http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-armor.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/pgp-armor.c b/contrib/pgcrypto/pgp-armor.c deleted file mode 100644 index 7963ccc..0000000 --- a/contrib/pgcrypto/pgp-armor.c +++ /dev/null @@ -1,383 +0,0 @@ -/* - * pgp-armor.c - * PGP ascii-armor. - * - * Copyright (c) 2005 Marko Kreen - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-armor.c,v 1.3 2005/10/15 02:49:06 momjian Exp $ - */ - -#include "postgres.h" - -#include "px.h" -#include "mbuf.h" -#include "pgp.h" - -/* - * BASE64 - duplicated :( - */ - -static const unsigned char _base64[] = -"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -static int -b64_encode(const uint8 *src, unsigned len, uint8 *dst) -{ - uint8 *p, - *lend = dst + 76; - const uint8 *s, - *end = src + len; - int pos = 2; - unsigned long buf = 0; - - s = src; - p = dst; - - while (s < end) - { - buf |= *s << (pos << 3); - pos--; - s++; - - /* - * write it out - */ - if (pos < 0) - { - *p++ = _base64[(buf >> 18) & 0x3f]; - *p++ = _base64[(buf >> 12) & 0x3f]; - *p++ = _base64[(buf >> 6) & 0x3f]; - *p++ = _base64[buf & 0x3f]; - - pos = 2; - buf = 0; - } - if (p >= lend) - { - *p++ = '\n'; - lend = p + 76; - } - } - if (pos != 2) - { - *p++ = _base64[(buf >> 18) & 0x3f]; - *p++ = _base64[(buf >> 12) & 0x3f]; - *p++ = (pos == 0) ? _base64[(buf >> 6) & 0x3f] : '='; - *p++ = '='; - } - - return p - dst; -} - -/* probably should use lookup table */ -static int -b64_decode(const uint8 *src, unsigned len, uint8 *dst) -{ - const uint8 *srcend = src + len, - *s = src; - uint8 *p = dst; - char c; - unsigned b = 0; - unsigned long buf = 0; - int pos = 0, - end = 0; - - while (s < srcend) - { - c = *s++; - if (c >= 'A' && c <= 'Z') - b = c - 'A'; - else if (c >= 'a' && c <= 'z') - b = c - 'a' + 26; - else if (c >= '0' && c <= '9') - b = c - '0' + 52; - else if (c == '+') - b = 62; - else if (c == '/') - b = 63; - else if (c == '=') - { - /* - * end sequence - */ - if (!end) - { - if (pos == 2) - end = 1; - else if (pos == 3) - end = 2; - else - return PXE_PGP_CORRUPT_ARMOR; - } - b = 0; - } - else if (c == ' ' || c == '\t' || c == '\n' || c == '\r') - continue; - else - return PXE_PGP_CORRUPT_ARMOR; - - /* - * add it to buffer - */ - buf = (buf << 6) + b; - pos++; - if (pos == 4) - { - *p++ = (buf >> 16) & 255; - if (end == 0 || end > 1) - *p++ = (buf >> 8) & 255; - if (end == 0 || end > 2) - *p++ = buf & 255; - buf = 0; - pos = 0; - } - } - - if (pos != 0) - return PXE_PGP_CORRUPT_ARMOR; - return p - dst; -} - -static unsigned -b64_enc_len(unsigned srclen) -{ - /* - * 3 bytes will be converted to 4, linefeed after 76 chars - */ - return (srclen + 2) * 4 / 3 + srclen / (76 * 3 / 4); -} - -static unsigned -b64_dec_len(unsigned srclen) -{ - return (srclen * 3) >> 2; -} - -/* - * PGP armor - */ - -static const char *armor_header = "-----BEGIN PGP MESSAGE-----\n\n"; -static const char *armor_footer = "\n-----END PGP MESSAGE-----\n"; - -/* CRC24 implementation from rfc2440 */ -#define CRC24_INIT 0x00b704ceL -#define CRC24_POLY 0x01864cfbL -static long -crc24(const uint8 *data, unsigned len) -{ - unsigned crc = CRC24_INIT; - int i; - - while (len--) - { - crc ^= (*data++) << 16; - for (i = 0; i < 8; i++) - { - crc <<= 1; - if (crc & 0x1000000) - crc ^= CRC24_POLY; - } - } - return crc & 0xffffffL; -} - -int -pgp_armor_encode(const uint8 *src, unsigned len, uint8 *dst) -{ - int n; - uint8 *pos = dst; - unsigned crc = crc24(src, len); - - n = strlen(armor_header); - memcpy(pos, armor_header, n); - pos += n; - - n = b64_encode(src, len, pos); - pos += n; - - if (*(pos - 1) != '\n') - *pos++ = '\n'; - - *pos++ = '='; - pos[3] = _base64[crc & 0x3f]; - crc >>= 6; - pos[2] = _base64[crc & 0x3f]; - crc >>= 6; - pos[1] = _base64[crc & 0x3f]; - crc >>= 6; - pos[0] = _base64[crc & 0x3f]; - pos += 4; - - n = strlen(armor_footer); - memcpy(pos, armor_footer, n); - pos += n; - - return pos - dst; -} - -static const uint8 * -find_str(const uint8 *data, const uint8 *data_end, const char *str, int strlen) -{ - const uint8 *p = data; - - if (!strlen) - return NULL; - if (data_end - data < strlen) - return NULL; - while (p < data_end) - { - p = memchr(p, str[0], data_end - p); - if (p == NULL) - return NULL; - if (p + strlen > data_end) - return NULL; - if (memcmp(p, str, strlen) == 0) - return p; - p++; - } - return NULL; -} - -static int -find_header(const uint8 *data, const uint8 *datend, - const uint8 **start_p, int is_end) -{ - const uint8 *p = data; - static const char *start_sep = "-----BEGIN"; - static const char *end_sep = "-----END"; - const char *sep = is_end ? end_sep : start_sep; - - /* find header line */ - while (1) - { - p = find_str(p, datend, sep, strlen(sep)); - if (p == NULL) - return PXE_PGP_CORRUPT_ARMOR; - /* it must start at beginning of line */ - if (p == data || *(p - 1) == '\n') - break; - p += strlen(sep); - } - *start_p = p; - p += strlen(sep); - - /* check if header text ok */ - for (; p < datend && *p != '-'; p++) - { - /* various junk can be there, but definitely not line-feed */ - if (*p >= ' ') - continue; - return PXE_PGP_CORRUPT_ARMOR; - } - if (datend - p < 5 || memcmp(p, sep, 5) != 0) - return PXE_PGP_CORRUPT_ARMOR; - p += 5; - - /* check if at end of line */ - if (p < datend) - { - if (*p != '\n' && *p != '\r') - return PXE_PGP_CORRUPT_ARMOR; - if (*p == '\r') - p++; - if (p < datend && *p == '\n') - p++; - } - return p - *start_p; -} - -int -pgp_armor_decode(const uint8 *src, unsigned len, uint8 *dst) -{ - const uint8 *p = src; - const uint8 *data_end = src + len; - long crc; - const uint8 *base64_start, - *armor_end; - const uint8 *base64_end = NULL; - uint8 buf[4]; - int hlen; - int res = PXE_PGP_CORRUPT_ARMOR; - - /* armor start */ - hlen = find_header(src, data_end, &p, 0); - if (hlen <= 0) - goto out; - p += hlen; - - /* armor end */ - hlen = find_header(p, data_end, &armor_end, 1); - if (hlen <= 0) - goto out; - - /* skip comments - find empty line */ - while (p < armor_end && *p != '\n' && *p != '\r') - { - p = memchr(p, '\n', armor_end - p); - if (!p) - goto out; - - /* step to start of next line */ - p++; - } - base64_start = p; - - /* find crc pos */ - for (p = armor_end; p >= base64_start; p--) - if (*p == '=') - { - base64_end = p - 1; - break; - } - if (base64_end == NULL) - goto out; - - /* decode crc */ - if (b64_decode(p + 1, 4, buf) != 3) - goto out; - crc = (((long) buf[0]) << 16) + (((long) buf[1]) << 8) + (long) buf[2]; - - /* decode data */ - res = b64_decode(base64_start, base64_end - base64_start, dst); - - /* check crc */ - if (res >= 0 && crc24(dst, res) != crc) - res = PXE_PGP_CORRUPT_ARMOR; -out: - return res; -} - -unsigned -pgp_armor_enc_len(unsigned len) -{ - return b64_enc_len(len) + strlen(armor_header) + strlen(armor_footer) + 16; -} - -unsigned -pgp_armor_dec_len(unsigned len) -{ - return b64_dec_len(len); -}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-cfb.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/pgp-cfb.c b/contrib/pgcrypto/pgp-cfb.c deleted file mode 100644 index bd05ccc..0000000 --- a/contrib/pgcrypto/pgp-cfb.c +++ /dev/null @@ -1,265 +0,0 @@ -/* - * pgp-cfb.c - * Implements both normal and PGP-specific CFB mode. - * - * Copyright (c) 2005 Marko Kreen - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-cfb.c,v 1.4 2009/06/11 14:48:52 momjian Exp $ - */ - -#include "postgres.h" - -#include "mbuf.h" -#include "px.h" -#include "pgp.h" - -typedef int (*mix_data_t) (PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst); - -struct PGP_CFB -{ - PX_Cipher *ciph; - int block_size; - int pos; - int block_no; - int resync; - uint8 fr[PGP_MAX_BLOCK]; - uint8 fre[PGP_MAX_BLOCK]; - uint8 encbuf[PGP_MAX_BLOCK]; -}; - -int -pgp_cfb_create(PGP_CFB **ctx_p, int algo, const uint8 *key, int key_len, - int resync, uint8 *iv) -{ - int res; - PX_Cipher *ciph; - PGP_CFB *ctx; - - res = pgp_load_cipher(algo, &ciph); - if (res < 0) - return res; - - res = px_cipher_init(ciph, key, key_len, NULL); - if (res < 0) - { - px_cipher_free(ciph); - return res; - } - - ctx = px_alloc(sizeof(*ctx)); - memset(ctx, 0, sizeof(*ctx)); - ctx->ciph = ciph; - ctx->block_size = px_cipher_block_size(ciph); - ctx->resync = resync; - - if (iv) - memcpy(ctx->fr, iv, ctx->block_size); - - *ctx_p = ctx; - return 0; -} - -void -pgp_cfb_free(PGP_CFB *ctx) -{ - px_cipher_free(ctx->ciph); - memset(ctx, 0, sizeof(*ctx)); - px_free(ctx); -} - -/* - * Data processing for normal CFB. (PGP_PKT_SYMENCRYPTED_DATA_MDC) - */ -static int -mix_encrypt_normal(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst) -{ - int i; - - for (i = ctx->pos; i < ctx->pos + len; i++) - *dst++ = ctx->encbuf[i] = ctx->fre[i] ^ (*data++); - ctx->pos += len; - return len; -} - -static int -mix_decrypt_normal(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst) -{ - int i; - - for (i = ctx->pos; i < ctx->pos + len; i++) - { - ctx->encbuf[i] = *data++; - *dst++ = ctx->fre[i] ^ ctx->encbuf[i]; - } - ctx->pos += len; - return len; -} - -/* - * Data processing for old PGP CFB mode. (PGP_PKT_SYMENCRYPTED_DATA) - * - * The goal is to hide the horror from the rest of the code, - * thus its all concentrated here. - */ -static int -mix_encrypt_resync(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst) -{ - int i, - n; - - /* block #2 is 2 bytes long */ - if (ctx->block_no == 2) - { - n = 2 - ctx->pos; - if (len < n) - n = len; - for (i = ctx->pos; i < ctx->pos + n; i++) - *dst++ = ctx->encbuf[i] = ctx->fre[i] ^ (*data++); - - ctx->pos += n; - len -= n; - - if (ctx->pos == 2) - { - memcpy(ctx->fr, ctx->encbuf + 2, ctx->block_size - 2); - memcpy(ctx->fr + ctx->block_size - 2, ctx->encbuf, 2); - ctx->pos = 0; - return n; - } - } - for (i = ctx->pos; i < ctx->pos + len; i++) - *dst++ = ctx->encbuf[i] = ctx->fre[i] ^ (*data++); - ctx->pos += len; - return len; -} - -static int -mix_decrypt_resync(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst) -{ - int i, - n; - - /* block #2 is 2 bytes long */ - if (ctx->block_no == 2) - { - n = 2 - ctx->pos; - if (len < n) - n = len; - for (i = ctx->pos; i < ctx->pos + n; i++) - { - ctx->encbuf[i] = *data++; - *dst++ = ctx->fre[i] ^ ctx->encbuf[i]; - } - ctx->pos += n; - len -= n; - - if (ctx->pos == 2) - { - memcpy(ctx->fr, ctx->encbuf + 2, ctx->block_size - 2); - memcpy(ctx->fr + ctx->block_size - 2, ctx->encbuf, 2); - ctx->pos = 0; - return n; - } - } - for (i = ctx->pos; i < ctx->pos + len; i++) - { - ctx->encbuf[i] = *data++; - *dst++ = ctx->fre[i] ^ ctx->encbuf[i]; - } - ctx->pos += len; - return len; -} - -/* - * common code for both encrypt and decrypt. - */ -static int -cfb_process(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst, - mix_data_t mix_data) -{ - int n; - int res; - - while (len > 0 && ctx->pos > 0) - { - n = ctx->block_size - ctx->pos; - if (len < n) - n = len; - - n = mix_data(ctx, data, n, dst); - data += n; - dst += n; - len -= n; - - if (ctx->pos == ctx->block_size) - { - memcpy(ctx->fr, ctx->encbuf, ctx->block_size); - ctx->pos = 0; - } - } - - while (len > 0) - { - px_cipher_encrypt(ctx->ciph, ctx->fr, ctx->block_size, ctx->fre); - if (ctx->block_no < 5) - ctx->block_no++; - - n = ctx->block_size; - if (len < n) - n = len; - - res = mix_data(ctx, data, n, dst); - data += res; - dst += res; - len -= res; - - if (ctx->pos == ctx->block_size) - { - memcpy(ctx->fr, ctx->encbuf, ctx->block_size); - ctx->pos = 0; - } - } - return 0; -} - -/* - * public interface - */ - -int -pgp_cfb_encrypt(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst) -{ - mix_data_t mix = ctx->resync ? mix_encrypt_resync : mix_encrypt_normal; - - return cfb_process(ctx, data, len, dst, mix); -} - -int -pgp_cfb_decrypt(PGP_CFB *ctx, const uint8 *data, int len, uint8 *dst) -{ - mix_data_t mix = ctx->resync ? mix_decrypt_resync : mix_decrypt_normal; - - return cfb_process(ctx, data, len, dst, mix); -} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-compress.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/pgp-compress.c b/contrib/pgcrypto/pgp-compress.c deleted file mode 100644 index 41f5855..0000000 --- a/contrib/pgcrypto/pgp-compress.c +++ /dev/null @@ -1,329 +0,0 @@ -/* - * pgp-compress.c - * ZIP and ZLIB compression via zlib. - * - * Copyright (c) 2005 Marko Kreen - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-compress.c,v 1.8 2009/06/11 14:48:52 momjian Exp $ - */ - -#include "postgres.h" - -#include "mbuf.h" -#include "px.h" -#include "pgp.h" - - -/* - * Compressed pkt writer - */ - -#ifdef HAVE_LIBZ - -#include <zlib.h> - -#define ZIP_OUT_BUF 8192 -#define ZIP_IN_BLOCK 8192 - -struct ZipStat -{ - uint8 type; - int buf_len; - int hdr_done; - z_stream stream; - uint8 buf[ZIP_OUT_BUF]; -}; - -static void * -z_alloc(void *priv, unsigned n_items, unsigned item_len) -{ - return px_alloc(n_items * item_len); -} - -static void -z_free(void *priv, void *addr) -{ - px_free(addr); -} - -static int -compress_init(PushFilter *next, void *init_arg, void **priv_p) -{ - int res; - struct ZipStat *st; - PGP_Context *ctx = init_arg; - uint8 type = ctx->compress_algo; - - if (type != PGP_COMPR_ZLIB && type != PGP_COMPR_ZIP) - return PXE_PGP_UNSUPPORTED_COMPR; - - /* - * init - */ - st = px_alloc(sizeof(*st)); - memset(st, 0, sizeof(*st)); - st->buf_len = ZIP_OUT_BUF; - st->stream.zalloc = z_alloc; - st->stream.zfree = z_free; - - if (type == PGP_COMPR_ZIP) - res = deflateInit2(&st->stream, ctx->compress_level, - Z_DEFLATED, -15, 8, Z_DEFAULT_STRATEGY); - else - res = deflateInit(&st->stream, ctx->compress_level); - if (res != Z_OK) - { - px_free(st); - return PXE_PGP_COMPRESSION_ERROR; - } - *priv_p = st; - - return ZIP_IN_BLOCK; -} - -/* writes compressed data packet */ - -/* cant handle zero-len incoming data, but shouldnt */ -static int -compress_process(PushFilter *next, void *priv, const uint8 *data, int len) -{ - int res, - n_out; - struct ZipStat *st = priv; - - /* - * process data - */ - while (len > 0) - { - st->stream.next_in = (void *) data; - st->stream.avail_in = len; - st->stream.next_out = st->buf; - st->stream.avail_out = st->buf_len; - res = deflate(&st->stream, 0); - if (res != Z_OK) - return PXE_PGP_COMPRESSION_ERROR; - - n_out = st->buf_len - st->stream.avail_out; - if (n_out > 0) - { - res = pushf_write(next, st->buf, n_out); - if (res < 0) - return res; - } - len = st->stream.avail_in; - } - - return 0; -} - -static int -compress_flush(PushFilter *next, void *priv) -{ - int res, - zres, - n_out; - struct ZipStat *st = priv; - - st->stream.next_in = NULL; - st->stream.avail_in = 0; - while (1) - { - st->stream.next_out = st->buf; - st->stream.avail_out = st->buf_len; - zres = deflate(&st->stream, Z_FINISH); - if (zres != Z_STREAM_END && zres != Z_OK) - return PXE_PGP_COMPRESSION_ERROR; - n_out = st->buf_len - st->stream.avail_out; - if (n_out > 0) - { - res = pushf_write(next, st->buf, n_out); - if (res < 0) - return res; - } - if (zres == Z_STREAM_END) - break; - } - return 0; -} - -static void -compress_free(void *priv) -{ - struct ZipStat *st = priv; - - deflateEnd(&st->stream); - memset(st, 0, sizeof(*st)); - px_free(st); -} - -static const PushFilterOps - compress_filter = { - compress_init, compress_process, compress_flush, compress_free -}; - -int -pgp_compress_filter(PushFilter **res, PGP_Context *ctx, PushFilter *dst) -{ - return pushf_create(res, &compress_filter, ctx, dst); -} - -/* - * Decompress - */ -struct DecomprData -{ - int buf_len; /* = ZIP_OUT_BUF */ - int buf_data; /* available data */ - uint8 *pos; - z_stream stream; - int eof; - uint8 buf[ZIP_OUT_BUF]; -}; - -static int -decompress_init(void **priv_p, void *arg, PullFilter *src) -{ - PGP_Context *ctx = arg; - struct DecomprData *dec; - int res; - - if (ctx->compress_algo != PGP_COMPR_ZLIB - && ctx->compress_algo != PGP_COMPR_ZIP) - return PXE_PGP_UNSUPPORTED_COMPR; - - dec = px_alloc(sizeof(*dec)); - memset(dec, 0, sizeof(*dec)); - dec->buf_len = ZIP_OUT_BUF; - *priv_p = dec; - - dec->stream.zalloc = z_alloc; - dec->stream.zfree = z_free; - - if (ctx->compress_algo == PGP_COMPR_ZIP) - res = inflateInit2(&dec->stream, -15); - else - res = inflateInit(&dec->stream); - if (res != Z_OK) - { - px_free(dec); - px_debug("decompress_init: inflateInit error"); - return PXE_PGP_COMPRESSION_ERROR; - } - - return 0; -} - -static int -decompress_read(void *priv, PullFilter *src, int len, - uint8 **data_p, uint8 *buf, int buflen) -{ - int res; - int flush; - struct DecomprData *dec = priv; - -restart: - if (dec->buf_data > 0) - { - if (len > dec->buf_data) - len = dec->buf_data; - *data_p = dec->pos; - dec->pos += len; - dec->buf_data -= len; - return len; - } - - if (dec->eof) - return 0; - - if (dec->stream.avail_in == 0) - { - uint8 *tmp; - - res = pullf_read(src, 8192, &tmp); - if (res < 0) - return res; - dec->stream.next_in = tmp; - dec->stream.avail_in = res; - } - - dec->stream.next_out = dec->buf; - dec->stream.avail_out = dec->buf_len; - dec->pos = dec->buf; - - /* - * Z_SYNC_FLUSH is tell zlib to output as much as possible. It should do - * it anyway (Z_NO_FLUSH), but seems to reserve the right not to. So lets - * follow the API. - */ - flush = dec->stream.avail_in ? Z_SYNC_FLUSH : Z_FINISH; - res = inflate(&dec->stream, flush); - if (res != Z_OK && res != Z_STREAM_END) - { - px_debug("decompress_read: inflate error: %d", res); - return PXE_PGP_CORRUPT_DATA; - } - - dec->buf_data = dec->buf_len - dec->stream.avail_out; - if (res == Z_STREAM_END) - dec->eof = 1; - goto restart; -} - -static void -decompress_free(void *priv) -{ - struct DecomprData *dec = priv; - - inflateEnd(&dec->stream); - memset(dec, 0, sizeof(*dec)); - px_free(dec); -} - -static const PullFilterOps - decompress_filter = { - decompress_init, decompress_read, decompress_free -}; - -int -pgp_decompress_filter(PullFilter **res, PGP_Context *ctx, PullFilter *src) -{ - return pullf_create(res, &decompress_filter, ctx, src); -} -#else /* !HAVE_ZLIB */ - -int -pgp_compress_filter(PushFilter **res, PGP_Context *ctx, PushFilter *dst) -{ - return PXE_PGP_UNSUPPORTED_COMPR; -} - -int -pgp_decompress_filter(PullFilter **res, PGP_Context *ctx, PullFilter *src) -{ - return PXE_PGP_UNSUPPORTED_COMPR; -} - -#endif http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-decrypt.