] + 0xfd987193), 12);	/* 14 */
124 	c = d + ROT_LEFT((c + F(d, a, b) + X[14] + 0xa679438e), 17);	/* 15 */
125 	b = c + ROT_LEFT((b + F(c, d, a) + X[15] + 0x49b40821), 22);	/* 16 */
126 
127 	/* round 2 */
128 	a = b + ROT_LEFT((a + G(b, c, d) + X[1] + 0xf61e2562), 5);	/* 17 */
129 	d = a + ROT_LEFT((d + G(a, b, c) + X[6] + 0xc040b340), 9);	/* 18 */
130 	c = d + ROT_LEFT((c + G(d, a, b) + X[11] + 0x265e5a51), 14);	/* 19 */
131 	b = c + ROT_LEFT((b + G(c, d, a) + X[0] + 0xe9b6c7aa), 20); /* 20 */
132 	a = b + ROT_LEFT((a + G(b, c, d) + X[5] + 0xd62f105d), 5);	/* 21 */
133 	d = a + ROT_LEFT((d + G(a, b, c) + X[10] + 0x02441453), 9); /* 22 */
134 	c = d + ROT_LEFT((c + G(d, a, b) + X[15] + 0xd8a1e681), 14);	/* 23 */
135 	b = c + ROT_LEFT((b + G(c, d, a) + X[4] + 0xe7d3fbc8), 20); /* 24 */
136 	a = b + ROT_LEFT((a + G(b, c, d) + X[9] + 0x21e1cde6), 5);	/* 25 */
137 	d = a + ROT_LEFT((d + G(a, b, c) + X[14] + 0xc33707d6), 9); /* 26 */
138 	c = d + ROT_LEFT((c + G(d, a, b) + X[3] + 0xf4d50d87), 14); /* 27 */
139 	b = c + ROT_LEFT((b + G(c, d, a) + X[8] + 0x455a14ed), 20); /* 28 */
140 	a = b + ROT_LEFT((a + G(b, c, d) + X[13] + 0xa9e3e905), 5); /* 29 */
141 	d = a + ROT_LEFT((d + G(a, b, c) + X[2] + 0xfcefa3f8), 9);	/* 30 */
142 	c = d + ROT_LEFT((c + G(d, a, b) + X[7] + 0x676f02d9), 14); /* 31 */
143 	b = c + ROT_LEFT((b + G(c, d, a) + X[12] + 0x8d2a4c8a), 20);	/* 32 */
144 
145 	/* round 3 */
146 	a = b + ROT_LEFT((a + H(b, c, d) + X[5] + 0xfffa3942), 4);	/* 33 */
147 	d = a + ROT_LEFT((d + H(a, b, c) + X[8] + 0x8771f681), 11); /* 34 */
148 	c = d + ROT_LEFT((c + H(d, a, b) + X[11] + 0x6d9d6122), 16);	/* 35 */
149 	b = c + ROT_LEFT((b + H(c, d, a) + X[14] + 0xfde5380c), 23);	/* 36 */
150 	a = b + ROT_LEFT((a + H(b, c, d) + X[1] + 0xa4beea44), 4);	/* 37 */
151 	d = a + ROT_LEFT((d + H(a, b, c) + X[4] + 0x4bdecfa9), 11); /* 38 */
152 	c = d + ROT_LEFT((c + H(d, a, b) + X[7] + 0xf6bb4b60), 16); /* 39 */
153 	b = c + ROT_LEFT((b + H(c, d, a) + X[10] + 0xbebfbc70), 23);	/* 40 */
154 	a = b + ROT_LEFT((a + H(b, c, d) + X[13] + 0x289b7ec6), 4); /* 41 */
155 	d = a + ROT_LEFT((d + H(a, b, c) + X[0] + 0xeaa127fa), 11); /* 42 */
156 	c = d + ROT_LEFT((c + H(d, a, b) + X[3] + 0xd4ef3085), 16); /* 43 */
157 	b = c + ROT_LEFT((b + H(c, d, a) + X[6] + 0x04881d05), 23); /* 44 */
158 	a = b + ROT_LEFT((a + H(b, c, d) + X[9] + 0xd9d4d039), 4);	/* 45 */
159 	d = a + ROT_LEFT((d + H(a, b, c) + X[12] + 0xe6db99e5), 11);	/* 46 */
160 	c = d + ROT_LEFT((c + H(d, a, b) + X[15] + 0x1fa27cf8), 16);	/* 47 */
161 	b = c + ROT_LEFT((b + H(c, d, a) + X[2] + 0xc4ac5665), 23); /* 48 */
162 
163 	/* round 4 */
164 	a = b + ROT_LEFT((a + I(b, c, d) + X[0] + 0xf4292244), 6);	/* 49 */
165 	d = a + ROT_LEFT((d + I(a, b, c) + X[7] + 0x432aff97), 10); /* 50 */
