You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by rl...@apache.org on 2016/09/07 02:57:42 UTC
[04/13] incubator-hawq git commit: HAWQ-1007. Add the pgcrypto code
into hawq
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/px.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
new file mode 100644
index 0000000..f23d4de
--- /dev/null
+++ b/contrib/pgcrypto/px.c
@@ -0,0 +1,437 @@
+/*
+ * px.c
+ * Various cryptographic stuff for PostgreSQL.
+ *
+ * Copyright (c) 2001 Marko Kreen
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * contrib/pgcrypto/px.c
+ */
+
+#include "postgres.h"
+
+#include "px.h"
+
+struct error_desc
+{
+ int err;
+ const char *desc;
+};
+
+static const struct error_desc px_err_list[] = {
+ {PXE_OK, "Everything ok"},
+ {PXE_ERR_GENERIC, "Some PX error (not specified)"},
+ {PXE_NO_HASH, "No such hash algorithm"},
+ {PXE_NO_CIPHER, "No such cipher algorithm"},
+ {PXE_NOTBLOCKSIZE, "Data not a multiple of block size"},
+ {PXE_BAD_OPTION, "Unknown option"},
+ {PXE_BAD_FORMAT, "Badly formatted type"},
+ {PXE_KEY_TOO_BIG, "Key was too big"},
+ {PXE_CIPHER_INIT, "Cipher cannot be initalized ?"},
+ {PXE_HASH_UNUSABLE_FOR_HMAC, "This hash algorithm is unusable for HMAC"},
+ {PXE_DEV_READ_ERROR, "Error reading from random device"},
+ {PXE_OSSL_RAND_ERROR, "OpenSSL PRNG error"},
+ {PXE_BUG, "pgcrypto bug"},
+ {PXE_ARGUMENT_ERROR, "Illegal argument to function"},
+ {PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"},
+ {PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
+ {PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
+ {PXE_NO_RANDOM, "No strong random source"},
+ {PXE_DECRYPT_FAILED, "Decryption failed"},
+ {PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"},
+ {PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"},
+ {PXE_PGP_UNSUPPORTED_COMPR, "Unsupported compression algorithm"},
+ {PXE_PGP_UNSUPPORTED_CIPHER, "Unsupported cipher algorithm"},
+ {PXE_PGP_UNSUPPORTED_HASH, "Unsupported digest algorithm"},
+ {PXE_PGP_COMPRESSION_ERROR, "Compression error"},
+ {PXE_PGP_NOT_TEXT, "Not text data"},
+ {PXE_PGP_UNEXPECTED_PKT, "Unexpected packet in key data"},
+ {PXE_PGP_NO_BIGNUM,
+ "public-key functions disabled - "
+ "pgcrypto needs OpenSSL for bignums"},
+ {PXE_PGP_MATH_FAILED, "Math operation failed"},
+ {PXE_PGP_SHORT_ELGAMAL_KEY, "Elgamal keys must be at least 1024 bits long"},
+ {PXE_PGP_RSA_UNSUPPORTED, "pgcrypto does not support RSA keys"},
+ {PXE_PGP_UNKNOWN_PUBALGO, "Unknown public-key encryption algorithm"},
+ {PXE_PGP_WRONG_KEY, "Wrong key"},
+ {PXE_PGP_MULTIPLE_KEYS,
+ "Several keys given - pgcrypto does not handle keyring"},
+ {PXE_PGP_EXPECT_PUBLIC_KEY, "Refusing to encrypt with secret key"},
+ {PXE_PGP_EXPECT_SECRET_KEY, "Cannot decrypt with public key"},
+ {PXE_PGP_NOT_V4_KEYPKT, "Only V4 key packets are supported"},
+ {PXE_PGP_KEYPKT_CORRUPT, "Corrupt key packet"},
+ {PXE_PGP_NO_USABLE_KEY, "No encryption key found"},
+ {PXE_PGP_NEED_SECRET_PSW, "Need password for secret key"},
+ {PXE_PGP_BAD_S2K_MODE, "Bad S2K mode"},
+ {PXE_PGP_UNSUPPORTED_PUBALGO, "Unsupported public key algorithm"},
+ {PXE_PGP_MULTIPLE_SUBKEYS, "Several subkeys not supported"},
+
+ /* fake this as PXE_PGP_CORRUPT_DATA */
+ {PXE_MBUF_SHORT_READ, "Corrupt data"},
+
+ {0, NULL},
+};
+
+const char *
+px_strerror(int err)
+{
+ const struct error_desc *e;
+
+ for (e = px_err_list; e->desc; e++)
+ if (e->err == err)
+ return e->desc;
+ return "Bad error code";
+}
+
+
+const char *
+px_resolve_alias(const PX_Alias *list, const char *name)
+{
+ while (list->name)
+ {
+ if (pg_strcasecmp(list->alias, name) == 0)
+ return list->name;
+ list++;
+ }
+ return name;
+}
+
+static void (*debug_handler) (const char *) = NULL;
+
+void
+px_set_debug_handler(void (*handler) (const char *))
+{
+ debug_handler = handler;
+}
+
+void
+px_debug(const char *fmt,...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ if (debug_handler)
+ {
+ char buf[512];
+
+ vsnprintf(buf, sizeof(buf), fmt, ap);
+ debug_handler(buf);
+ }
+ va_end(ap);
+}
+
+/*
+ * combo - cipher + padding (+ checksum)
+ */
+
+static unsigned
+combo_encrypt_len(PX_Combo *cx, unsigned dlen)
+{
+ return dlen + 512;
+}
+
+static unsigned
+combo_decrypt_len(PX_Combo *cx, unsigned dlen)
+{
+ return dlen;
+}
+
+static int
+combo_init(PX_Combo *cx, const uint8 *key, unsigned klen,
+ const uint8 *iv, unsigned ivlen)
+{
+ int err;
+ unsigned ks,
+ ivs;
+ PX_Cipher *c = cx->cipher;
+ uint8 *ivbuf = NULL;
