Initial commit

johto · johto · commit f72c8e9c6fbe · 2015-08-05T23:57:35.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+/*.dSYM/
+/results/
+/pgspeck.so
+*.swp
+/*.o
diff --git a/Makefile b/Makefile
@@ -0,0 +1,18 @@
+MODULE_big = pgspeck
+OBJS = speck.o pgspeck.o
+
+EXTENSION = pgspeck
+DATA = pgspeck--1.0.sql
+
+REGRESS = pgspeck
+
+ifdef NO_PGXS
+subdir = contrib/pgspeck
+top_builddir = ../..
+include $(top_builddir)/src/Makefile.global
+include $(top_srcdir)/contrib/contrib-global.mk
+else
+PG_CONFIG = pg_config
+PGXS := $(shell $(PG_CONFIG) --pgxs)
+include $(PGXS)
+endif
diff --git a/README.md b/README.md
@@ -0,0 +1,29 @@
+pgspeck is a PostgreSQL extension for symmetrical encryption using the
+[Speck](https://en.wikipedia.org/wiki/Speck_(cipher)) encryption algorithms.
+Only 32-bit and 48-bit block sizes, with 64-bit and 96-bit keys (respectively)
+are supported.  The primary use case is generating a random-looking sequence
+from an increasing sequence.
+
+The extension adds four functions:
+
+    -- Encrypts a 32-bit plaintext using a 64-bit key.  Only the lowest 32 bits
+    -- from the plaintext are used; the key's full 64-bit range is used.
+    CREATE FUNCTION pgspeck_encrypt32(plaintext int8, key int8)
+        RETURNS int8
+        AS 'pgspeck', 'pgspeck_encrypt32' LANGUAGE c STRICT;
+
+    -- Decrypts a value encrypted with pgspeck_encrypt32.
+    CREATE FUNCTION pgspeck_decrypt32(ciphertext int8, key int8)
+        RETURNS int8
+        AS 'pgspeck', 'pgspeck_decrypt32' LANGUAGE c STRICT;
+
+    -- Encrypts a 48-bit plaintext using a 96-bit key.  Only the lowest 48 bits
+    -- from each argument are used.
+    CREATE FUNCTION pgspeck_encrypt48(plaintext int8, key1 int8, key2 int8)
+        RETURNS int8
+        AS 'pgspeck', 'pgspeck_encrypt48' LANGUAGE c STRICT;
+    
+    -- Decrypts a value encrypted with pgspeck_encrypt48.
+    CREATE FUNCTION pgspeck_decrypt48(ciphertext int8, key1 int8, key2 int8)
+        RETURNS int8
+        AS 'pgspeck', 'pgspeck_decrypt48' LANGUAGE c STRICT;
diff --git a/expected/pgspeck.out b/expected/pgspeck.out
diff --git a/pgspeck--1.0.sql b/pgspeck--1.0.sql
@@ -0,0 +1,19 @@
+-- complain if script is sourced in psql, rather than via CREATE EXTENSION
+\echo Use "CREATE EXTENSION pgspeck" to load this file. \quit
+
+CREATE FUNCTION pgspeck_encrypt32(plaintext int8, key int8)
+	RETURNS int8
+	AS 'pgspeck', 'pgspeck_encrypt32' LANGUAGE c STRICT;
+
+CREATE FUNCTION pgspeck_decrypt32(ciphertext int8, key int8)
+	RETURNS int8
+	AS 'pgspeck', 'pgspeck_decrypt32' LANGUAGE c STRICT;
+
+CREATE FUNCTION pgspeck_encrypt48(plaintext int8, key1 int8, key2 int8)
+	RETURNS int8
+	AS 'pgspeck', 'pgspeck_encrypt48' LANGUAGE c STRICT;
+
+CREATE FUNCTION pgspeck_decrypt48(ciphertext int8, key1 int8, key2 int8)
+	RETURNS int8
+	AS 'pgspeck', 'pgspeck_decrypt48' LANGUAGE c STRICT;
+
diff --git a/pgspeck.c b/pgspeck.c
@@ -0,0 +1,60 @@
+#include "pgspeck.h"
+#include "postgres.h"
+#include "funcapi.h"
+#include "fmgr.h"
+
+
+PG_MODULE_MAGIC;
+
+Datum pgspeck_encrypt32(PG_FUNCTION_ARGS);
+PG_FUNCTION_INFO_V1(pgspeck_encrypt32);
+
+Datum
+pgspeck_encrypt32(PG_FUNCTION_ARGS)
+{
+	int64 plaintext = PG_GETARG_INT64(0);
+	int64 key = PG_GETARG_INT64(1);
+
+	PG_RETURN_INT64(speck_encrypt32((uint32) plaintext, key));
+}
+
