add sha1_hex UDF and SP - deterministic 40-character hash

select sha1_hex('test') from sysibm.sysdummy1
call sha1_hex('test', ?)

output same as: echo -n "test" |openssl dgst -sha1

Author: tessus

db2hash.c

@@ -335,6 +335,40 @@ void SQL_API_FN sha256hex(SQLUDF_CHAR      *in,
 	return;
 }
 
+/*
+  +----------------------------------------------------------------------+
+  | function sha1hex: sha-1 40-character hex output (no salt)            |
+  |                                                                      |
+  |          input : varchar             (password)                      |
+  |          output: char                (hash)                          |
+  +----------------------------------------------------------------------+
+*/
+
+#ifdef __cplusplus
+extern "C"
+#endif
+void SQL_API_FN sha1hex(SQLUDF_CHAR      *in,
+                        SQLUDF_CHAR      out[41],
+                        SQLUDF_SMALLINT  *innull,
+                        SQLUDF_SMALLINT  *outnull,
+                        SQLUDF_TRAIL_ARGS)
+{
+	char *t;
+
+	if (*innull != 0)
+	{
+		*outnull = -1;
+		return;
+	}
+
+	t = mk_hash(ALG_SHA1HEX, in, NULL);
+	strcpy(out, t);
+	free(t);
+
+	*outnull = 0;
+	return;
+}
+
 /*
   +----------------------------------------------------------------------+
   | function sha512: sha-512                                             |

drop.ddl

@@ -6,6 +6,7 @@ DROP FUNCTION apr_sha256;
 DROP SPECIFIC FUNCTION UDF_SHA256;
 DROP SPECIFIC FUNCTION UDF_SHA256S;
 DROP FUNCTION sha256_hex;
+DROP FUNCTION sha1_hex;
 DROP SPECIFIC FUNCTION UDF_SHA512;
 DROP SPECIFIC FUNCTION UDF_SHA512S;
 DROP FUNCTION bcrypt;
@@ -19,6 +20,7 @@ DROP PROCEDURE apr_sha256;
 DROP SPECIFIC PROCEDURE SP_SHA256;
 DROP SPECIFIC PROCEDURE SP_SHA256S;
 DROP PROCEDURE sha256_hex;
+DROP PROCEDURE sha1_hex;
 DROP SPECIFIC PROCEDURE SP_SHA512;
 DROP SPECIFIC PROCEDURE SP_SHA512S;
 DROP PROCEDURE bcrypt;

hash.c

@@ -130,9 +130,15 @@ char* mk_hash(int alg, const char *passwd, const char *mysalt)
 	unsigned char digest[APR_MD5_DIGESTSIZE];
 	apr_md5_ctx_t context;
 	char md5str[33];
+
 	SHA256_CTX context256;
 	apr_byte_t digest256[SHA256_DIGEST_LENGTH];
 	char sha256str[65];
+
+	apr_sha1_ctx_t context1;
+	apr_byte_t digest1[APR_SHA1_DIGESTSIZE];
+	char sha1str[41];
+
 	int i;
 	char *r;
 
@@ -235,7 +241,7 @@ char* mk_hash(int alg, const char *passwd, const char *mysalt)
 			sha256str[0] = '\0';
 
 			apr__SHA256_Init(&context256);
-			apr__SHA256_Update(&context256, passwd, strlen(passwd));
+			apr__SHA256_Update(&context256, (const apr_byte_t *)passwd, strlen(passwd));
 			apr__SHA256_Final(digest256, &context256);
 			for (i = 0, r = sha256str; i < SHA256_DIGEST_LENGTH; i++, r += 2)
 			{
@@ -246,6 +252,22 @@ char* mk_hash(int alg, const char *passwd, const char *mysalt)
 			apr_cpystrn(cpw, sha256str, sizeof(sha256str));
 			memset(sha256str, '\0', strlen(sha256str));
 			break;
+
+		case ALG_SHA1HEX:
+			sha1str[0] = '\0';
+
+			apr_sha1_init(&context1);
+			apr_sha1_update(&context1, passwd, strlen(passwd));
+			apr_sha1_final(digest1, &context1);
+			for (i = 0, r = sha1str; i < APR_SHA1_DIGESTSIZE; i++, r += 2)
+			{
+				sprintf(r, "%02x", digest1[i]);
+			}
+			*r = '\0';
+
+			apr_cpystrn(cpw, sha1str, sizeof(sha1str));
+			memset(sha1str, '\0', strlen(sha1str));
+			break;
 	}
 
 	result = (char*)malloc((strlen(cpw)+1)*sizeof(char));
@@ -308,6 +330,22 @@ int validate_hash(const char *password, const char *hash)
 		}
 	}
 
+	if (strlen(hash) == 40 && (hash[0] != '$'))
+	{
+		tmphash = mk_hash(ALG_SHA1HEX, password, NULL);
+
+		if (apr_strnatcmp(hash, tmphash) == 0)
+		{
+			free(tmphash);
+			return TRUE;
+		}
+		else
+		{
+			free(tmphash);
+			return FALSE;
+		}
+	}
+
 	status = apr_password_validate(password, hash);
 
 	if (status == APR_SUCCESS)

hash.def

@@ -9,6 +9,7 @@ bcrypt
 sha256
 sha256s
 sha256hex
+sha1hex
 sha512
 sha512s
 validate

hash.exp

@@ -7,6 +7,7 @@ bcrypt
 sha256
 sha256s
 sha256hex
+sha1hex
 sha512
 sha512s
 validate

hash.h

@@ -59,6 +59,7 @@
 #define ALG_APSHA256           7
 #define ALG_BCRYPT             8
 #define ALG_SHA256HEX          9
+#define ALG_SHA1HEX            10
 
