hawq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject [04/13] incubator-hawq git commit: HAWQ-1007. Add the pgcrypto code into hawq
Date Wed, 07 Sep 2016 02:57:42 GMT
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/px.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
new file mode 100644
index 0000000..f23d4de
--- /dev/null
+++ b/contrib/pgcrypto/px.c
@@ -0,0 +1,437 @@
+/*
+ * px.c
+ *		Various cryptographic stuff for PostgreSQL.
+ *
+ * Copyright (c) 2001 Marko Kreen
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *	  notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *	  notice, this list of conditions and the following disclaimer in the
+ *	  documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.	IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * contrib/pgcrypto/px.c
+ */
+
+#include "postgres.h"
+
+#include "px.h"
+
+struct error_desc
+{
+	int			err;
+	const char *desc;
+};
+
+static const struct error_desc px_err_list[] = {
+	{PXE_OK, "Everything ok"},
+	{PXE_ERR_GENERIC, "Some PX error (not specified)"},
+	{PXE_NO_HASH, "No such hash algorithm"},
+	{PXE_NO_CIPHER, "No such cipher algorithm"},
+	{PXE_NOTBLOCKSIZE, "Data not a multiple of block size"},
+	{PXE_BAD_OPTION, "Unknown option"},
+	{PXE_BAD_FORMAT, "Badly formatted type"},
+	{PXE_KEY_TOO_BIG, "Key was too big"},
+	{PXE_CIPHER_INIT, "Cipher cannot be initalized ?"},
+	{PXE_HASH_UNUSABLE_FOR_HMAC, "This hash algorithm is unusable for HMAC"},
+	{PXE_DEV_READ_ERROR, "Error reading from random device"},
+	{PXE_OSSL_RAND_ERROR, "OpenSSL PRNG error"},
+	{PXE_BUG, "pgcrypto bug"},
+	{PXE_ARGUMENT_ERROR, "Illegal argument to function"},
+	{PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"},
+	{PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
+	{PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
+	{PXE_NO_RANDOM, "No strong random source"},
+	{PXE_DECRYPT_FAILED, "Decryption failed"},
+	{PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"},
+	{PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"},
+	{PXE_PGP_UNSUPPORTED_COMPR, "Unsupported compression algorithm"},
+	{PXE_PGP_UNSUPPORTED_CIPHER, "Unsupported cipher algorithm"},
+	{PXE_PGP_UNSUPPORTED_HASH, "Unsupported digest algorithm"},
+	{PXE_PGP_COMPRESSION_ERROR, "Compression error"},
+	{PXE_PGP_NOT_TEXT, "Not text data"},
+	{PXE_PGP_UNEXPECTED_PKT, "Unexpected packet in key data"},
+	{PXE_PGP_NO_BIGNUM,
+		"public-key functions disabled - "
+	"pgcrypto needs OpenSSL for bignums"},
+	{PXE_PGP_MATH_FAILED, "Math operation failed"},
+	{PXE_PGP_SHORT_ELGAMAL_KEY, "Elgamal keys must be at least 1024 bits long"},
+	{PXE_PGP_RSA_UNSUPPORTED, "pgcrypto does not support RSA keys"},
+	{PXE_PGP_UNKNOWN_PUBALGO, "Unknown public-key encryption algorithm"},
+	{PXE_PGP_WRONG_KEY, "Wrong key"},
+	{PXE_PGP_MULTIPLE_KEYS,
+	"Several keys given - pgcrypto does not handle keyring"},
+	{PXE_PGP_EXPECT_PUBLIC_KEY, "Refusing to encrypt with secret key"},
+	{PXE_PGP_EXPECT_SECRET_KEY, "Cannot decrypt with public key"},
+	{PXE_PGP_NOT_V4_KEYPKT, "Only V4 key packets are supported"},
+	{PXE_PGP_KEYPKT_CORRUPT, "Corrupt key packet"},
+	{PXE_PGP_NO_USABLE_KEY, "No encryption key found"},
+	{PXE_PGP_NEED_SECRET_PSW, "Need password for secret key"},
+	{PXE_PGP_BAD_S2K_MODE, "Bad S2K mode"},
+	{PXE_PGP_UNSUPPORTED_PUBALGO, "Unsupported public key algorithm"},
+	{PXE_PGP_MULTIPLE_SUBKEYS, "Several subkeys not supported"},
+
+	/* fake this as PXE_PGP_CORRUPT_DATA */
+	{PXE_MBUF_SHORT_READ, "Corrupt data"},
+
+	{0, NULL},
+};
+
+const char *
+px_strerror(int err)
+{
+	const struct error_desc *e;
+
+	for (e = px_err_list; e->desc; e++)
+		if (e->err == err)
+			return e->desc;
+	return "Bad error code";
+}
+
+
+const char *
+px_resolve_alias(const PX_Alias *list, const char *name)
+{
+	while (list->name)
+	{
+		if (pg_strcasecmp(list->alias, name) == 0)
+			return list->name;
+		list++;
+	}
+	return name;
+}
+
+static void (*debug_handler) (const char *) = NULL;
+
+void
+px_set_debug_handler(void (*handler) (const char *))
+{
+	debug_handler = handler;
+}
+
+void
+px_debug(const char *fmt,...)
