1 /*
2 * md5.c
3 *
4 * Implements the MD5 Message-Digest Algorithm as specified in
5 * RFC 1321. This implementation is a simple one, in that it
6 * needs every input byte to be buffered before doing any
7 * calculations. I do not expect this file to be used for
8 * general purpose MD5'ing of large amounts of data, only for
9 * generating hashed passwords from limited input.
10 *
11 * Sverre H. Huseby <sverrehu@online.no>
12 *
13 * Portions Copyright (c) 1996-2016, PostgreSQL Global Development Group
14 * Portions Copyright (c) 1994, Regents of the University of California
15 *
16 * IDENTIFICATION
17 * src/backend/libpq/md5.c
18 */
19
20 /* This is intended to be used in both frontend and backend, so use c.h */
21 #include "c.h"
22
23 #include "libpq/md5.h"
24
25
26 /*
27 * PRIVATE FUNCTIONS
28 */
29
30
31 /*
32 * The returned array is allocated using malloc. the caller should free it
33 * when it is no longer needed.
34 */
35 static uint8 *
createPaddedCopyWithLength(const uint8 * b,uint32 * l)36 createPaddedCopyWithLength(const uint8 *b, uint32 *l)
37 {
38 uint8 *ret;
39 uint32 q;
40 uint32 len,
41 newLen448;
42 uint32 len_high,
43 len_low; /* 64-bit value split into 32-bit sections */
44
45 len = ((b == NULL) ? 0 : *l);
46 newLen448 = len + 64 - (len % 64) - 8;
47 if (newLen448 <= len)
48 newLen448 += 64;
49
50 *l = newLen448 + 8;
51 if ((ret = (uint8 *) malloc(sizeof(uint8) * *l)) == NULL)
52 return NULL;
53
54 if (b != NULL)
55 memcpy(ret, b, sizeof(uint8) * len);
56
57 /* pad */
58 ret[len] = 0x80;
59 for (q = len + 1; q < newLen448; q++)
60 ret[q] = 0x00;
61
62 /* append length as a 64 bit bitcount */
63 len_low = len;
64 /* split into two 32-bit values */
65 /* we only look at the bottom 32-bits */
66 len_high = len >> 29;
67 len_low <<= 3;
68 q = newLen448;
69 ret[q++] = (len_low & 0xff);
70 len_low >>= 8;
71 ret[q++] = (len_low & 0xff);
72 len_low >>= 8;
73 ret[q++] = (len_low & 0xff);
74 len_low >>= 8;
75 ret[q++] = (len_low & 0xff);
76 ret[q++] = (len_high & 0xff);
77 len_high >>= 8;
78 ret[q++] = (len_high & 0xff);
79 len_high >>= 8;
80 ret[q++] = (len_high & 0xff);
81 len_high >>= 8;
82 ret[q] = (len_high & 0xff);
83
84 return ret;
85 }
86
87 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
88 #define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
89 #define H(x, y, z) ((x) ^ (y) ^ (z))
90 #define I(x, y, z) ((y) ^ ((x) | ~(z)))
91 #define ROT_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
92
93 static void
doTheRounds(uint32 X[16],uint32 state[4])94 doTheRounds(uint32 X[16], uint32 state[4])
95 {
96 uint32 a,
97 b,
98 c,
99 d;
100
101 a = state[0];
102 b = state[1];
103 c = state[2];
104 d = state[3];
105
106 /* round 1 */
107 a = b + ROT_LEFT((a + F(b, c, d) + X[0] + 0xd76aa478), 7); /* 1 */
108 d = a + ROT_LEFT((d + F(a, b, c) + X[1] + 0xe8c7b756), 12); /* 2 */
