Use ExprStates for hashing in GROUP BY and SubPlans
[pgsql.git] / contrib / pgcrypto / pgp-mpi-openssl.c
blob75e4c8b3004e1482d2b8151b643c4bca9778812b
1 /*
2 * pgp-mpi-openssl.c
3 * OpenPGP MPI functions using OpenSSL BIGNUM code.
5 * Copyright (c) 2005 Marko Kreen
6 * All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
29 * contrib/pgcrypto/pgp-mpi-openssl.c
31 #include "postgres.h"
33 #include <openssl/bn.h>
35 #include "pgp.h"
36 #include "px.h"
38 static BIGNUM *
39 mpi_to_bn(PGP_MPI *n)
41 BIGNUM *bn = BN_bin2bn(n->data, n->bytes, NULL);
43 if (!bn)
44 return NULL;
45 if (BN_num_bits(bn) != n->bits)
47 px_debug("mpi_to_bn: bignum conversion failed: mpi=%d, bn=%d",
48 n->bits, BN_num_bits(bn));
49 BN_clear_free(bn);
50 return NULL;
52 return bn;
55 static PGP_MPI *
56 bn_to_mpi(BIGNUM *bn)
58 int res;
59 PGP_MPI *n;
61 res = pgp_mpi_alloc(BN_num_bits(bn), &n);
62 if (res < 0)
63 return NULL;
65 if (BN_num_bytes(bn) != n->bytes)
67 px_debug("bn_to_mpi: bignum conversion failed: bn=%d, mpi=%d",
68 BN_num_bytes(bn), n->bytes);
69 pgp_mpi_free(n);
70 return NULL;
72 BN_bn2bin(bn, n->data);
73 return n;
77 * Decide the number of bits in the random component k
79 * It should be in the same range as p for signing (which
80 * is deprecated), but can be much smaller for encrypting.
82 * Until I research it further, I just mimic gpg behaviour.
83 * It has a special mapping table, for values <= 5120,
84 * above that it uses 'arbitrary high number'. Following
85 * algorithm hovers 10-70 bits above gpg values. And for
86 * larger p, it uses gpg's algorithm.
88 * The point is - if k gets large, encryption will be
89 * really slow. It does not matter for decryption.
91 static int
92 decide_k_bits(int p_bits)
94 if (p_bits <= 5120)
95 return p_bits / 10 + 160;
96 else
97 return (p_bits / 8 + 200) * 3 / 2;
101 pgp_elgamal_encrypt(PGP_PubKey *pk, PGP_MPI *_m,
102 PGP_MPI **c1_p, PGP_MPI **c2_p)
104 int res = PXE_PGP_MATH_FAILED;
105 int k_bits;
106 BIGNUM *m = mpi_to_bn(_m);
107 BIGNUM *p = mpi_to_bn(pk->pub.elg.p);
108 BIGNUM *g = mpi_to_bn(pk->pub.elg.g);
109 BIGNUM *y = mpi_to_bn(pk->pub.elg.y);
110 BIGNUM *k = BN_new();
111 BIGNUM *yk = BN_new();
112 BIGNUM *c1 = BN_new();
113 BIGNUM *c2 = BN_new();
114 BN_CTX *tmp = BN_CTX_new();
116 if (!m || !p || !g || !y || !k || !yk || !c1 || !c2 || !tmp)
117 goto err;
120 * generate k
122 k_bits = decide_k_bits(BN_num_bits(p));
123 if (!BN_rand(k, k_bits, 0, 0))
124 goto err;
127 * c1 = g^k c2 = m * y^k
129 if (!BN_mod_exp(c1, g, k, p, tmp))
130 goto err;
131 if (!BN_mod_exp(yk, y, k, p, tmp))
132 goto err;
133 if (!BN_mod_mul(c2, m, yk, p, tmp))
134 goto err;
136 /* result */
137 *c1_p = bn_to_mpi(c1);
138 *c2_p = bn_to_mpi(c2);