+ uint8 *keybuf;
+
+ ks = px_cipher_key_size(c);
+
+ ivs = px_cipher_iv_size(c);
+ if (ivs > 0)
+ {
+ ivbuf = px_alloc(ivs);
+ memset(ivbuf, 0, ivs);
+ if (ivlen > ivs)
+ memcpy(ivbuf, iv, ivs);
+ else
+ memcpy(ivbuf, iv, ivlen);
+ }
+
+ if (klen > ks)
+ klen = ks;
+ keybuf = px_alloc(ks);
+ memset(keybuf, 0, ks);
+ memcpy(keybuf, key, klen);
+
+ err = px_cipher_init(c, keybuf, klen, ivbuf);
+
+ if (ivbuf)
+ px_free(ivbuf);
+ px_free(keybuf);
+
+ return err;
+}
+
+static int
+combo_encrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
+ uint8 *res, unsigned *rlen)
+{
+ int err = 0;
+ uint8 *bbuf;
+ unsigned bs,
+ bpos,
+ i,
+ pad;
+
+ PX_Cipher *c = cx->cipher;
+
+ bbuf = NULL;
+ bs = px_cipher_block_size(c);
+
+ /* encrypt */
+ if (bs > 1)
+ {
+ bbuf = px_alloc(bs * 4);
+ bpos = dlen % bs;
+ *rlen = dlen - bpos;
+ memcpy(bbuf, data + *rlen, bpos);
+
+ /* encrypt full-block data */
+ if (*rlen)
+ {
+ err = px_cipher_encrypt(c, data, *rlen, res);
+ if (err)
+ goto out;
+ }
+
+ /* bbuf has now bpos bytes of stuff */
+ if (cx->padding)
+ {
+ pad = bs - (bpos % bs);
+ for (i = 0; i < pad; i++)
+ bbuf[bpos++] = pad;
+ }
+ else if (bpos % bs)
+ {
+ /* ERROR? */
+ pad = bs - (bpos % bs);
+ for (i = 0; i < pad; i++)
+ bbuf[bpos++] = 0;
+ }
+
+ /* encrypt the rest - pad */
+ if (bpos)
+ {
+ err = px_cipher_encrypt(c, bbuf, bpos, res + *rlen);
+ *rlen += bpos;
+ }
+ }
+ else
+ {
+ /* stream cipher/mode - no pad needed */
+ err = px_cipher_encrypt(c, data, dlen, res);
+ if (err)
+ goto out;
+ *rlen = dlen;
+ }
+out:
+ if (bbuf)
+ px_free(bbuf);
+
+ return err;
+}
+
+static int
+combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
+ uint8 *res, unsigned *rlen)
+{
+ unsigned bs,
+ i,
+ pad;
+ unsigned pad_ok;
+
+ PX_Cipher *c = cx->cipher;
+
+ /* decide whether zero-length input is allowed */
+ if (dlen == 0)
+ {
+ /* with padding, empty ciphertext is not allowed */
+ if (cx->padding)
+ return PXE_DECRYPT_FAILED;
+
+ /* without padding, report empty result */
+ *rlen = 0;
+ return 0;
+ }
+
+ bs = px_cipher_block_size(c);
+ if (bs > 1 && (dlen % bs) != 0)
+ goto block_error;
+
+ /* decrypt */
+ *rlen = dlen;
+ px_cipher_decrypt(c, data, dlen, res);
+
+ /* unpad */
+ if (bs > 1 && cx->padding)
+ {
+ pad = res[*rlen - 1];
+ pad_ok = 0;
+ if (pad > 0 && pad <= bs && pad <= *rlen)
+ {
+ pad_ok = 1;
+ for (i = *rlen - pad; i < *rlen; i++)
+ if (res[i] != pad)
+ {
+ pad_ok = 0;
+ break;
+ }
+ }
+
+ if (pad_ok)
+ *rlen -= pad;
+ }
+
+ return 0;
+
+block_error:
+ return PXE_NOTBLOCKSIZE;
+}
+
+static void
+combo_free(PX_Combo *cx)
+{
+ if (cx->cipher)
+ px_cipher_free(cx->cipher);
+ memset(cx, 0, sizeof(*cx));
+ px_free(cx);
+}
+
+/* PARSER */
+
+static int
+parse_cipher_name(char *full, char **cipher, char **pad)
+{
+ char *p,
+ *p2,
+ *q;
+
+ *cipher = full;
+ *pad = NULL;
+
+ p = strchr(full, '/');
+ if (p != NULL)
+ *p++ = 0;
+ while (p != NULL)
+ {
+ if ((q = strchr(p, '/')) != NULL)
+ *q++ = 0;
+
+ if (!*p)
+ {
+ p = q;
+ continue;
+ }
+ p2 = strchr(p, ':');
+ if (p2 != NULL)
+ {
+ *p2++ = 0;
+ if (strcmp(p, "pad") == 0)
+ *pad = p2;
+ else
+ return PXE_BAD_OPTION;
+ }
+ else
+ return PXE_BAD_FORMAT;
+
+ p = q;
+ }
+ return 0;
+}
+
+/* provider */
+
+int
+px_find_combo(const char *name, PX_Combo **res)
+{
+ int err;
+ char *buf,
+ *s_cipher,
+ *s_pad;
+
+ PX_Combo *cx;
+
+ cx = px_alloc(sizeof(*cx));
+ memset(cx, 0, sizeof(*cx));
+
+ buf = px_alloc(strlen(name) + 1);
+ strcpy(buf, name);
+
+ err = parse_cipher_name(buf, &s_cipher, &s_pad);
+ if (err)
+ {
+ px_free(buf);
+ px_free(cx);
+ return err;
+ }
+
+ err = px_find_cipher(s_cipher, &cx->cipher);
+ if (err)
+ goto err1;
+
+ if (s_pad != NULL)
+ {
+ if (strcmp(s_pad, "pkcs") == 0)
+ cx->padding = 1;
+ else if (strcmp(s_pad, "none") == 0)
+ cx->padding = 0;
+ else
+ goto err1;
+ }
+ else
+ cx->padding = 1;
+
+ cx->init = combo_init;
+ cx->encrypt = combo_encrypt;
+ cx->decrypt = combo_decrypt;
+ cx->encrypt_len = combo_encrypt_len;
+ cx->decrypt_len = combo_decrypt_len;
+ cx->free = combo_free;
+
+ px_free(buf);
+
+ *res = cx;
+
+ return 0;
+
+err1:
+ if (cx->cipher)
+ px_cipher_free(cx->cipher);
+ px_free(cx);
+ px_free(buf);
+ return PXE_NO_CIPHER;
+}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/px.h
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h
new file mode 100644
index 0000000..610b7fa
--- /dev/null
+++ b/contrib/pgcrypto/px.h
@@ -0,0 +1,250 @@
+/*
+ * px.h
+ * Header file for pgcrypto.
