postgresql/contrib/pgcrypto/px.c

371 lines
7.1 KiB
C
Raw Normal View History

2001-08-21 09:32:01 +08:00
/*
* px.c
* Various cryptographic stuff for PostgreSQL.
*
2001-08-21 09:32:01 +08:00
* Copyright (c) 2001 Marko Kreen
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
2001-08-21 09:32:01 +08:00
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
2001-08-21 09:32:01 +08:00
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
2001-08-21 09:32:01 +08:00
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.11 2005/03/21 05:22:14 neilc Exp $
2001-08-21 09:32:01 +08:00
*/
#include <postgres.h>
#include "px.h"
struct error_desc {
int err;
const char *desc;
};
static const struct error_desc px_err_list[] = {
{PXE_OK, "Everything ok"},
{PXE_ERR_GENERIC, "Some PX error (not specified)"},
{PXE_NO_HASH, "No such hash algorithm"},
{PXE_NO_CIPHER, "No such cipher algorithm"},
{PXE_NOTBLOCKSIZE, "Data not a multiple of block size"},
{PXE_BAD_OPTION, "Unknown option"},
{PXE_BAD_FORMAT, "Badly formatted type"},
{PXE_KEY_TOO_BIG, "Key was too big"},
{PXE_CIPHER_INIT, "Cipher cannot be initalized ?"},
{PXE_HASH_UNUSABLE_FOR_HMAC, "This hash algorithm is unusable for HMAC"},
{PXE_DEV_READ_ERROR, "Error reading from random device"},
{PXE_OSSL_RAND_ERROR, "OpenSSL PRNG error"},
{PXE_BUG, "pgcrypto bug"},
{PXE_ARGUMENT_ERROR, "Illegal argument to function"},
{PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"},
{PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
{PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
{PXE_NO_RANDOM, "No strong random source"},
{0, NULL},
};
const char *px_strerror(int err)
{
const struct error_desc *e;
for (e = px_err_list; e->desc; e++)
if (e->err == err)
return e->desc;
return "Bad error code";
}
2001-08-21 09:32:01 +08:00
const char *
px_resolve_alias(const PX_Alias * list, const char *name)
2001-08-21 09:32:01 +08:00
{
while (list->name)
{
if (pg_strcasecmp(list->alias, name) == 0)
2001-08-21 09:32:01 +08:00
return list->name;
list++;
}
return name;
}
/*
* combo - cipher + padding (+ checksum)
*/
static unsigned
combo_encrypt_len(PX_Combo * cx, unsigned dlen)
2001-08-21 09:32:01 +08:00
{
return dlen + 512;
}
static unsigned
combo_decrypt_len(PX_Combo * cx, unsigned dlen)
2001-08-21 09:32:01 +08:00
{
return dlen;
}
static int
combo_init(PX_Combo * cx, const uint8 *key, unsigned klen,
const uint8 *iv, unsigned ivlen)
2001-08-21 09:32:01 +08:00
{
int err;
unsigned bs,
ks,
ivs;
PX_Cipher *c = cx->cipher;
uint8 *ivbuf = NULL;
uint8 *keybuf;
2001-08-21 09:32:01 +08:00
bs = px_cipher_block_size(c);
ks = px_cipher_key_size(c);
ivs = px_cipher_iv_size(c);
if (ivs > 0)
{
2001-08-21 09:32:01 +08:00
ivbuf = px_alloc(ivs);
memset(ivbuf, 0, ivs);
if (ivlen > ivs)
memcpy(ivbuf, iv, ivs);
else
memcpy(ivbuf, iv, ivlen);
}
if (klen > ks)
klen = ks;
2001-08-21 09:32:01 +08:00
keybuf = px_alloc(ks);
memset(keybuf, 0, ks);
memcpy(keybuf, key, klen);
err = px_cipher_init(c, keybuf, klen, ivbuf);
if (ivbuf)
px_free(ivbuf);
px_free(keybuf);
2001-08-21 09:32:01 +08:00
return err;
}
static int
combo_encrypt(PX_Combo * cx, const uint8 *data, unsigned dlen,
uint8 *res, unsigned *rlen)
2001-08-21 09:32:01 +08:00
{
int err = 0;
uint8 *bbuf;
unsigned bs,
maxlen,
bpos,
i,
pad;
2001-08-21 09:32:01 +08:00
PX_Cipher *c = cx->cipher;
2001-08-21 09:32:01 +08:00
bbuf = NULL;
maxlen = *rlen;
bs = px_cipher_block_size(c);
2001-08-21 09:32:01 +08:00
/* encrypt */
if (bs > 1)
{
2001-08-21 09:32:01 +08:00
bbuf = px_alloc(bs * 4);
bpos = dlen % bs;
*rlen = dlen - bpos;
memcpy(bbuf, data + *rlen, bpos);
/* encrypt full-block data */
if (*rlen)
{
2001-08-21 09:32:01 +08:00