109 c = d + ROT_LEFT((c + F(d, a, b) + X[2] + 0x242070db), 17); /* 3 */
110 b = c + ROT_LEFT((b + F(c, d, a) + X[3] + 0xc1bdceee), 22); /* 4 */
111 a = b + ROT_LEFT((a + F(b, c, d) + X[4] + 0xf57c0faf), 7); /* 5 */
112 d = a + ROT_LEFT((d + F(a, b, c) + X[5] + 0x4787c62a), 12); /* 6 */
113 c = d + ROT_LEFT((c + F(d, a, b) + X[6] + 0xa8304613), 17); /* 7 */
114 b = c + ROT_LEFT((b + F(c, d, a) + X[7] + 0xfd469501), 22); /* 8 */
115 a = b + ROT_LEFT((a + F(b, c, d) + X[8] + 0x698098d8), 7); /* 9 */
116 d = a + ROT_LEFT((d + F(a, b, c) + X[9] + 0x8b44f7af), 12); /* 10 */
117 c = d + ROT_LEFT((c + F(d, a, b) + X[10] + 0xffff5bb1), 17); /* 11 */
118 b = c + ROT_LEFT((b + F(c, d, a) + X[11] + 0x895cd7be), 22); /* 12 */
119 a = b + ROT_LEFT((a + F(b, c, d) + X[12] + 0x6b901122), 7); /* 13 */
120 d = a + ROT_LEFT((d + F(a, b, c) + X[13] + 0xfd987193), 12); /* 14 */
121 c = d + ROT_LEFT((c + F(d, a, b) + X[14] + 0xa679438e), 17); /* 15 */
122 b = c + ROT_LEFT((b + F(c, d, a) + X[15] + 0x49b40821), 22); /* 16 */
123
124 /* round 2 */
125 a = b + ROT_LEFT((a + G(b, c, d) + X[1] + 0xf61e2562), 5); /* 17 */
126 d = a + ROT_LEFT((d + G(a, b, c) + X[6] + 0xc040b340), 9); /* 18 */
127 c = d + ROT_LEFT((c + G(d, a, b) + X[11] + 0x265e5a51), 14); /* 19 */
128 b = c + ROT_LEFT((b + G(c, d, a) + X[0] + 0xe9b6c7aa), 20); /* 20 */
129 a = b + ROT_LEFT((a + G(b, c, d) + X[5] + 0xd62f105d), 5); /* 21 */
130 d = a + ROT_LEFT((d + G(a, b, c) + X[10] + 0x02441453), 9); /* 22 */
131 c = d + ROT_LEFT((c + G(d, a, b) + X[15] + 0xd8a1e681), 14); /* 23 */
132 b = c + ROT_LEFT((b + G(c, d, a) + X[4] + 0xe7d3fbc8), 20); /* 24 */
133 a = b + ROT_LEFT((a + G(b, c, d) + X[9] + 0x21e1cde6), 5); /* 25 */
134 d = a + ROT_LEFT((d + G(a, b, c) + X[14] + 0xc33707d6), 9); /* 26 */
135 c = d + ROT_LEFT((c + G(d, a, b) + X[3] + 0xf4d50d87), 14); /* 27 */
136 b = c + ROT_LEFT((b + G(c, d, a) + X[8] + 0x455a14ed), 20); /* 28 */
137 a = b + ROT_LEFT((a + G(b, c, d) + X[13] + 0xa9e3e905), 5); /* 29 */
138 d = a + ROT_LEFT((d + G(a, b, c) + X[2] + 0xfcefa3f8), 9); /* 30 */
139 c = d + ROT_LEFT((c + G(d, a, b) + X[7] + 0x676f02d9), 14); /* 31 */
140 b = c + ROT_LEFT((b + G(c, d, a) + X[12] + 0x8d2a4c8a), 20); /* 32 */
141
142 /* round 3 */
143 a = b + ROT_LEFT((a + H(b, c, d) + X[5] + 0xfffa3942), 4); /* 33 */
144 d = a + ROT_LEFT((d + H(a, b, c) + X[8] + 0x8771f681), 11); /* 34 */
145 c = d + ROT_LEFT((c + H(d, a, b) + X[11] + 0x6d9d6122), 16); /* 35 */
146 b = c + ROT_LEFT((b + H(c, d, a) + X[14] + 0xfde5380c), 23); /* 36 */
147 a = b + ROT_LEFT((a + H(b, c, d) + X[1] + 0xa4beea44), 4); /* 37 */
148 d = a + ROT_LEFT((d + H(a, b, c) + X[4] + 0x4bdecfa9), 11); /* 38 */
149 c = d + ROT_LEFT((c + H(d, a, b) + X[7] + 0xf6bb4b60), 16); /* 39 */
150 b = c + ROT_LEFT((b + H(c, d, a) + X[10] + 0xbebfbc70), 23); /* 40 */
151 a = b + ROT_LEFT((a + H(b, c, d) + X[13] + 0x289b7ec6), 4); /* 41 */