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/pgp-decrypt.c b/contrib/pgcrypto/pgp-decrypt.c deleted file mode 100644 index 8888dc9..0000000 --- a/contrib/pgcrypto/pgp-decrypt.c +++ /dev/null @@ -1,1188 +0,0 @@ -/* - * pgp-decrypt.c - * OpenPGP decrypt. - * - * Copyright (c) 2005 Marko Kreen - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-decrypt.c,v 1.8 2009/06/11 14:48:52 momjian Exp $ - */ - -#include "postgres.h" - -#include "px.h" -#include "mbuf.h" -#include "pgp.h" - -#define NO_CTX_SIZE 0 -#define ALLOW_CTX_SIZE 1 -#define NO_COMPR 0 -#define ALLOW_COMPR 1 -#define NO_MDC 0 -#define NEED_MDC 1 - -#define PKT_NORMAL 1 -#define PKT_STREAM 2 -#define PKT_CONTEXT 3 - -#define MAX_CHUNK (16*1024*1024) - -static int -parse_new_len(PullFilter *src, int *len_p) -{ - uint8 b; - int len; - int pkttype = PKT_NORMAL; - - GETBYTE(src, b); - if (b <= 191) - len = b; - else if (b >= 192 && b <= 223) - { - len = ((unsigned) (b) - 192) << 8; - GETBYTE(src, b); - len += 192 + b; - } - else if (b == 255) - { - GETBYTE(src, b); - len = b; - GETBYTE(src, b); - len = (len << 8) | b; - GETBYTE(src, b); - len = (len << 8) | b; - GETBYTE(src, b); - len = (len << 8) | b; - } - else - { - len = 1 << (b & 0x1F); - pkttype = PKT_STREAM; - } - - if (len < 0 || len > MAX_CHUNK) - { - px_debug("parse_new_len: weird length"); - return PXE_PGP_CORRUPT_DATA; - } - - *len_p = len; - return pkttype; -} - -static int -parse_old_len(PullFilter *src, int *len_p, int lentype) -{ - uint8 b; - int len; - - GETBYTE(src, b); - len = b; - - if (lentype == 1) - { - GETBYTE(src, b); - len = (len << 8) | b; - } - else if (lentype == 2) - { - GETBYTE(src, b); - len = (len << 8) | b; - GETBYTE(src, b); - len = (len << 8) | b; - GETBYTE(src, b); - len = (len << 8) | b; - } - - if (len < 0 || len > MAX_CHUNK) - { - px_debug("parse_old_len: weird length"); - return PXE_PGP_CORRUPT_DATA; - } - *len_p = len; - return PKT_NORMAL; -} - -/* returns pkttype or 0 on eof */ -int -pgp_parse_pkt_hdr(PullFilter *src, uint8 *tag, int *len_p, int allow_ctx) -{ - int lentype; - int res; - uint8 *p; - - /* EOF is normal here, thus we dont use GETBYTE */ - res = pullf_read(src, 1, &p); - if (res < 0) - return res; - if (res == 0) - return 0; - - if ((*p & 0x80) == 0) - { - px_debug("pgp_parse_pkt_hdr: not pkt hdr"); - return PXE_PGP_CORRUPT_DATA; - } - - if (*p & 0x40) - { - *tag = *p & 0x3f; - res = parse_new_len(src, len_p); - } - else - { - lentype = *p & 3; - *tag = (*p >> 2) & 0x0F; - if (lentype == 3) - res = allow_ctx ? PKT_CONTEXT : PXE_PGP_CORRUPT_DATA; - else - res = parse_old_len(src, len_p, lentype); - } - return res; -} - -/* - * Packet reader - */ -struct PktData -{ - int type; - int len; -}; - -static int -pktreader_pull(void *priv, PullFilter *src, int len, - uint8 **data_p, uint8 *buf, int buflen) -{ - int res; - struct PktData *pkt = priv; - - /* PKT_CONTEXT means: whatever there is */ - if (pkt->type == PKT_CONTEXT) - return pullf_read(src, len, data_p); - - if (pkt->len == 0) - { - /* this was last chunk in stream */ - if (pkt->type == PKT_NORMAL) - return 0; - - /* next chunk in stream */ - res = parse_new_len(src, &pkt->len); - if (res < 0) - return res; - pkt->type = res; - } - - if (len > pkt->len) - len = pkt->len; - - res = pullf_read(src, len, data_p); - if (res > 0) - pkt->len -= res; - - return res; -} - -static void -pktreader_free(void *priv) -{ - struct PktData *pkt = priv; - - memset(pkt, 0, sizeof(*pkt)); - px_free(pkt); -} - -static struct PullFilterOps pktreader_filter = { - NULL, pktreader_pull, pktreader_free -}; - -/* needs helper function to pass several parameters */ -int -pgp_create_pkt_reader(PullFilter **pf_p, PullFilter *src, int len, - int pkttype, PGP_Context *ctx) -{ - int res; - struct PktData *pkt = px_alloc(sizeof(*pkt)); - - pkt->type = pkttype; - pkt->len = len; - res = pullf_create(pf_p, &pktreader_filter, pkt, src); - if (res < 0) - px_free(pkt); - return res; -} - -/* - * Prefix check filter - */ - -static int -prefix_init(void **priv_p, void *arg, PullFilter *src) -{ - PGP_Context *ctx = arg; - int len; - int res; - uint8 *buf; - uint8 tmpbuf[PGP_MAX_BLOCK + 2]; - - len = pgp_get_cipher_block_size(ctx->cipher_algo); - if (len > sizeof(tmpbuf)) - return PXE_BUG; - - res = pullf_read_max(src, len + 2, &buf, tmpbuf); - if (res < 0) - return res; - if (res != len + 2) - { - px_debug("prefix_init: short read"); - memset(tmpbuf, 0, sizeof(tmpbuf)); - return PXE_PGP_CORRUPT_DATA; - } - - if (buf[len - 2] != buf[len] || buf[len - 1] != buf[len + 1]) - { - px_debug("prefix_init: corrupt prefix"); - - /* - * The original purpose of the 2-byte check was to show user a - * friendly "wrong key" message. This made following possible: - * - * "An Attack on CFB Mode Encryption As Used By OpenPGP" by Serge - * Mister and Robert Zuccherato - * - * To avoid being 'oracle', we delay reporting, which basically means - * we prefer to run into corrupt packet header. - * - * We _could_ throw PXE_PGP_CORRUPT_DATA here, but there is - * possibility of attack via timing, so we don't. - */ - ctx->corrupt_prefix = 1; - } - memset(tmpbuf, 0, sizeof(tmpbuf)); - return 0; -} - -static struct PullFilterOps prefix_filter = { - prefix_init, NULL, NULL -}; - - -/* - * Decrypt filter - */ - -static int -decrypt_init(void **priv_p, void *arg, PullFilter *src) -{ - PGP_CFB *cfb = arg; - - *priv_p = cfb; - - /* we need to write somewhere, so ask for a buffer */ - return 4096; -} - -static int -decrypt_read(void *priv, PullFilter *src, int len, - uint8 **data_p, uint8 *buf, int buflen) -{ - PGP_CFB *cfb = priv; - uint8 *tmp; - int res; - - res = pullf_read(src, len, &tmp); - if (res > 0) - { - pgp_cfb_decrypt(cfb, tmp, res, buf); - *data_p = buf; - } - return res; -} - -struct PullFilterOps pgp_decrypt_filter = { - decrypt_init, decrypt_read, NULL -}; - - -/* - * MDC hasher filter - */ - -static int -mdc_init(void **priv_p, void *arg, PullFilter *src) -{ - PGP_Context *ctx = arg; - - *priv_p = ctx; - return pgp_load_digest(PGP_DIGEST_SHA1, &ctx->mdc_ctx); -} - -static void -mdc_free(void *priv) -{ - PGP_Context *ctx = priv; - - if (ctx->use_mdcbuf_filter) - return; - px_md_free(ctx->mdc_ctx); - ctx->mdc_ctx = NULL; -} - -static int -mdc_finish(PGP_Context *ctx, PullFilter *src, - int len, uint8 **data_p) -{ - int res; - uint8 hash[20]; - uint8 tmpbuf[22]; - - if (len + 1 > sizeof(tmpbuf)) - return PXE_BUG; - - /* read data */ - res = pullf_read_max(src, len + 1, data_p, tmpbuf); - if (res < 0) - return res; - if (res == 0) - { - if (ctx->mdc_checked == 0) - { - px_debug("no mdc"); - return PXE_PGP_CORRUPT_DATA; - } - return 0; - } - - /* safety check */ - if (ctx->in_mdc_pkt > 1) - { - px_debug("mdc_finish: several times here?"); - return PXE_PGP_CORRUPT_DATA; - } - ctx->in_mdc_pkt++; - - /* is the packet sane? */ - if (res != 20) - { - px_debug("mdc_finish: read failed, res=%d", res); - return PXE_PGP_CORRUPT_DATA; - } - - /* - * ok, we got the hash, now check - */ - px_md_finish(ctx->mdc_ctx, hash); - res = memcmp(hash, *data_p, 20); - memset(hash, 0, 20); - memset(tmpbuf, 0, sizeof(tmpbuf)); - if (res != 0) - { - px_debug("mdc_finish: mdc failed"); - return PXE_PGP_CORRUPT_DATA; - } - ctx->mdc_checked = 1; - return len; -} - -static int -mdc_read(void *priv, PullFilter *src, int len, - uint8 **data_p, uint8 *buf, int buflen) -{ - int res; - PGP_Context *ctx = priv; - - /* skip this filter? */ - if (ctx->use_mdcbuf_filter) - return pullf_read(src, len, data_p); - - if (ctx->in_mdc_pkt) - return mdc_finish(ctx, src, len, data_p); - - res = pullf_read(src, len, data_p); - if (res < 0) - return res; - if (res == 0) - { - px_debug("mdc_read: unexpected eof"); - return PXE_PGP_CORRUPT_DATA; - } - px_md_update(ctx->mdc_ctx, *data_p, res); - - return res; -} - -static struct PullFilterOps mdc_filter = { - mdc_init, mdc_read, mdc_free -}; - - -/* - * Combined Pkt reader and MDC hasher. - * - * For the case of SYMENCRYPTED_MDC packet, where - * the data part has 'context length', which means - * that data packet ends 22 bytes before end of parent - * packet, which is silly. - */ -#define