166 	c = d + ROT_LEFT((c + I(d, a, b) + X[14] + 0xab9423a7), 15);	/* 51 */
167 	b = c + ROT_LEFT((b + I(c, d, a) + X[5] + 0xfc93a039), 21); /* 52 */
168 	a = b + ROT_LEFT((a + I(b, c, d) + X[12] + 0x655b59c3), 6); /* 53 */
169 	d = a + ROT_LEFT((d + I(a, b, c) + X[3] + 0x8f0ccc92), 10); /* 54 */
170 	c = d + ROT_LEFT((c + I(d, a, b) + X[10] + 0xffeff47d), 15);	/* 55 */
171 	b = c + ROT_LEFT((b + I(c, d, a) + X[1] + 0x85845dd1), 21); /* 56 */
172 	a = b + ROT_LEFT((a + I(b, c, d) + X[8] + 0x6fa87e4f), 6);	/* 57 */
173 	d = a + ROT_LEFT((d + I(a, b, c) + X[15] + 0xfe2ce6e0), 10);	/* 58 */
174 	c = d + ROT_LEFT((c + I(d, a, b) + X[6] + 0xa3014314), 15); /* 59 */
175 	b = c + ROT_LEFT((b + I(c, d, a) + X[13] + 0x4e0811a1), 21);	/* 60 */
176 	a = b + ROT_LEFT((a + I(b, c, d) + X[4] + 0xf7537e82), 6);	/* 61 */
177 	d = a + ROT_LEFT((d + I(a, b, c) + X[11] + 0xbd3af235), 10);	/* 62 */
178 	c = d + ROT_LEFT((c + I(d, a, b) + X[2] + 0x2ad7d2bb), 15); /* 63 */
179 	b = c + ROT_LEFT((b + I(c, d, a) + X[9] + 0xeb86d391), 21); /* 64 */
180 
181 	state[0] += a;
182 	state[1] += b;
183 	state[2] += c;
184 	state[3] += d;
185 }
186 
187 static int
188 calculateDigestFromBuffer(const uint8 *b, uint32 len, uint8 sum[16])
189 {
190 	register uint32 i,
191 				j,
192 				k,
193 				newI;
194 	uint32		l;
195 	uint8	   *input;
196 	register uint32 *wbp;
197 	uint32		workBuff[16],
198 				state[4];
199 
200 	l = len;
201 
202 	state[0] = 0x67452301;
203 	state[1] = 0xEFCDAB89;
204 	state[2] = 0x98BADCFE;
205 	state[3] = 0x10325476;
206 
207 	if ((input = createPaddedCopyWithLength(b, &l)) == NULL)
208 		return 0;
209 
210 	for (i = 0;;)
211 	{
212 		if ((newI = i + 16 * 4) > l)
213 			break;
214 		k = i + 3;
215 		for (j = 0; j < 16; j++)
216 		{
217 			wbp = (workBuff + j);
218 			*wbp = input[k--];
219 			*wbp <<= 8;
220 			*wbp |= input[k--];
221 			*wbp <<= 8;
222 			*wbp |= input[k--];
223 			*wbp <<= 8;
224 			*wbp |= input[k];
225 			k += 7;
226 		}
227 		doTheRounds(workBuff, state);
228 		i = newI;
229 	}
230 	free(input);
231 
232 	j = 0;
233 	for (i = 0; i < 4; i++)
234 	{
235 		k = state[i];
236 		sum[j++] = (k & 0xff);
237 		k >>= 8;
238 		sum[j++] = (k & 0xff);
239 		k >>= 8;
240 		sum[j++] = (k & 0xff);
241 		k >>= 8;
242 		sum[j++] = (k & 0xff);
243 	}
244 	return 1;
245 }
246 
247 static void
248 bytesToHex(uint8 b[16], char *s)
249 {
250 	static const char *hex = "0123456789abcdef";
251 	int			q,
252 				w;
253 
254 	for (q = 0, w = 0; q < 16; q++)
255 	{
256 		s[w++] = hex[(b[q] >> 4) & 0x0F];
257 		s[w++] = hex[b[q] & 0x0F];
258 	}
259 	s[w] = '\0';
260 }
261 
262 /*
263  *	PUBLIC FUNCTIONS
264  */
265 
266 /*
267  *	pg_md5_hash
268  *
269  *	Calculates the MD5 sum of the bytes in a buffer.