139 if (*c1_p && *c2_p)
140 res = 0;
141 err:
142 if (tmp)
143 BN_CTX_free(tmp);
144 if (c2)
145 BN_clear_free(c2);
146 if (c1)
147 BN_clear_free(c1);
148 if (yk)
149 BN_clear_free(yk);
150 if (k)
151 BN_clear_free(k);
152 if (y)
153 BN_clear_free(y);
154 if (g)
155 BN_clear_free(g);
156 if (p)
157 BN_clear_free(p);
158 if (m)
159 BN_clear_free(m);
160 return res;
164 pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *_c1, PGP_MPI *_c2,
165 PGP_MPI **msg_p)
167 int res = PXE_PGP_MATH_FAILED;
168 BIGNUM *c1 = mpi_to_bn(_c1);
169 BIGNUM *c2 = mpi_to_bn(_c2);
170 BIGNUM *p = mpi_to_bn(pk->pub.elg.p);
171 BIGNUM *x = mpi_to_bn(pk->sec.elg.x);
172 BIGNUM *c1x = BN_new();
173 BIGNUM *div = BN_new();
174 BIGNUM *m = BN_new();
175 BN_CTX *tmp = BN_CTX_new();
177 if (!c1 || !c2 || !p || !x || !c1x || !div || !m || !tmp)
178 goto err;
181 * m = c2 / (c1^x)
183 if (!BN_mod_exp(c1x, c1, x, p, tmp))
184 goto err;
185 if (!BN_mod_inverse(div, c1x, p, tmp))
186 goto err;
187 if (!BN_mod_mul(m, c2, div, p, tmp))
188 goto err;
190 /* result */
191 *msg_p = bn_to_mpi(m);
192 if (*msg_p)
193 res = 0;
194 err:
195 if (tmp)
196 BN_CTX_free(tmp);
197 if (m)
198 BN_clear_free(m);
199 if (div)
200 BN_clear_free(div);
201 if (c1x)
202 BN_clear_free(c1x);
203 if (x)
204 BN_clear_free(x);
205 if (p)
206 BN_clear_free(p);
207 if (c2)
208 BN_clear_free(c2);
209 if (c1)
210 BN_clear_free(c1);
211 return res;
215 pgp_rsa_encrypt(PGP_PubKey *pk, PGP_MPI *_m, PGP_MPI **c_p)
217 int res = PXE_PGP_MATH_FAILED;
218 BIGNUM *m = mpi_to_bn(_m);
219 BIGNUM *e = mpi_to_bn(pk->pub.rsa.e);
220 BIGNUM *n = mpi_to_bn(pk->pub.rsa.n);
221 BIGNUM *c = BN_new();
222 BN_CTX *tmp = BN_CTX_new();
224 if (!m || !e || !n || !c || !tmp)
225 goto err;
228 * c = m ^ e
230 if (!BN_mod_exp(c, m, e, n, tmp))
231 goto err;
233 *c_p = bn_to_mpi(c);
234 if (*c_p)
235 res = 0;
236 err:
237 if (tmp)
238 BN_CTX_free(tmp);
239 if (c)
240 BN_clear_free(c);
241 if (n)
242 BN_clear_free(n);
243 if (e)
244 BN_clear_free(e);
245 if (m)
246 BN_clear_free(m);
247 return res;
251 pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *_c, PGP_MPI **m_p)
253 int res = PXE_PGP_MATH_FAILED;
254 BIGNUM *c = mpi_to_bn(_c);
255 BIGNUM *d = mpi_to_bn(pk->sec.rsa.d);
256 BIGNUM *n = mpi_to_bn(pk->pub.rsa.n);
257 BIGNUM *m = BN_new();
258 BN_CTX *tmp = BN_CTX_new();
260 if (!m || !d || !n || !c || !tmp)
261 goto err;
264 * m = c ^ d
266 if (!BN_mod_exp(m, c, d, n, tmp))
267 goto err;
269 *m_p = bn_to_mpi(m);
270 if (*m_p)
271 res = 0;
272 err:
273 if (tmp)
274 BN_CTX_free(tmp);
275 if (m)
276 BN_clear_free(m);
277 if (n)
278 BN_clear_free(n);
279 if (d)
280 BN_clear_free(d);
281 if (c)
282 BN_clear_free(c);
283 return res;