MDCBUF_LEN 8192 -struct MDCBufData -{ - PGP_Context *ctx; - int eof; - int buflen; - int avail; - uint8 *pos; - int mdc_avail; - uint8 mdc_buf[22]; - uint8 buf[MDCBUF_LEN]; -}; - -static int -mdcbuf_init(void **priv_p, void *arg, PullFilter *src) -{ - PGP_Context *ctx = arg; - struct MDCBufData *st; - - st = px_alloc(sizeof(*st)); - memset(st, 0, sizeof(*st)); - st->buflen = sizeof(st->buf); - st->ctx = ctx; - *priv_p = st; - - /* take over the work of mdc_filter */ - ctx->use_mdcbuf_filter = 1; - - return 0; -} - -static int -mdcbuf_finish(struct MDCBufData * st) -{ - uint8 hash[20]; - int res; - - st->eof = 1; - - if (st->mdc_buf[0] != 0xD3 || st->mdc_buf[1] != 0x14) - { - px_debug("mdcbuf_finish: bad MDC pkt hdr"); - return PXE_PGP_CORRUPT_DATA; - } - px_md_update(st->ctx->mdc_ctx, st->mdc_buf, 2); - px_md_finish(st->ctx->mdc_ctx, hash); - res = memcmp(hash, st->mdc_buf + 2, 20); - memset(hash, 0, 20); - if (res) - { - px_debug("mdcbuf_finish: MDC does not match"); - res = PXE_PGP_CORRUPT_DATA; - } - return res; -} - -static void -mdcbuf_load_data(struct MDCBufData * st, uint8 *src, int len) -{ - uint8 *dst = st->pos + st->avail; - - memcpy(dst, src, len); - px_md_update(st->ctx->mdc_ctx, src, len); - st->avail += len; -} - -static void -mdcbuf_load_mdc(struct MDCBufData * st, uint8 *src, int len) -{ - memmove(st->mdc_buf + st->mdc_avail, src, len); - st->mdc_avail += len; -} - -static int -mdcbuf_refill(struct MDCBufData * st, PullFilter *src) -{ - uint8 *data; - int res; - int need; - - /* put avail data in start */ - if (st->avail > 0 && st->pos != st->buf) - memmove(st->buf, st->pos, st->avail); - st->pos = st->buf; - - /* read new data */ - need = st->buflen + 22 - st->avail - st->mdc_avail; - res = pullf_read(src, need, &data); - if (res < 0) - return res; - if (res == 0) - return mdcbuf_finish(st); - - /* add to buffer */ - if (res >= 22) - { - mdcbuf_load_data(st, st->mdc_buf, st->mdc_avail); - st->mdc_avail = 0; - - mdcbuf_load_data(st, data, res - 22); - mdcbuf_load_mdc(st, data + res - 22, 22); - } - else - { - int canmove = st->mdc_avail + res - 22; - - if (canmove > 0) - { - mdcbuf_load_data(st, st->mdc_buf, canmove); - st->mdc_avail -= canmove; - memmove(st->mdc_buf, st->mdc_buf + canmove, st->mdc_avail); - } - mdcbuf_load_mdc(st, data, res); - } - return 0; -} - -static int -mdcbuf_read(void *priv, PullFilter *src, int len, - uint8 **data_p, uint8 *buf, int buflen) -{ - struct MDCBufData *st = priv; - int res; - - if (!st->eof && len > st->avail) - { - res = mdcbuf_refill(st, src); - if (res < 0) - return res; - } - - if (len > st->avail) - len = st->avail; - - *data_p = st->pos; - st->pos += len; - st->avail -= len; - return len; -} - -static void -mdcbuf_free(void *priv) -{ - struct MDCBufData *st = priv; - - px_md_free(st->ctx->mdc_ctx); - st->ctx->mdc_ctx = NULL; - memset(st, 0, sizeof(*st)); - px_free(st); -} - -static struct PullFilterOps mdcbuf_filter = { - mdcbuf_init, mdcbuf_read, mdcbuf_free -}; - - -/* - * Decrypt separate session key - */ -static int -decrypt_key(PGP_Context *ctx, const uint8 *src, int len) -{ - int res; - uint8 algo; - PGP_CFB *cfb; - - res = pgp_cfb_create(&cfb, ctx->s2k_cipher_algo, - ctx->s2k.key, ctx->s2k.key_len, 0, NULL); - if (res < 0) - return res; - - pgp_cfb_decrypt(cfb, src, 1, &algo); - src++; - len--; - - pgp_cfb_decrypt(cfb, src, len, ctx->sess_key); - pgp_cfb_free(cfb); - ctx->sess_key_len = len; - ctx->cipher_algo = algo; - - if (pgp_get_cipher_key_size(algo) != len) - { - px_debug("sesskey bad len: algo=%d, expected=%d, got=%d", - algo, pgp_get_cipher_key_size(algo), len); - return PXE_PGP_CORRUPT_DATA; - } - return 0; -} - -/* - * Handle key packet - */ -static int -parse_symenc_sesskey(PGP_Context *ctx, PullFilter *src) -{ - uint8 *p; - int res; - uint8 tmpbuf[PGP_MAX_KEY + 2]; - uint8 ver; - - GETBYTE(src, ver); - GETBYTE(src, ctx->s2k_cipher_algo); - if (ver != 4) - { - px_debug("bad key pkt ver"); - return PXE_PGP_CORRUPT_DATA; - } - - /* - * read S2K info - */ - res = pgp_s2k_read(src, &ctx->s2k); - if (res < 0) - return res; - ctx->s2k_mode = ctx->s2k.mode; - ctx->s2k_digest_algo = ctx->s2k.digest_algo; - - /* - * generate key from password - */ - res = pgp_s2k_process(&ctx->s2k, ctx->s2k_cipher_algo, - ctx->sym_key, ctx->sym_key_len); - if (res < 0) - return res; - - /* - * do we have separate session key? - */ - res = pullf_read_max(src, PGP_MAX_KEY + 2, &p, tmpbuf); - if (res < 0) - return res; - - if (res == 0) - { - /* - * no, s2k key is session key - */ - memcpy(ctx->sess_key, ctx->s2k.key, ctx->s2k.key_len); - ctx->sess_key_len = ctx->s2k.key_len; - ctx->cipher_algo = ctx->s2k_cipher_algo; - res = 0; - ctx->use_sess_key = 0; - } - else - { - /* - * yes, decrypt it - */ - if (res < 17 || res > PGP_MAX_KEY + 1) - { - px_debug("expect key, but bad data"); - return PXE_PGP_CORRUPT_DATA; - } - ctx->use_sess_key = 1; - res = decrypt_key(ctx, p, res); - } - - memset(tmpbuf, 0, sizeof(tmpbuf)); - return res; -} - -static int -copy_crlf(MBuf *dst, uint8 *data, int len, int *got_cr) -{ - uint8 *data_end = data + len; - uint8 tmpbuf[1024]; - uint8 *tmp_end = tmpbuf + sizeof(tmpbuf); - uint8 *p; - int res; - - p = tmpbuf; - if (*got_cr) - { - if (*data != '\n') - *p++ = '\r'; - *got_cr = 0; - } - while (data < data_end) - { - if (*data == '\r') - { - if (data + 1 < data_end) - { - if (*(data + 1) == '\n') - data++; - } - else - { - *got_cr = 1; - break; - } - } - *p++ = *data++; - if (p >= tmp_end) - { - res = mbuf_append(dst, tmpbuf, p - tmpbuf); - if (res < 0) - return res; - p = tmpbuf; - } - } - if (p - tmpbuf > 0) - { - res = mbuf_append(dst, tmpbuf, p - tmpbuf); - if (res < 0) - return res; - } - return 0; -} - -static int -parse_literal_data(PGP_Context *ctx, MBuf *dst, PullFilter *pkt) -{ - int type; - int name_len; - int res; - uint8 *buf; - uint8 tmpbuf[4]; - int got_cr = 0; - - GETBYTE(pkt, type); - GETBYTE(pkt, name_len); - - /* skip name */ - while (name_len > 0) - { - res = pullf_read(pkt, name_len, &buf); - if (res < 0) - return res; - if (res == 0) - break; - name_len -= res; - } - if (name_len > 0) - { - px_debug("parse_literal_data: unexpected eof"); - return PXE_PGP_CORRUPT_DATA; - } - - /* skip date */ - res = pullf_read_max(pkt, 4, &buf, tmpbuf); - if (res != 4) - { - px_debug("parse_literal_data: unexpected eof"); - return PXE_PGP_CORRUPT_DATA; - } - memset(tmpbuf, 0, 4); - - /* check if text */ - if (ctx->text_mode) - if (type != 't' && type != 'u') - { - px_debug("parse_literal_data: data type=%c", type); - return PXE_PGP_NOT_TEXT; - } - - ctx->unicode_mode = (type == 'u') ? 1 : 0; - - /* read data */ - while (1) - { - res = pullf_read(pkt, 32 * 1024, &buf); - if (res <= 0) - break; - - if (ctx->text_mode && ctx->convert_crlf) - res = copy_crlf(dst, buf, res, &got_cr); - else - res = mbuf_append(dst, buf, res); - if (res < 0) - break; - } - if (res >= 0 && got_cr) - res = mbuf_append(dst, (const uint8 *) "\r", 1); - return res; -} - -/* process_data_packets and parse_compressed_data call each other */ -static int process_data_packets(PGP_Context *ctx, MBuf *dst, - PullFilter *src, int allow_compr, int need_mdc); - -static int -parse_compressed_data(PGP_Context *ctx, MBuf *dst, PullFilter *pkt) -{ - int res; - uint8 type; - PullFilter *pf_decompr; - - GETBYTE(pkt, type); - - ctx->compress_algo = type; - switch (type) - { - case PGP_COMPR_NONE: - res = process_data_packets(ctx, dst, pkt, NO_COMPR, NO_MDC); - break; - - case PGP_COMPR_ZIP: - case PGP_COMPR_ZLIB: - res = pgp_decompress_filter(&pf_decompr, ctx, pkt); - if (res >= 0) - { - res = process_data_packets(ctx, dst, pf_decompr, - NO_COMPR, NO_MDC); - pullf_free(pf_decompr); - } - break; - - case PGP_COMPR_BZIP2: - px_debug("parse_compressed_data: bzip2 unsupported"); - res = PXE_PGP_UNSUPPORTED_COMPR; - break; - - default: - px_debug("parse_compressed_data: unknown compr type"); - res = PXE_PGP_CORRUPT_DATA; - } - - return res; -} - -static int -process_data_packets(PGP_Context *ctx, MBuf *dst, PullFilter *src, - int allow_compr, int need_mdc) -{ - uint8 tag = 0; - int len = 0, - res; - int got_data = 0; - int got_mdc = 0; - PullFilter *pkt = NULL; - uint8 *tmp; - - while (1) - { - res = pgp_parse_pkt_hdr(src, &tag, &len, ALLOW_CTX_SIZE); - if (res <= 0) - break; - - - /* mdc packet should be last */ - if (got_mdc) - { - px_debug("process_data_packets: data after mdc"); - res = PXE_PGP_CORRUPT_DATA; - break; - } - - /* context length inside SYMENC_MDC needs special handling */ - if (need_mdc && res == PKT_CONTEXT) - res = pullf_create(&pkt, &mdcbuf_filter, ctx, src); - else - res = pgp_create_pkt_reader(&pkt, src, len, res, ctx); - if (res < 0) - break; - - switch (tag) - { - case PGP_PKT_LITERAL_DATA: - got_data = 1; - res = parse_literal_data(ctx, dst, pkt); - break; - case