+ *
+ * Copyright (c) 2001 Marko Kreen
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * contrib/pgcrypto/px.h
+ */
+
+#ifndef __PX_H
+#define __PX_H
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+/* keep debug messages? */
+#define PX_DEBUG
+
+/* a way to disable palloc
+ * - useful if compiled into standalone
+ */
+#ifndef PX_OWN_ALLOC
+#define px_alloc(s) palloc(s)
+#define px_realloc(p, s) repalloc(p, s)
+#define px_free(p) pfree(p)
+#else
+void *px_alloc(size_t s);
+void *px_realloc(void *p, size_t s);
+void px_free(void *p);
+#endif
+
+/* max len of 'type' parms */
+#define PX_MAX_NAMELEN 128
+
+/* max salt returned */
+#define PX_MAX_SALT_LEN 128
+
+/*
+ * PX error codes
+ */
+#define PXE_OK 0
+#define PXE_ERR_GENERIC -1
+#define PXE_NO_HASH -2
+#define PXE_NO_CIPHER -3
+#define PXE_NOTBLOCKSIZE -4
+#define PXE_BAD_OPTION -5
+#define PXE_BAD_FORMAT -6
+#define PXE_KEY_TOO_BIG -7
+#define PXE_CIPHER_INIT -8
+#define PXE_HASH_UNUSABLE_FOR_HMAC -9
+#define PXE_DEV_READ_ERROR -10
+#define PXE_OSSL_RAND_ERROR -11
+#define PXE_BUG -12
+#define PXE_ARGUMENT_ERROR -13
+#define PXE_UNKNOWN_SALT_ALGO -14
+#define PXE_BAD_SALT_ROUNDS -15
+#define PXE_MCRYPT_INTERNAL -16
+#define PXE_NO_RANDOM -17
+#define PXE_DECRYPT_FAILED -18
+
+#define PXE_MBUF_SHORT_READ -50
+
+#define PXE_PGP_CORRUPT_DATA -100
+#define PXE_PGP_CORRUPT_ARMOR -101
+#define PXE_PGP_UNSUPPORTED_COMPR -102
+#define PXE_PGP_UNSUPPORTED_CIPHER -103
+#define PXE_PGP_UNSUPPORTED_HASH -104
+#define PXE_PGP_COMPRESSION_ERROR -105
+#define PXE_PGP_NOT_TEXT -106
+#define PXE_PGP_UNEXPECTED_PKT -107
+#define PXE_PGP_NO_BIGNUM -108
+#define PXE_PGP_MATH_FAILED -109
+#define PXE_PGP_SHORT_ELGAMAL_KEY -110
+#define PXE_PGP_RSA_UNSUPPORTED -111
+#define PXE_PGP_UNKNOWN_PUBALGO -112
+#define PXE_PGP_WRONG_KEY -113
+#define PXE_PGP_MULTIPLE_KEYS -114
+#define PXE_PGP_EXPECT_PUBLIC_KEY -115
+#define PXE_PGP_EXPECT_SECRET_KEY -116
+#define PXE_PGP_NOT_V4_KEYPKT -117
+#define PXE_PGP_KEYPKT_CORRUPT -118
+#define PXE_PGP_NO_USABLE_KEY -119
+#define PXE_PGP_NEED_SECRET_PSW -120
+#define PXE_PGP_BAD_S2K_MODE -121
+#define PXE_PGP_UNSUPPORTED_PUBALGO -122
+#define PXE_PGP_MULTIPLE_SUBKEYS -123
+
+
+typedef struct px_digest PX_MD;
+typedef struct px_alias PX_Alias;
+typedef struct px_hmac PX_HMAC;
+typedef struct px_cipher PX_Cipher;
+typedef struct px_combo PX_Combo;
+
+struct px_digest
+{
+ unsigned (*result_size) (PX_MD *h);
+ unsigned (*block_size) (PX_MD *h);
+ void (*reset) (PX_MD *h);
+ void (*update) (PX_MD *h, const uint8 *data, unsigned dlen);
+ void (*finish) (PX_MD *h, uint8 *dst);
+ void (*free) (PX_MD *h);
+ /* private */
+ union
+ {
+ unsigned code;
+ void *ptr;
+ } p;
+};
+
+struct px_alias
+{
+ char *alias;
+ char *name;
+};
+
+struct px_hmac
+{
+ unsigned (*result_size) (PX_HMAC *h);
+ unsigned (*block_size) (PX_HMAC *h);
+ void (*reset) (PX_HMAC *h);
+ void (*update) (PX_HMAC *h, const uint8 *data, unsigned dlen);
+ void (*finish) (PX_HMAC *h, uint8 *dst);
+ void (*free) (PX_HMAC *h);
+ void (*init) (PX_HMAC *h, const uint8 *key, unsigned klen);
+
+ PX_MD *md;
+ /* private */
+ struct
+ {
+ uint8 *ipad;
+ uint8 *opad;
+ } p;
+};
+
+struct px_cipher
+{
+ unsigned (*block_size) (PX_Cipher *c);
+ unsigned (*key_size) (PX_Cipher *c); /* max key len */
+ unsigned (*iv_size) (PX_Cipher *c);
+
+ int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv);
+ int (*encrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res);
+ int (*decrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res);
+ void (*free) (PX_Cipher *c);
+ /* private */
+ void *ptr;
+ int pstat; /* mcrypt uses it */
+};
+
+struct px_combo
+{
+ int (*init) (PX_Combo *cx, const uint8 *key, unsigned klen,
+ const uint8 *iv, unsigned ivlen);
+ int (*encrypt) (PX_Combo *cx, const uint8 *data, unsigned dlen,
+ uint8 *res, unsigned *rlen);
+ int (*decrypt) (PX_Combo *cx, const uint8 *data, unsigned dlen,
+ uint8 *res, unsigned *rlen);
+ unsigned (*encrypt_len) (PX_Combo *cx, unsigned dlen);
+ unsigned (*decrypt_len) (PX_Combo *cx, unsigned dlen);
+ void (*free) (PX_Combo *cx);
+
+ PX_Cipher *cipher;
+ unsigned padding;
+};
+
+int px_find_digest(const char *name, PX_MD **res);
+int px_find_hmac(const char *name, PX_HMAC **res);
+int px_find_cipher(const char *name, PX_Cipher **res);
+int px_find_combo(const char *name, PX_Combo **res);
+
+int px_get_random_bytes(uint8 *dst, unsigned count);
+int px_get_pseudo_random_bytes(uint8 *dst, unsigned count);
+int px_add_entropy(const uint8 *data, unsigned count);
+
+unsigned px_acquire_system_randomness(uint8 *dst);
+
+const char *px_strerror(int err);
+
+const char *px_resolve_alias(const PX_Alias *aliases, const char *name);
+
+void px_set_debug_handler(void (*handler) (const char *));
+
+#ifdef PX_DEBUG
+void px_debug(const char *fmt, ...)
+ __attribute__((format(PG_PRINTF_ATTRIBUTE, 1, 2)));
+#else
+#define px_debug(...)
