mirror of
https://git.postgresql.org/git/postgresql.git
synced 2025-01-12 18:34:36 +08:00
ab56022864
salt generation code. He also urged using better random source and making possible to choose using bcrypt and xdes rounds more easily. So, here's patch: * For all salt generation, use Solar Designer's own code. This is mostly due fact that his code is more fit for get_random_bytes() style interface. * New function: gen_salt(type, rounds). This lets specify iteration count for algorithm. * random.c: px_get_random_bytes() function. Supported randomness soure: /dev/urandom, OpenSSL PRNG, libc random() Default: /dev/urandom. * Draft description of C API for pgcrypto functions. New files: API, crypt-gensalt.c, random.c Marko Kreen
164 lines
3.5 KiB
Plaintext
164 lines
3.5 KiB
Plaintext
|
|
C API for pgcrypto
|
|
==================
|
|
|
|
|
|
UN*X crypt()
|
|
============
|
|
|
|
#include <px-crypt.h>
|
|
|
|
char *
|
|
px_crypt(const char *psw, const char *salt, char *buf, unsigned buflen);
|
|
|
|
returns buf or NULL for error.
|
|
|
|
unsigned px_gen_salt(const char *salt_type, char *dst, int rounds);
|
|
|
|
returns salt size. dst should be PX_MAX_SALT_LEN bytes.
|
|
'rounds' is algorithm specific. 0 means default for
|
|
that algorithm.
|
|
|
|
Random
|
|
======
|
|
|
|
int px_rand_get_bytes(uint8 *dst, int num)
|
|
|
|
|
|
Crypto "objects"
|
|
================
|
|
|
|
PX_MD - Message digest
|
|
PX_HMAC - HMAC (Hash MAC)
|
|
PX_Cipher - cipher+mode: provided by libs
|
|
PX_Combo - higher-level encryption -> padding, [MD]
|
|
|
|
Objects are activated with following functions:
|
|
|
|
int px_find_digest(const char *name, PX_MD **res);
|
|
int px_find_hmac(const char *name, PX_HMAC **res);
|
|
int px_find_cipher(const char *name, PX_Cipher **res);
|
|
int px_find_combo(const char *name, PX_Combo **res);
|
|
|
|
returns 0 on success, < 0 on error. If successful,
|
|
*res contains pointer to new object.
|
|
|
|
Message Digest
|
|
==============
|
|
|
|
uint px_md_result_size(PX_MD *md)
|
|
|
|
returns final result size in bytes
|
|
|
|
void px_md_reset(PX_MD *md)
|
|
|
|
resets md to clean state
|
|
|
|
uint px_md_block_size(PX_MD *md)
|
|
|
|
return algorithm block size in bytes
|
|
|
|
void px_md_update(PX_MD *md, const uint8 *data, uint dlen)
|
|
|
|
updates hash state with new data
|
|
|
|
void px_md_finish(PX_MD *md, uint8 *buf)
|
|
|
|
puts final hash state into buf. buf should have room
|
|
for px_md_result_size() bytes.
|
|
|
|
void px_md_free(PX_MD *md)
|
|
|
|
frees resources.
|
|
|
|
HMAC (Hash Message Authentication Code)
|
|
=======================================
|
|
|
|
int px_hmac_init(PX_HMAC *hmac, const uint8 *key, uint klen)
|
|
|
|
initalized hmac state with key.
|
|
|
|
uint px_hmac_result_size(PX_HMAC *md)
|
|
|
|
returns final result size in bytes
|
|
|
|
void px_hmac_reset(PX_HMAC *md)
|
|
|
|
resets md to state after _init()
|
|
|
|
uint px_hmac_block_size(PX_HMAC *md)
|
|
|
|
return algorithm block size in bytes
|
|
|
|
void px_hmac_update(PX_HMAC *md, const uint8 *data, uint dlen)
|
|
|
|
updates hash state with new data
|
|
|
|
void px_hmac_finish(PX_HMAC *md, uint8 *buf)
|
|
|
|
puts final hash state into buf. buf should have room
|
|
for px_hmac_result_size() bytes.
|
|
|
|
void px_hmac_free(PX_HMAC *md)
|
|
|
|
frees resources.
|
|
|
|
|
|
Cipher
|
|
======
|
|
|
|
uint px_cipher_key_size(PX_Cipher *c)
|
|
|
|
returns max key size in bytes
|
|
|
|
uint px_cipher_block_size(PX_Cipher *c)
|
|
|
|
returns cipher+mode block size in bytes. So blowfish
|
|
in CFB mode should return 1.
|
|
|
|
uint px_cipher_iv_size(PX_Cipher *c)
|
|
|
|
returns IV size in bytes.
|
|
|
|
int px_cipher_init(PX_Cipher *c, uint8 *key, uint klen, uint8 *iv)
|
|
|
|
initializes cipher with supplied key and iv.
|
|
|
|
int px_cipher_encrypt(PX_Cipher *c, uint8 *data, uint dlen, uint8 *res)
|
|
|
|
encrypts data. res must have room for dlen bytes.
|
|
data must be multiple of px_cipher_block_size().
|
|
|
|
int px_cipher_decrypt(PX_Cipher *c, uint8 *data, uint dlen, uint8 *res)
|
|
|
|
decrypts data. res must have room for dlen bytes.
|
|
|
|
void px_cipher_free(PX_Cipher *c)
|
|
|
|
frees resources assiocated.
|
|
|
|
PX_Combo
|
|
========
|
|
|
|
uint px_combo_encrypt_len(PX_Combo *c, uint dlen)
|
|
|
|
calculates max result length for dlen of data.
|
|
|
|
uint px_combo_decrypt_len(PX_Combo *c, uint dlen)
|
|
|
|
calculates result length for dlen of data.
|
|
|
|
int px_combo_init(PX_Combo *c, uint8 *key, uint klen, uint8 *iv, uint ivlen)
|
|
|
|
initializes c with key and iv. If cipher uses fixed length keys,
|
|
key will be padded with zeroes to needed length.
|
|
|
|
int px_combo_encrypt(PX_Combo *c, uint8 *data, uint dlen, uint8 *res, uint rlen)
|
|
|
|
int px_combo_decrypt(PX_Combo *c, uint8 *data, uint dlen, uint8 *res, uint rlen)
|
|
|
|
void px_combo_free(PX_Combo *c)
|
|
|
|
frees resources assiocated.
|
|
|