152 d = a + ROT_LEFT((d + H(a, b, c) + X[0] + 0xeaa127fa), 11); /* 42 */
153 c = d + ROT_LEFT((c + H(d, a, b) + X[3] + 0xd4ef3085), 16); /* 43 */
154 b = c + ROT_LEFT((b + H(c, d, a) + X[6] + 0x04881d05), 23); /* 44 */
155 a = b + ROT_LEFT((a + H(b, c, d) + X[9] + 0xd9d4d039), 4); /* 45 */
156 d = a + ROT_LEFT((d + H(a, b, c) + X[12] + 0xe6db99e5), 11); /* 46 */
157 c = d + ROT_LEFT((c + H(d, a, b) + X[15] + 0x1fa27cf8), 16); /* 47 */
158 b = c + ROT_LEFT((b + H(c, d, a) + X[2] + 0xc4ac5665), 23); /* 48 */
159
160 /* round 4 */
161 a = b + ROT_LEFT((a + I(b, c, d) + X[0] + 0xf4292244), 6); /* 49 */
162 d = a + ROT_LEFT((d + I(a, b, c) + X[7] + 0x432aff97), 10); /* 50 */
163 c = d + ROT_LEFT((c + I(d, a, b) + X[14] + 0xab9423a7), 15); /* 51 */
164 b = c + ROT_LEFT((b + I(c, d, a) + X[5] + 0xfc93a039), 21); /* 52 */
165 a = b + ROT_LEFT((a + I(b, c, d) + X[12] + 0x655b59c3), 6); /* 53 */
166 d = a + ROT_LEFT((d + I(a, b, c) + X[3] + 0x8f0ccc92), 10); /* 54 */
167 c = d + ROT_LEFT((c + I(d, a, b) + X[10] + 0xffeff47d), 15); /* 55 */
168 b = c + ROT_LEFT((b + I(c, d, a) + X[1] + 0x85845dd1), 21); /* 56 */
169 a = b + ROT_LEFT((a + I(b, c, d) + X[8] + 0x6fa87e4f), 6); /* 57 */
170 d = a + ROT_LEFT((d + I(a, b, c) + X[15] + 0xfe2ce6e0), 10); /* 58 */
171 c = d + ROT_LEFT((c + I(d, a, b) + X[6] + 0xa3014314), 15); /* 59 */
172 b = c + ROT_LEFT((b + I(c, d, a) + X[13] + 0x4e0811a1), 21); /* 60 */
173 a = b + ROT_LEFT((a + I(b, c, d) + X[4] + 0xf7537e82), 6); /* 61 */
174 d = a + ROT_LEFT((d + I(a, b, c) + X[11] + 0xbd3af235), 10); /* 62 */
175 c = d + ROT_LEFT((c + I(d, a, b) + X[2] + 0x2ad7d2bb), 15); /* 63 */
176 b = c + ROT_LEFT((b + I(c, d, a) + X[9] + 0xeb86d391), 21); /* 64 */
177
178 state[0] += a;
179 state[1] += b;
180 state[2] += c;
181 state[3] += d;
182 }
183
184 static int
calculateDigestFromBuffer(const uint8 * b,uint32 len,uint8 sum[16])185 calculateDigestFromBuffer(const uint8 *b, uint32 len, uint8 sum[16])
186 {
187 register uint32 i,
188 j,
189 k,
190 newI;
191 uint32 l;
192 uint8 *input;
193 register uint32 *wbp;
194 uint32 workBuff[16],
195 state[4];
196
197 l = len;
198
199 state[0] = 0x67452301;
200 state[1] = 0xEFCDAB89;
201 state[2] = 0x98BADCFE;
202 state[3] = 0x10325476;
203
204 if ((input = createPaddedCopyWithLength(b, &l)) == NULL)
205 return 0;
206
207 for (i = 0;;)
208 {
209 if ((newI = i + 16 * 4) > l)
210 break;
211 k = i + 3;
212 for (j = 0; j < 16; j++)
213 {
214 wbp = (workBuff + j);
215 *wbp = input[k--];
216 *wbp <<= 8;
217 *wbp |= input[k--];
218 *wbp <<= 8;
219 *wbp |= input[k--];
220 *wbp <<= 8;
221 *wbp |= input[k];
222 k += 7;
223 }
224 doTheRounds(workBuff, state);
225 i = newI;
226 }
227 free(input);
228
229 j = 0;
230 for (i = 0; i < 4; i++)
231 {
232 k = state[i];
233 sum[j++] = (k & 0xff);
234 k >>= 8;
235 sum[j++] = (k & 0xff);
236 k >>= 8;
237 sum[j++] = (k & 0xff);
238 k >>= 8;