PGP_PKT_COMPRESSED_DATA: - if (allow_compr == 0) - { - px_debug("process_data_packets: unexpected compression"); - res = PXE_PGP_CORRUPT_DATA; - } - else if (got_data) - { - /* - * compr data must be alone - */ - px_debug("process_data_packets: only one cmpr pkt allowed"); - res = PXE_PGP_CORRUPT_DATA; - } - else - { - got_data = 1; - res = parse_compressed_data(ctx, dst, pkt); - } - break; - case PGP_PKT_MDC: - if (need_mdc == NO_MDC) - { - px_debug("process_data_packets: unexpected MDC"); - res = PXE_PGP_CORRUPT_DATA; - break; - } - - /* notify mdc_filter */ - ctx->in_mdc_pkt = 1; - - res = pullf_read(pkt, 8192, &tmp); - if (res > 0) - got_mdc = 1; - break; - default: - px_debug("process_data_packets: unexpected pkt tag=%d", tag); - res = PXE_PGP_CORRUPT_DATA; - } - - pullf_free(pkt); - pkt = NULL; - - if (res < 0) - break; - } - - if (pkt) - pullf_free(pkt); - - if (res < 0) - return res; - - if (!got_data) - { - px_debug("process_data_packets: no data"); - res = PXE_PGP_CORRUPT_DATA; - } - if (need_mdc && !got_mdc && !ctx->use_mdcbuf_filter) - { - px_debug("process_data_packets: got no mdc"); - res = PXE_PGP_CORRUPT_DATA; - } - return res; -} - -static int -parse_symenc_data(PGP_Context *ctx, PullFilter *pkt, MBuf *dst) -{ - int res; - PGP_CFB *cfb = NULL; - PullFilter *pf_decrypt = NULL; - PullFilter *pf_prefix = NULL; - - res = pgp_cfb_create(&cfb, ctx->cipher_algo, - ctx->sess_key, ctx->sess_key_len, 1, NULL); - if (res < 0) - goto out; - - res = pullf_create(&pf_decrypt, &pgp_decrypt_filter, cfb, pkt); - if (res < 0) - goto out; - - res = pullf_create(&pf_prefix, &prefix_filter, ctx, pf_decrypt); - if (res < 0) - goto out; - - res = process_data_packets(ctx, dst, pf_prefix, ALLOW_COMPR, NO_MDC); - -out: - if (pf_prefix) - pullf_free(pf_prefix); - if (pf_decrypt) - pullf_free(pf_decrypt); - if (cfb) - pgp_cfb_free(cfb); - - return res; -} - -static int -parse_symenc_mdc_data(PGP_Context *ctx, PullFilter *pkt, MBuf *dst) -{ - int res; - PGP_CFB *cfb = NULL; - PullFilter *pf_decrypt = NULL; - PullFilter *pf_prefix = NULL; - PullFilter *pf_mdc = NULL; - uint8 ver; - - GETBYTE(pkt, ver); - if (ver != 1) - { - px_debug("parse_symenc_mdc_data: pkt ver != 1"); - return PXE_PGP_CORRUPT_DATA; - } - - res = pgp_cfb_create(&cfb, ctx->cipher_algo, - ctx->sess_key, ctx->sess_key_len, 0, NULL); - if (res < 0) - goto out; - - res = pullf_create(&pf_decrypt, &pgp_decrypt_filter, cfb, pkt); - if (res < 0) - goto out; - - res = pullf_create(&pf_mdc, &mdc_filter, ctx, pf_decrypt); - if (res < 0) - goto out; - - res = pullf_create(&pf_prefix, &prefix_filter, ctx, pf_mdc); - if (res < 0) - goto out; - - res = process_data_packets(ctx, dst, pf_prefix, ALLOW_COMPR, NEED_MDC); - -out: - if (pf_prefix) - pullf_free(pf_prefix); - if (pf_mdc) - pullf_free(pf_mdc); - if (pf_decrypt) - pullf_free(pf_decrypt); - if (cfb) - pgp_cfb_free(cfb); - - return res; -} - -/* - * skip over packet contents - */ -int -pgp_skip_packet(PullFilter *pkt) -{ - int res = 1; - uint8 *tmp; - - while (res > 0) - res = pullf_read(pkt, 32 * 1024, &tmp); - return res < 0 ? res : 0; -} - -/* - * expect to be at packet end, any data is error - */ -int -pgp_expect_packet_end(PullFilter *pkt) -{ - int res = 1; - uint8 *tmp; - - while (res > 0) - { - res = pullf_read(pkt, 32 * 1024, &tmp); - if (res > 0) - { - px_debug("pgp_expect_packet_end: got data"); - return PXE_PGP_CORRUPT_DATA; - } - } - return res < 0 ? res : 0; -} - -int -pgp_decrypt(PGP_Context *ctx, MBuf *msrc, MBuf *mdst) -{ - int res; - PullFilter *src = NULL; - PullFilter *pkt = NULL; - uint8 tag = 0; - int len = 0; - int got_key = 0; - int got_data = 0; - - res = pullf_create_mbuf_reader(&src, msrc); - - while (res >= 0) - { - res = pgp_parse_pkt_hdr(src, &tag, &len, NO_CTX_SIZE); - if (res <= 0) - break; - - res = pgp_create_pkt_reader(&pkt, src, len, res, ctx); - if (res < 0) - break; - - res = PXE_PGP_CORRUPT_DATA; - switch (tag) - { - case PGP_PKT_MARKER: - res = pgp_skip_packet(pkt); - break; - case PGP_PKT_PUBENCRYPTED_SESSKEY: - /* fixme: skip those */ - res = pgp_parse_pubenc_sesskey(ctx, pkt); - got_key = 1; - break; - case PGP_PKT_SYMENCRYPTED_SESSKEY: - if (got_key) - - /* - * Theoretically, there could be several keys, both public - * and symmetric, all of which encrypt same session key. - * Decrypt should try with each one, before failing. - */ - px_debug("pgp_decrypt: using first of several keys"); - else - { - got_key = 1; - res = parse_symenc_sesskey(ctx, pkt); - } - break; - case PGP_PKT_SYMENCRYPTED_DATA: - if (!got_key) - px_debug("pgp_decrypt: have data but no key"); - else if (got_data) - px_debug("pgp_decrypt: got second data packet"); - else - { - got_data = 1; - ctx->disable_mdc = 1; - res = parse_symenc_data(ctx, pkt, mdst); - } - break; - case PGP_PKT_SYMENCRYPTED_DATA_MDC: - if (!got_key) - px_debug("pgp_decrypt: have data but no key"); - else if (got_data) - px_debug("pgp_decrypt: several data pkts not supported"); - else - { - got_data = 1; - ctx->disable_mdc = 0; - res = parse_symenc_mdc_data(ctx, pkt, mdst); - } - break; - default: - px_debug("pgp_decrypt: unknown tag: 0x%02x", tag); - } - pullf_free(pkt); - pkt = NULL; - } - - if (pkt) - pullf_free(pkt); - - if (src) - pullf_free(src); - - if (res < 0) - return res; - - if (!got_data || ctx->corrupt_prefix) - res = PXE_PGP_CORRUPT_DATA; - - return res; -} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-encrypt.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/pgp-encrypt.c b/contrib/pgcrypto/pgp-encrypt.c deleted file mode 100644 index 48f2f01..0000000 --- a/contrib/pgcrypto/pgp-encrypt.c +++ /dev/null @@ -1,708 +0,0 @@ -/* - * pgp-encrypt.c - * OpenPGP encrypt. - * - * Copyright (c) 2005 Marko Kreen - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-encrypt.c,v 1.4 2009/06/11 14:48:52 momjian Exp $ - */ - -#include "postgres.h" - -#include <time.h> - -#include "mbuf.h" -#include "px.h" -#include "pgp.h" - - -#define MDC_DIGEST_LEN 20 -#define STREAM_ID 0xE0 -#define STREAM_BLOCK_SHIFT 14 - -static uint8 * -render_newlen(uint8 *h, int len) -{ - if (len <= 191) - { - *h++ = len & 255; - } - else if (len > 191 && len <= 8383) - { - *h++ = ((len - 192) >> 8) + 192; - *h++ = (len - 192) & 255; - } - else - { - *h++ = 255; - *h++ = (len >> 24) & 255; - *h++ = (len >> 16) & 255; - *h++ = (len >> 8) & 255; - *h++ = len & 255; - } - return h; -} - -static int -write_tag_only(PushFilter *dst, int tag) -{ - uint8 hdr = 0xC0 | tag; - - return pushf_write(dst, &hdr, 1); -} - -static int -write_normal_header(PushFilter *dst, int tag, int len) -{ - uint8 hdr[8]; - uint8 *h = hdr; - - *h++ = 0xC0 | tag; - h = render_newlen(h, len); - return pushf_write(dst, hdr, h - hdr); -} - - -/* - * MAC writer - */ - -static int -mdc_init(PushFilter *dst, void *init_arg, void **priv_p) -{ - int res; - PX_MD *md; - - res = pgp_load_digest(PGP_DIGEST_SHA1, &md); - if (res < 0) - return res; - - *priv_p = md; - return 0; -} - -static int -mdc_write(PushFilter *dst, void *priv, const uint8 *data, int len) -{ - PX_MD *md = priv; - - px_md_update(md, data, len); - return pushf_write(dst, data, len); -} - -static int -mdc_flush(PushFilter *dst, void *priv) -{ - int res; - uint8 pkt[2 + MDC_DIGEST_LEN]; - PX_MD *md = priv; - - /* - * create mdc pkt - */ - pkt[0] = 0xD3; - pkt[1] = 0x14; /* MDC_DIGEST_LEN */ - px_md_update(md, pkt, 2); - px_md_finish(md, pkt + 2); - - res = pushf_write(dst, pkt, 2 + MDC_DIGEST_LEN); - memset(pkt, 0, 2 + MDC_DIGEST_LEN); - return res; -} - -static void -mdc_free(void *priv) -{ - PX_MD *md = priv; - - px_md_free(md); -} - -static const PushFilterOps mdc_filter = { - mdc_init, mdc_write, mdc_flush, mdc_free -}; - - -/* - * Encrypted pkt writer - */ -#define ENCBUF 8192 -struct EncStat -{ - PGP_CFB *ciph; - uint8 buf[ENCBUF]; -}; - -static int -encrypt_init(PushFilter *next, void *init_arg, void **priv_p) -{ - struct EncStat *st; - PGP_Context *ctx = init_arg; - PGP_CFB *ciph; - int resync = 1; - int res; - - /* should we use newer packet format? */ - if (ctx->disable_mdc == 0) - { - uint8 ver = 1; - - resync = 0; - res = pushf_write(next, &ver, 1); - if (res < 0) - return res; - } - res = pgp_cfb_create(&ciph, ctx->cipher_algo, - ctx->sess_key, ctx->sess_key_len, resync, NULL); - if (res < 0) - return res; - - st = px_alloc(sizeof(*st)); - memset(st, 0, sizeof(*st)); - st->ciph = ciph; - - *priv_p = st; - return ENCBUF; -} - -static int -encrypt_process(PushFilter *next, void *priv, const uint8 *data, int len) -{ - int res; - struct EncStat *st = priv; - int avail = len; - - while (avail > 0) - { - int tmplen = avail > ENCBUF ? ENCBUF : avail; - - res = pgp_cfb_encrypt(st->ciph, data, tmplen, st->buf); - if (res < 0) - return res; - - res = pushf_write(next, st->buf, tmplen); - if (res < 0) - return res; - - data += tmplen; - avail -= tmplen; - } - return 0; -} - -static void -encrypt_free(void *priv) -{ - struct EncStat *st = priv; - - memset(st, 0, sizeof(*st)); - px_free(st); -} - -static const PushFilterOps encrypt_filter = { - encrypt_init, encrypt_process, NULL, encrypt_free -}; - -/* - * Write Streamable pkts - */ - -struct PktStreamStat -{ - int final_done; - int pkt_block; -}; - -static int -pkt_stream_init(PushFilter *next, void *init_arg, void **priv_p) -{ - struct PktStreamStat *st; - - st = px_alloc(sizeof(*st)); - st->final_done = 0; - st->pkt_block = 1 << STREAM_BLOCK_SHIFT; - *priv_p = st; - - return st->pkt_block; -} - -static int -pkt_stream_process(PushFilter *next, void *priv, const uint8 *data, int len) -{ - int res; - uint8 hdr[8]; - uint8 *h = hdr; - struct PktStreamStat *st = priv; - - if (st->final_done) - return PXE_BUG; - - if (len == st->pkt_block) - *h++ = STREAM_ID | STREAM_BLOCK_SHIFT; - else - { - h = render_newlen(h, len); - st->final_done = 1; - } - - res = pushf_write(next, hdr, h - hdr); - if (res < 0) - return res; - - return pushf_write(next, data, len); -} - -static int -pkt_stream_flush(PushFilter *next, void *priv) -{ - int res; - uint8 hdr[8]; - uint8 *h = hdr; - struct PktStreamStat *st = priv; - - /* stream MUST end with normal packet. */ - if (!st->final_done) - { - h = render_newlen(h, 0); - res = pushf_write(next, hdr, h - hdr); - if (res < 0) - return res; - st->final_done = 1; - } - return 0; -} - -static void -pkt_stream_free(void *priv) -{ - struct PktStreamStat *st = priv; - - memset(st, 0, sizeof(*st)); - px_free(st); -} - -static const PushFilterOps pkt_stream_filter = { - pkt_stream_init, pkt_stream_process, pkt_stream_flush, pkt_stream_free -}; - -int -pgp_create_pkt_writer(PushFilter *dst, int tag, PushFilter **res_p) -{ - int res; - - res = write_tag_only(dst, tag); - if (res < 0) - return res; - - return pushf_create(res_p, &pkt_stream_filter, NULL, dst); -} - -/* - * Text conversion filter - */ - -static int -crlf_process(PushFilter *dst, void *priv, const uint8 *data, int len) -{ - const uint8 *data_end = data + len; - const uint8 *p2, - *p1 = data; - int line_len; - static const uint8 crlf[] = {'\r', '\n'}; - int res = 0; - - while (p1 < data_end) - { - p2 = memchr(p1, '\n', data_end - p1); - if (p2 == NULL) - p2 = data_end; - - line_len = p2 - p1; - - /* write data */ - res = 0; - if (line_len > 0) - { - res = pushf_write(dst, p1, line_len); - if (res < 0) - break; - p1 += line_len; - } - - /* write crlf */ - while (p1 < data_end && *p1 == '\n') - { - res = pushf_write(dst, crlf, 2); - if (res < 0) - break; - p1++; - } - } - return res; -} - -static const PushFilterOps crlf_filter = { - NULL, crlf_process, NULL, NULL -}; - -/* - * Initialize literal data packet - */ -static int -init_litdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst) -{ - int res; - int hdrlen; - uint8 hdr[6]; - uint32 t; - PushFilter *pkt; - int type; - - /* - * Create header - */ - - if (ctx->text_mode) - type = ctx->unicode_mode ? 'u' : 't'; - else - type = 'b'; - - /* - * Store the creation time into packet. The goal is to have as few known - * bytes as possible. - */ - t = (uint32) time(NULL); - - hdr[0] = type; - hdr[1] = 0; - hdr[2] = (t >> 24) & 255; - hdr[3] = (t >> 16) & 255; - hdr[4] = (t >> 8) & 255; - hdr[5] = t & 255; - hdrlen = 6; - - res = write_tag_only(dst, PGP_PKT_LITERAL_DATA); - if (res < 0) - return res; - - res = pushf_create(&pkt, &pkt_stream_filter, ctx, dst); - if (res < 0) - return res; - - res = pushf_write(pkt, hdr, hdrlen); - if (res < 0) - { - pushf_free(pkt); - return res; - } - - *pf_res = pkt; - return 0; -} - -/* - * Initialize compression filter - */ -static int -init_compress(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst) -{ - int res; - uint8 type = ctx->compress_algo; - PushFilter *pkt; - - res = write_tag_only(dst, PGP_PKT_COMPRESSED_DATA); - if (res < 0) - return res; - - res = pushf_create(&pkt, &pkt_stream_filter, ctx, dst); - if (res < 0) - return res; - - res = pushf_write(pkt, &type, 1); - if (res >= 0) - res = pgp_compress_filter(pf_res, ctx, pkt); - - if (res < 0) - pushf_free(pkt); - - return res; -} - -/* - * Initialize encdata packet - */ -static int -init_encdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst) -{ - int res; - int tag; - - if (ctx->disable_mdc) - tag = PGP_PKT_SYMENCRYPTED_DATA; - else - tag = PGP_PKT_SYMENCRYPTED_DATA_MDC; - - res = write_tag_only(dst, tag); - if (res < 0) - return res; - - return pushf_create(pf_res, &pkt_stream_filter, ctx, dst); -} - -/* - * write prefix - */ -static int -write_prefix(PGP_Context *ctx, PushFilter *dst) -{ - uint8 prefix[PGP_MAX_BLOCK + 2]; - int res, - bs; - - bs = pgp_get_cipher_block_size(ctx->cipher_algo); - res = px_get_random_bytes(prefix, bs); - if (res < 0) - return res; - - prefix[bs + 0] = prefix[bs - 2]; - prefix[bs + 1] = prefix[bs - 1]; - - res = pushf_write(dst, prefix, bs + 2); - memset(prefix, 0, bs + 2); - return res < 0 ? res : 0; -} - -/* - * write symmetrically encrypted session key packet - */ - -static int -symencrypt_sesskey(PGP_Context *ctx, uint8 *dst) -{ - int res; - PGP_CFB *cfb; - uint8 algo = ctx->cipher_algo; - - res = pgp_cfb_create(&cfb, ctx->s2k_cipher_algo, - ctx->s2k.key, ctx->s2k.key_len, 0, NULL); - if (res < 0) - return res; - - pgp_cfb_encrypt(cfb, &algo, 1, dst); - pgp_cfb_encrypt(cfb, ctx->sess_key, ctx->sess_key_len, dst + 1); - - pgp_cfb_free(cfb); - return ctx->sess_key_len + 1; -} - -/* 5.3: Symmetric-Key Encrypted Session-Key */ -static int -write_symenc_sesskey(PGP_Context *ctx, PushFilter *dst) -{ - uint8 pkt[256]; - int pktlen; - int res; - uint8 *p = pkt; - - *p++ = 4; /* 5.3 - version number */ - *p++ = ctx->s2k_cipher_algo; - - *p++ = ctx->s2k.mode; - *p++ = ctx->s2k.digest_algo; - if (ctx->s2k.mode > 0) - { - memcpy(p, ctx->s2k.salt, 8); - p += 8; - } - if (ctx->s2k.mode == 3) - *p++ = ctx->s2k.iter; - - if (ctx->use_sess_key) - { - res = symencrypt_sesskey(ctx, p); - if (res < 0) - return res; - p += res; - } - - pktlen = p - pkt; - res = write_normal_header(dst, PGP_PKT_SYMENCRYPTED_SESSKEY, pktlen); - if (res >= 0) - res = pushf_write(dst, pkt, pktlen); - - memset(pkt, 0, pktlen); - return res; -} - -/* - * key setup - */ -static int -init_s2k_key(PGP_Context *ctx) -{ - int res; - - if (ctx->s2k_cipher_algo < 0) - ctx->s2k_cipher_algo = ctx->cipher_algo; - - res = pgp_s2k_fill(&ctx->s2k, ctx->s2k_mode, ctx->s2k_digest_algo); - if (res < 0) - return res; - - return pgp_s2k_process(&ctx->s2k, ctx->s2k_cipher_algo, - ctx->sym_key, ctx->sym_key_len); -} - -static int -init_sess_key(PGP_Context *ctx) -{ - int res; - - if (ctx->use_sess_key || ctx->pub_key) - { - ctx->sess_key_len = pgp_get_cipher_key_size(ctx->cipher_algo); - res = px_get_random_bytes(ctx->sess_key, ctx->sess_key_len); - if (res < 0) - return res; - } - else - { - ctx->sess_key_len = ctx->s2k.key_len; - memcpy(ctx->sess_key, ctx->s2k.key, ctx->s2k.key_len); - } - - return 0; -} - -/* - * combine - */ -int -pgp_encrypt(PGP_Context *ctx, MBuf *src, MBuf *dst) -{ - int res; - int len; - uint8 *buf; - PushFilter *pf, - *pf_tmp; - - /* - * do we have any key - */ - if (!ctx->sym_key && !ctx->pub_key) - return PXE_ARGUMENT_ERROR; - - /* MBuf writer */ - res = pushf_create_mbuf_writer(&pf, dst); - if (res < 0) - goto out; - - /* - * initialize symkey - */ - if (ctx->sym_key) - { - res = init_s2k_key(ctx); - if (res < 0) - goto out; - } - - res = init_sess_key(ctx); - if (res < 0) - goto out; - - /* - * write keypkt - */ - if (ctx->pub_key) - res = pgp_write_pubenc_sesskey(ctx, pf); - else - res = write_symenc_sesskey(ctx, pf); - if (res < 0) - goto out; - - /* encrypted data pkt */ - res = init_encdata_packet(&pf_tmp, ctx, pf); - if (res < 0) - goto out; - pf = pf_tmp; - - /* encrypter */ - res = pushf_create(&pf_tmp, &encrypt_filter, ctx, pf); - if (res < 0) - goto out; - pf = pf_tmp; - - /* hasher */ - if (ctx->disable_mdc == 0) - { - res = pushf_create(&pf_tmp, &mdc_filter, ctx, pf); - if (res < 0) - goto out; - pf = pf_tmp; - } - - /* prefix */ - res = write_prefix(ctx, pf); - if (res < 0) - goto out; - - /* compressor */ - if (ctx->compress_algo > 0 && ctx->compress_level > 0) - { - res = init_compress(&pf_tmp, ctx, pf); - if (res < 0) - goto out; - pf = pf_tmp; - } - - /* data streamer */ - res = init_litdata_packet(&pf_tmp, ctx, pf); - if (res < 0) - goto out; - pf = pf_tmp; - - - /* text conversion? */ - if (ctx->text_mode && ctx->convert_crlf) - { - res = pushf_create(&pf_tmp, &crlf_filter, ctx, pf); - if (res < 0) - goto out; - pf = pf_tmp; - } - - /* - * chain complete - */ - - len = mbuf_grab(src, mbuf_avail(src), &buf); - res = pushf_write(pf, buf, len); - if (res >= 0) - res = pushf_flush(pf); -out: - pushf_free_all(pf); - return res; -} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-info.