Re: [HACKERS] [PATCH] pgcrypto: implement gen_random_uuid

[Tom Lane]

Emre Hasegeli  writes:
> 2014/1/9 Oskari Saarenmaa :
>> The only useful feature of the uuid-ossp module in my opinion is the
>> uuid_generate_v4 function and as uuid-ossp is more or less abandonware
>> people have had trouble building and installing it.  This patch implements
>> an alternative uuid v4 generation function in pgcrypto which could be moved
>> to core once there's a core PRNG with large enough internal state.

> It is a small but very useful patch. Installing uuid-ossp can be very hard
> on some systems. There is not much to review. The patch applies cleanly to
> HEAD. The function is generating valid UUID version 4. The code and
> the documentation style seems to fit in the pgcrypto extension. I am marking
> it as "Ready for Commiter".

> The problem is users probably would not look pgcrypto extension for
> UUID generator, especially when there is another extension with uuid in
> it's name. Also, UUID generator does not sound like a cryptographic function.
> It would be much better, if this would be in core with the UUID type. There
> is a reference on the UUID Type documentation page to the uuid-ossp
> extension. We can add a reference to pgcrypro extension in that page and
> consider adding a deprecation note to the uuid-ossp extension, if is is not
> possible to add the function to the core, for now.

Well, we're not pulling pgcrypto into core in the foreseeable future;
there are legal (export control) issues that make that too risky.
Even aside from that, there was general consensus when type uuid went
in that the various generation algorithms were, how shall I say it, too
intellectually unsatisfying to be part of the core code.  So I think from
a code standpoint this solution is just fine.  I agree that we need some
extra work on the documentation to point people towards this approach
instead of uuid-ossp, though.  I'll take care of that and commit.

regards, tom lane


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] [PATCH] pgcrypto: implement gen_random_uuid

[Emre Hasegeli]

2014/1/9 Oskari Saarenmaa :
> The only useful feature of the uuid-ossp module in my opinion is the
> uuid_generate_v4 function and as uuid-ossp is more or less abandonware
> people have had trouble building and installing it.  This patch implements
> an alternative uuid v4 generation function in pgcrypto which could be moved
> to core once there's a core PRNG with large enough internal state.

It is a small but very useful patch. Installing uuid-ossp can be very hard
on some systems. There is not much to review. The patch applies cleanly to
HEAD. The function is generating valid UUID version 4. The code and
the documentation style seems to fit in the pgcrypto extension. I am marking
it as "Ready for Commiter".

The problem is users probably would not look pgcrypto extension for
UUID generator, especially when there is another extension with uuid in
it's name. Also, UUID generator does not sound like a cryptographic function.
It would be much better, if this would be in core with the UUID type. There
is a reference on the UUID Type documentation page to the uuid-ossp
extension. We can add a reference to pgcrypro extension in that page and
consider adding a deprecation note to the uuid-ossp extension, if is is not
possible to add the function to the core, for now.


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

[HACKERS] [PATCH] pgcrypto: implement gen_random_uuid

[Oskari Saarenmaa]

The only useful feature of the uuid-ossp module in my opinion is the 
uuid_generate_v4 function and as uuid-ossp is more or less abandonware 
people have had trouble building and installing it.  This patch 
implements an alternative uuid v4 generation function in pgcrypto which 
could be moved to core once there's a core PRNG with large enough 
internal state.


On my test system it took 3796 msec to generate a million UUIDs with 
pgcrypto while uuid-ossp took 20375 msec.


https://github.com/saaros/postgres/compare/pgcrypto-uuid-v4

 contrib/pgcrypto/Makefile |  2 +-
 contrib/pgcrypto/pgcrypto--1.0--1.1.sql   |  8 
 contrib/pgcrypto/{pgcrypto--1.0.sql => pgcrypto--1.1.sql} |  7 ++-
 contrib/pgcrypto/pgcrypto.c   | 22 
++

 contrib/pgcrypto/pgcrypto.control |  2 +-
 contrib/pgcrypto/pgcrypto.h   |  1 +
 doc/src/sgml/pgcrypto.sgml| 11 +++

/ Oskari
>From 522fef9c3739d4c4f3c107e574e84db67a0c07a2 Mon Sep 17 00:00:00 2001
From: Oskari Saarenmaa 
Date: Thu, 9 Jan 2014 22:24:36 +0200
Subject: [PATCH] pgcrypto: implement gen_random_uuid