270  *
271  *	SYNOPSIS	  #include "md5.h"
272  *				  int pg_md5_hash(const void *buff, size_t len, char *hexsum)
273  *
274  *	INPUT		  buff	  the buffer containing the bytes that you want
275  *						  the MD5 sum of.
276  *				  len	  number of bytes in the buffer.
277  *
278  *	OUTPUT		  hexsum  the MD5 sum as a '\0'-terminated string of
279  *						  hexadecimal digits.  an MD5 sum is 16 bytes long.
280  *						  each byte is represented by two hexadecimal
281  *						  characters.  you thus need to provide an array
282  *						  of 33 characters, including the trailing '\0'.
283  *
284  *	RETURNS		  false on failure (out of memory for internal buffers) or
285  *				  true on success.
286  *
287  *	STANDARDS	  MD5 is described in RFC 1321.
288  *
289  *	AUTHOR		  Sverre H. Huseby <sverrehu@online.no>
290  *
291  */
292 bool
293 pg_md5_hash(const void *buff, size_t len, char *hexsum)
294 {
295 	uint8		sum[16];
296 
297 	if (!calculateDigestFromBuffer(buff, len, sum))
298 		return false;
299 
300 	bytesToHex(sum, hexsum);
301 	return true;
302 }
303 
304 bool
305 pg_md5_binary(const void *buff, size_t len, void *outbuf)
306 {
307 	if (!calculateDigestFromBuffer(buff, len, outbuf))
308 		return false;
309 	return true;
310 }
311 
312 
313 /*
314  * Computes MD5 checksum of "passwd" (a null-terminated string) followed
315  * by "salt" (which need not be null-terminated).
316  *
317  * Output format is "md5" followed by a 32-hex-digit MD5 checksum.
318  * Hence, the output buffer "buf" must be at least 36 bytes long.
319  *
320  * Returns true if okay, false on error (out of memory).
321  */
322 bool
323 pg_md5_encrypt(const char *passwd, const char *salt, size_t salt_len,
324 			   char *buf)
325 {
326 	size_t		passwd_len = strlen(passwd);
327 
328 	/* +1 here is just to avoid risk of unportable malloc(0) */
329 	char	   *crypt_buf = malloc(passwd_len + salt_len + 1);
330 	bool		ret;
331 
332 	if (!crypt_buf)
333 		return false;
334 
335 	/*
336 	 * Place salt at the end because it may be known by users trying to crack
337 	 * the MD5 output.
338 	 */
339 	memcpy(crypt_buf, passwd, passwd_len);
340 	memcpy(crypt_buf + passwd_len, salt, salt_len);
341 
342 	strcpy(buf, "md5");
343 	ret = pg_md5_hash(crypt_buf, passwd_len + salt_len, buf + 3);
344 
345 	free(crypt_buf);
346 
347 	return ret;
348 }
349