+{
+	va_list		ap;
+
+	va_start(ap, fmt);
+	if (debug_handler)
+	{
+		char		buf[512];
+
+		vsnprintf(buf, sizeof(buf), fmt, ap);
+		debug_handler(buf);
+	}
+	va_end(ap);
+}
+
+/*
+ * combo - cipher + padding (+ checksum)
+ */
+
+static unsigned
+combo_encrypt_len(PX_Combo *cx, unsigned dlen)
+{
+	return dlen + 512;
+}
+
+static unsigned
+combo_decrypt_len(PX_Combo *cx, unsigned dlen)
+{
+	return dlen;
+}
+
+static int
+combo_init(PX_Combo *cx, const uint8 *key, unsigned klen,
+		   const uint8 *iv, unsigned ivlen)
+{
+	int			err;
+	unsigned	ks,
+				ivs;
+	PX_Cipher  *c = cx->cipher;
+	uint8	   *ivbuf = NULL;
+	uint8	   *keybuf;
+
+	ks = px_cipher_key_size(c);
+
+	ivs = px_cipher_iv_size(c);
+	if (ivs > 0)
+	{
+		ivbuf = px_alloc(ivs);
+		memset(ivbuf, 0, ivs);
+		if (ivlen > ivs)
+			memcpy(ivbuf, iv, ivs);
+		else
+			memcpy(ivbuf, iv, ivlen);
+	}
+
+	if (klen > ks)
+		klen = ks;
+	keybuf = px_alloc(ks);
+	memset(keybuf, 0, ks);
+	memcpy(keybuf, key, klen);
+
+	err = px_cipher_init(c, keybuf, klen, ivbuf);
+
+	if (ivbuf)
+		px_free(ivbuf);
+	px_free(keybuf);
+
+	return err;
+}
+
+static int
+combo_encrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
+			  uint8 *res, unsigned *rlen)
+{
+	int			err = 0;
+	uint8	   *bbuf;
+	unsigned	bs,
+				bpos,
+				i,
+				pad;
+
+	PX_Cipher  *c = cx->cipher;
+
+	bbuf = NULL;
+	bs = px_cipher_block_size(c);
+
+	/* encrypt */
+	if (bs > 1)
+	{
+		bbuf = px_alloc(bs * 4);
+		bpos = dlen % bs;
+		*rlen = dlen - bpos;
+		memcpy(bbuf, data + *rlen, bpos);
+
+		/* encrypt full-block data */
+		if (*rlen)
+		{
+			err = px_cipher_encrypt(c, data, *rlen, res);
+			if (err)
+				goto out;
+		}
+
+		/* bbuf has now bpos bytes of stuff */
+		if (cx->padding)
+		{
+			pad = bs - (bpos % bs);
+			for (i = 0; i < pad; i++)
+				bbuf[bpos++] = pad;
+		}
+		else if (bpos % bs)
+		{
+			/* ERROR? */
+			pad = bs - (bpos % bs);
+			for (i = 0; i < pad; i++)
+				bbuf[bpos++] = 0;
+		}
+
+		/* encrypt the rest - pad */
+		if (bpos)
+		{
+			err = px_cipher_encrypt(c, bbuf, bpos, res + *rlen);
+			*rlen += bpos;
+		}
+	}
+	else
+	{
+		/* stream cipher/mode - no pad needed */
+		err = px_cipher_encrypt(c, data, dlen, res);
+		if (err)
+			goto out;
+		*rlen = dlen;
+	}
+out:
+	if (bbuf)
+		px_free(bbuf);
+
+	return err;
+}
+
+static int
+combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
+			  uint8 *res, unsigned *rlen)
+{
+	unsigned	bs,
+				i,
+				pad;
+	unsigned	pad_ok;
+
+	PX_Cipher  *c = cx->cipher;
+
+	/* decide whether zero-length input is allowed */
+	if (dlen == 0)
+	{
+		/* with padding, empty ciphertext is not allowed */
+		if (cx->padding)
+			return PXE_DECRYPT_FAILED;
+
+		/* without padding, report empty result */
+		*rlen = 0;
+		return 0;
+	}
+
+	bs = px_cipher_block_size(c);
+	if (bs > 1 && (dlen % bs) != 0)
+		goto block_error;
+
+	/* decrypt */
+	*rlen = dlen;
+	px_cipher_decrypt(c, data, dlen, res);
+
+	/* unpad */
+	if (bs > 1 && cx->padding)
+	{
+		pad = res[*rlen - 1];
+		pad_ok = 0;
+		if (pad > 0 && pad <= bs && pad <= *rlen)
+		{
+			pad_ok = 1;
+			for (i = *rlen - pad; i < *rlen; i++)
+				if (res[i] != pad)
+				{
+					pad_ok = 0;
+					break;
+				}
+		}
+
+		if (pad_ok)
+			*rlen -= pad;
+	}
+
+	return 0;
+
+block_error:
+	return PXE_NOTBLOCKSIZE;
+}
+
+static void
+combo_free(PX_Combo *cx)
+{
+	if (cx->cipher)
+		px_cipher_free(cx->cipher);
+	memset(cx, 0, sizeof(*cx));
+	px_free(cx);
+}
+
+/* PARSER */
+
+static int
+parse_cipher_name(char *full, char **cipher, char **pad)
+{
+	char	   *p,
+			   *p2,
+			   *q;
+
+	*cipher = full;
+	*pad = NULL;
+
+	p = strchr(full, '/');
+	if (p != NULL)
+		*p++ = 0;
+	while (p != NULL)
+	{
+		if ((q = strchr(p, '/')) != NULL)
+			*q++ = 0;
+
+		if (!*p)
+		{
+			p = q;
+			continue;
+		}
+		p2 = strchr(p, ':');
+		if (p2 != NULL)
+		{
+			*p2++ = 0;
+			if (strcmp(p, "pad") == 0)
+				*pad = p2;
+			else
+				return PXE_BAD_OPTION;
+		}
+		else
+			return PXE_BAD_FORMAT;
+
+		p = q;
+	}
+	return 0;
+}
+
+/* provider */
+
+int
+px_find_combo(const char *name, PX_Combo **res)
+{
+	int			err;
+	char	   *buf,
+			   *s_cipher,
+			   *s_pad;
+
+	PX_Combo   *cx;
+
+	cx = px_alloc(sizeof(*cx));
+	memset(cx, 0, sizeof(*cx));
+
+	buf = px_alloc(strlen(name) + 1);
+	strcpy(buf, name);
+
+	err = parse_cipher_name(buf, &s_cipher, &s_pad);
+	if (err)
+	{
+		px_free(buf);
+		px_free(cx);
+		return err;
+	}
+
+	err = px_find_cipher(s_cipher, &cx->cipher);
+	if (err)
+		goto err1;
+
+	if (s_pad != NULL)
+	{
+		if (strcmp(s_pad, "pkcs") == 0)
+			cx->padding = 1;
+		else if (strcmp(s_pad, "none") == 0)
+			cx->padding = 0;
+		else
+			goto err1;
+	}
+	else
+		cx->padding = 1;
+
+	cx->init = combo_init;
+	cx->encrypt = combo_encrypt;
+	cx->decrypt = combo_decrypt;
+	cx->encrypt_len = combo_encrypt_len;
+	cx->decrypt_len = combo_decrypt_len;
+	cx->free = combo_free;
+
+	px_free(buf);
+
+	*res = cx;
+
+	return 0;
+
+err1:
+	if (cx->cipher)
+		px_cipher_free(cx->cipher);
+	px_free(cx);
+	px_free(buf);
+	return PXE_NO_CIPHER;
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/px.h
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h
new file mode 100644
index 0000000..610b7fa
--- /dev/null
+++ b/contrib/pgcrypto/px.h
@@ -0,0 +1,250 @@
+/*
+ * px.h
+ *		Header file for pgcrypto.