+#endif
+
+#define px_md_result_size(md) (md)->result_size(md)
+#define px_md_block_size(md) (md)->block_size(md)
+#define px_md_reset(md) (md)->reset(md)
+#define px_md_update(md, data, dlen) (md)->update(md, data, dlen)
+#define px_md_finish(md, buf) (md)->finish(md, buf)
+#define px_md_free(md) (md)->free(md)
+
+#define px_hmac_result_size(hmac) (hmac)->result_size(hmac)
+#define px_hmac_block_size(hmac) (hmac)->block_size(hmac)
+#define px_hmac_reset(hmac) (hmac)->reset(hmac)
+#define px_hmac_init(hmac, key, klen) (hmac)->init(hmac, key, klen)
+#define px_hmac_update(hmac, data, dlen) (hmac)->update(hmac, data, dlen)
+#define px_hmac_finish(hmac, buf) (hmac)->finish(hmac, buf)
+#define px_hmac_free(hmac) (hmac)->free(hmac)
+
+
+#define px_cipher_key_size(c) (c)->key_size(c)
+#define px_cipher_block_size(c) (c)->block_size(c)
+#define px_cipher_iv_size(c) (c)->iv_size(c)
+#define px_cipher_init(c, k, klen, iv) (c)->init(c, k, klen, iv)
+#define px_cipher_encrypt(c, data, dlen, res) \
+ (c)->encrypt(c, data, dlen, res)
+#define px_cipher_decrypt(c, data, dlen, res) \
+ (c)->decrypt(c, data, dlen, res)
+#define px_cipher_free(c) (c)->free(c)
+
+
+#define px_combo_encrypt_len(c, dlen) (c)->encrypt_len(c, dlen)
+#define px_combo_decrypt_len(c, dlen) (c)->decrypt_len(c, dlen)
+#define px_combo_init(c, key, klen, iv, ivlen) \
+ (c)->init(c, key, klen, iv, ivlen)
+#define px_combo_encrypt(c, data, dlen, res, rlen) \
+ (c)->encrypt(c, data, dlen, res, rlen)
+#define px_combo_decrypt(c, data, dlen, res, rlen) \
+ (c)->decrypt(c, data, dlen, res, rlen)
+#define px_combo_free(c) (c)->free(c)
+
+#endif /* __PX_H */
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/random.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/random.c b/contrib/pgcrypto/random.c
new file mode 100644
index 0000000..393a0be
--- /dev/null
+++ b/contrib/pgcrypto/random.c
@@ -0,0 +1,244 @@
+/*
+ * random.c
+ * Acquire randomness from system. For seeding RNG.
+ *
+ * Copyright (c) 2001 Marko Kreen
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * contrib/pgcrypto/random.c
+ */
+
+#include "postgres.h"
+
+#include "px.h"
+
+/* how many bytes to ask from system random provider */
+#define RND_BYTES 32
+
+/*
+ * Try to read from /dev/urandom or /dev/random on these OS'es.
+ *
+ * The list can be pretty liberal, as the device not existing
+ * is expected event.
+ */
+#if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__) \
+ || defined(__NetBSD__) || defined(__DragonFly__) \
+ || defined(__darwin__) || defined(__SOLARIS__) \
+ || defined(__hpux) || defined(__HPUX__) \
+ || defined(__CYGWIN__) || defined(_AIX)
+
+#define TRY_DEV_RANDOM
+
+#include <fcntl.h>
+#include <unistd.h>
+
+static int
+safe_read(int fd, void *buf, size_t count)
+{
+ int done = 0;
+ char *p = buf;
+ int res;
+
+ while (count)
+ {
+ res = read(fd, p, count);
+ if (res <= 0)
+ {
+ if (errno == EINTR)
+ continue;
+ return PXE_DEV_READ_ERROR;
+ }
+ p += res;
+ done += res;
+ count -= res;
+ }
+ return done;
+}
+
+static uint8 *
+try_dev_random(uint8 *dst)
+{
+ int fd;
+ int res;
+
+ fd = open("/dev/urandom", O_RDONLY, 0);
+ if (fd == -1)
+ {
+ fd = open("/dev/random", O_RDONLY, 0);
+ if (fd == -1)
+ return dst;
+ }
+ res = safe_read(fd, dst, RND_BYTES);
+ close(fd);
+ if (res > 0)
+ dst += res;
+ return dst;
+}
+#endif
+
+/*
+ * Try to find randomness on Windows
+ */
+#ifdef WIN32
+
+#define TRY_WIN32_GENRAND
+#define TRY_WIN32_PERFC
+
+#include <windows.h>
+#include <wincrypt.h>
+
+/*
+ * this function is from libtomcrypt
+ *
+ * try to use Microsoft crypto API
+ */
+static uint8 *
+try_win32_genrand(uint8 *dst)
+{
+ int res;
+ HCRYPTPROV h = 0;
+
+ res = CryptAcquireContext(&h, NULL, MS_DEF_PROV, PROV_RSA_FULL,
+ (CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET));
+ if (!res)
+ res = CryptAcquireContext(&h, NULL, MS_DEF_PROV, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET);
+ if (!res)
+ return dst;
+
+ res = CryptGenRandom(h, RND_BYTES, dst);
+ if (res == TRUE)
+ dst += RND_BYTES;
+
+ CryptReleaseContext(h, 0);
+ return dst;
+}
+
+static uint8 *
+try_win32_perfc(uint8 *dst)
+{
+ int res;
+ LARGE_INTEGER time;
+
+ res = QueryPerformanceCounter(&time);
+ if (!res)
+ return dst;
+
+ memcpy(dst, &time, sizeof(time));
+ return dst + sizeof(time);
+}
+#endif /* WIN32 */
+
+
+/*
+ * If we are not on Windows, then hopefully we are
+ * on a unix-like system. Use the usual suspects
+ * for randomness.
+ */
+#ifndef WIN32
+
+#define TRY_UNIXSTD
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+#include <unistd.h>
+
+/*
+ * Everything here is predictible, only needs some patience.
+ *
+ * But there is a chance that the system-specific functions
+ * did not work. So keep faith and try to slow the attacker down.
+ */
+static uint8 *
+try_unix_std(uint8 *dst)
+{
+ pid_t pid;
+ int x;
+ PX_MD *md;
+ struct timeval tv;
+ int res;
+
+ /* process id */
+ pid = getpid();
+ memcpy(dst, (uint8 *) &pid, sizeof(pid));
+ dst += sizeof(pid);
+
+ /* time */
+ gettimeofday(&tv, NULL);
+ memcpy(dst, (uint8 *) &tv, sizeof(tv));
+ dst += sizeof(tv);
+
+ /* pointless, but should not hurt */
+ x = random();
+ memcpy(dst, (uint8 *) &x, sizeof(x));
+ dst += sizeof(x);
+
+ /* let's be desperate */
+ res = px_find_digest("sha1", &md);
+ if (res >= 0)
+ {
+ uint8 *ptr;
+ uint8 stack[8192];
+ int alloc = 32 * 1024;
+
+ px_md_update(md, stack, sizeof(stack));
+ ptr = px_alloc(alloc);
+ px_md_update(md, ptr, alloc);
+ px_free(ptr);
+
+ px_md_finish(md, dst);
+ px_md_free(md);
+
+ dst += 20;
+ }
+
+ return dst;
+}
+#endif
+
+/*
+ * try to extract some randomness for initial seeding
+ *
+ * dst should have room for 1024 bytes.