 #define APR_SHA256PW_ID        "{SHA256}"
 #define APR_SHA256PW_IDLEN     8

register.ddl

@@ -11,6 +11,7 @@ BEGIN
   EXECUTE IMMEDIATE 'DROP SPECIFIC FUNCTION UDF_SHA256';
   EXECUTE IMMEDIATE 'DROP SPECIFIC FUNCTION UDF_SHA256S';
   EXECUTE IMMEDIATE 'DROP FUNCTION sha256_hex';
+  EXECUTE IMMEDIATE 'DROP FUNCTION sha1_hex';
   EXECUTE IMMEDIATE 'DROP SPECIFIC FUNCTION UDF_SHA512';
   EXECUTE IMMEDIATE 'DROP SPECIFIC FUNCTION UDF_SHA512S';
   EXECUTE IMMEDIATE 'DROP FUNCTION bcrypt';
@@ -24,6 +25,7 @@ BEGIN
   EXECUTE IMMEDIATE 'DROP SPECIFIC PROCEDURE SP_SHA256';
   EXECUTE IMMEDIATE 'DROP SPECIFIC PROCEDURE SP_SHA256S';
   EXECUTE IMMEDIATE 'DROP PROCEDURE sha256_hex';
+  EXECUTE IMMEDIATE 'DROP PROCEDURE sha1_hex';
   EXECUTE IMMEDIATE 'DROP SPECIFIC PROCEDURE SP_SHA512';
   EXECUTE IMMEDIATE 'DROP SPECIFIC PROCEDURE SP_SHA512S';
   EXECUTE IMMEDIATE 'DROP PROCEDURE bcrypt';
@@ -126,6 +128,18 @@ CREATE FUNCTION sha256_hex(VARCHAR(4096))
        PARAMETER STYLE SQL
        EXTERNAL NAME 'hash!sha256hex' @
 
+CREATE FUNCTION sha1_hex(VARCHAR(4096))
+       SPECIFIC UDF_SHA1HEX
+       RETURNS VARCHAR(40)
+       NOT FENCED
+       DETERMINISTIC
+       NO SQL
+       NO EXTERNAL ACTION
+       LANGUAGE C
+       RETURNS NULL ON NULL INPUT
+       PARAMETER STYLE SQL
+       EXTERNAL NAME 'hash!sha1hex' @
+
 CREATE FUNCTION sha512(VARCHAR(4096))
        SPECIFIC UDF_SHA512
        RETURNS VARCHAR(98)
@@ -270,6 +284,18 @@ CREATE PROCEDURE sha256_hex(IN in VARCHAR(4096), OUT hash CHAR(64))
        PROGRAM TYPE SUB
        EXTERNAL NAME 'hash!sha256hex' @
 
+CREATE PROCEDURE sha1_hex(IN in VARCHAR(4096), OUT hash CHAR(40))
+       SPECIFIC SP_SHA1HEX
+       DYNAMIC RESULT SETS 0
+       NO SQL
+       DETERMINISTIC
+       LANGUAGE C
+       PARAMETER STYLE SQL
+       NO DBINFO
+       NOT FENCED
+       PROGRAM TYPE SUB
+       EXTERNAL NAME 'hash!sha1hex' @
+
 CREATE PROCEDURE sha512(IN in VARCHAR(4096), OUT hash CHAR(98))
        SPECIFIC SP_SHA512
        DYNAMIC RESULT SETS 0

test_hash.c

@@ -72,6 +72,10 @@ int main( int argc, char *argv[] )
 	printf( "\nsha256_hex  -> %s", hash);
 	free(hash);
 
+	hash = mk_hash( ALG_SHA1HEX, clear, NULL );
+	printf( "\nsha1_hex    -> %s", hash);
+	free(hash);
+
 #if BCRYPT_ALGO_SUPPORTED
 	hash = mk_hash( ALG_BCRYPT, clear, NULL );
 	printf( "\nbcrypt      -> %s", hash);

tests/tests.sql

@@ -124,6 +124,15 @@ CREATE OR REPLACE PROCEDURE TEST_SHA256_HEX()
   CALL DB2UNIT.ASSERT_STRING_EQUALS(EXPECTED, ACTUAL);
  END @
 
+CREATE OR REPLACE PROCEDURE TEST_SHA1_HEX()
+ BEGIN
+  DECLARE EXPECTED VARCHAR(40);
+  DECLARE ACTUAL VARCHAR(40);
+  SET EXPECTED = '98ef0758e6aac6f9a9e1197548c8190b72c9581d';
+  SET ACTUAL = DB2INST1.SHA1_HEX('testpwd');
+  CALL DB2UNIT.ASSERT_STRING_EQUALS(EXPECTED, ACTUAL);
+ END @
+
 CREATE OR REPLACE PROCEDURE TEST_SHA512()
  BEGIN
   DECLARE LOGGER_ID SMALLINT;
@@ -304,4 +313,13 @@ CREATE OR REPLACE PROCEDURE TEST_VALIDATE_PW7()
   CALL DB2UNIT.ASSERT_INT_EQUALS(EXPECTED, ACTUAL);
  END @
 
+CREATE OR REPLACE PROCEDURE TEST_VALIDATE_PW8()
+ BEGIN
+  DECLARE EXPECTED INTEGER;
+  DECLARE ACTUAL INTEGER;
+  SET EXPECTED = 1;
+  SET ACTUAL = DB2INST1.VALIDATE_PW('testpwd', '98ef0758e6aac6f9a9e1197548c8190b72c9581d');
+  CALL DB2UNIT.ASSERT_INT_EQUALS(EXPECTED, ACTUAL);
+ END @
+
 CALL DB2UNIT.REGISTER_MESSAGE(CURRENT SCHEMA) @