+ *
+ * Copyright (c) 2001 Marko Kreen
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *	  notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *	  notice, this list of conditions and the following disclaimer in the
+ *	  documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.	IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * contrib/pgcrypto/px.h
+ */
+
+#ifndef __PX_H
+#define __PX_H
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+/* keep debug messages? */
+#define PX_DEBUG
+
+/* a way to disable palloc
+ * - useful if compiled into standalone
+ */
+#ifndef PX_OWN_ALLOC
+#define px_alloc(s) palloc(s)
+#define px_realloc(p, s) repalloc(p, s)
+#define px_free(p)	pfree(p)
+#else
+void	   *px_alloc(size_t s);
+void	   *px_realloc(void *p, size_t s);
+void		px_free(void *p);
+#endif
+
+/* max len of 'type' parms */
+#define PX_MAX_NAMELEN		128
+
+/* max salt returned */
+#define PX_MAX_SALT_LEN		128
+
+/*
+ * PX error codes
+ */
+#define PXE_OK						0
+#define PXE_ERR_GENERIC				-1
+#define PXE_NO_HASH					-2
+#define PXE_NO_CIPHER				-3
+#define PXE_NOTBLOCKSIZE			-4
+#define PXE_BAD_OPTION				-5
+#define PXE_BAD_FORMAT				-6
+#define PXE_KEY_TOO_BIG				-7
+#define PXE_CIPHER_INIT				-8
+#define PXE_HASH_UNUSABLE_FOR_HMAC	-9
+#define PXE_DEV_READ_ERROR			-10
+#define PXE_OSSL_RAND_ERROR			-11
+#define PXE_BUG						-12
+#define PXE_ARGUMENT_ERROR			-13
+#define PXE_UNKNOWN_SALT_ALGO		-14
+#define PXE_BAD_SALT_ROUNDS			-15
+#define PXE_MCRYPT_INTERNAL			-16
+#define PXE_NO_RANDOM				-17
+#define PXE_DECRYPT_FAILED			-18
+
+#define PXE_MBUF_SHORT_READ			-50
+
+#define PXE_PGP_CORRUPT_DATA		-100
+#define PXE_PGP_CORRUPT_ARMOR		-101
+#define PXE_PGP_UNSUPPORTED_COMPR	-102
+#define PXE_PGP_UNSUPPORTED_CIPHER	-103
+#define PXE_PGP_UNSUPPORTED_HASH	-104
+#define PXE_PGP_COMPRESSION_ERROR	-105
+#define PXE_PGP_NOT_TEXT			-106
+#define PXE_PGP_UNEXPECTED_PKT		-107
+#define PXE_PGP_NO_BIGNUM			-108
+#define PXE_PGP_MATH_FAILED			-109
+#define PXE_PGP_SHORT_ELGAMAL_KEY	-110
+#define PXE_PGP_RSA_UNSUPPORTED		-111
+#define PXE_PGP_UNKNOWN_PUBALGO		-112
+#define PXE_PGP_WRONG_KEY			-113
+#define PXE_PGP_MULTIPLE_KEYS		-114
+#define PXE_PGP_EXPECT_PUBLIC_KEY	-115
+#define PXE_PGP_EXPECT_SECRET_KEY	-116
+#define PXE_PGP_NOT_V4_KEYPKT		-117
+#define PXE_PGP_KEYPKT_CORRUPT		-118
+#define PXE_PGP_NO_USABLE_KEY		-119
+#define PXE_PGP_NEED_SECRET_PSW		-120
+#define PXE_PGP_BAD_S2K_MODE		-121
+#define PXE_PGP_UNSUPPORTED_PUBALGO -122
+#define PXE_PGP_MULTIPLE_SUBKEYS	-123
+
+
+typedef struct px_digest PX_MD;
+typedef struct px_alias PX_Alias;
+typedef struct px_hmac PX_HMAC;
+typedef struct px_cipher PX_Cipher;
+typedef struct px_combo PX_Combo;
+
+struct px_digest
+{
+	unsigned	(*result_size) (PX_MD *h);
+	unsigned	(*block_size) (PX_MD *h);
+	void		(*reset) (PX_MD *h);
+	void		(*update) (PX_MD *h, const uint8 *data, unsigned dlen);
+	void		(*finish) (PX_MD *h, uint8 *dst);
+	void		(*free) (PX_MD *h);
+	/* private */
+	union
+	{
+		unsigned	code;
+		void	   *ptr;
+	}			p;
+};
+
+struct px_alias
+{
+	char	   *alias;
+	char	   *name;
+};
+
+struct px_hmac
+{
+	unsigned	(*result_size) (PX_HMAC *h);
+	unsigned	(*block_size) (PX_HMAC *h);
+	void		(*reset) (PX_HMAC *h);
+	void		(*update) (PX_HMAC *h, const uint8 *data, unsigned dlen);
+	void		(*finish) (PX_HMAC *h, uint8 *dst);
+	void		(*free) (PX_HMAC *h);
+	void		(*init) (PX_HMAC *h, const uint8 *key, unsigned klen);
+
+	PX_MD	   *md;
+	/* private */
+	struct
+	{
+		uint8	   *ipad;
+		uint8	   *opad;
+	}			p;
+};
+
+struct px_cipher
+{
+	unsigned	(*block_size) (PX_Cipher *c);
+	unsigned	(*key_size) (PX_Cipher *c);		/* max key len */
+	unsigned	(*iv_size) (PX_Cipher *c);
+
+	int			(*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv);
+	int			(*encrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res);
+	int			(*decrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res);
+	void		(*free) (PX_Cipher *c);
+	/* private */
+	void	   *ptr;
+	int			pstat;			/* mcrypt uses it */
+};
+
+struct px_combo
+{
+	int			(*init) (PX_Combo *cx, const uint8 *key, unsigned klen,
+									 const uint8 *iv, unsigned ivlen);
+	int			(*encrypt) (PX_Combo *cx, const uint8 *data, unsigned dlen,
+										uint8 *res, unsigned *rlen);
+	int			(*decrypt) (PX_Combo *cx, const uint8 *data, unsigned dlen,
+										uint8 *res, unsigned *rlen);
+	unsigned	(*encrypt_len) (PX_Combo *cx, unsigned dlen);
+	unsigned	(*decrypt_len) (PX_Combo *cx, unsigned dlen);
+	void		(*free) (PX_Combo *cx);
+
+	PX_Cipher  *cipher;
+	unsigned	padding;
+};
+
+int			px_find_digest(const char *name, PX_MD **res);
+int			px_find_hmac(const char *name, PX_HMAC **res);
+int			px_find_cipher(const char *name, PX_Cipher **res);
+int			px_find_combo(const char *name, PX_Combo **res);
+
+int			px_get_random_bytes(uint8 *dst, unsigned count);
+int			px_get_pseudo_random_bytes(uint8 *dst, unsigned count);
+int			px_add_entropy(const uint8 *data, unsigned count);
+
+unsigned	px_acquire_system_randomness(uint8 *dst);
+
+const char *px_strerror(int err);
+
+const char *px_resolve_alias(const PX_Alias *aliases, const char *name);
+
+void		px_set_debug_handler(void (*handler) (const char *));
+
+#ifdef PX_DEBUG
+void		px_debug(const char *fmt, ...)
+	__attribute__((format(PG_PRINTF_ATTRIBUTE, 1, 2)));
+#else
+#define px_debug(...)