+Datum pgspeck_decrypt32(PG_FUNCTION_ARGS);
+PG_FUNCTION_INFO_V1(pgspeck_decrypt32);
+
+Datum
+pgspeck_decrypt32(PG_FUNCTION_ARGS)
+{
+	int64 ciphertext = PG_GETARG_INT64(0);
+	int64 key = PG_GETARG_INT64(1);
+
+	PG_RETURN_INT64(speck_decrypt32((uint32) ciphertext, key));
+}
+
+
+Datum pgspeck_encrypt48(PG_FUNCTION_ARGS);
+PG_FUNCTION_INFO_V1(pgspeck_encrypt48);
+
+Datum
+pgspeck_encrypt48(PG_FUNCTION_ARGS)
+{
+	int64 plaintext = PG_GETARG_INT64(0);
+	int64 key1 = PG_GETARG_INT64(1);
+	int64 key2 = PG_GETARG_INT64(2);
+	const int64 keys[2] = { key1, key2 };
+
+	PG_RETURN_INT64(speck_encrypt48(plaintext, keys));
+}
+
+Datum pgspeck_decrypt48(PG_FUNCTION_ARGS);
+PG_FUNCTION_INFO_V1(pgspeck_decrypt48);
+
+Datum
+pgspeck_decrypt48(PG_FUNCTION_ARGS)
+{
+	int64 ciphertext = PG_GETARG_INT64(0);
+	int64 key1 = PG_GETARG_INT64(1);
+	int64 key2 = PG_GETARG_INT64(2);
+	const int64 keys[2] = { key1, key2 };
+
+	PG_RETURN_INT64(speck_decrypt48(ciphertext, keys));
+}
diff --git a/pgspeck.control b/pgspeck.control
@@ -0,0 +1,4 @@
+comment = 'pgspeck'
+default_version = '1.0'
+
+relocatable = true
diff --git a/pgspeck.h b/pgspeck.h
@@ -0,0 +1,11 @@
+#ifndef __PG_SPECK_SPECK_HEADER__
+#define __PG_SPECK_SPECK_HEADER__
+
+#include "postgres.h"
+
+uint32 speck_encrypt32(const uint32 xy, const int64 K);
+uint32 speck_decrypt32(const uint32 xy, const int64 K);
+int64 speck_encrypt48(const int64 xy, const int64 *K);
+int64 speck_decrypt48(const int64 xy, const int64 *K);
+
+#endif
diff --git a/speck.c b/speck.c
@@ -0,0 +1,125 @@
+#include "pgspeck.h"
+
+
+#define _CIRCULAR_SHIFT(val, n, wordsize, op1, op2) (((val) op1 (n)) | ((val) op2 ((wordsize) - (n))))
+
+#define ROL16(val, n) _CIRCULAR_SHIFT(val, n, 16, <<, >>)
+#define ROR16(val, n) _CIRCULAR_SHIFT(val, n, 16, >>, <<)
+
+#define ROL24(val, n) (_CIRCULAR_SHIFT(val, n, 24, <<, >>) & 0xFFFFFF)
+#define ROR24(val, n) (_CIRCULAR_SHIFT(val, n, 24, >>, <<) & 0xFFFFFF)
+
+
+static void speck_key_expand32(const int64 K, uint16 *k);
+static void speck_key_expand48(const int64 *K, uint32 *k);
+
+
+static void
+speck_key_expand32(const int64 K, uint16 *k)
+{
+	uint16 l[22];
+	int i;
+
+	l[2] = (K & 0xFFFF000000000000) >> 48;
+	l[1] = (K & 0x0000FFFF00000000) >> 32;
+	l[0] = (K & 0x00000000FFFF0000) >> 16;
+
+	for (i = 0; i < 22-1; ++i)
+	{
+		l[i+3] = ((uint16) (k[i] + ROR16(l[i], 7))) ^ i;
+		k[i+1] = (ROL16(k[i], 2) ^ l[i+3]);
+	}
+}
+
+uint32
+speck_encrypt32(const uint32 xy, const int64 K)
+{
+	uint32 i;
+	uint16 k[22];
+
+	k[0] = (K & 0xFFFF);
+	speck_key_expand32(K, k);
+	
+	uint16 x = (xy & 0xFFFF0000) >> 16, y = (xy & 0xFFFF);
+	for (i = 0; i < 22; i++)
+	{
+		x = (uint16) (ROR16(x, 7) + y);
+		x ^= k[i];
+		y = ROL16(y, 2) ^ x;
+	}
+	return (x << 16) | y;
+}
+
+uint32
+speck_decrypt32(const uint32 xy, const int64 K)
+{
+	signed int i;
+	uint16 k[22];
+
+	k[0] = (K & 0xFFFF);
+	speck_key_expand32(K, k);
+	
+	uint16 x = (xy & 0xFFFF0000) >> 16, y = (xy & 0xFFFF);
+	for (i = 21; i >= 0; i--)
+	{
+		y = ROR16(x ^ y, 2);
+		x = (uint16) ((x ^ k[i]) - y);
+		x = ROL16(x, 7);
+	}
+	return (x << 16) | y;
+}
+
+static void
+speck_key_expand48(const int64 *K, uint32 *k)
+{
+	int i;
+	uint32 l[23];
+
+	l[2] = (K[0] & 0xFFFFFF000000) >> 24;
+	l[1] = (K[0] & 0x000000FFFFFF) >> 0;
+	l[0] = (K[1] & 0xFFFFFF000000) >> 24;
+