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/pgp-info.c b/contrib/pgcrypto/pgp-info.c deleted file mode 100644 index a51a553..0000000 --- a/contrib/pgcrypto/pgp-info.c +++ /dev/null @@ -1,235 +0,0 @@ -/* - * pgp-info.c - * Provide info about PGP data. - * - * Copyright (c) 2005 Marko Kreen - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-info.c,v 1.5 2009/06/11 14:48:52 momjian Exp $ - */ -#include "postgres.h" - -#include "px.h" -#include "mbuf.h" -#include "pgp.h" - -static int -read_pubkey_keyid(PullFilter *pkt, uint8 *keyid_buf) -{ - int res; - PGP_PubKey *pk = NULL; - - res = _pgp_read_public_key(pkt, &pk); - if (res < 0) - goto err; - - /* skip secret key part, if it exists */ - res = pgp_skip_packet(pkt); - if (res < 0) - goto err; - - /* is it encryption key */ - switch (pk->algo) - { - case PGP_PUB_ELG_ENCRYPT: - case PGP_PUB_RSA_ENCRYPT: - case PGP_PUB_RSA_ENCRYPT_SIGN: - memcpy(keyid_buf, pk->key_id, 8); - res = 1; - break; - default: - res = 0; - } - -err: - pgp_key_free(pk); - return res; -} - -static int -read_pubenc_keyid(PullFilter *pkt, uint8 *keyid_buf) -{ - uint8 ver; - int res; - - GETBYTE(pkt, ver); - if (ver != 3) - return -1; - - res = pullf_read_fixed(pkt, 8, keyid_buf); - if (res < 0) - return res; - - return pgp_skip_packet(pkt); -} - -static const char hextbl[] = "0123456789ABCDEF"; - -static int -print_key(uint8 *keyid, char *dst) -{ - int i; - unsigned c; - - for (i = 0; i < 8; i++) - { - c = keyid[i]; - *dst++ = hextbl[(c >> 4) & 0x0F]; - *dst++ = hextbl[c & 0x0F]; - } - *dst = 0; - return 8 * 2; -} - -static const uint8 any_key[] = -{0, 0, 0, 0, 0, 0, 0, 0}; - -/* - * dst should have room for 17 bytes - */ -int -pgp_get_keyid(MBuf *pgp_data, char *dst) -{ - int res; - PullFilter *src; - PullFilter *pkt = NULL; - int len; - uint8 tag; - int got_pub_key = 0, - got_symenc_key = 0, - got_pubenc_key = 0; - int got_data = 0; - uint8 keyid_buf[8]; - int got_main_key = 0; - - - res = pullf_create_mbuf_reader(&src, pgp_data); - if (res < 0) - return res; - - while (1) - { - res = pgp_parse_pkt_hdr(src, &tag, &len, 0); - if (res <= 0) - break; - res = pgp_create_pkt_reader(&pkt, src, len, res, NULL); - if (res < 0) - break; - - switch (tag) - { - case PGP_PKT_SECRET_KEY: - case PGP_PKT_PUBLIC_KEY: - /* main key is for signing, so ignore it */ - if (!got_main_key) - { - got_main_key = 1; - res = pgp_skip_packet(pkt); - } - else - res = PXE_PGP_MULTIPLE_KEYS; - break; - case PGP_PKT_SECRET_SUBKEY: - case PGP_PKT_PUBLIC_SUBKEY: - res = read_pubkey_keyid(pkt, keyid_buf); - if (res < 0) - break; - if (res > 0) - got_pub_key++; - break; - case PGP_PKT_PUBENCRYPTED_SESSKEY: - got_pubenc_key++; - res = read_pubenc_keyid(pkt, keyid_buf); - break; - case PGP_PKT_SYMENCRYPTED_DATA: - case PGP_PKT_SYMENCRYPTED_DATA_MDC: - /* don't skip it, just stop */ - got_data = 1; - break; - case PGP_PKT_SYMENCRYPTED_SESSKEY: - got_symenc_key++; - /* fallthru */ - case PGP_PKT_SIGNATURE: - case PGP_PKT_MARKER: - case PGP_PKT_TRUST: - case PGP_PKT_USER_ID: - case PGP_PKT_USER_ATTR: - case PGP_PKT_PRIV_61: - res = pgp_skip_packet(pkt); - break; - default: - res = PXE_PGP_CORRUPT_DATA; - } - - if (pkt) - pullf_free(pkt); - pkt = NULL; - - if (res < 0 || got_data) - break; - } - - pullf_free(src); - if (pkt) - pullf_free(pkt); - - if (res < 0) - return res; - - /* now check sanity */ - if (got_pub_key && got_pubenc_key) - res = PXE_PGP_CORRUPT_DATA; - - if (got_pub_key > 1) - res = PXE_PGP_MULTIPLE_KEYS; - - if (got_pubenc_key > 1) - res = PXE_PGP_MULTIPLE_KEYS; - - /* - * if still ok, look what we got - */ - if (res >= 0) - { - if (got_pubenc_key || got_pub_key) - { - if (memcmp(keyid_buf, any_key, 8) == 0) - { - memcpy(dst, "ANYKEY", 7); - res = 6; - } - else - res = print_key(keyid_buf, dst); - } - else if (got_symenc_key) - { - memcpy(dst, "SYMKEY", 7); - res = 6; - } - else - res = PXE_PGP_NO_USABLE_KEY; - } - - return res; -} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-mpi-internal.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/pgp-mpi-internal.c b/contrib/pgcrypto/pgp-mpi-internal.c deleted file mode 100644 index 283946b..0000000 --- a/contrib/pgcrypto/pgp-mpi-internal.c +++ /dev/null @@ -1,308 +0,0 @@ -/* - * pgp-mpi-internal.c - * OpenPGP MPI functions. - * - * Copyright (c) 2005 Marko Kreen - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-mpi-internal.c,v 1.8 2009/06/11 14:48:52 momjian Exp $ - */ -#include "postgres.h" - -#include "imath.h" - -#include "px.h" -#include "mbuf.h" -#include "pgp.h" - -static mpz_t * -mp_new() -{ - mpz_t *mp = mp_int_alloc(); - - mp_int_init_size(mp, 256); - return mp; -} - -static void -mp_clear_free(mpz_t *a) -{ - if (!a) - return; - /* fixme: no clear? */ - mp_int_free(a); -} - - -static int -mp_px_rand(uint32 bits, mpz_t *res) -{ - int err; - unsigned bytes = (bits + 7) / 8; - int last_bits = bits & 7; - uint8 *buf; - - buf = px_alloc(bytes); - err = px_get_random_bytes(buf, bytes); - if (err < 0) - { - px_free(buf); - return err; - } - - /* clear unnecessary bits and set last bit to one */ - if (last_bits) - { - buf[0] >>= 8 - last_bits; - buf[0] |= 1 << (last_bits - 1); - } - else - buf[0] |= 1 << 7; - - mp_int_read_unsigned(res, buf, bytes); - - px_free(buf); - - return 0; -} - -static void -mp_modmul(mpz_t *a, mpz_t *b, mpz_t *p, mpz_t *res) -{ - mpz_t *tmp = mp_new(); - - mp_int_mul(a, b, tmp); - mp_int_mod(tmp, p, res); - mp_clear_free(tmp); -} - -static mpz_t * -mpi_to_bn(PGP_MPI *n) -{ - mpz_t *bn = mp_new(); - - mp_int_read_unsigned(bn, n->data, n->bytes); - - if (!bn) - return NULL; - if (mp_int_count_bits(bn) != n->bits) - { - px_debug("mpi_to_bn: bignum conversion failed: mpi=%d, bn=%d", - n->bits, mp_int_count_bits(bn)); - mp_clear_free(bn); - return NULL; - } - return bn; -} - -static PGP_MPI * -bn_to_mpi(mpz_t *bn) -{ - int res; - PGP_MPI *n; - int bytes; - - res = pgp_mpi_alloc(mp_int_count_bits(bn), &n); - if (res < 0) - return NULL; - - bytes = (mp_int_count_bits(bn) + 7) / 8; - if (bytes != n->bytes) - { - px_debug("bn_to_mpi: bignum conversion failed: bn=%d, mpi=%d", - bytes, n->bytes); - pgp_mpi_free(n); - return NULL; - } - mp_int_to_unsigned(bn, n->data, n->bytes); - return n; -} - -/* - * Decide the number of bits in the random componont k - * - * It should be in the same range as p for signing (which - * is deprecated), but can be much smaller for encrypting. - * - * Until I research it further, I just mimic gpg behaviour. - * It has a special mapping table, for values <= 5120, - * above that it uses 'arbitrary high number'. Following - * algorihm hovers 10-70 bits above gpg values. And for - * larger p, it uses gpg's algorihm. - * - * The point is - if k gets large, encryption will be - * really slow. It does not matter for decryption. - */ -static int -decide_k_bits(int p_bits) -{ - if (p_bits <= 5120) - return p_bits / 10 + 160; - else - return (p_bits / 8 + 200) * 3 / 2; -} - -int -pgp_elgamal_encrypt(PGP_PubKey *pk, PGP_MPI *_m, - PGP_MPI **c1_p, PGP_MPI **c2_p) -{ - int res = PXE_PGP_MATH_FAILED; - int k_bits; - mpz_t *m = mpi_to_bn(_m); - mpz_t *p = mpi_to_bn(pk->pub.elg.p); - mpz_t *g = mpi_to_bn(pk->pub.elg.g); - mpz_t *y = mpi_to_bn(pk->pub.elg.y); - mpz_t *k = mp_new(); - mpz_t *yk = mp_new(); - mpz_t *c1 = mp_new(); - mpz_t *c2 = mp_new(); - - if (!m || !p || !g || !y || !k || !yk || !c1 || !c2) - goto err; - - /* - * generate k - */ - k_bits = decide_k_bits(mp_int_count_bits(p)); - res = mp_px_rand(k_bits, k); - if (res < 0) - return res; - - /* - * c1 = g^k c2 = m * y^k - */ - mp_int_exptmod(g, k, p, c1); - mp_int_exptmod(y, k, p, yk); - mp_modmul(m, yk, p, c2); - - /* result */ - *c1_p = bn_to_mpi(c1); - *c2_p = bn_to_mpi(c2); - if (*c1_p && *c2_p) - res = 0; -err: - mp_clear_free(c2); - mp_clear_free(c1); - mp_clear_free(yk); - mp_clear_free(k); - mp_clear_free(y); - mp_clear_free(g); - mp_clear_free(p); - mp_clear_free(m); - return res; -} - -int -pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *_c1, PGP_MPI *_c2, - PGP_MPI **msg_p) -{ - int res = PXE_PGP_MATH_FAILED; - mpz_t *c1 = mpi_to_bn(_c1); - mpz_t *c2 = mpi_to_bn(_c2); - mpz_t *p = mpi_to_bn(pk->pub.elg.p); - mpz_t *x = mpi_to_bn(pk->sec.elg.x); - mpz_t *c1x = mp_new(); - mpz_t *div = mp_new(); - mpz_t *m = mp_new(); - - if (!c1 || !c2 || !p || !x || !c1x || !div || !m) - goto err; - - /* - * m = c2 / (c1^x) - */ - mp_int_exptmod(c1, x, p, c1x); - mp_int_invmod(c1x, p, div); - mp_modmul(c2, div, p, m); - - /* result */ - *msg_p = bn_to_mpi(m); - if (*msg_p) - res = 0; -err: - mp_clear_free(m); - mp_clear_free(div); - mp_clear_free(c1x); - mp_clear_free(x); - mp_clear_free(p); - mp_clear_free(c2); - mp_clear_free(c1); - return res; -} - -int -pgp_rsa_encrypt(PGP_PubKey *pk, PGP_MPI *_m, PGP_MPI **c_p) -{ - int res = PXE_PGP_MATH_FAILED; - mpz_t *m = mpi_to_bn(_m); - mpz_t *e = mpi_to_bn(pk->pub.rsa.e); - mpz_t *n = mpi_to_bn(pk->pub.rsa.n); - mpz_t *c = mp_new(); - - if (!m || !e || !n || !c) - goto err; - - /* - * c = m ^ e - */ - mp_int_exptmod(m, e, n, c); - - *c_p = bn_to_mpi(c); - if (*c_p) - res = 0; -err: - mp_clear_free(c); - mp_clear_free(n); - mp_clear_free(e); - mp_clear_free(m); - return res; -} - -int -pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *_c, PGP_MPI **m_p) -{ - int res = PXE_PGP_MATH_FAILED; - mpz_t *c = mpi_to_bn(_c); - mpz_t *d = mpi_to_bn(pk->sec.rsa.d); - mpz_t *n = mpi_to_bn(pk->pub.rsa.n); - mpz_t *m = mp_new(); - - if (!m || !d || !n || !c) - goto err; - - /* - * m = c ^ d - */ - mp_int_exptmod(c, d, n, m); - - *m_p = bn_to_mpi(m); - if (*m_p) - res = 0; -err: - mp_clear_free(m); - mp_clear_free(n); - mp_clear_free(d); - mp_clear_free(c); - return res; -} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-mpi-openssl.