+#endif
+
+#define px_md_result_size(md)		(md)->result_size(md)
+#define px_md_block_size(md)		(md)->block_size(md)
+#define px_md_reset(md)			(md)->reset(md)
+#define px_md_update(md, data, dlen)	(md)->update(md, data, dlen)
+#define px_md_finish(md, buf)		(md)->finish(md, buf)
+#define px_md_free(md)			(md)->free(md)
+
+#define px_hmac_result_size(hmac)	(hmac)->result_size(hmac)
+#define px_hmac_block_size(hmac)	(hmac)->block_size(hmac)
+#define px_hmac_reset(hmac)		(hmac)->reset(hmac)
+#define px_hmac_init(hmac, key, klen)	(hmac)->init(hmac, key, klen)
+#define px_hmac_update(hmac, data, dlen) (hmac)->update(hmac, data, dlen)
+#define px_hmac_finish(hmac, buf)	(hmac)->finish(hmac, buf)
+#define px_hmac_free(hmac)		(hmac)->free(hmac)
+
+
+#define px_cipher_key_size(c)		(c)->key_size(c)
+#define px_cipher_block_size(c)		(c)->block_size(c)
+#define px_cipher_iv_size(c)		(c)->iv_size(c)
+#define px_cipher_init(c, k, klen, iv)	(c)->init(c, k, klen, iv)
+#define px_cipher_encrypt(c, data, dlen, res) \
+					(c)->encrypt(c, data, dlen, res)
+#define px_cipher_decrypt(c, data, dlen, res) \
+					(c)->decrypt(c, data, dlen, res)
+#define px_cipher_free(c)		(c)->free(c)
+
+
+#define px_combo_encrypt_len(c, dlen)	(c)->encrypt_len(c, dlen)
+#define px_combo_decrypt_len(c, dlen)	(c)->decrypt_len(c, dlen)
+#define px_combo_init(c, key, klen, iv, ivlen) \
+					(c)->init(c, key, klen, iv, ivlen)
+#define px_combo_encrypt(c, data, dlen, res, rlen) \
+					(c)->encrypt(c, data, dlen, res, rlen)
+#define px_combo_decrypt(c, data, dlen, res, rlen) \
+					(c)->decrypt(c, data, dlen, res, rlen)
+#define px_combo_free(c)		(c)->free(c)
+
+#endif   /* __PX_H */

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/random.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/random.c b/contrib/pgcrypto/random.c
new file mode 100644
index 0000000..393a0be
--- /dev/null
+++ b/contrib/pgcrypto/random.c
@@ -0,0 +1,244 @@
+/*
+ * random.c
+ *		Acquire randomness from system.  For seeding RNG.
+ *
+ * Copyright (c) 2001 Marko Kreen
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *	  notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *	  notice, this list of conditions and the following disclaimer in the
+ *	  documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.	IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * contrib/pgcrypto/random.c
+ */
+
+#include "postgres.h"
+
+#include "px.h"
+
+/* how many bytes to ask from system random provider */
+#define RND_BYTES  32
+
+/*
+ * Try to read from /dev/urandom or /dev/random on these OS'es.
+ *
+ * The list can be pretty liberal, as the device not existing
+ * is expected event.
+ */
+#if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__) \
+	|| defined(__NetBSD__) || defined(__DragonFly__) \
+	|| defined(__darwin__) || defined(__SOLARIS__) \
+	|| defined(__hpux) || defined(__HPUX__) \
+	|| defined(__CYGWIN__) || defined(_AIX)
+
+#define TRY_DEV_RANDOM
+
+#include <fcntl.h>
+#include <unistd.h>
+
+static int
+safe_read(int fd, void *buf, size_t count)
+{
+	int			done = 0;
+	char	   *p = buf;
+	int			res;
+
+	while (count)
+	{
+		res = read(fd, p, count);
+		if (res <= 0)
+		{
+			if (errno == EINTR)
+				continue;
+			return PXE_DEV_READ_ERROR;
+		}
+		p += res;
+		done += res;
+		count -= res;
+	}
+	return done;
+}
+
+static uint8 *
+try_dev_random(uint8 *dst)
+{
+	int			fd;
+	int			res;
+
+	fd = open("/dev/urandom", O_RDONLY, 0);
+	if (fd == -1)
+	{
+		fd = open("/dev/random", O_RDONLY, 0);
+		if (fd == -1)
+			return dst;
+	}
+	res = safe_read(fd, dst, RND_BYTES);
+	close(fd);
+	if (res > 0)
+		dst += res;
+	return dst;
+}
+#endif
+
+/*
+ * Try to find randomness on Windows
+ */
+#ifdef WIN32
+
+#define TRY_WIN32_GENRAND
+#define TRY_WIN32_PERFC
+
+#include <windows.h>
+#include <wincrypt.h>
+
+/*
+ * this function is from libtomcrypt
+ *
+ * try to use Microsoft crypto API
+ */
+static uint8 *
+try_win32_genrand(uint8 *dst)
+{
+	int			res;
+	HCRYPTPROV	h = 0;
+
+	res = CryptAcquireContext(&h, NULL, MS_DEF_PROV, PROV_RSA_FULL,
+							  (CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET));
+	if (!res)
+		res = CryptAcquireContext(&h, NULL, MS_DEF_PROV, PROV_RSA_FULL,
+			   CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET);
+	if (!res)
+		return dst;
+
+	res = CryptGenRandom(h, RND_BYTES, dst);
+	if (res == TRUE)
+		dst += RND_BYTES;
+
+	CryptReleaseContext(h, 0);
+	return dst;
+}
+
+static uint8 *
+try_win32_perfc(uint8 *dst)
+{
+	int			res;
+	LARGE_INTEGER time;
+
+	res = QueryPerformanceCounter(&time);
+	if (!res)
+		return dst;
+
+	memcpy(dst, &time, sizeof(time));
+	return dst + sizeof(time);
+}
+#endif   /* WIN32 */
+
+
+/*
+ * If we are not on Windows, then hopefully we are
+ * on a unix-like system.  Use the usual suspects
+ * for randomness.
+ */
+#ifndef WIN32
+
+#define TRY_UNIXSTD
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+#include <unistd.h>
+
+/*
+ * Everything here is predictible, only needs some patience.
+ *
+ * But there is a chance that the system-specific functions
+ * did not work.  So keep faith and try to slow the attacker down.
+ */
+static uint8 *
+try_unix_std(uint8 *dst)
+{
+	pid_t		pid;
+	int			x;
+	PX_MD	   *md;
+	struct timeval tv;
+	int			res;
+
+	/* process id */
+	pid = getpid();
+	memcpy(dst, (uint8 *) &pid, sizeof(pid));
+	dst += sizeof(pid);
+
+	/* time */
+	gettimeofday(&tv, NULL);
+	memcpy(dst, (uint8 *) &tv, sizeof(tv));
+	dst += sizeof(tv);
+
+	/* pointless, but should not hurt */
+	x = random();
+	memcpy(dst, (uint8 *) &x, sizeof(x));
+	dst += sizeof(x);
+
+	/* let's be desperate */
+	res = px_find_digest("sha1", &md);
+	if (res >= 0)
+	{
+		uint8	   *ptr;
+		uint8		stack[8192];
+		int			alloc = 32 * 1024;
+
+		px_md_update(md, stack, sizeof(stack));
+		ptr = px_alloc(alloc);
+		px_md_update(md, ptr, alloc);
+		px_free(ptr);
+
+		px_md_finish(md, dst);
+		px_md_free(md);
+
+		dst += 20;
+	}
+
+	return dst;
+}
+#endif
+
+/*
+ * try to extract some randomness for initial seeding
+ *
+ * dst should have room for 1024 bytes.