---
 contrib/pgcrypto/Makefile   |   2 +-
 contrib/pgcrypto/pgcrypto--1.0--1.1.sql |   8 ++
 contrib/pgcrypto/pgcrypto--1.0.sql  | 202 ---
 contrib/pgcrypto/pgcrypto--1.1.sql  | 207 
 contrib/pgcrypto/pgcrypto.c |  22 
 contrib/pgcrypto/pgcrypto.control   |   2 +-
 contrib/pgcrypto/pgcrypto.h |   1 +
 doc/src/sgml/pgcrypto.sgml  |  11 ++
 8 files changed, 251 insertions(+), 204 deletions(-)
 create mode 100644 contrib/pgcrypto/pgcrypto--1.0--1.1.sql
 delete mode 100644 contrib/pgcrypto/pgcrypto--1.0.sql
 create mode 100644 contrib/pgcrypto/pgcrypto--1.1.sql

diff --git a/contrib/pgcrypto/Makefile b/contrib/pgcrypto/Makefile
index dadec95..1c85c98 100644
--- a/contrib/pgcrypto/Makefile
+++ b/contrib/pgcrypto/Makefile
@@ -26,7 +26,7 @@ MODULE_big	= pgcrypto
 OBJS		= $(SRCS:.c=.o)
 
 EXTENSION = pgcrypto
-DATA = pgcrypto--1.0.sql pgcrypto--unpackaged--1.0.sql
+DATA = pgcrypto--1.1.sql pgcrypto--1.0--1.1.sql pgcrypto--unpackaged--1.0.sql
 
 REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
 	$(CF_TESTS) \
diff --git a/contrib/pgcrypto/pgcrypto--1.0--1.1.sql b/contrib/pgcrypto/pgcrypto--1.0--1.1.sql
new file mode 100644
index 000..2601669
--- /dev/null
+++ b/contrib/pgcrypto/pgcrypto--1.0--1.1.sql
@@ -0,0 +1,8 @@
+/* contrib/pgcrypto/pgcrypto--1.0--1.1.sql */
+
+\echo Use "ALTER EXTENSION pgcrypto UPDATE" to load this file. \quit
+
+CREATE FUNCTION gen_random_uuid()
+RETURNS uuid
+AS 'MODULE_PATHNAME', 'pg_random_uuid'
+LANGUAGE C VOLATILE;
diff --git a/contrib/pgcrypto/pgcrypto--1.0.sql b/contrib/pgcrypto/pgcrypto--1.0.sql
deleted file mode 100644
index 347825e..000
--- a/contrib/pgcrypto/pgcrypto--1.0.sql
+++ /dev/null
@@ -1,202 +0,0 @@
-/* contrib/pgcrypto/pgcrypto--1.0.sql */
-
--- complain if script is sourced in psql, rather than via CREATE EXTENSION
-\echo Use "CREATE EXTENSION pgcrypto" to load this file. \quit
-
-CREATE FUNCTION digest(text, text)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'pg_digest'
-LANGUAGE C IMMUTABLE STRICT;
-
-CREATE FUNCTION digest(bytea, text)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'pg_digest'
-LANGUAGE C IMMUTABLE STRICT;
-
-CREATE FUNCTION hmac(text, text, text)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'pg_hmac'
-LANGUAGE C IMMUTABLE STRICT;
-
-CREATE FUNCTION hmac(bytea, bytea, text)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'pg_hmac'
-LANGUAGE C IMMUTABLE STRICT;
-
-CREATE FUNCTION crypt(text, text)
-RETURNS text
-AS 'MODULE_PATHNAME', 'pg_crypt'
-LANGUAGE C IMMUTABLE STRICT;
-
-CREATE FUNCTION gen_salt(text)
-RETURNS text
-AS 'MODULE_PATHNAME', 'pg_gen_salt'
-LANGUAGE C VOLATILE STRICT;
-
-CREATE FUNCTION gen_salt(text, int4)
-RETURNS text
-AS 'MODULE_PATHNAME', 'pg_gen_salt_rounds'
-LANGUAGE C VOLATILE STRICT;
-
-CREATE FUNCTION encrypt(bytea, bytea, text)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'pg_encrypt'
-LANGUAGE C IMMUTABLE STRICT;
-
-CREATE FUNCTION decrypt(bytea, bytea, text)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'pg_decrypt'
-LANGUAGE C IMMUTABLE STRICT;
-
-CREATE FUNCTION encrypt_iv(bytea, bytea, bytea, text)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'pg_encrypt_iv'
-LANGUAGE C IMMUTABLE STRICT;
-
-CREATE FUNCTION decrypt_iv(bytea, bytea, bytea, text)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'pg_decrypt_iv'
-LANGUAGE C IMMUTABLE STRICT;
-
-CREATE FUNCTION gen_random_bytes(int4)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'pg_random_bytes'
-LANGUAGE C VOLATILE STRICT;
-
---
--- pgp_sym_encrypt(data, key)
---
-CREATE FUNCTION pgp_sym_encrypt(text, text)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'pgp_sym_encrypt_text'
-LANGUAGE C STRICT;
-
-CREATE FUNCTION pgp_sym_encrypt_bytea(bytea, text)
-RETURNS bytea
-AS 'MODULE_PATHNAME', 'p