+ */
+unsigned
+px_acquire_system_randomness(uint8 *dst)
+{
+ uint8 *p = dst;
+
+#ifdef TRY_DEV_RANDOM
+ p = try_dev_random(p);
+#endif
+#ifdef TRY_WIN32_GENRAND
+ p = try_win32_genrand(p);
+#endif
+#ifdef TRY_WIN32_PERFC
+ p = try_win32_perfc(p);
+#endif
+#ifdef TRY_UNIXSTD
+ p = try_unix_std(p);
+#endif
+ return p - dst;
+}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/rijndael.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/rijndael.c b/contrib/pgcrypto/rijndael.c
new file mode 100644
index 0000000..5651d03
--- /dev/null
+++ b/contrib/pgcrypto/rijndael.c
@@ -0,0 +1,677 @@
+/* $OpenBSD: rijndael.c,v 1.6 2000/12/09 18:51:34 markus Exp $ */
+
+/* contrib/pgcrypto/rijndael.c */
+
+/* This is an independent implementation of the encryption algorithm: */
+/* */
+/* RIJNDAEL by Joan Daemen and Vincent Rijmen */
+/* */
+/* which is a candidate algorithm in the Advanced Encryption Standard */
+/* programme of the US National Institute of Standards and Technology. */
+/* */
+/* Copyright in this implementation is held by Dr B R Gladman but I */
+/* hereby give permission for its free direct or derivative use subject */
+/* to acknowledgment of its origin and compliance with any conditions */
+/* that the originators of the algorithm place on its exploitation. */
+/* */
+/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */
+
+/* Timing data for Rijndael (rijndael.c)
+
+Algorithm: rijndael (rijndael.c)
+
+128 bit key:
+Key Setup: 305/1389 cycles (encrypt/decrypt)
+Encrypt: 374 cycles = 68.4 mbits/sec
+Decrypt: 352 cycles = 72.7 mbits/sec
+Mean: 363 cycles = 70.5 mbits/sec
+
+192 bit key:
+Key Setup: 277/1595 cycles (encrypt/decrypt)
+Encrypt: 439 cycles = 58.3 mbits/sec
+Decrypt: 425 cycles = 60.2 mbits/sec
+Mean: 432 cycles = 59.3 mbits/sec
+
+256 bit key:
+Key Setup: 374/1960 cycles (encrypt/decrypt)
+Encrypt: 502 cycles = 51.0 mbits/sec
+Decrypt: 498 cycles = 51.4 mbits/sec
+Mean: 500 cycles = 51.2 mbits/sec
+
+*/
+
+#include "postgres.h"
+
+#include <sys/param.h>
+
+#include "px.h"
+#include "rijndael.h"
+
+#define PRE_CALC_TABLES
+#define LARGE_TABLES
+
+static void gen_tabs(void);
+
+/* 3. Basic macros for speeding up generic operations */
+
+/* Circular rotate of 32 bit values */
+
+#define rotr(x,n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n))))
+#define rotl(x,n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n))))
+
+/* Invert byte order in a 32 bit variable */
+
+#define bswap(x) ((rotl((x), 8) & 0x00ff00ff) | (rotr((x), 8) & 0xff00ff00))
+
+/* Extract byte from a 32 bit quantity (little endian notation) */
+
+#define byte(x,n) ((u1byte)((x) >> (8 * (n))))
+
+#ifdef WORDS_BIGENDIAN
+#define io_swap(x) bswap(x)
+#else
+#define io_swap(x) (x)
+#endif
+
+#ifdef PRINT_TABS
+#undef PRE_CALC_TABLES
+#endif
+
+#ifdef PRE_CALC_TABLES
+
+#include "rijndael.tbl"
+#define tab_gen 1
+#else /* !PRE_CALC_TABLES */
+
+static u1byte pow_tab[256];
+static u1byte log_tab[256];
+static u1byte sbx_tab[256];
+static u1byte isb_tab[256];
+static u4byte rco_tab[10];
+static u4byte ft_tab[4][256];
+static u4byte it_tab[4][256];
+
+#ifdef LARGE_TABLES
+static u4byte fl_tab[4][256];
+static u4byte il_tab[4][256];
+#endif
+
+static u4byte tab_gen = 0;
+#endif /* !PRE_CALC_TABLES */
+
+#define ff_mult(a,b) ((a) && (b) ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0)
+
+#define f_rn(bo, bi, n, k) \
+ (bo)[n] = ft_tab[0][byte((bi)[n],0)] ^ \
+ ft_tab[1][byte((bi)[((n) + 1) & 3],1)] ^ \
+ ft_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \
+ ft_tab[3][byte((bi)[((n) + 3) & 3],3)] ^ *((k) + (n))
+
+#define i_rn(bo, bi, n, k) \
+ (bo)[n] = it_tab[0][byte((bi)[n],0)] ^ \
+ it_tab[1][byte((bi)[((n) + 3) & 3],1)] ^ \
+ it_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \
+ it_tab[3][byte((bi)[((n) + 1) & 3],3)] ^ *((k) + (n))
+
+#ifdef LARGE_TABLES
+
+#define ls_box(x) \
+ ( fl_tab[0][byte(x, 0)] ^ \
+ fl_tab[1][byte(x, 1)] ^ \
+ fl_tab[2][byte(x, 2)] ^ \
+ fl_tab[3][byte(x, 3)] )
+
+#define f_rl(bo, bi, n, k) \
+ (bo)[n] = fl_tab[0][byte((bi)[n],0)] ^ \
+ fl_tab[1][byte((bi)[((n) + 1) & 3],1)] ^ \
+ fl_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \
+ fl_tab[3][byte((bi)[((n) + 3) & 3],3)] ^ *((k) + (n))
+
+#define i_rl(bo, bi, n, k) \
+ (bo)[n] = il_tab[0][byte((bi)[n],0)] ^ \
+ il_tab[1][byte((bi)[((n) + 3) & 3],1)] ^ \
+ il_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \
+ il_tab[3][byte((bi)[((n) + 1) & 3],3)] ^ *((k) + (n))
+#else
+
+#define ls_box(x) \
+ ((u4byte)sbx_tab[byte(x, 0)] << 0) ^ \
+ ((u4byte)sbx_tab[byte(x, 1)] << 8) ^ \
+ ((u4byte)sbx_tab[byte(x, 2)] << 16) ^ \
+ ((u4byte)sbx_tab[byte(x, 3)] << 24)
+
+#define f_rl(bo, bi, n, k) \