+ */
+unsigned
+px_acquire_system_randomness(uint8 *dst)
+{
+	uint8	   *p = dst;
+
+#ifdef TRY_DEV_RANDOM
+	p = try_dev_random(p);
+#endif
+#ifdef TRY_WIN32_GENRAND
+	p = try_win32_genrand(p);
+#endif
+#ifdef TRY_WIN32_PERFC
+	p = try_win32_perfc(p);
+#endif
+#ifdef TRY_UNIXSTD
+	p = try_unix_std(p);
+#endif
+	return p - dst;
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/rijndael.c
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/rijndael.c b/contrib/pgcrypto/rijndael.c
new file mode 100644
index 0000000..5651d03
--- /dev/null
+++ b/contrib/pgcrypto/rijndael.c
@@ -0,0 +1,677 @@
+/*	$OpenBSD: rijndael.c,v 1.6 2000/12/09 18:51:34 markus Exp $ */
+
+/* contrib/pgcrypto/rijndael.c */
+
+/* This is an independent implementation of the encryption algorithm:	*/
+/*																		*/
+/*		   RIJNDAEL by Joan Daemen and Vincent Rijmen					*/
+/*																		*/
+/* which is a candidate algorithm in the Advanced Encryption Standard	*/
+/* programme of the US National Institute of Standards and Technology.	*/
+/*																		*/
+/* Copyright in this implementation is held by Dr B R Gladman but I		*/
+/* hereby give permission for its free direct or derivative use subject */
+/* to acknowledgment of its origin and compliance with any conditions	*/
+/* that the originators of the algorithm place on its exploitation.		*/
+/*																		*/
+/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999		*/
+
+/* Timing data for Rijndael (rijndael.c)
+
+Algorithm: rijndael (rijndael.c)
+
+128 bit key:
+Key Setup:	  305/1389 cycles (encrypt/decrypt)
+Encrypt:	   374 cycles =    68.4 mbits/sec
+Decrypt:	   352 cycles =    72.7 mbits/sec
+Mean:		   363 cycles =    70.5 mbits/sec
+
+192 bit key:
+Key Setup:	  277/1595 cycles (encrypt/decrypt)
+Encrypt:	   439 cycles =    58.3 mbits/sec
+Decrypt:	   425 cycles =    60.2 mbits/sec
+Mean:		   432 cycles =    59.3 mbits/sec
+
+256 bit key:
+Key Setup:	  374/1960 cycles (encrypt/decrypt)
+Encrypt:	   502 cycles =    51.0 mbits/sec
+Decrypt:	   498 cycles =    51.4 mbits/sec
+Mean:		   500 cycles =    51.2 mbits/sec
+
+*/
+
+#include "postgres.h"
+
+#include <sys/param.h>
+
+#include "px.h"
+#include "rijndael.h"
+
+#define PRE_CALC_TABLES
+#define LARGE_TABLES
+
+static void gen_tabs(void);
+
+/* 3. Basic macros for speeding up generic operations				*/
+
+/* Circular rotate of 32 bit values									*/
+
+#define rotr(x,n)	(((x) >> ((int)(n))) | ((x) << (32 - (int)(n))))
+#define rotl(x,n)	(((x) << ((int)(n))) | ((x) >> (32 - (int)(n))))
+
+/* Invert byte order in a 32 bit variable							*/
+
+#define bswap(x)	((rotl((x), 8) & 0x00ff00ff) | (rotr((x), 8) & 0xff00ff00))
+
+/* Extract byte from a 32 bit quantity (little endian notation)		*/
+
+#define byte(x,n)	((u1byte)((x) >> (8 * (n))))
+
+#ifdef WORDS_BIGENDIAN
+#define io_swap(x)	bswap(x)
+#else
+#define io_swap(x)	(x)
+#endif
+
+#ifdef PRINT_TABS
+#undef PRE_CALC_TABLES
+#endif
+
+#ifdef PRE_CALC_TABLES
+
+#include "rijndael.tbl"
+#define tab_gen		1
+#else							/* !PRE_CALC_TABLES */
+
+static u1byte pow_tab[256];
+static u1byte log_tab[256];
+static u1byte sbx_tab[256];
+static u1byte isb_tab[256];
+static u4byte rco_tab[10];
+static u4byte ft_tab[4][256];
+static u4byte it_tab[4][256];
+
+#ifdef	LARGE_TABLES
+static u4byte fl_tab[4][256];
+static u4byte il_tab[4][256];
+#endif
+
+static u4byte tab_gen = 0;
+#endif   /* !PRE_CALC_TABLES */
+
+#define ff_mult(a,b)	((a) && (b) ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0)
+
+#define f_rn(bo, bi, n, k)								\
+	(bo)[n] =  ft_tab[0][byte((bi)[n],0)] ^				\
+			 ft_tab[1][byte((bi)[((n) + 1) & 3],1)] ^	\
+			 ft_tab[2][byte((bi)[((n) + 2) & 3],2)] ^	\
+			 ft_tab[3][byte((bi)[((n) + 3) & 3],3)] ^ *((k) + (n))
+
+#define i_rn(bo, bi, n, k)							\
+	(bo)[n] =  it_tab[0][byte((bi)[n],0)] ^				\
+			 it_tab[1][byte((bi)[((n) + 3) & 3],1)] ^	\
+			 it_tab[2][byte((bi)[((n) + 2) & 3],2)] ^	\
+			 it_tab[3][byte((bi)[((n) + 1) & 3],3)] ^ *((k) + (n))
+
+#ifdef LARGE_TABLES
+
+#define ls_box(x)				 \
+	( fl_tab[0][byte(x, 0)] ^	 \
+	  fl_tab[1][byte(x, 1)] ^	 \
+	  fl_tab[2][byte(x, 2)] ^	 \
+	  fl_tab[3][byte(x, 3)] )
+
+#define f_rl(bo, bi, n, k)								\
+	(bo)[n] =  fl_tab[0][byte((bi)[n],0)] ^				\
+			 fl_tab[1][byte((bi)[((n) + 1) & 3],1)] ^	\
+			 fl_tab[2][byte((bi)[((n) + 2) & 3],2)] ^	\
+			 fl_tab[3][byte((bi)[((n) + 3) & 3],3)] ^ *((k) + (n))
+
+#define i_rl(bo, bi, n, k)								\
+	(bo)[n] =  il_tab[0][byte((bi)[n],0)] ^				\
+			 il_tab[1][byte((bi)[((n) + 3) & 3],1)] ^	\
+			 il_tab[2][byte((bi)[((n) + 2) & 3],2)] ^	\
+			 il_tab[3][byte((bi)[((n) + 1) & 3],3)] ^ *((k) + (n))
+#else
+
+#define ls_box(x)							 \
+	((u4byte)sbx_tab[byte(x, 0)] <<  0) ^	 \
+	((u4byte)sbx_tab[byte(x, 1)] <<  8) ^	 \
+	((u4byte)sbx_tab[byte(x, 2)] << 16) ^	 \
+	((u4byte)sbx_tab[byte(x, 3)] << 24)
+
