http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/px.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c new file mode 100644 index 0000000..f23d4de --- /dev/null +++ b/contrib/pgcrypto/px.c @@ -0,0 +1,437 @@ +/* + * px.c + * Various cryptographic stuff for PostgreSQL. + * + * Copyright (c) 2001 Marko Kreen + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * contrib/pgcrypto/px.c + */ + +#include "postgres.h" + +#include "px.h" + +struct error_desc +{ + int err; + const char *desc; +}; + +static const struct error_desc px_err_list[] = { + {PXE_OK, "Everything ok"}, + {PXE_ERR_GENERIC, "Some PX error (not specified)"}, + {PXE_NO_HASH, "No such hash algorithm"}, + {PXE_NO_CIPHER, "No such cipher algorithm"}, + {PXE_NOTBLOCKSIZE, "Data not a multiple of block size"}, + {PXE_BAD_OPTION, "Unknown option"}, + {PXE_BAD_FORMAT, "Badly formatted type"}, + {PXE_KEY_TOO_BIG, "Key was too big"}, + {PXE_CIPHER_INIT, "Cipher cannot be initalized ?"}, + {PXE_HASH_UNUSABLE_FOR_HMAC, "This hash algorithm is unusable for HMAC"}, + {PXE_DEV_READ_ERROR, "Error reading from random device"}, + {PXE_OSSL_RAND_ERROR, "OpenSSL PRNG error"}, + {PXE_BUG, "pgcrypto bug"}, + {PXE_ARGUMENT_ERROR, "Illegal argument to function"}, + {PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"}, + {PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"}, + {PXE_MCRYPT_INTERNAL, "mcrypt internal error"}, + {PXE_NO_RANDOM, "No strong random source"}, + {PXE_DECRYPT_FAILED, "Decryption failed"}, + {PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"}, + {PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"}, + {PXE_PGP_UNSUPPORTED_COMPR, "Unsupported compression algorithm"}, + {PXE_PGP_UNSUPPORTED_CIPHER, "Unsupported cipher algorithm"}, + {PXE_PGP_UNSUPPORTED_HASH, "Unsupported digest algorithm"}, + {PXE_PGP_COMPRESSION_ERROR, "Compression error"}, + {PXE_PGP_NOT_TEXT, "Not text data"}, + {PXE_PGP_UNEXPECTED_PKT, "Unexpected packet in key data"}, + {PXE_PGP_NO_BIGNUM, + "public-key functions disabled - " + "pgcrypto needs OpenSSL for bignums"}, + {PXE_PGP_MATH_FAILED, "Math operation failed"}, + {PXE_PGP_SHORT_ELGAMAL_KEY, "Elgamal keys must be at least 1024 bits long"}, + {PXE_PGP_RSA_UNSUPPORTED, "pgcrypto does not support RSA keys"}, + {PXE_PGP_UNKNOWN_PUBALGO, "Unknown public-key encryption algorithm"}, + {PXE_PGP_WRONG_KEY, "Wrong key"}, + {PXE_PGP_MULTIPLE_KEYS, + "Several keys given - pgcrypto does not handle keyring"}, + {PXE_PGP_EXPECT_PUBLIC_KEY, "Refusing to encrypt with secret key"}, + {PXE_PGP_EXPECT_SECRET_KEY, "Cannot decrypt with public key"}, + {PXE_PGP_NOT_V4_KEYPKT, "Only V4 key packets are supported"}, + {PXE_PGP_KEYPKT_CORRUPT, "Corrupt key packet"}, + {PXE_PGP_NO_USABLE_KEY, "No encryption key found"}, + {PXE_PGP_NEED_SECRET_PSW, "Need password for secret key"}, + {PXE_PGP_BAD_S2K_MODE, "Bad S2K mode"}, + {PXE_PGP_UNSUPPORTED_PUBALGO, "Unsupported public key algorithm"}, + {PXE_PGP_MULTIPLE_SUBKEYS, "Several subkeys not supported"}, + + /* fake this as PXE_PGP_CORRUPT_DATA */ + {PXE_MBUF_SHORT_READ, "Corrupt data"}, + + {0, NULL}, +}; + +const char * +px_strerror(int err) +{ + const struct error_desc *e; + + for (e = px_err_list; e->desc; e++) + if (e->err == err) + return e->desc; + return "Bad error code"; +} + + +const char * +px_resolve_alias(const PX_Alias *list, const char *name) +{ + while (list->name) + { + if (pg_strcasecmp(list->alias, name) == 0) + return list->name; + list++; + } + return name; +} + +static void (*debug_handler) (const char *) = NULL; + +void +px_set_debug_handler(void (*handler) (const char *)) +{ + debug_handler = handler; +} + +void +px_debug(const char *fmt,...) +{ + va_list ap; + + va_start(ap, fmt); + if (debug_handler) + { + char buf[512]; + + vsnprintf(buf, sizeof(buf), fmt, ap); + debug_handler(buf); + } + va_end(ap); +} + +/* + * combo - cipher + padding (+ checksum) + */ + +static unsigned +combo_encrypt_len(PX_Combo *cx, unsigned dlen) +{ + return dlen + 512; +} + +static unsigned +combo_decrypt_len(PX_Combo *cx, unsigned dlen) +{ + return dlen; +} + +static int +combo_init(PX_Combo *cx, const uint8 *key, unsigned klen, + const uint8 *iv, unsigned ivlen) +{ + int err; + unsigned ks, + ivs; + PX_Cipher *c = cx->cipher; + uint8 *ivbuf = NULL; + uint8 *keybuf; + + ks = px_cipher_key_size(c); + + ivs = px_cipher_iv_size(c); + if (ivs > 0) + { + ivbuf = px_alloc(ivs); + memset(ivbuf, 0, ivs); + if (ivlen > ivs) + memcpy(ivbuf, iv, ivs); + else + memcpy(ivbuf, iv, ivlen); + } + + if (klen > ks) + klen = ks; + keybuf = px_alloc(ks); + memset(keybuf, 0, ks); + memcpy(keybuf, key, klen); + + err = px_cipher_init(c, keybuf, klen, ivbuf); + + if (ivbuf) + px_free(ivbuf); + px_free(keybuf); + + return err; +} + +static int +combo_encrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, + uint8 *res, unsigned *rlen) +{ + int err = 0; + uint8 *bbuf; + unsigned bs, + bpos, + i, + pad; + + PX_Cipher *c = cx->cipher; + + bbuf = NULL; + bs = px_cipher_block_size(c); + + /* encrypt */ + if (bs > 1) + { + bbuf = px_alloc(bs * 4); + bpos = dlen % bs; + *rlen = dlen - bpos; + memcpy(bbuf, data + *rlen, bpos); + + /* encrypt full-block data */ + if (*rlen) + { + err = px_cipher_encrypt(c, data, *rlen, res); + if (err) + goto out; + } + + /* bbuf has now bpos bytes of stuff */ + if (cx->padding) + { + pad = bs - (bpos % bs); + for (i = 0; i < pad; i++) + bbuf[bpos++] = pad; + } + else if (bpos % bs) + { + /* ERROR? */ + pad = bs - (bpos % bs); + for (i = 0; i < pad; i++) + bbuf[bpos++] = 0; + } + + /* encrypt the rest - pad */ + if (bpos) + { + err = px_cipher_encrypt(c, bbuf, bpos, res + *rlen); + *rlen += bpos; + } + } + else + { + /* stream cipher/mode - no pad needed */ + err = px_cipher_encrypt(c, data, dlen, res); + if (err) + goto out; + *rlen = dlen; + } +out: + if (bbuf) + px_free(bbuf); + + return err; +} + +static int +combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, + uint8 *res, unsigned *rlen) +{ + unsigned bs, + i, + pad; + unsigned pad_ok; + + PX_Cipher *c = cx->cipher; + + /* decide whether zero-length input is allowed */ + if (dlen == 0) + { + /* with padding, empty ciphertext is not allowed */ + if (cx->padding) + return PXE_DECRYPT_FAILED; + + /* without padding, report empty result */ + *rlen = 0; + return 0; + } + + bs = px_cipher_block_size(c); + if (bs > 1 && (dlen % bs) != 0) + goto block_error; + + /* decrypt */ + *rlen = dlen; + px_cipher_decrypt(c, data, dlen, res); + + /* unpad */ + if (bs > 1 && cx->padding) + { + pad = res[*rlen - 1]; + pad_ok = 0; + if (pad > 0 && pad <= bs && pad <= *rlen) + { + pad_ok = 1; + for (i = *rlen - pad; i < *rlen; i++) + if (res[i] != pad) + { + pad_ok = 0; + break; + } + } + + if (pad_ok) + *rlen -= pad; + } + + return 0; + +block_error: + return PXE_NOTBLOCKSIZE; +} + +static void +combo_free(PX_Combo *cx) +{ + if (cx->cipher) + px_cipher_free(cx->cipher); + memset(cx, 0, sizeof(*cx)); + px_free(cx); +} + +/* PARSER */ + +static int +parse_cipher_name(char *full, char **cipher, char **pad) +{ + char *p, + *p2, + *q; + + *cipher = full; + *pad = NULL; + + p = strchr(full, '/'); + if (p != NULL) + *p++ = 0; + while (p != NULL) + { + if ((q = strchr(p, '/')) != NULL) + *q++ = 0; + + if (!*p) + { + p = q; + continue; + } + p2 = strchr(p, ':'); + if (p2 != NULL) + { + *p2++ = 0; + if (strcmp(p, "pad") == 0) + *pad = p2; + else + return PXE_BAD_OPTION; + } + else + return PXE_BAD_FORMAT; + + p = q; + } + return 0; +} + +/* provider */ + +int +px_find_combo(const char *name, PX_Combo **res) +{ + int err; + char *buf, + *s_cipher, + *s_pad; + + PX_Combo *cx; + + cx = px_alloc(sizeof(*cx)); + memset(cx, 0, sizeof(*cx)); + + buf = px_alloc(strlen(name) + 1); + strcpy(buf, name); + + err = parse_cipher_name(buf, &s_cipher, &s_pad); + if (err) + { + px_free(buf); + px_free(cx); + return err; + } + + err = px_find_cipher(s_cipher, &cx->cipher); + if (err) + goto err1; + + if (s_pad != NULL) + { + if (strcmp(s_pad, "pkcs") == 0) + cx->padding = 1; + else if (strcmp(s_pad, "none") == 0) + cx->padding = 0; + else + goto err1; + } + else + cx->padding = 1; + + cx->init = combo_init; + cx->encrypt = combo_encrypt; + cx->decrypt = combo_decrypt; + cx->encrypt_len = combo_encrypt_len; + cx->decrypt_len = combo_decrypt_len; + cx->free = combo_free; + + px_free(buf); + + *res = cx; + + return 0; + +err1: + if (cx->cipher) + px_cipher_free(cx->cipher); + px_free(cx); + px_free(buf); + return PXE_NO_CIPHER; +}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/px.h ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h new file mode 100644 index 0000000..610b7fa --- /dev/null +++ b/contrib/pgcrypto/px.h @@ -0,0 +1,250 @@ +/* + * px.h + * Header file for pgcrypto. + * + * Copyright (c) 2001 Marko Kreen + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * contrib/pgcrypto/px.h + */ + +#ifndef __PX_H +#define __PX_H + +#include <sys/types.h> +#include <sys/param.h> + +/* keep debug messages? */ +#define PX_DEBUG + +/* a way to disable palloc + * - useful if compiled into standalone + */ +#ifndef PX_OWN_ALLOC +#define px_alloc(s) palloc(s) +#define px_realloc(p, s) repalloc(p, s) +#define px_free(p) pfree(p) +#else +void *px_alloc(size_t s); +void *px_realloc(void *p, size_t s); +void px_free(void *p); +#endif + +/* max