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/pgp-mpi-openssl.c b/contrib/pgcrypto/pgp-mpi-openssl.c deleted file mode 100644 index f2b25de..0000000 --- a/contrib/pgcrypto/pgp-mpi-openssl.c +++ /dev/null @@ -1,285 +0,0 @@ -/* - * pgp-mpi-openssl.c - * OpenPGP MPI functions using OpenSSL BIGNUM code. - * - * Copyright (c) 2005 Marko Kreen - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-mpi-openssl.c,v 1.5 2009/06/11 14:48:52 momjian Exp $ - */ -#include "postgres.h" - -#include <openssl/bn.h> - -#include "px.h" -#include "mbuf.h" -#include "pgp.h" - -static BIGNUM * -mpi_to_bn(PGP_MPI *n) -{ - BIGNUM *bn = BN_bin2bn(n->data, n->bytes, NULL); - - if (!bn) - return NULL; - if (BN_num_bits(bn) != n->bits) - { - px_debug("mpi_to_bn: bignum conversion failed: mpi=%d, bn=%d", - n->bits, BN_num_bits(bn)); - BN_clear_free(bn); - return NULL; - } - return bn; -} - -static PGP_MPI * -bn_to_mpi(BIGNUM *bn) -{ - int res; - PGP_MPI *n; - - res = pgp_mpi_alloc(BN_num_bits(bn), &n); - if (res < 0) - return NULL; - - if (BN_num_bytes(bn) != n->bytes) - { - px_debug("bn_to_mpi: bignum conversion failed: bn=%d, mpi=%d", - BN_num_bytes(bn), n->bytes); - pgp_mpi_free(n); - return NULL; - } - BN_bn2bin(bn, n->data); - return n; -} - -/* - * Decide the number of bits in the random componont k - * - * It should be in the same range as p for signing (which - * is deprecated), but can be much smaller for encrypting. - * - * Until I research it further, I just mimic gpg behaviour. - * It has a special mapping table, for values <= 5120, - * above that it uses 'arbitrary high number'. Following - * algorihm hovers 10-70 bits above gpg values. And for - * larger p, it uses gpg's algorihm. - * - * The point is - if k gets large, encryption will be - * really slow. It does not matter for decryption. - */ -static int -decide_k_bits(int p_bits) -{ - if (p_bits <= 5120) - return p_bits / 10 + 160; - else - return (p_bits / 8 + 200) * 3 / 2; -} - -int -pgp_elgamal_encrypt(PGP_PubKey *pk, PGP_MPI *_m, - PGP_MPI **c1_p, PGP_MPI **c2_p) -{ - int res = PXE_PGP_MATH_FAILED; - int k_bits; - BIGNUM *m = mpi_to_bn(_m); - BIGNUM *p = mpi_to_bn(pk->pub.elg.p); - BIGNUM *g = mpi_to_bn(pk->pub.elg.g); - BIGNUM *y = mpi_to_bn(pk->pub.elg.y); - BIGNUM *k = BN_new(); - BIGNUM *yk = BN_new(); - BIGNUM *c1 = BN_new(); - BIGNUM *c2 = BN_new(); - BN_CTX *tmp = BN_CTX_new(); - - if (!m || !p || !g || !y || !k || !yk || !c1 || !c2 || !tmp) - goto err; - - /* - * generate k - */ - k_bits = decide_k_bits(BN_num_bits(p)); - if (!BN_rand(k, k_bits, 0, 0)) - goto err; - - /* - * c1 = g^k c2 = m * y^k - */ - if (!BN_mod_exp(c1, g, k, p, tmp)) - goto err; - if (!BN_mod_exp(yk, y, k, p, tmp)) - goto err; - if (!BN_mod_mul(c2, m, yk, p, tmp)) - goto err; - - /* result */ - *c1_p = bn_to_mpi(c1); - *c2_p = bn_to_mpi(c2); - if (*c1_p && *c2_p) - res = 0; -err: - if (tmp) - BN_CTX_free(tmp); - if (c2) - BN_clear_free(c2); - if (c1) - BN_clear_free(c1); - if (yk) - BN_clear_free(yk); - if (k) - BN_clear_free(k); - if (y) - BN_clear_free(y); - if (g) - BN_clear_free(g); - if (p) - BN_clear_free(p); - if (m) - BN_clear_free(m); - return res; -} - -int -pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *_c1, PGP_MPI *_c2, - PGP_MPI **msg_p) -{ - int res = PXE_PGP_MATH_FAILED; - BIGNUM *c1 = mpi_to_bn(_c1); - BIGNUM *c2 = mpi_to_bn(_c2); - BIGNUM *p = mpi_to_bn(pk->pub.elg.p); - BIGNUM *x = mpi_to_bn(pk->sec.elg.x); - BIGNUM *c1x = BN_new(); - BIGNUM *div = BN_new(); - BIGNUM *m = BN_new(); - BN_CTX *tmp = BN_CTX_new(); - - if (!c1 || !c2 || !p || !x || !c1x || !div || !m || !tmp) - goto err; - - /* - * m = c2 / (c1^x) - */ - if (!BN_mod_exp(c1x, c1, x, p, tmp)) - goto err; - if (!BN_mod_inverse(div, c1x, p, tmp)) - goto err; - if (!BN_mod_mul(m, c2, div, p, tmp)) - goto err; - - /* result */ - *msg_p = bn_to_mpi(m); - if (*msg_p) - res = 0; -err: - if (tmp) - BN_CTX_free(tmp); - if (m) - BN_clear_free(m); - if (div) - BN_clear_free(div); - if (c1x) - BN_clear_free(c1x); - if (x) - BN_clear_free(x); - if (p) - BN_clear_free(p); - if (c2) - BN_clear_free(c2); - if (c1) - BN_clear_free(c1); - return res; -} - -int -pgp_rsa_encrypt(PGP_PubKey *pk, PGP_MPI *_m, PGP_MPI **c_p) -{ - int res = PXE_PGP_MATH_FAILED; - BIGNUM *m = mpi_to_bn(_m); - BIGNUM *e = mpi_to_bn(pk->pub.rsa.e); - BIGNUM *n = mpi_to_bn(pk->pub.rsa.n); - BIGNUM *c = BN_new(); - BN_CTX *tmp = BN_CTX_new(); - - if (!m || !e || !n || !c || !tmp) - goto err; - - /* - * c = m ^ e - */ - if (!BN_mod_exp(c, m, e, n, tmp)) - goto err; - - *c_p = bn_to_mpi(c); - if (*c_p) - res = 0; -err: - if (tmp) - BN_CTX_free(tmp); - if (c) - BN_clear_free(c); - if (n) - BN_clear_free(n); - if (e) - BN_clear_free(e); - if (m) - BN_clear_free(m); - return res; -} - -int -pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *_c, PGP_MPI **m_p) -{ - int res = PXE_PGP_MATH_FAILED; - BIGNUM *c = mpi_to_bn(_c); - BIGNUM *d = mpi_to_bn(pk->sec.rsa.d); - BIGNUM *n = mpi_to_bn(pk->pub.rsa.n); - BIGNUM *m = BN_new(); - BN_CTX *tmp = BN_CTX_new(); - - if (!m || !d || !n || !c || !tmp) - goto err; - - /* - * m = c ^ d - */ - if (!BN_mod_exp(m, c, d, n, tmp)) - goto err; - - *m_p = bn_to_mpi(m); - if (*m_p) - res = 0; -err: - if (tmp) - BN_CTX_free(tmp); - if (m) - BN_clear_free(m); - if (n) - BN_clear_free(n); - if (d) - BN_clear_free(d); - if (c) - BN_clear_free(c); - return res; -} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/101adfab/contrib/pgcrypto/pgp-mpi.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/pgp-mpi.c b/contrib/pgcrypto/pgp-mpi.c deleted file mode 100644 index 3f2ec0f..0000000 --- a/contrib/pgcrypto/pgp-mpi.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * pgp-mpi.c - * OpenPGP MPI helper functions. - * - * Copyright (c) 2005 Marko Kreen - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-mpi.c,v 1.5 2009/06/11 14:48:52 momjian Exp $ - */ -#include "postgres.h" - -#include "px.h" -#include "mbuf.h" -#include "pgp.h" - -int -pgp_mpi_alloc(int bits, PGP_MPI **mpi) -{ - PGP_MPI *n; - int len = (bits + 7) / 8; - - if (bits < 0 || bits > 0xFFFF) - { - px_debug("pgp_mpi_alloc: unreasonable request: bits=%d", bits); - return PXE_PGP_CORRUPT_DATA; - } - n = px_alloc(sizeof(*n) + len); - n->bits = bits; - n->bytes = len; - n->data = (uint8 *) (n) + sizeof(*n); - *mpi = n; - return 0; -} - -int -pgp_mpi_create(uint8 *data, int bits, PGP_MPI **mpi) -{ - int res; - PGP_MPI *n; - - res = pgp_mpi_alloc(bits, &n); - if (res < 0) - return res; - memcpy(n->data, data, n->bytes); - *mpi = n; - return 0; -} - -int -pgp_mpi_free(PGP_MPI *mpi) -{ - if (mpi == NULL) - return 0; - memset(mpi, 0, sizeof(*mpi) + mpi->bytes); - px_free(mpi); - return 0; -} - -int -pgp_mpi_read(PullFilter *src, PGP_MPI **mpi) -{ - int res; - uint8 hdr[2]; - int bits; - PGP_MPI *n; - - res = pullf_read_fixed(src, 2, hdr); - if (res < 0) - return res; - bits = ((unsigned) hdr[0] << 8) + hdr[1]; - - res = pgp_mpi_alloc(bits, &n); - if (res < 0) - return res; - - res = pullf_read_fixed(src, n->bytes, n->data); - if (res < 0) - pgp_mpi_free(n); - else - *mpi = n; - return res; -} - -int -pgp_mpi_write(PushFilter *dst, PGP_MPI *n) -{ - int res; - uint8 buf[2]; - - buf[0] = n->bits >> 8; - buf[1] = n->bits & 0xFF; - res = pushf_write(dst, buf, 2); - if (res >= 0) - res = pushf_write(dst, n->data, n->bytes); - return res; -} - -int -pgp_mpi_hash(PX_MD *md, PGP_MPI *n) -{ - uint8 buf[2]; - - buf[0] = n->bits >> 8; - buf[1] = n->bits & 0xFF; - px_md_update(md, buf, 2); - px_md_update(md, n->data, n->bytes); - - return 0; -} - -unsigned -pgp_mpi_cksum(unsigned cksum, PGP_MPI *n) -{ - int i; - - cksum += n->bits >> 8; - cksum += n->bits & 0xFF; - for (i = 0; i < n->bytes; i++) - cksum += n->data[i]; - - return cksum & 0xFFFF; -}