+#define f_rl(bo, bi, n, k)											\
+	(bo)[n] = (u4byte)sbx_tab[byte((bi)[n],0)] ^					\
+		rotl(((u4byte)sbx_tab[byte((bi)[((n) + 1) & 3],1)]),  8) ^	\
+		rotl(((u4byte)sbx_tab[byte((bi)[((n) + 2) & 3],2)]), 16) ^	\
+		rotl(((u4byte)sbx_tab[byte((bi)[((n) + 3) & 3],3)]), 24) ^ *((k) + (n))
+
+#define i_rl(bo, bi, n, k)											\
+	(bo)[n] = (u4byte)isb_tab[byte((bi)[n],0)] ^					\
+		rotl(((u4byte)isb_tab[byte((bi)[((n) + 3) & 3],1)]),  8) ^	\
+		rotl(((u4byte)isb_tab[byte((bi)[((n) + 2) & 3],2)]), 16) ^	\
+		rotl(((u4byte)isb_tab[byte((bi)[((n) + 1) & 3],3)]), 24) ^ *((k) + (n))
+#endif
+
+static void
+gen_tabs(void)
+{
+#ifndef PRE_CALC_TABLES
+	u4byte		i,
+				t;
+	u1byte		p,
+				q;
+
+	/* log and power tables for GF(2**8) finite field with	*/
+	/* 0x11b as modular polynomial - the simplest prmitive	*/
+	/* root is 0x11, used here to generate the tables		*/
+
+	for (i = 0, p = 1; i < 256; ++i)
+	{
+		pow_tab[i] = (u1byte) p;
+		log_tab[p] = (u1byte) i;
+
+		p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0);
+	}
+
+	log_tab[1] = 0;
+	p = 1;
+
+	for (i = 0; i < 10; ++i)
+	{
+		rco_tab[i] = p;
+
+		p = (p << 1) ^ (p & 0x80 ? 0x1b : 0);
+	}
+
+	/* note that the affine byte transformation matrix in	*/
+	/* rijndael specification is in big endian format with	*/
+	/* bit 0 as the most significant bit. In the remainder	*/
+	/* of the specification the bits are numbered from the	*/
+	/* least significant end of a byte.						*/
+
+	for (i = 0; i < 256; ++i)
+	{
+		p = (i ? pow_tab[255 - log_tab[i]] : 0);
+		q = p;
+		q = (q >> 7) | (q << 1);
+		p ^= q;
+		q = (q >> 7) | (q << 1);
+		p ^= q;
+		q = (q >> 7) | (q << 1);
+		p ^= q;
+		q = (q >> 7) | (q << 1);
+		p ^= q ^ 0x63;
+		sbx_tab[i] = (u1byte) p;
+		isb_tab[p] = (u1byte) i;
+	}
+
+	for (i = 0; i < 256; ++i)
+	{
+		p = sbx_tab[i];
+
+#ifdef	LARGE_TABLES
+
+		t = p;
+		fl_tab[0][i] = t;
+		fl_tab[1][i] = rotl(t, 8);
+		fl_tab[2][i] = rotl(t, 16);
+		fl_tab[3][i] = rotl(t, 24);
+#endif
+		t = ((u4byte) ff_mult(2, p)) |
+			((u4byte) p << 8) |
+			((u4byte) p << 16) |
+			((u4byte) ff_mult(3, p) << 24);
+
+		ft_tab[0][i] = t;
+		ft_tab[1][i] = rotl(t, 8);
+		ft_tab[2][i] = rotl(t, 16);
+		ft_tab[3][i] = rotl(t, 24);
+
+		p = isb_tab[i];
+
+#ifdef	LARGE_TABLES
+
+		t = p;
+		il_tab[0][i] = t;
+		il_tab[1][i] = rotl(t, 8);
+		il_tab[2][i] = rotl(t, 16);
+		il_tab[3][i] = rotl(t, 24);
+#endif
+		t = ((u4byte) ff_mult(14, p)) |
+			((u4byte) ff_mult(9, p) << 8) |
+			((u4byte) ff_mult(13, p) << 16) |
+			((u4byte) ff_mult(11, p) << 24);
+
+		it_tab[0][i] = t;
+		it_tab[1][i] = rotl(t, 8);
+		it_tab[2][i] = rotl(t, 16);
+		it_tab[3][i] = rotl(t, 24);
+	}
+
+	tab_gen = 1;
+#endif   /* !PRE_CALC_TABLES */
+}
+
+
+#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >>
7) * 0x1b)
+
+#define imix_col(y,x)		\
+do { \
+	u	= star_x(x);		\
+	v	= star_x(u);		\
+	w	= star_x(v);		\
+	t	= w ^ (x);			\
+   (y)	= u ^ v ^ w;		\
+   (y) ^= rotr(u ^ t,  8) ^ \
+		  rotr(v ^ t, 16) ^ \
+		  rotr(t,24);		\
+} while (0)
+
+/* initialise the key schedule from the user supplied key	*/
+
+#define loop4(i)									\
+do {   t = ls_box(rotr(t,  8)) ^ rco_tab[i];		   \
+	t ^= e_key[4 * i];	   e_key[4 * i + 4] = t;	\
+	t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t;	\
+	t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t;	\
+	t ^= e_key[4 * i + 3]; e_key[4 * i + 7] = t;	\
+} while (0)
+
+#define loop6(i)									\
+do {   t = ls_box(rotr(t,  8)) ^ rco_tab[i];		   \
+	t ^= e_key[6 * (i)];	   e_key[6 * (i) + 6] = t;	\
+	t ^= e_key[6 * (i) + 1]; e_key[6 * (i) + 7] = t;	\
+	t ^= e_key[6 * (i) + 2]; e_key[6 * (i) + 8] = t;	\
+	t ^= e_key[6 * (i) + 3]; e_key[6 * (i) + 9] = t;	\
+	t ^= e_key[6 * (i) + 4]; e_key[6 * (i) + 10] = t;	\
+	t ^= e_key[6 * (i) + 5]; e_key[6 * (i) + 11] = t;	\
+} while (0)
+
+#define loop8(i)									\
+do {   t = ls_box(rotr(t,  8)) ^ rco_tab[i];		   \
+	t ^= e_key[8 * (i)];	 e_key[8 * (i) + 8] = t;	\
+	t ^= e_key[8 * (i) + 1]; e_key[8 * (i) + 9] = t;	\
+	t ^= e_key[8 * (i) + 2]; e_key[8 * (i) + 10] = t;	\
+	t ^= e_key[8 * (i) + 3]; e_key[8 * (i) + 11] = t;	\
+	t  = e_key[8 * (i) + 4] ^ ls_box(t);				\
+	e_key[8 * (i) + 12] = t;							\
+	t ^= e_key[8 * (i) + 5]; e_key[8 * (i) + 13] = t;	\
+	t ^= e_key[8 * (i) + 6]; e_key[8 * (i) + 14] = t;	\
+	t ^= e_key[8 * (i) + 7]; e_key[8 * (i) + 15] = t;	\
+} while (0)
+
+rijndael_ctx *
+rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len,
+				 int encrypt)
+{
+	u4byte		i,
+				t,
+				u,
+				v,
+				w;
+	u4byte	   *e_key = ctx->e_key;
+	u4byte	   *d_key = ctx->d_key;
+
+	ctx->decrypt = !encrypt;
+
+	if (!tab_gen)
+		gen_tabs();
+
+	ctx->k_len = (key_len + 31) / 32;
+
+	e_key[0] = io_swap(in_key[0]);
+	e_key[1] = io_swap(in_key[1]);
+	e_key[2] = io_swap(in_key[2]);
+	e_key[3] = io_swap(in_key[3]);
+
+	switch (ctx->k_len)
+	{
+		case 4:
+			t = e_key[3];
+			for (i = 0; i < 10; ++i)