len of 'type' parms */ +#define PX_MAX_NAMELEN 128 + +/* max salt returned */ +#define PX_MAX_SALT_LEN 128 + +/* + * PX error codes + */ +#define PXE_OK 0 +#define PXE_ERR_GENERIC -1 +#define PXE_NO_HASH -2 +#define PXE_NO_CIPHER -3 +#define PXE_NOTBLOCKSIZE -4 +#define PXE_BAD_OPTION -5 +#define PXE_BAD_FORMAT -6 +#define PXE_KEY_TOO_BIG -7 +#define PXE_CIPHER_INIT -8 +#define PXE_HASH_UNUSABLE_FOR_HMAC -9 +#define PXE_DEV_READ_ERROR -10 +#define PXE_OSSL_RAND_ERROR -11 +#define PXE_BUG -12 +#define PXE_ARGUMENT_ERROR -13 +#define PXE_UNKNOWN_SALT_ALGO -14 +#define PXE_BAD_SALT_ROUNDS -15 +#define PXE_MCRYPT_INTERNAL -16 +#define PXE_NO_RANDOM -17 +#define PXE_DECRYPT_FAILED -18 + +#define PXE_MBUF_SHORT_READ -50 + +#define PXE_PGP_CORRUPT_DATA -100 +#define PXE_PGP_CORRUPT_ARMOR -101 +#define PXE_PGP_UNSUPPORTED_COMPR -102 +#define PXE_PGP_UNSUPPORTED_CIPHER -103 +#define PXE_PGP_UNSUPPORTED_HASH -104 +#define PXE_PGP_COMPRESSION_ERROR -105 +#define PXE_PGP_NOT_TEXT -106 +#define PXE_PGP_UNEXPECTED_PKT -107 +#define PXE_PGP_NO_BIGNUM -108 +#define PXE_PGP_MATH_FAILED -109 +#define PXE_PGP_SHORT_ELGAMAL_KEY -110 +#define PXE_PGP_RSA_UNSUPPORTED -111 +#define PXE_PGP_UNKNOWN_PUBALGO -112 +#define PXE_PGP_WRONG_KEY -113 +#define PXE_PGP_MULTIPLE_KEYS -114 +#define PXE_PGP_EXPECT_PUBLIC_KEY -115 +#define PXE_PGP_EXPECT_SECRET_KEY -116 +#define PXE_PGP_NOT_V4_KEYPKT -117 +#define PXE_PGP_KEYPKT_CORRUPT -118 +#define PXE_PGP_NO_USABLE_KEY -119 +#define PXE_PGP_NEED_SECRET_PSW -120 +#define PXE_PGP_BAD_S2K_MODE -121 +#define PXE_PGP_UNSUPPORTED_PUBALGO -122 +#define PXE_PGP_MULTIPLE_SUBKEYS -123 + + +typedef struct px_digest PX_MD; +typedef struct px_alias PX_Alias; +typedef struct px_hmac PX_HMAC; +typedef struct px_cipher PX_Cipher; +typedef struct px_combo PX_Combo; + +struct px_digest +{ + unsigned (*result_size) (PX_MD *h); + unsigned (*block_size) (PX_MD *h); + void (*reset) (PX_MD *h); + void (*update) (PX_MD *h, const uint8 *data, unsigned dlen); + void (*finish) (PX_MD *h, uint8 *dst); + void (*free) (PX_MD *h); + /* private */ + union + { + unsigned code; + void *ptr; + } p; +}; + +struct px_alias +{ + char *alias; + char *name; +}; + +struct px_hmac +{ + unsigned (*result_size) (PX_HMAC *h); + unsigned (*block_size) (PX_HMAC *h); + void (*reset) (PX_HMAC *h); + void (*update) (PX_HMAC *h, const uint8 *data, unsigned dlen); + void (*finish) (PX_HMAC *h, uint8 *dst); + void (*free) (PX_HMAC *h); + void (*init) (PX_HMAC *h, const uint8 *key, unsigned klen); + + PX_MD *md; + /* private */ + struct + { + uint8 *ipad; + uint8 *opad; + } p; +}; + +struct px_cipher +{ + unsigned (*block_size) (PX_Cipher *c); + unsigned (*key_size) (PX_Cipher *c); /* max key len */ + unsigned (*iv_size) (PX_Cipher *c); + + int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv); + int (*encrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res); + int (*decrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res); + void (*free) (PX_Cipher *c); + /* private */ + void *ptr; + int pstat; /* mcrypt uses it */ +}; + +struct px_combo +{ + int (*init) (PX_Combo *cx, const uint8 *key, unsigned klen, + const uint8 *iv, unsigned ivlen); + int (*encrypt) (PX_Combo *cx, const uint8 *data, unsigned dlen, + uint8 *res, unsigned *rlen); + int (*decrypt) (PX_Combo *cx, const uint8 *data, unsigned dlen, + uint8 *res, unsigned *rlen); + unsigned (*encrypt_len) (PX_Combo *cx, unsigned dlen); + unsigned (*decrypt_len) (PX_Combo *cx, unsigned dlen); + void (*free) (PX_Combo *cx); + + PX_Cipher *cipher; + unsigned padding; +}; + +int px_find_digest(const char *name, PX_MD **res); +int px_find_hmac(const char *name, PX_HMAC **res); +int px_find_cipher(const char *name, PX_Cipher **res); +int px_find_combo(const char *name, PX_Combo **res); + +int px_get_random_bytes(uint8 *dst, unsigned count); +int px_get_pseudo_random_bytes(uint8 *dst, unsigned count); +int px_add_entropy(const uint8 *data, unsigned count); + +unsigned px_acquire_system_randomness(uint8 *dst); + +const char *px_strerror(int err); + +const char *px_resolve_alias(const PX_Alias *aliases, const char *name); + +void px_set_debug_handler(void (*handler) (const char *)); + +#ifdef PX_DEBUG +void px_debug(const char *fmt, ...) + __attribute__((format(PG_PRINTF_ATTRIBUTE, 1, 2))); +#else +#define px_debug(...) +#endif + +#define px_md_result_size(md) (md)->result_size(md) +#define px_md_block_size(md) (md)->block_size(md) +#define px_md_reset(md) (md)->reset(md) +#define px_md_update(md, data, dlen) (md)->update(md, data, dlen) +#define px_md_finish(md, buf) (md)->finish(md, buf) +#define px_md_free(md) (md)->free(md) + +#define