err = px_cipher_encrypt(c, data, *rlen, res);
if (err)
goto out;
}
2001-08-21 09:32:01 +08:00
/* bbuf has now bpos bytes of stuff */
if (cx->padding)
{
2001-08-21 09:32:01 +08:00
pad = bs - (bpos % bs);
for (i = 0; i < pad; i++)
bbuf[bpos++] = pad;
}
else if (bpos % bs)
{
2001-08-21 09:32:01 +08:00
/* ERROR? */
pad = bs - (bpos % bs);
for (i = 0; i < pad; i++)
bbuf[bpos++] = 0;
}
/* encrypt the rest - pad */
if (bpos)
{
2001-08-21 09:32:01 +08:00
err = px_cipher_encrypt(c, bbuf, bpos, res + *rlen);
*rlen += bpos;
}
}
else
{
2001-08-21 09:32:01 +08:00
/* stream cipher/mode - no pad needed */
err = px_cipher_encrypt(c, data, dlen, res);
if (err)
goto out;
*rlen = dlen;
}
out:
if (bbuf)
px_free(bbuf);
2001-08-21 09:32:01 +08:00
return err;
}
static int
combo_decrypt(PX_Combo * cx, const uint8 *data, unsigned dlen,
uint8 *res, unsigned *rlen)
2001-08-21 09:32:01 +08:00
{
unsigned bs,
i,
pad;
unsigned pad_ok;
2001-08-21 09:32:01 +08:00
PX_Cipher *c = cx->cipher;
2001-08-21 09:32:01 +08:00
bs = px_cipher_block_size(c);
if (bs > 1 && (dlen % bs) != 0)
2001-08-21 09:32:01 +08:00
goto block_error;
2001-08-21 09:32:01 +08:00
/* decrypt */
*rlen = dlen;
px_cipher_decrypt(c, data, dlen, res);
2001-08-21 09:32:01 +08:00
/* unpad */
if (bs > 1 && cx->padding)
{
2001-08-21 09:32:01 +08:00
pad = res[*rlen - 1];
pad_ok = 0;
if (pad > 0 && pad <= bs && pad <= *rlen)
{
2001-08-21 09:32:01 +08:00
pad_ok = 1;
for (i = *rlen - pad; i < *rlen; i++)
if (res[i] != pad)
{
2001-08-21 09:32:01 +08:00
pad_ok = 0;
break;
}
}
2001-08-21 09:32:01 +08:00
if (pad_ok)
*rlen -= pad;
}
return 0;
2001-08-21 09:32:01 +08:00
block_error:
return PXE_NOTBLOCKSIZE;
2001-08-21 09:32:01 +08:00
}
static void
combo_free(PX_Combo * cx)
2001-08-21 09:32:01 +08:00
{
if (cx->cipher)
px_cipher_free(cx->cipher);
memset(cx, 0, sizeof(*cx));
px_free(cx);
}
/* PARSER */
static int
2001-08-21 09:32:01 +08:00
parse_cipher_name(char *full, char **cipher, char **pad)
{
char *p,
*p2,
*q;
2001-08-21 09:32:01 +08:00
*cipher = full;
*pad = NULL;
2001-08-21 09:32:01 +08:00
p = strchr(full, '/');
if (p != NULL)
*p++ = 0;
while (p != NULL)
{
2001-08-21 09:32:01 +08:00
if ((q = strchr(p, '/')) != NULL)
*q++ = 0;
if (!*p)
{
2001-08-21 09:32:01 +08:00
p = q;
continue;
}
p2 = strchr(p, ':');
if (p2 != NULL)
{
2001-08-21 09:32:01 +08:00
*p2++ = 0;
if (!strcmp(p, "pad"))
2001-08-21 09:32:01 +08:00
*pad = p2;
else
return PXE_BAD_OPTION;
}
else
return PXE_BAD_FORMAT;
2001-08-21 09:32:01 +08:00
p = q;
}
return 0;
2001-08-21 09:32:01 +08:00
}
/* provider */
int
px_find_combo(const char *name, PX_Combo ** res)
2001-08-21 09:32:01 +08:00
{
int err;
char *buf,
*s_cipher,
*s_pad;
2001-08-21 09:32:01 +08:00
PX_Combo *cx;
2001-08-21 09:32:01 +08:00
cx = px_alloc(sizeof(*cx));
memset(cx, 0, sizeof(*cx));
buf = px_alloc(strlen(name) + 1);
strcpy(buf, name);
err = parse_cipher_name(buf, &s_cipher, &s_pad);
if (err)
{
2001-08-21 09:32:01 +08:00
px_free(buf);
px_free(cx);
return err;
2001-08-21 09:32:01 +08:00
}
err = px_find_cipher(s_cipher, &cx->cipher);
if (err)
goto err1;
if (s_pad != NULL)
{
2001-08-21 09:32:01 +08:00
if (!strcmp(s_pad, "pkcs"))
cx->padding = 1;
else if (!strcmp(s_pad, "none"))
cx->padding = 0;
else
goto err1;
}
else
2001-08-21 09:32:01 +08:00
cx->padding = 1;
cx->init = combo_init;
cx->encrypt = combo_encrypt;
cx->decrypt = combo_decrypt;
cx->encrypt_len = combo_encrypt_len;
cx->decrypt_len = combo_decrypt_len;
cx->free = combo_free;
px_free(buf);
*res = cx;
return 0;
2001-08-21 09:32:01 +08:00
err1:
if (cx->cipher)
px_cipher_free(cx->cipher);
px_free(cx);
px_free(buf);
return PXE_NO_CIPHER;
2001-08-21 09:32:01 +08:00
}