+				loop4(i);
+			break;
+
+		case 6:
+			e_key[4] = io_swap(in_key[4]);
+			t = e_key[5] = io_swap(in_key[5]);
+			for (i = 0; i < 8; ++i)
+				loop6(i);
+			break;
+
+		case 8:
+			e_key[4] = io_swap(in_key[4]);
+			e_key[5] = io_swap(in_key[5]);
+			e_key[6] = io_swap(in_key[6]);
+			t = e_key[7] = io_swap(in_key[7]);
+			for (i = 0; i < 7; ++i)
+				loop8(i);
+			break;
+	}
+
+	if (!encrypt)
+	{
+		d_key[0] = e_key[0];
+		d_key[1] = e_key[1];
+		d_key[2] = e_key[2];
+		d_key[3] = e_key[3];
+
+		for (i = 4; i < 4 * ctx->k_len + 24; ++i)
+			imix_col(d_key[i], e_key[i]);
+	}
+
+	return ctx;
+}
+
+/* encrypt a block of text	*/
+
+#define f_nround(bo, bi, k) \
+do { \
+	f_rn(bo, bi, 0, k);		\
+	f_rn(bo, bi, 1, k);		\
+	f_rn(bo, bi, 2, k);		\
+	f_rn(bo, bi, 3, k);		\
+	k += 4;					\
+} while (0)
+
+#define f_lround(bo, bi, k) \
+do { \
+	f_rl(bo, bi, 0, k);		\
+	f_rl(bo, bi, 1, k);		\
+	f_rl(bo, bi, 2, k);		\
+	f_rl(bo, bi, 3, k);		\
+} while (0)
+
+void
+rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
+{
+	u4byte		k_len = ctx->k_len;
+	u4byte	   *e_key = ctx->e_key;
+	u4byte		b0[4],
+				b1[4],
+			   *kp;
+
+	b0[0] = io_swap(in_blk[0]) ^ e_key[0];
+	b0[1] = io_swap(in_blk[1]) ^ e_key[1];
+	b0[2] = io_swap(in_blk[2]) ^ e_key[2];
+	b0[3] = io_swap(in_blk[3]) ^ e_key[3];
+
+	kp = e_key + 4;
+
+	if (k_len > 6)
+	{
+		f_nround(b1, b0, kp);
+		f_nround(b0, b1, kp);
+	}
+
+	if (k_len > 4)
+	{
+		f_nround(b1, b0, kp);
+		f_nround(b0, b1, kp);
+	}
+
+	f_nround(b1, b0, kp);
+	f_nround(b0, b1, kp);
+	f_nround(b1, b0, kp);
+	f_nround(b0, b1, kp);
+	f_nround(b1, b0, kp);
+	f_nround(b0, b1, kp);
+	f_nround(b1, b0, kp);
+	f_nround(b0, b1, kp);
+	f_nround(b1, b0, kp);
+	f_lround(b0, b1, kp);
+
+	out_blk[0] = io_swap(b0[0]);
+	out_blk[1] = io_swap(b0[1]);
+	out_blk[2] = io_swap(b0[2]);
+	out_blk[3] = io_swap(b0[3]);
+}
+
+/* decrypt a block of text	*/
+
+#define i_nround(bo, bi, k) \
+do { \
+	i_rn(bo, bi, 0, k);		\
+	i_rn(bo, bi, 1, k);		\
+	i_rn(bo, bi, 2, k);		\
+	i_rn(bo, bi, 3, k);		\
+	k -= 4;					\
+} while (0)
+
+#define i_lround(bo, bi, k) \
+do { \
+	i_rl(bo, bi, 0, k);		\
+	i_rl(bo, bi, 1, k);		\
+	i_rl(bo, bi, 2, k);		\
+	i_rl(bo, bi, 3, k);		\
+} while (0)
+
+void
+rijndael_decrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
+{
+	u4byte		b0[4],
+				b1[4],
+			   *kp;
+	u4byte		k_len = ctx->k_len;
+	u4byte	   *e_key = ctx->e_key;
+	u4byte	   *d_key = ctx->d_key;
+
+	b0[0] = io_swap(in_blk[0]) ^ e_key[4 * k_len + 24];
+	b0[1] = io_swap(in_blk[1]) ^ e_key[4 * k_len + 25];
+	b0[2] = io_swap(in_blk[2]) ^ e_key[4 * k_len + 26];
+	b0[3] = io_swap(in_blk[3]) ^ e_key[4 * k_len + 27];
+
+	kp = d_key + 4 * (k_len + 5);
+
+	if (k_len > 6)
+	{
+		i_nround(b1, b0, kp);
+		i_nround(b0, b1, kp);
+	}
+
+	if (k_len > 4)
+	{
+		i_nround(b1, b0, kp);
+		i_nround(b0, b1, kp);
+	}
+
+	i_nround(b1, b0, kp);
+	i_nround(b0, b1, kp);
+	i_nround(b1, b0, kp);
+	i_nround(b0, b1, kp);
+	i_nround(b1, b0, kp);
+	i_nround(b0, b1, kp);
+	i_nround(b1, b0, kp);
+	i_nround(b0, b1, kp);
+	i_nround(b1, b0, kp);
+	i_lround(b0, b1, kp);
+
+	out_blk[0] = io_swap(b0[0]);
+	out_blk[1] = io_swap(b0[1]);
+	out_blk[2] = io_swap(b0[2]);
+	out_blk[3] = io_swap(b0[3]);
+}
+
+/*
+ * conventional interface
+ *
+ * ATM it hopes all data is 4-byte aligned - which
+ * should be true for PX.  -marko
+ */
+
+void
+aes_set_key(rijndael_ctx *ctx, const uint8 *key, unsigned keybits, int enc)
+{
+	uint32	   *k;
+
+	k = (uint32 *) key;
+	rijndael_set_key(ctx, k, keybits, enc);
+}
+
+void
+aes_ecb_encrypt(rijndael_ctx *ctx, uint8 *data, unsigned len)
+{
+	unsigned	bs = 16;
+	uint32	   *d;
+
+	while (len >= bs)
+	{
+		d = (uint32 *) data;
+		rijndael_encrypt(ctx, d, d);
+
+		len -= bs;
+		data += bs;
+	}
+}
+
+void
+aes_ecb_decrypt(rijndael_ctx *ctx, uint8 *data, unsigned len)
+{
+	unsigned	bs = 16;
+	uint32	   *d;
+
+	while (len >= bs)
+	{
+		d = (uint32 *) data;
+		rijndael_decrypt(ctx, d, d);
+
+		len -= bs;
+		data += bs;
+	}
+}
+
+void
+aes_cbc_encrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len)
+{
+	uint32	   *iv = (uint32 *) iva;
+	uint32	   *d = (uint32 *) data;
+	unsigned	bs = 16;
+
+	while (len >= bs)
+	{
+		d[0] ^= iv[0];
+		d[1] ^= iv[1];
+		d[2] ^= iv[2];
+		d[3] ^= iv[3];
+
+		rijndael_encrypt(ctx, d, d);
+
+		iv = d;
+		d += bs / 4;
+		len -= bs;
+	}
+}
+
+void
+aes_cbc_decrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len)
+{
+	uint32	   *d = (uint32 *) data;
+	unsigned	bs = 16;
+	uint32		buf[4],
+				iv[4];
+
+	memcpy(iv, iva, bs);
+	while (len >= bs)
+	{
+		buf[0] = d[0];
+		buf[1] = d[1];
+		buf[2] = d[2];
+		buf[3] = d[3];
+
+		rijndael_decrypt(ctx, buf, d);
+
+		d[0] ^= iv[0];
+		d[1] ^= iv[1];
+		d[2] ^= iv[2];
+		d[3] ^= iv[3];
+
+		iv[0] = buf[0];
+		iv[1] = buf[1];
+		iv[2] = buf[2];
+		iv[3] = buf[3];
+		d += 4;
+		len -= bs;
+	}
+}
+
+/*
+ * pre-calculate tables.