+ (bo)[n] = (u4byte)sbx_tab[byte((bi)[n],0)] ^ \
+ rotl(((u4byte)sbx_tab[byte((bi)[((n) + 1) & 3],1)]), 8) ^ \
+ rotl(((u4byte)sbx_tab[byte((bi)[((n) + 2) & 3],2)]), 16) ^ \
+ rotl(((u4byte)sbx_tab[byte((bi)[((n) + 3) & 3],3)]), 24) ^ *((k) + (n))
+
+#define i_rl(bo, bi, n, k) \
+ (bo)[n] = (u4byte)isb_tab[byte((bi)[n],0)] ^ \
+ rotl(((u4byte)isb_tab[byte((bi)[((n) + 3) & 3],1)]), 8) ^ \
+ rotl(((u4byte)isb_tab[byte((bi)[((n) + 2) & 3],2)]), 16) ^ \
+ rotl(((u4byte)isb_tab[byte((bi)[((n) + 1) & 3],3)]), 24) ^ *((k) + (n))
+#endif
+
+static void
+gen_tabs(void)
+{
+#ifndef PRE_CALC_TABLES
+ u4byte i,
+ t;
+ u1byte p,
+ q;
+
+ /* log and power tables for GF(2**8) finite field with */
+ /* 0x11b as modular polynomial - the simplest prmitive */
+ /* root is 0x11, used here to generate the tables */
+
+ for (i = 0, p = 1; i < 256; ++i)
+ {
+ pow_tab[i] = (u1byte) p;
+ log_tab[p] = (u1byte) i;
+
+ p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0);
+ }
+
+ log_tab[1] = 0;
+ p = 1;
+
+ for (i = 0; i < 10; ++i)
+ {
+ rco_tab[i] = p;
+
+ p = (p << 1) ^ (p & 0x80 ? 0x1b : 0);
+ }
+
+ /* note that the affine byte transformation matrix in */
+ /* rijndael specification is in big endian format with */
+ /* bit 0 as the most significant bit. In the remainder */
+ /* of the specification the bits are numbered from the */
+ /* least significant end of a byte. */
+
+ for (i = 0; i < 256; ++i)
+ {
+ p = (i ? pow_tab[255 - log_tab[i]] : 0);
+ q = p;
+ q = (q >> 7) | (q << 1);
+ p ^= q;
+ q = (q >> 7) | (q << 1);
+ p ^= q;
+ q = (q >> 7) | (q << 1);
+ p ^= q;
+ q = (q >> 7) | (q << 1);
+ p ^= q ^ 0x63;
+ sbx_tab[i] = (u1byte) p;
+ isb_tab[p] = (u1byte) i;
+ }
+
+ for (i = 0; i < 256; ++i)
+ {
+ p = sbx_tab[i];
+
+#ifdef LARGE_TABLES
+
+ t = p;
+ fl_tab[0][i] = t;
+ fl_tab[1][i] = rotl(t, 8);
+ fl_tab[2][i] = rotl(t, 16);
+ fl_tab[3][i] = rotl(t, 24);
+#endif
+ t = ((u4byte) ff_mult(2, p)) |
+ ((u4byte) p << 8) |
+ ((u4byte) p << 16) |
+ ((u4byte) ff_mult(3, p) << 24);
+
+ ft_tab[0][i] = t;
+ ft_tab[1][i] = rotl(t, 8);
+ ft_tab[2][i] = rotl(t, 16);
+ ft_tab[3][i] = rotl(t, 24);
+
+ p = isb_tab[i];
+
+#ifdef LARGE_TABLES
+
+ t = p;
+ il_tab[0][i] = t;
+ il_tab[1][i] = rotl(t, 8);
+ il_tab[2][i] = rotl(t, 16);
+ il_tab[3][i] = rotl(t, 24);
+#endif
+ t = ((u4byte) ff_mult(14, p)) |
+ ((u4byte) ff_mult(9, p) << 8) |
+ ((u4byte) ff_mult(13, p) << 16) |
+ ((u4byte) ff_mult(11, p) << 24);
+
+ it_tab[0][i] = t;
+ it_tab[1][i] = rotl(t, 8);
+ it_tab[2][i] = rotl(t, 16);
+ it_tab[3][i] = rotl(t, 24);
+ }
+
+ tab_gen = 1;
+#endif /* !PRE_CALC_TABLES */
+}
+
+
+#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
+
+#define imix_col(y,x) \
+do { \
+ u = star_x(x); \
+ v = star_x(u); \
+ w = star_x(v); \
+ t = w ^ (x); \
+ (y) = u ^ v ^ w; \
+ (y) ^= rotr(u ^ t, 8) ^ \
+ rotr(v ^ t, 16) ^ \
+ rotr(t,24); \
+} while (0)
+
+/* initialise the key schedule from the user supplied key */
+
+#define loop4(i) \
+do { t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \
+ t ^= e_key[4 * i]; e_key[4 * i + 4] = t; \
+ t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t; \
+ t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t; \
+ t ^= e_key[4 * i + 3]; e_key[4 * i + 7] = t; \
+} while (0)
+
+#define loop6(i) \
+do { t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \
+ t ^= e_key[6 * (i)]; e_key[6 * (i) + 6] = t; \
+ t ^= e_key[6 * (i) + 1]; e_key[6 * (i) + 7] = t; \
+ t ^= e_key[6 * (i) + 2]; e_key[6 * (i) + 8] = t; \
+ t ^= e_key[6 * (i) + 3]; e_key[6 * (i) + 9] = t; \
+ t ^= e_key[6 * (i) + 4]; e_key[6 * (i) + 10] = t; \
+ t ^= e_key[6 * (i) + 5]; e_key[6 * (i) + 11] = t; \
+} while (0)
+
+#define loop8(i) \
+do { t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \
+ t ^= e_key[8 * (i)]; e_key[8 * (i) + 8] = t; \
+ t ^= e_key[8 * (i) + 1]; e_key[8 * (i) + 9] = t; \
+ t ^= e_key[8 * (i) + 2]; e_key[8 * (i) + 10] = t; \
+ t ^= e_key[8 * (i) + 3]; e_key[8 * (i) + 11] = t; \
+ t = e_key[8 * (i) + 4] ^ ls_box(t); \
+ e_key[8 * (i) + 12] = t; \
+ t ^= e_key[8 * (i) + 5]; e_key[8 * (i) + 13] = t; \
+ t ^= e_key[8 * (i) + 6]; e_key[8 * (i) + 14] = t; \
+ t ^= e_key[8 * (i) + 7]; e_key[8 * (i) + 15] = t; \
+} while (0)
+
+rijndael_ctx *
+rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len,
+ int encrypt)
+{
+ u4byte i,
+ t,
+ u,
+ v,
+ w;
+ u4byte *e_key = ctx->e_key;
+ u4byte *d_key = ctx->d_key;
+
+ ctx->decrypt = !encrypt;
+
+ if (!tab_gen)
+ gen_tabs();
+
+ ctx->k_len = (key_len + 31) / 32;
+
+ e_key[0] = io_swap(in_key[0]);
+ e_key[1] = io_swap(in_key[1]);
+ e_key[2] = io_swap(in_key[2]);
+ e_key[3] = io_swap(in_key[3]);
+
+ switch (ctx->k_len)
+ {
+ case 4:
+ t = e_key[3];
+ for (i = 0; i < 10; ++i)
+ loop4(i);