239 sum[j++] = (k & 0xff);
240 }
241 return 1;
242 }
243
244 static void
bytesToHex(uint8 b[16],char * s)245 bytesToHex(uint8 b[16], char *s)
246 {
247 static const char *hex = "0123456789abcdef";
248 int q,
249 w;
250
251 for (q = 0, w = 0; q < 16; q++)
252 {
253 s[w++] = hex[(b[q] >> 4) & 0x0F];
254 s[w++] = hex[b[q] & 0x0F];
255 }
256 s[w] = '\0';
257 }
258
259 /*
260 * PUBLIC FUNCTIONS
261 */
262
263 /*
264 * pg_md5_hash
265 *
266 * Calculates the MD5 sum of the bytes in a buffer.
267 *
268 * SYNOPSIS #include "md5.h"
269 * int pg_md5_hash(const void *buff, size_t len, char *hexsum)
270 *
271 * INPUT buff the buffer containing the bytes that you want
272 * the MD5 sum of.
273 * len number of bytes in the buffer.
274 *
275 * OUTPUT hexsum the MD5 sum as a '\0'-terminated string of
276 * hexadecimal digits. an MD5 sum is 16 bytes long.
277 * each byte is represented by two heaxadecimal
278 * characters. you thus need to provide an array
279 * of 33 characters, including the trailing '\0'.
280 *
281 * RETURNS false on failure (out of memory for internal buffers) or
282 * true on success.
283 *
284 * STANDARDS MD5 is described in RFC 1321.
285 *
286 * AUTHOR Sverre H. Huseby <sverrehu@online.no>
287 *
288 */
289 bool
pg_md5_hash(const void * buff,size_t len,char * hexsum)290 pg_md5_hash(const void *buff, size_t len, char *hexsum)
291 {
292 uint8 sum[16];
293
294 if (!calculateDigestFromBuffer(buff, len, sum))
295 return false;
296
297 bytesToHex(sum, hexsum);
298 return true;
299 }
300
301 bool
pg_md5_binary(const void * buff,size_t len,void * outbuf)302 pg_md5_binary(const void *buff, size_t len, void *outbuf)
303 {
304 if (!calculateDigestFromBuffer(buff, len, outbuf))
305 return false;
306 return true;
307 }
308
309
310 /*
311 * Computes MD5 checksum of "passwd" (a null-terminated string) followed
312 * by "salt" (which need not be null-terminated).
313 *
314 * Output format is "md5" followed by a 32-hex-digit MD5 checksum.
315 * Hence, the output buffer "buf" must be at least 36 bytes long.
316 *
317 * Returns TRUE if okay, FALSE on error (out of memory).
318 */
319 bool
pg_md5_encrypt(const char * passwd,const char * salt,size_t salt_len,char * buf)320 pg_md5_encrypt(const char *passwd, const char *salt, size_t salt_len,
321 char *buf)
322 {
323 size_t passwd_len = strlen(passwd);
324
325 /* +1 here is just to avoid risk of unportable malloc(0) */
326 char *crypt_buf = malloc(passwd_len + salt_len + 1);
327 bool ret;
328
329 if (!crypt_buf)
330 return false;
331
332 /*
333 * Place salt at the end because it may be known by users trying to crack
334 * the MD5 output.
335 */
336 memcpy(crypt_buf, passwd, passwd_len);
337 memcpy(crypt_buf + passwd_len, salt, salt_len);
338
339 strcpy(buf, "md5");
340 ret = pg_md5_hash(crypt_buf, passwd_len + salt_len, buf + 3);
341
342 free(crypt_buf);
343
344 return ret;
345 }
346