+ *
+ * On i386 lifts 17k from .bss to .rodata
+ * and avoids 1k code and setup time.
+ *	  -marko
+ */
+#ifdef PRINT_TABS
+
+static void
+show256u8(char *name, uint8 *data)
+{
+	int			i;
+
+	printf("static const u1byte  %s[256] = {\n  ", name);
+	for (i = 0; i < 256;)
+	{
+		printf("%u", pow_tab[i++]);
+		if (i < 256)
+			printf(i % 16 ? ", " : ",\n  ");
+	}
+	printf("\n};\n\n");
+}
+
+
+static void
+show4x256u32(char *name, uint32 data[4][256])
+{
+	int			i,
+				j;
+
+	printf("static const u4byte  %s[4][256] = {\n{\n  ", name);
+	for (i = 0; i < 4; i++)
+	{
+		for (j = 0; j < 256;)
+		{
+			printf("0x%08x", data[i][j]);
+			j++;
+			if (j < 256)
+				printf(j % 4 ? ", " : ",\n  ");
+		}
+		printf(i < 3 ? "\n}, {\n  " : "\n}\n");
+	}
+	printf("};\n\n");
+}
+
+int
+main()
+{
+	int			i;
+	char	   *hdr = "/* Generated by rijndael.c */\n\n";
+
+	gen_tabs();
+
+	printf(hdr);
+	show256u8("pow_tab", pow_tab);
+	show256u8("log_tab", log_tab);
+	show256u8("sbx_tab", sbx_tab);
+	show256u8("isb_tab", isb_tab);
+
+	show4x256u32("ft_tab", ft_tab);
+	show4x256u32("it_tab", it_tab);
+#ifdef LARGE_TABLES
+	show4x256u32("fl_tab", fl_tab);
+	show4x256u32("il_tab", il_tab);
+#endif
+	printf("static const u4byte rco_tab[10] = {\n  ");
+	for (i = 0; i < 10; i++)
+	{
+		printf("0x%08x", rco_tab[i]);
+		if (i < 9)
+			printf(", ");
+		if (i == 4)
+			printf("\n  ");
+	}
+	printf("\n};\n\n");
+	return 0;
+}
+
+#endif

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/801100ed/contrib/pgcrypto/rijndael.h
----------------------------------------------------------------------
diff --git a/contrib/pgcrypto/rijndael.h b/contrib/pgcrypto/rijndael.h
new file mode 100644
index 0000000..fb30e46
--- /dev/null
+++ b/contrib/pgcrypto/rijndael.h
@@ -0,0 +1,60 @@
+/*
+ * contrib/pgcrypto/rijndael.h
+ *
+ *	$OpenBSD: rijndael.h,v 1.3 2001/05/09 23:01:32 markus Exp $ */
+
+/* This is an independent implementation of the encryption algorithm:	*/
+/*																		*/
+/*		   RIJNDAEL by Joan Daemen and Vincent Rijmen					*/
+/*																		*/
+/* which is a candidate algorithm in the Advanced Encryption Standard	*/
+/* programme of the US National Institute of Standards and Technology.	*/
+/*																		*/
+/* Copyright in this implementation is held by Dr B R Gladman but I		*/
+/* hereby give permission for its free direct or derivative use subject */
+/* to acknowledgment of its origin and compliance with any conditions	*/
+/* that the originators of the algorithm place on its exploitation.		*/
+/*																		*/
+/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999		*/
+
+#ifndef _RIJNDAEL_H_
+#define _RIJNDAEL_H_
+
+/* 1. Standard types for AES cryptography source code				*/
+
+typedef uint8 u1byte;			/* an 8 bit unsigned character type */
+typedef uint16 u2byte;			/* a 16 bit unsigned integer type	*/
+typedef uint32 u4byte;			/* a 32 bit unsigned integer type	*/
+
+typedef int8 s1byte;			/* an 8 bit signed character type	*/
+typedef int16 s2byte;			/* a 16 bit signed integer type		*/
+typedef int32 s4byte;			/* a 32 bit signed integer type		*/
+
+typedef struct _rijndael_ctx
+{
+	u4byte		k_len;
+	int			decrypt;
+	u4byte		e_key[64];
+	u4byte		d_key[64];
+} rijndael_ctx;
+
+
+/* 2. Standard interface for AES cryptographic routines				*/
+
+/* These are all based on 32 bit unsigned values and will therefore */
+/* require endian conversions for big-endian architectures			*/
+
+rijndael_ctx *
+			rijndael_set_key(rijndael_ctx *, const u4byte *, const u4byte, int);
+void		rijndael_encrypt(rijndael_ctx *, const u4byte *, u4byte *);
+void		rijndael_decrypt(rijndael_ctx *, const u4byte *, u4byte *);
+
+/* conventional interface */
+
+void		aes_set_key(rijndael_ctx *ctx, const uint8 *key, unsigned keybits, int enc);
+void		aes_ecb_encrypt(rijndael_ctx *ctx, uint8 *data, unsigned len);
+void		aes_ecb_decrypt(rijndael_ctx *ctx, uint8 *data, unsigned len);
+void		aes_cbc_encrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len);
+void		aes_cbc_decrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len);
+
+#endif   /* _RIJNDAEL_H_ */



Mime
View raw message