px_hmac_result_size(hmac) (hmac)->result_size(hmac) +#define px_hmac_block_size(hmac) (hmac)->block_size(hmac) +#define px_hmac_reset(hmac) (hmac)->reset(hmac) +#define px_hmac_init(hmac, key, klen) (hmac)->init(hmac, key, klen) +#define px_hmac_update(hmac, data, dlen) (hmac)->update(hmac, data, dlen) +#define px_hmac_finish(hmac, buf) (hmac)->finish(hmac, buf) +#define px_hmac_free(hmac) (hmac)->free(hmac) + + +#define px_cipher_key_size(c) (c)->key_size(c) +#define px_cipher_block_size(c) (c)->block_size(c) +#define px_cipher_iv_size(c) (c)->iv_size(c) +#define px_cipher_init(c, k, klen, iv) (c)->init(c, k, klen, iv) +#define px_cipher_encrypt(c, data, dlen, res) \ + (c)->encrypt(c, data, dlen, res) +#define px_cipher_decrypt(c, data, dlen, res) \ + (c)->decrypt(c, data, dlen, res) +#define px_cipher_free(c) (c)->free(c) + + +#define px_combo_encrypt_len(c, dlen) (c)->encrypt_len(c, dlen) +#define px_combo_decrypt_len(c, dlen) (c)->decrypt_len(c, dlen) +#define px_combo_init(c, key, klen, iv, ivlen) \ + (c)->init(c, key, klen, iv, ivlen) +#define px_combo_encrypt(c, data, dlen, res, rlen) \ + (c)->encrypt(c, data, dlen, res, rlen) +#define px_combo_decrypt(c, data, dlen, res, rlen) \ + (c)->decrypt(c, data, dlen, res, rlen) +#define px_combo_free(c) (c)->free(c) + +#endif /* __PX_H */ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/random.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/random.c b/contrib/pgcrypto/random.c new file mode 100644 index 0000000..393a0be --- /dev/null +++ b/contrib/pgcrypto/random.c @@ -0,0 +1,244 @@ +/* + * random.c + * Acquire randomness from system. For seeding RNG. + * + * Copyright (c) 2001 Marko Kreen + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * contrib/pgcrypto/random.c + */ + +#include "postgres.h" + +#include "px.h" + +/* how many bytes to ask from system random provider */ +#define RND_BYTES 32 + +/* + * Try to read from /dev/urandom or /dev/random on these OS'es. + * + * The list can be pretty liberal, as the device not existing + * is expected event. + */ +#if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__) \ + || defined(__NetBSD__) || defined(__DragonFly__) \ + || defined(__darwin__) || defined(__SOLARIS__) \ + || defined(__hpux) || defined(__HPUX__) \ + || defined(__CYGWIN__) || defined(_AIX) + +#define TRY_DEV_RANDOM + +#include <fcntl.h> +#include <unistd.h> + +static int +safe_read(int fd, void *buf, size_t count) +{ + int done = 0; + char *p = buf; + int res; + + while (count) + { + res = read(fd, p, count); + if (res <= 0) + { + if (errno == EINTR) + continue; + return PXE_DEV_READ_ERROR; + } + p += res; + done += res; + count -= res; + } + return done; +} + +static uint8 * +try_dev_random(uint8 *dst) +{ + int fd; + int res; + + fd = open("/dev/urandom", O_RDONLY, 0); + if (fd == -1) + { + fd = open("/dev/random", O_RDONLY, 0); + if (fd == -1) + return dst; + } + res = safe_read(fd, dst, RND_BYTES); + close(fd); + if (res > 0) + dst += res; + return dst; +} +#endif + +/* + * Try to find randomness on Windows + */ +#ifdef WIN32 + +#define TRY_WIN32_GENRAND +#define TRY_WIN32_PERFC + +#include <windows.h> +#include <wincrypt.h> + +/* + * this function is from libtomcrypt + * + * try to use Microsoft crypto API + */ +static uint8 * +try_win32_genrand(uint8 *dst) +{ + int res; + HCRYPTPROV h = 0; + + res = CryptAcquireContext(&h, NULL, MS_DEF_PROV, PROV_RSA_FULL, + (CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)); + if (!res) + res = CryptAcquireContext(&h, NULL, MS_DEF_PROV, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET); + if (!res) + return dst; + + res = CryptGenRandom(h, RND_BYTES, dst); + if (res == TRUE) + dst += RND_BYTES; + + CryptReleaseContext(h, 0); + return dst; +} + +static uint8 * +try_win32_perfc(uint8 *dst) +{ + int res; + LARGE_INTEGER time; + + res = QueryPerformanceCounter(&time); + if (!res) + return dst; + + memcpy(dst, &time, sizeof(time)); + return dst + sizeof(time); +} +#endif /* WIN32 */ + + +/* + * If we are not on Windows, then hopefully we are + * on a unix-like system. Use the usual suspects + * for randomness. + */ +#ifndef WIN32 + +#define TRY_UNIXSTD + +#include <sys/types.h> +#include <sys/time.h> +#include <time.h> +#include <unistd.h> + +/* + * Everything here is predictible, only needs some patience. + * + * But there is a chance that the system-specific functions + * did not work. So keep faith and try to slow the attacker down. + */ +static uint8 * +try_unix_std(uint8 *dst) +{ + pid_t pid; + int x; + PX_MD *md; + struct timeval tv; + int res; + + /* process id */ + pid = getpid(); + memcpy(dst, (uint8 *) &pid, sizeof(pid)); + dst += sizeof(pid); + + /* time */ + gettimeofday(&tv, NULL); + memcpy(dst, (uint8 *) &tv, sizeof(tv)); + dst += sizeof(tv); + + /* pointless, but should not hurt */ + x = random(); + memcpy(dst, (uint8 *) &x, sizeof(x)); + dst += sizeof(x); + + /* let's be desperate */ + res = px_find_digest("sha1", &md); + if (res >= 0) + { + uint8 *ptr; + uint8 stack[8192]; + int alloc = 32 * 1024; + + px_md_update(md, stack, sizeof(stack)); + ptr = px_alloc(alloc); + px_md_update(md, ptr, alloc); + px_free(ptr); + + px_md_finish(md, dst); + px_md_free(md); + + dst += 20; + } + + return dst; +} +#endif + +/* + * try to extract some randomness for initial seeding + * + * dst should have room for 1024 bytes. + */ +unsigned +px_acquire_system_randomness(uint8 *dst) +{ + uint8 *p = dst; + +#ifdef TRY_DEV_RANDOM + p = try_dev_random(p); +#endif +#ifdef TRY_WIN32_GENRAND + p = try_win32_genrand(p); +#endif +#ifdef TRY_WIN32_PERFC + p = try_win32_perfc(p); +#endif +#ifdef TRY_UNIXSTD + p = try_unix_std(p); +#endif + return p - dst; +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/rijndael.c ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/rijndael.c b/contrib/pgcrypto/rijndael.c new file mode 100644 index 0000000..5651d03 --- /dev/null +++ b/contrib/pgcrypto/rijndael.c @@ -0,0 +1,677 @@ +/* $OpenBSD: rijndael.c,v 1.6 2000/12/09 18:51:34 markus Exp $ */ + +/* contrib/pgcrypto/rijndael.c */ + +/* This is an independent implementation of the encryption algorithm: */ +/* */ +/* RIJNDAEL by Joan Daemen and Vincent Rijmen */ +/* */ +/* which is a candidate algorithm in the Advanced Encryption Standard */ +/* programme of the US National Institute of Standards and Technology. */ +/* */ +/* Copyright in this implementation is held by Dr B R Gladman but I */ +/* hereby give permission for its free direct or derivative use subject */ +/* to acknowledgment of its origin and compliance with any conditions */ +/* that the originators of the algorithm place on its exploitation. */ +/* */ +/* Dr Brian Gladman ([email protected]) 14th January 1999 */ + +/* Timing data for Rijndael (rijndael.c) + +Algorithm: rijndael (rijndael.c) + +128 bit key: +Key Setup: 305/1389 cycles (encrypt/decrypt) +Encrypt: 374 cycles = 68.4 mbits/sec +Decrypt: 352 cycles = 72.7 mbits/sec +Mean: 363 cycles = 70.5 mbits/sec + +192 bit key: +Key Setup: 277/1595 cycles (encrypt/decrypt) +Encrypt: 439 cycles = 58.3 mbits/sec +Decrypt: 425 cycles = 60.2 mbits/sec +Mean: 432 cycles = 59.3 mbits/sec + +256 bit key: +Key Setup: 374/1960 cycles (encrypt/decrypt) +Encrypt: 502 cycles = 51.0 mbits/sec +Decrypt: 498 cycles = 51.4 mbits/sec +Mean: 500 cycles = 51.2 mbits/sec + +*/ + +#include "postgres.h" + +#include <sys/param.h> + +#include "px.h" +#include "rijndael.h" + +#define PRE_CALC_TABLES +#define LARGE_TABLES + +static void gen_tabs(void); + +/* 3. Basic macros for speeding up generic operations */ + +/* Circular rotate of 32 bit values */ + +#define rotr(x,n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n)))) +#define rotl(x,n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n)))) + +/* Invert byte order in a 32 bit variable */ + +#define bswap(x) ((rotl((x), 8) & 0x00ff00ff) | (rotr((x), 8) & 0xff00ff00)) + +/* Extract byte from a 32 bit quantity (little endian notation) */ + +#define byte(x,n) ((u1byte)((x) >> (8 * (n)))) + +#ifdef WORDS_BIGENDIAN +#define io_swap(x) bswap(x) +#else +#define io_swap(x) (x) +#endif + +#ifdef PRINT_TABS +#undef PRE_CALC_TABLES +#endif + +#ifdef PRE_CALC_TABLES + +#include "rijndael.tbl" +#define tab_gen 1 +#else /* !PRE_CALC_TABLES */ + +static u1byte pow_tab[256]; +static u1byte log_tab[256]; +static u1byte sbx_tab[256]; +static u1byte isb_tab[256]; +static u4byte rco_tab[10]; +static u4byte ft_tab[4][256]; +static u4byte it_tab[4][256]; + +#ifdef LARGE_TABLES +static u4byte fl_tab[4][256]; +static u4byte il_tab[4][256]; +#endif + +static u4byte tab_gen = 0; +#endif /* !PRE_CALC_TABLES */ + +#define ff_mult(a,b) ((a) && (b) ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0) + +#define f_rn(bo, bi, n, k) \ + (bo)[n] = ft_tab[0][byte((bi)[n],0)] ^ \ + ft_tab[1][byte((bi)[((n) + 1) & 3],1)] ^ \ + ft_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \ + ft_tab[3][byte((bi)[((n) + 3) & 3],3)] ^ *((k) + (n)) + +#define i_rn(bo, bi, n, k) \ + (bo)[n] = it_tab[0][byte((bi)[n],0)] ^ \ + it_tab[1][byte((bi)[((n) + 3) & 3],1)] ^ \ + it_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \ + it_tab[3][byte((bi)[((n) + 1) & 3],3)] ^ *((k) + (n)) + +#ifdef LARGE_TABLES + +#define ls_box(x) \ + ( fl_tab[0][byte(x, 0)] ^ \ + fl_tab[1][byte(x, 1)] ^ \ + fl_tab[2][byte(x, 2)] ^ \ + fl_tab[3][byte(x, 3)] ) + +#define f_rl(bo, bi, n, k) \ + (bo)[n] = fl_tab[0][byte((bi)[n],0)] ^ \ + fl_tab[1][byte((bi)[((n) + 1) & 3],1)] ^ \ + fl_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \ + fl_tab[3][byte((bi)[((n) + 3) & 3],3)] ^ *((k) + (n)) + +#define i_rl(bo, bi, n, k) \ + (bo)[n] = il_tab[0][byte((bi)[n],0)] ^ \ + il_tab[1][byte((bi)[((n) + 3) & 3],1)] ^ \ + il_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \ + il_tab[3][byte((bi)[((n) + 1) & 3],3)] ^ *((k) + (n)) +#else + +#define ls_box(x) \ + ((u4byte)sbx_tab[byte(x, 0)] << 0) ^ \ + ((u4byte)sbx_tab[byte(x, 1)] << 8) ^ \ + ((u4byte)sbx_tab[byte(x, 2)] << 16) ^ \ + ((u4byte)sbx_tab[byte(x, 3)] << 24) + +#define f_rl(bo, bi, n, k) \ + (bo)[n] = (u4byte)sbx_tab[byte((bi)[n],0)] ^ \ + rotl(((u4byte)sbx_tab[byte((bi)[((n) + 1) & 3],1)]), 8) ^ \ + rotl(((u4byte)sbx_tab[byte((bi)[((n) + 2) & 3],2)]), 16) ^ \ + rotl(((u4byte)sbx_tab[byte((bi)[((n) + 3) & 3],3)]), 24) ^ *((k) + (n)) + +#define i_rl(bo, bi, n, k) \ + (bo)[n] = (u4byte)isb_tab[byte((bi)[n],0)] ^ \ + rotl(((u4byte)isb_tab[byte((bi)[((n) + 3) & 3],1)]), 8) ^ \ + rotl(((u4byte)isb_tab[byte((bi)[((n) + 2) & 3],2)]), 16) ^ \ + rotl(((u4byte)isb_tab[byte((bi)[((n) + 1) & 3],3)]), 24) ^ *((k) + (n)) +#endif + +static void +gen_tabs(void) +{ +#ifndef PRE_CALC_TABLES + u4byte i, + t; + u1byte p, + q; + + /* log and power tables for GF(2**8) finite field with */ + /* 0x11b as modular polynomial - the simplest prmitive */ + /* root is 0x11, used here to generate the tables */ + + for (i = 0, p = 1; i < 256; ++i) + { + pow_tab[i] = (u1byte) p; + log_tab[p] = (u1byte) i; + + p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0); + } + + log_tab[1] = 0; + p = 1; + + for (i = 0; i < 10; ++i) + { + rco_tab[i] = p; + + p = (p << 1) ^ (p & 0x80 ? 0x1b : 0); + } + + /* note that the affine byte transformation matrix in */ + /* rijndael specification is in big endian format with */ + /* bit 0 as the most significant bit. In the remainder */ + /* of the specification the bits are numbered from the */ + /* least significant end of a byte. */ + + for (i = 0; i < 256; ++i) + { + p = (i ? pow_tab[255 - log_tab[i]] : 0); + q = p; + q = (q >> 7) | (q << 1); + p ^= q; + q = (q >> 7) | (q << 1); + p ^= q; + q = (q >> 7) | (q << 1); + p ^= q; + q = (q >> 7) | (q << 1); + p ^= q ^ 0x63; + sbx_tab[i] = (u1byte) p; + isb_tab[p] = (u1byte) i; + } + + for (i = 0; i < 256; ++i) + { + p = sbx_tab[i]; + +#ifdef LARGE_TABLES + + t = p; + fl_tab[0][i] = t; + fl_tab[1][i] = rotl(t, 8); + fl_tab[2][i] = rotl(t, 16); + fl_tab[3][i] = rotl(t, 24); +#endif + t = ((u4byte) ff_mult(2, p)) | + ((u4byte) p << 8) | + ((u4byte) p << 16) | + ((u4byte) ff_mult(3, p) << 24); + + ft_tab[0][i] = t; + ft_tab[1][i] = rotl(t, 8); + ft_tab[2][i] = rotl(t, 16); + ft_tab[3][i] = rotl(t, 24); + + p = isb_tab[i]; + +#ifdef LARGE_TABLES + + t = p; + il_tab[0][i] = t; + il_tab[1][i] = rotl(t, 8); + il_tab[2][i] = rotl(t, 16); + il_tab[3][i] = rotl(t, 24); +#endif + t = ((u4byte) ff_mult(14, p)) | + ((u4byte) ff_mult(9, p) << 8) | + ((u4byte) ff_mult(13, p) << 16) | + ((u4byte) ff_mult(11, p) << 24); + + it_tab[0][i] = t; + it_tab[1][i] = rotl(t, 8); + it_tab[2][i] = rotl(t, 16); + it_tab[3][i] = rotl(t, 24); + } + + tab_gen = 1; +#endif /* !PRE_CALC_TABLES */ +} + + +#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b) + +#define imix_col(y,x) \ +do { \ + u = star_x(x); \ + v = star_x(u); \ + w = star_x(v); \ + t = w ^ (x); \ + (y) = u ^ v ^ w; \ + (y) ^= rotr(u ^ t, 8) ^ \ + rotr(v ^ t, 16) ^ \ + rotr(t,24); \ +} while (0) + +/* initialise the key schedule from the user supplied key */ + +#define loop4(i) \ +do { t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ + t ^= e_key[4 * i]; e_key[4 * i + 4] = t; \ + t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t; \ + t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t; \ + t ^= e_key[4 * i + 3]; e_key[4 * i + 7] = t; \ +} while (0) + +#define loop6(i) \ +do { t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ + t ^= e_key[6 * (i)]; e_key[6 * (i) + 6] = t; \ + t ^= e_key[6 * (i) + 1]; e_key[6 * (i) + 7] = t; \ + t ^= e_key[6 * (i) + 2]; e_key[6 * (i) + 8] = t; \ + t ^= e_key[6 * (i) + 3]; e_key[6 * (i) + 9] = t; \ + t ^= e_key[6 * (i) + 4]; e_key[6 * (i) + 10] = t; \ + t ^= e_key[6 * (i) + 5]; e_key[6 * (i) + 11] = t; \ +} while (0) + +#define loop8(i) \ +do { t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ + t ^= e_key[8 * (i)]; e_key[8 * (i) + 8] = t; \ + t ^= e_key[8 * (i) + 1]; e_key[8 * (i) + 9] = t; \ + t ^= e_key[8 * (i) + 2]; e_key[8 * (i) + 10] = t; \ + t ^= e_key[8 * (i) + 3]; e_key[8 * (i) + 11] = t; \ + t = e_key[8 * (i) + 4] ^ ls_box(t); \ + e_key[8 * (i) + 12] = t; \ + t ^= e_key[8 * (i) + 5]; e_key[8 * (i) + 13] = t; \ + t ^= e_key[8 * (i) + 6]; e_key[8 * (i) + 14] = t; \ + t ^= e_key[8 * (i) + 7]; e_key[8 * (i) + 15] = t; \ +} while (0) + +rijndael_ctx * +rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len, + int encrypt) +{ + u4byte i, + t, + u, + v, + w; + u4byte *e_key = ctx->e_key; + u4byte *d_key = ctx->d_key; + + ctx->decrypt = !encrypt; + + if (!tab_gen) + gen_tabs(); + + ctx->k_len = (key_len + 31) / 32; + + e_key[0] = io_swap(in_key[0]); + e_key[1] = io_swap(in_key[1]); + e_key[2] = io_swap(in_key[2]); + e_key[3] = io_swap(in_key[3]); + + switch (ctx->k_len) + { + case 4: + t = e_key[3]; + for (i = 0; i < 10; ++i) + loop4(i); + break; + + case 6: + e_key[4] = io_swap(in_key[4]); + t = e_key[5] = io_swap(in_key[5]); + for (i = 0; i < 8; ++i) + loop6(i); + break; + + case 8: + e_key[4] = io_swap(in_key[4]); + e_key[5] = io_swap(in_key[5]); + e_key[6] = io_swap(in_key[6]); + t = e_key[7] = io_swap(in_key[7]); + for (i = 0; i < 7; ++i) + loop8(i); + break; + } + + if (!encrypt) + { + d_key[0] = e_key[0]; + d_key[1] = e_key[1]; + d_key[2] = e_key[2]; + d_key[3] = e_key[3]; + + for (i = 4; i < 4 * ctx->k_len + 24; ++i) + imix_col(d_key[i], e_key[i]); + } + + return ctx; +} + +/* encrypt a block of text */ + +#define f_nround(bo, bi, k) \ +do { \ + f_rn(bo, bi, 0, k); \ + f_rn(bo, bi, 1, k); \ + f_rn(bo, bi, 2, k); \ + f_rn(bo, bi, 3, k); \ + k += 4; \ +} while (0) + +#define f_lround(bo, bi, k) \ +do { \ + f_rl(bo, bi, 0, k); \ + f_rl(bo, bi, 1, k); \ + f_rl(bo, bi, 2, k); \ + f_rl(bo, bi, 3, k); \ +} while (0) + +void +rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk) +{ + u4byte k_len = ctx->k_len; + u4byte *e_key = ctx->e_key; + u4byte b0[4], + b1[4], + *kp; + + b0[0] = io_swap(in_blk[0]) ^ e_key[0]; + b0[1] = io_swap(in_blk[1]) ^ e_key[1]; + b0[2] = io_swap(in_blk[2]) ^ e_key[2]; + b0[3] = io_swap(in_blk[3]) ^ e_key[3]; + + kp = e_key + 4; + + if (k_len > 6) + { + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + } + + if (k_len > 4) + { + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + } + + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + f_nround(b1, b0, kp); + f_lround(b0, b1, kp); + + out_blk[0] = io_swap(b0[0]); + out_blk[1] = io_swap(b0[1]); + out_blk[2] = io_swap(b0[2]); + out_blk[3] = io_swap(b0[3]); +} + +/* decrypt a block of text */ + +#define i_nround(bo, bi, k) \ +do { \ + i_rn(bo, bi, 0, k); \ + i_rn(bo, bi, 1, k); \ + i_rn(bo, bi, 2, k); \ + i_rn(bo, bi, 3, k); \ + k -= 4; \ +} while (0) + +#define i_lround(bo, bi, k) \ +do { \ + i_rl(bo, bi, 0, k); \ + i_rl(bo, bi, 1, k); \ + i_rl(bo, bi, 2, k); \ + i_rl(bo, bi, 3, k); \ +} while (0) + +void +rijndael_decrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk) +{ + u4byte b0[4], + b1[4], + *kp; + u4byte k_len = ctx->k_len; + u4byte *e_key = ctx->e_key; + u4byte *d_key = ctx->d_key; + + b0[0] = io_swap(in_blk[0]) ^ e_key[4 * k_len + 24]; + b0[1] = io_swap(in_blk[1]) ^ e_key[4 * k_len + 25]; + b0[2] = io_swap(in_blk[2]) ^ e_key[4 * k_len + 26]; + b0[3] = io_swap(in_blk[3]) ^ e_key[4 * k_len + 27]; + + kp = d_key + 4 * (k_len + 5); + + if (k_len > 6) + { + i_nround(b1, b0, kp); + i_nround(b0, b1, kp); + } + + if (k_len > 4) + { + i_nround(b1, b0, kp); + i_nround(b0, b1, kp); + } + + i_nround(b1, b0, kp); + i_nround(b0, b1, kp); + i_nround(b1, b0, kp); + i_nround(b0, b1, kp); + i_nround(b1, b0, kp); + i_nround(b0, b1, kp); + i_nround(b1, b0, kp); + i_nround(b0, b1, kp); + i_nround(b1, b0, kp); + i_lround(b0, b1, kp); + + out_blk[0] = io_swap(b0[0]); + out_blk[1] = io_swap(b0[1]); + out_blk[2] = io_swap(b0[2]); + out_blk[3] = io_swap(b0[3]); +} + +/* + * conventional interface + * + * ATM it hopes all data is 4-byte aligned - which + * should be true for PX. -marko + */ + +void +aes_set_key(rijndael_ctx *ctx, const uint8 *key, unsigned keybits, int enc) +{ + uint32 *k; + + k = (uint32 *) key; + rijndael_set_key(ctx, k, keybits, enc); +} + +void +aes_ecb_encrypt(rijndael_ctx *ctx, uint8 *data, unsigned len) +{ + unsigned bs = 16; + uint32 *d; + + while (len >= bs) + { + d = (uint32 *) data; + rijndael_encrypt(ctx, d, d); + + len -= bs; + data += bs; + } +} + +void +aes_ecb_decrypt(rijndael_ctx *ctx, uint8 *data, unsigned len) +{ + unsigned bs = 16; + uint32 *d; + + while (len >= bs) + { + d = (uint32 *) data; + rijndael_decrypt(ctx, d, d); + + len -= bs; + data += bs; + } +} + +void +aes_cbc_encrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len) +{ + uint32 *iv = (uint32 *) iva; + uint32 *d = (uint32 *) data; + unsigned bs = 16; + + while (len >= bs) + { + d[0] ^= iv[0]; + d[1] ^= iv[1]; + d[2] ^= iv[2]; + d[3] ^= iv[3]; + + rijndael_encrypt(ctx, d, d); + + iv = d; + d += bs / 4; + len -= bs; + } +} + +void +aes_cbc_decrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len) +{ + uint32 *d = (uint32 *) data; + unsigned bs = 16; + uint32 buf[4], + iv[4]; + + memcpy(iv, iva, bs); + while (len >= bs) + { + buf[0] = d[0]; + buf[1] = d[1]; + buf[2] = d[2]; + buf[3] = d[3]; + + rijndael_decrypt(ctx, buf, d); + + d[0] ^= iv[0]; + d[1] ^= iv[1]; + d[2] ^= iv[2]; + d[3] ^= iv[3]; + + iv[0] = buf[0]; + iv[1] = buf[1]; + iv[2] = buf[2]; + iv[3] = buf[3]; + d += 4; + len -= bs; + } +} + +/* + * pre-calculate tables. + * + * On i386 lifts 17k from .bss to .rodata + * and avoids 1k code and setup time. + * -marko + */ +#ifdef PRINT_TABS + +static void +show256u8(char *name, uint8 *data) +{ + int i; + + printf("static const u1byte %s[256] = {\n ", name); + for (i = 0; i < 256;) + { + printf("%u", pow_tab[i++]); + if (i < 256) + printf(i % 16 ? ", " : ",\n "); + } + printf("\n};\n\n"); +} + + +static void +show4x256u32(char *name, uint32 data[4][256]) +{ + int i, + j; + + printf("static const u4byte %s[4][256] = {\n{\n ", name); + for (i = 0; i < 4; i++) + { + for (j = 0; j < 256;) + { + printf("0x%08x", data[i][j]); + j++; + if (j < 256) + printf(j % 4 ? ", " : ",\n "); + } + printf(i < 3 ? "\n}, {\n " : "\n}\n"); + } + printf("};\n\n"); +} + +int +main() +{ + int i; + char *hdr = "/* Generated by rijndael.c */\n\n"; + + gen_tabs(); + + printf(hdr); + show256u8("pow_tab", pow_tab); + show256u8("log_tab", log_tab); + show256u8("sbx_tab", sbx_tab); + show256u8("isb_tab", isb_tab); + + show4x256u32("ft_tab", ft_tab); + show4x256u32("it_tab", it_tab); +#ifdef LARGE_TABLES + show4x256u32("fl_tab", fl_tab); + show4x256u32("il_tab", il_tab); +#endif + printf("static const u4byte rco_tab[10] = {\n "); + for (i = 0; i < 10; i++) + { + printf("0x%08x", rco_tab[i]); + if (i < 9) + printf(", "); + if (i == 4) + printf("\n "); + } + printf("\n};\n\n"); + return 0; +} + +#endif http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/rijndael.h ---------------------------------------------------------------------- diff --git a/contrib/pgcrypto/rijndael.h b/contrib/pgcrypto/rijndael.h new file mode 100644 index 0000000..fb30e46 --- /dev/null +++ b/contrib/pgcrypto/rijndael.h @@ -0,0 +1,60 @@ +/* + * contrib/pgcrypto/rijndael.h + * + * $OpenBSD: rijndael.h,v 1.3 2001/05/09 23:01:32 markus Exp $ */ + +/* This is an independent implementation of the encryption algorithm: */ +/* */ +/* RIJNDAEL by Joan Daemen and Vincent Rijmen */ +/* */ +/* which is a candidate algorithm in the Advanced Encryption Standard */ +/* programme of the US National Institute of Standards and Technology. */ +/* */ +/* Copyright in this implementation is held by Dr B R Gladman but I */ +/* hereby give permission for its free direct or derivative use subject */ +/* to acknowledgment of its origin and compliance with any conditions */ +/* that the originators of the algorithm place on its exploitation. */ +/* */ +/* Dr Brian Gladman ([email protected]) 14th January 1999 */ + +#ifndef _RIJNDAEL_H_ +#define _RIJNDAEL_H_ + +/* 1. Standard types for AES cryptography source code */ + +typedef uint8 u1byte; /* an 8 bit unsigned character type */ +typedef uint16 u2byte; /* a 16 bit unsigned integer type */ +typedef uint32 u4byte; /* a 32 bit unsigned integer type */ + +typedef int8 s1byte; /* an 8 bit signed character type */ +typedef int16 s2byte; /* a 16 bit signed integer type */ +typedef int32 s4byte; /* a 32 bit signed integer type */ + +typedef struct _rijndael_ctx +{ + u4byte k_len; + int decrypt; + u4byte e_key[64]; + u4byte d_key[64]; +} rijndael_ctx; + + +/* 2. Standard interface for AES cryptographic routines */ + +/* These are all based on 32 bit unsigned values and will therefore */ +/* require endian conversions for big-endian architectures */ + +rijndael_ctx * + rijndael_set_key(rijndael_ctx *, const u4byte *, const u4byte, int); +void rijndael_encrypt(rijndael_ctx *, const u4byte *, u4byte *); +void rijndael_decrypt(rijndael_ctx *, const u4byte *, u4byte *); + +/* conventional interface */ + +void aes_set_key(rijndael_ctx *ctx, const uint8 *key, unsigned keybits, int enc); +void aes_ecb_encrypt(rijndael_ctx *ctx, uint8 *data, unsigned len); +void aes_ecb_decrypt(rijndael_ctx *ctx, uint8 *data, unsigned len); +void aes_cbc_encrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len); +void aes_cbc_decrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len); + +#endif /* _RIJNDAEL_H_ */