+	for (i = 0; i < 23-1; ++i)
+	{
+		l[i+3] = ((k[i] + ROR24(l[i], 8)) & 0xFFFFFF) ^ i;
+		k[i+1] = (ROL24(k[i], 3) ^ l[i+3]);
+	}
+}
+
+int64
+speck_encrypt48(const int64 xy, const int64 *K)
+{
+	int i;
+	uint32 k[23];
+
+	k[0] = (K[1] & 0xFFFFFF);
+	speck_key_expand48(K, k);
+	
+	uint32 x = (xy & 0xFFFFFF000000) >> 24, y = (xy & 0xFFFFFF);
+	for (i = 0; i < 23; i++)
+	{
+		x = ((ROR24(x, 8) + y) & 0xFFFFFF);
+		x ^= k[i];
+		y = ROL24(y, 3) ^ x;
+	}
+	return (((int64) x) << 24) | (int64) y;
+}
+
+int64
+speck_decrypt48(const int64 xy, const int64 *K)
+{
+	signed int i;
+	uint32 k[23];
+
+	k[0] = (K[1] & 0xFFFFFF);
+	speck_key_expand48(K, k);
+	
+	uint32 x = (xy & 0xFFFFFF000000) >> 24, y = (xy & 0xFFFFFF);
+	for (i = 22; i >= 0; i--)
+	{
+		y = ROR24(x ^ y, 3);
+		x = (((x ^ k[i]) - y) & 0xFFFFFF);
+		x = ROL24(x, 8);
+	}
+	return (((int64) x) << 24) | (int64) y;
+}
diff --git a/sql/pgspeck.sql b/sql/pgspeck.sql
@@ -0,0 +1,59 @@
+CREATE EXTENSION pgspeck;
+
+-- test vector from the original whitepaper
+select to_hex(pgspeck_encrypt32((x'6574694c')::int8, (x'1918111009080100')::int8));
+
+select u.val, k.key, pgspeck_decrypt32(pgspeck_encrypt32(u.val, k.key), k.key)
+from
+unnest(array[
+ -- edge values
+ 0, 1, 4294967294, 4294967295,
+
+ -- a randomly generated set of values
+ 340411100,3648991854,3883173854,2911300352,170217392,3281780748,2743510608,2227816056,4223735584,1560485918,
+ 3927159578,3284820474,1333891060,598245358,2408391506,2297414002,2228884466,1475149318,990315928,1065154076,
+ 4010714368,60823918,2570889252,816192832,3693574190,4127177550,2057598664,941954836,3111942606,3694457644,
+ 3392854510,4199690084,1837942636,3844069376,3854292914,70869752,3595719730,2272830742,1110902212,1059850778,
+ 3495696238,743094494,49703956,534620002,1341339854,2458095464,2832034006,3570224320,3933244782,382234993
+]) u(val)
+cross join (values
+	(int8 '0'),
+	('1'),
+	('7371941163172890000'),
+	('1589783502606012418'),
+	('9223372036854775807'),
+	('-9223372036854775808')
+) k(key);
+
+
+-- test vector from the original whitepaper
+
+select to_hex(pgspeck_encrypt48((x'6d2073696874')::int8, (x'1a1918121110')::int8, (x'0a0908020100')::int8));
+
+select
+	u.val,
+	k.key1,
+	k.key2,
+	pgspeck_encrypt48(u.val, k.key1, k.key2) as encrypted,
+	pgspeck_decrypt48(pgspeck_encrypt48(u.val, k.key1, k.key2), k.key1, k.key2) as decrypted
+from unnest(array[
+	-- edge values
+	0, 1, 281474976710654, 281474976710655,
+
+	-- a randomly generated set of values
+	340411100,3648991854,3883173854,2911300352,170217392,3281780748,2743510608,2227816056,4223735584,1560485918,
+	3927159578,3284820474,1333891060,598245358,2408391506,2297414002,2228884466,1475149318,990315928,1065154076,
+	4010714368,60823918,2570889252,816192832,3693574190,4127177550,2057598664,941954836,3111942606,3694457644,
+	3392854510,4199690084,1837942636,3844069376,3854292914,70869752,3595719730,2272830742,1110902212,1059850778,
+	3495696238,743094494,49703956,534620002,1341339854,2458095464,2832034006,3570224320,3933244782,382234993
+]) u(val)
+cross join (values
+	(int8 '0', int8 '0'),
+	('0', '1'),
+	('1', '0'),
+	('737194116','3172890000'),
+	('158978350','2606012418'),
+	('922337203','6854775807'),
+	('281474976710655','281474976710655'),
+	('-281474976710656','-281474976710656')
+) k(key1, key2);