+ break;
+
+ case 6:
+ e_key[4] = io_swap(in_key[4]);
+ t = e_key[5] = io_swap(in_key[5]);
+ for (i = 0; i < 8; ++i)
+ loop6(i);
+ break;
+
+ case 8:
+ e_key[4] = io_swap(in_key[4]);
+ e_key[5] = io_swap(in_key[5]);
+ e_key[6] = io_swap(in_key[6]);
+ t = e_key[7] = io_swap(in_key[7]);
+ for (i = 0; i < 7; ++i)
+ loop8(i);
+ break;
+ }
+
+ if (!encrypt)
+ {
+ d_key[0] = e_key[0];
+ d_key[1] = e_key[1];
+ d_key[2] = e_key[2];
+ d_key[3] = e_key[3];
+
+ for (i = 4; i < 4 * ctx->k_len + 24; ++i)
+ imix_col(d_key[i], e_key[i]);
+ }
+
+ return ctx;
+}
+
+/* encrypt a block of text */
+
+#define f_nround(bo, bi, k) \
+do { \
+ f_rn(bo, bi, 0, k); \
+ f_rn(bo, bi, 1, k); \
+ f_rn(bo, bi, 2, k); \
+ f_rn(bo, bi, 3, k); \
+ k += 4; \
+} while (0)
+
+#define f_lround(bo, bi, k) \
+do { \
+ f_rl(bo, bi, 0, k); \
+ f_rl(bo, bi, 1, k); \
+ f_rl(bo, bi, 2, k); \
+ f_rl(bo, bi, 3, k); \
+} while (0)
+
+void
+rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
+{
+ u4byte k_len = ctx->k_len;
+ u4byte *e_key = ctx->e_key;
+ u4byte b0[4],
+ b1[4],
+ *kp;
+
+ b0[0] = io_swap(in_blk[0]) ^ e_key[0];
+ b0[1] = io_swap(in_blk[1]) ^ e_key[1];
+ b0[2] = io_swap(in_blk[2]) ^ e_key[2];
+ b0[3] = io_swap(in_blk[3]) ^ e_key[3];
+
+ kp = e_key + 4;
+
+ if (k_len > 6)
+ {
+ f_nround(b1, b0, kp);
+ f_nround(b0, b1, kp);
+ }
+
+ if (k_len > 4)
+ {
+ f_nround(b1, b0, kp);
+ f_nround(b0, b1, kp);
+ }
+
+ f_nround(b1, b0, kp);
+ f_nround(b0, b1, kp);
+ f_nround(b1, b0, kp);
+ f_nround(b0, b1, kp);
+ f_nround(b1, b0, kp);
+ f_nround(b0, b1, kp);
+ f_nround(b1, b0, kp);
+ f_nround(b0, b1, kp);
+ f_nround(b1, b0, kp);
+ f_lround(b0, b1, kp);
+
+ out_blk[0] = io_swap(b0[0]);
+ out_blk[1] = io_swap(b0[1]);
+ out_blk[2] = io_swap(b0[2]);
+ out_blk[3] = io_swap(b0[3]);
+}
+
+/* decrypt a block of text */
+
+#define i_nround(bo, bi, k) \
+do { \
+ i_rn(bo, bi, 0, k); \
+ i_rn(bo, bi, 1, k); \
+ i_rn(bo, bi, 2, k); \
+ i_rn(bo, bi, 3, k); \
+ k -= 4; \
+} while (0)
+
+#define i_lround(bo, bi, k) \
+do { \
+ i_rl(bo, bi, 0, k); \
+ i_rl(bo, bi, 1, k); \
+ i_rl(bo, bi, 2, k); \
+ i_rl(bo, bi, 3, k); \
+} while (0)
+
+void
+rijndael_decrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
+{
+ u4byte b0[4],
+ b1[4],
+ *kp;
+ u4byte k_len = ctx->k_len;
+ u4byte *e_key = ctx->e_key;
+ u4byte *d_key = ctx->d_key;
+
+ b0[0] = io_swap(in_blk[0]) ^ e_key[4 * k_len + 24];
+ b0[1] = io_swap(in_blk[1]) ^ e_key[4 * k_len + 25];
+ b0[2] = io_swap(in_blk[2]) ^ e_key[4 * k_len + 26];
+ b0[3] = io_swap(in_blk[3]) ^ e_key[4 * k_len + 27];
+
+ kp = d_key + 4 * (k_len + 5);
+
+ if (k_len > 6)
+ {
+ i_nround(b1, b0, kp);
+ i_nround(b0, b1, kp);
+ }
+
+ if (k_len > 4)
+ {
+ i_nround(b1, b0, kp);
+ i_nround(b0, b1, kp);
+ }
+
+ i_nround(b1, b0, kp);
+ i_nround(b0, b1, kp);
+ i_nround(b1, b0, kp);
+ i_nround(b0, b1, kp);
+ i_nround(b1, b0, kp);
+ i_nround(b0, b1, kp);
+ i_nround(b1, b0, kp);
+ i_nround(b0, b1, kp);
+ i_nround(b1, b0, kp);
+ i_lround(b0, b1, kp);
+
+ out_blk[0] = io_swap(b0[0]);
+ out_blk[1] = io_swap(b0[1]);
+ out_blk[2] = io_swap(b0[2]);
+ out_blk[3] = io_swap(b0[3]);
+}
+
+/*
+ * conventional interface
+ *
+ * ATM it hopes all data is 4-byte aligned - which
+ * should be true for PX. -marko
+ */
+
+void
+aes_set_key(rijndael_ctx *ctx, const uint8 *key, unsigned keybits, int enc)
+{
+ uint32 *k;
+
+ k = (uint32 *) key;
+ rijndael_set_key(ctx, k, keybits, enc);
+}
+
+void
+aes_ecb_encrypt(rijndael_ctx *ctx, uint8 *data, unsigned len)
+{
+ unsigned bs = 16;
+ uint32 *d;
+
+ while (len >= bs)
+ {
+ d = (uint32 *) data;
+ rijndael_encrypt(ctx, d, d);
+
+ len -= bs;
+ data += bs;
+ }
+}
+
+void
+aes_ecb_decrypt(rijndael_ctx *ctx, uint8 *data, unsigned len)
+{
+ unsigned bs = 16;
+ uint32 *d;
+
+ while (len >= bs)
+ {
+ d = (uint32 *) data;
+ rijndael_decrypt(ctx, d, d);
+
+ len -= bs;
+ data += bs;
+ }
+}
+
+void
+aes_cbc_encrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len)
+{
+ uint32 *iv = (uint32 *) iva;
+ uint32 *d = (uint32 *) data;
+ unsigned bs = 16;
+
+ while (len >= bs)
+ {
+ d[0] ^= iv[0];
+ d[1] ^= iv[1];
+ d[2] ^= iv[2];
+ d[3] ^= iv[3];
+
+ rijndael_encrypt(ctx, d, d);
+
+ iv = d;
+ d += bs / 4;
+ len -= bs;
+ }
+}
+
+void
+aes_cbc_decrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len)
+{
+ uint32 *d = (uint32 *) data;
+ unsigned bs = 16;
+ uint32 buf[4],
+ iv[4];
+
+ memcpy(iv, iva, bs);
+ while (len >= bs)
+ {
+ buf[0] = d[0];
+ buf[1] = d[1];
+ buf[2] = d[2];
+ buf[3] = d[3];
+
+ rijndael_decrypt(ctx, buf, d);
+
+ d[0] ^= iv[0];
+ d[1] ^= iv[1];
+ d[2] ^= iv[2];
+ d[3] ^= iv[3];
+
+ iv[0] = buf[0];
+ iv[1] = buf[1];
+ iv[2] = buf[2];
+ iv[3] = buf[3];
+ d += 4;
+ len -= bs;
+ }
+}
+
+/*
+ * pre-calculate tables.
+ *
+ * On i386 lifts 17k from .bss to .rodata
+ * and avoids 1k code and setup time.
+ * -marko
+ */
+#ifdef PRINT_TABS
+
+static void
+show256u8(char *name, uint8 *data)
+{
+ int i;
+
+ printf("static const u1byte %s[256] = {\n ", name);
+ for (i = 0; i < 256;)
+ {
+ printf("%u", pow_tab[i++]);
+ if (i < 256)
+ printf(i % 16 ? ", " : ",\n ");
+ }
+ printf("\n};\n\n");
+}
+
+
+static void
+show4x256u32(char *name, uint32 data[4][256])
+{
+ int i,
+ j;
+
+ printf("static const u4byte %s[4][256] = {\n{\n ", name);
+ for (i = 0; i < 4; i++)
+ {
+ for (j = 0; j < 256;)
+ {
+ printf("0x%08x", data[i][j]);
+ j++;
+ if (j < 256)
+ printf(j % 4 ? ", " : ",\n ");
+ }
+ printf(i < 3 ? "\n}, {\n " : "\n}\n");
+ }
+ printf("};\n\n");
+}
+
+int
+main()
+{
+ int i;
+ char *hdr = "/* Generated by rijndael.c */\n\n";
+
+ gen_tabs();
+
+ printf(hdr);
+ show256u8("pow_tab", pow_tab);
+ show256u8("log_tab", log_tab);
+ show256u8("sbx_tab", sbx_tab);
+ show256u8("isb_tab", isb_tab);
+
+ show4x256u32("ft_tab", ft_tab);
+ show4x256u32("it_tab", it_tab);
+#ifdef LARGE_TABLES
+ show4x256u32("fl_tab", fl_tab);
+ show4x256u32("il_tab", il_tab);
+#endif
+ printf("static const u4byte rco_tab[10] = {\n ");
+ for (i = 0; i < 10; i++)
+ {
+ printf("0x%08x", rco_tab[i]);
+ if (i < 9)
+ printf(", ");
+ if (i == 4)
+ printf("\n ");
+ }
+ printf("\n};\n\n");
+ return 0;
+}
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/rijndael.h
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/rijndael.h b/contrib/pgcrypto/rijndael.h
new file mode 100644
index 0000000..fb30e46
--- /dev/null
+++ b/contrib/pgcrypto/rijndael.h
@@ -0,0 +1,60 @@
+/*
+ * contrib/pgcrypto/rijndael.h
+ *
+ * $OpenBSD: rijndael.h,v 1.3 2001/05/09 23:01:32 markus Exp $ */
+
+/* This is an independent implementation of the encryption algorithm: */
+/* */
+/* RIJNDAEL by Joan Daemen and Vincent Rijmen */
+/* */
+/* which is a candidate algorithm in the Advanced Encryption Standard */
+/* programme of the US National Institute of Standards and Technology. */
+/* */
+/* Copyright in this implementation is held by Dr B R Gladman but I */
+/* hereby give permission for its free direct or derivative use subject */
+/* to acknowledgment of its origin and compliance with any conditions */
+/* that the originators of the algorithm place on its exploitation. */
+/* */
+/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */
+
+#ifndef _RIJNDAEL_H_
+#define _RIJNDAEL_H_
+
+/* 1. Standard types for AES cryptography source code */
+
+typedef uint8 u1byte; /* an 8 bit unsigned character type */
+typedef uint16 u2byte; /* a 16 bit unsigned integer type */
+typedef uint32 u4byte; /* a 32 bit unsigned integer type */
+
+typedef int8 s1byte; /* an 8 bit signed character type */
+typedef int16 s2byte; /* a 16 bit signed integer type */
+typedef int32 s4byte; /* a 32 bit signed integer type */
+
+typedef struct _rijndael_ctx
+{
+ u4byte k_len;
+ int decrypt;
+ u4byte e_key[64];
+ u4byte d_key[64];
+} rijndael_ctx;
+
+
+/* 2. Standard interface for AES cryptographic routines */
+
+/* These are all based on 32 bit unsigned values and will therefore */
+/* require endian conversions for big-endian architectures */
+
+rijndael_ctx *
+ rijndael_set_key(rijndael_ctx *, const u4byte *, const u4byte, int);
+void rijndael_encrypt(rijndael_ctx *, const u4byte *, u4byte *);
+void rijndael_decrypt(rijndael_ctx *, const u4byte *, u4byte *);
+
+/* conventional interface */
+
+void aes_set_key(rijndael_ctx *ctx, const uint8 *key, unsigned keybits, int enc);
+void aes_ecb_encrypt(rijndael_ctx *ctx, uint8 *data, unsigned len);
+void aes_ecb_decrypt(rijndael_ctx *ctx, uint8 *data, unsigned len);
+void aes_cbc_encrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len);
+void aes_cbc_decrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len);
+
+#endif /* _RIJNDAEL_H_ */