There is a choice whether to update it with pgp functions or
remove it. I decided to remove it, updating is pointless.
I've tried to keep the core of pgcrypto relatively independent
from main PostgreSQL, to make it easy to use externally if needed,
and that is good. Eg. that made development of PGP functions much nicer.
But I have no plans to release it as generic library, so keeping such doc
up-to-date is waste of time. If anyone is interested in using it in
other products, he can probably bother to read the source too.
Commented source is another thing - I'll try to make another pass
over code to see if there is anything non-obvious that would need
more comments.
Index: pgsql/contrib/pgcrypto/API
===================================================================
*** pgsql.orig/contrib/pgcrypto/API
--- /dev/null
***************
*** 1,163 ****
-
- C API for pgcrypto
- ==================
-
-
- UN*X crypt()
- ============
-
- #include <px-crypt.h>
-
- char *
- px_crypt(const char *psw, const char *salt, char *buf, unsigned buflen);
-
- returns buf or NULL for error.
-
- unsigned px_gen_salt(const char *salt_type, char *dst, int rounds);
-
- returns salt size. dst should be PX_MAX_SALT_LEN bytes.
- 'rounds' is algorithm specific. 0 means default for
- that algorithm.
-
- Random
- ======
-
- int px_get_random_bytes(uint8 *dst, int num)
-
-
- Crypto "objects"
- ================
-
- PX_MD - Message digest
- PX_HMAC - HMAC (Hash MAC)
- PX_Cipher - cipher+mode: provided by libs
- PX_Combo - higher-level encryption -> padding, [MD]
-
- Objects are activated with following functions:
-
- int px_find_digest(const char *name, PX_MD **res);
- int px_find_hmac(const char *name, PX_HMAC **res);
- int px_find_cipher(const char *name, PX_Cipher **res);
- int px_find_combo(const char *name, PX_Combo **res);
-
- returns 0 on success, < 0 on error. If successful,
- *res contains pointer to new object.
-
- Message Digest
- ==============
-
- uint px_md_result_size(PX_MD *md)
-
- returns final result size in bytes
-
- void px_md_reset(PX_MD *md)
-
- resets md to clean state
-
- uint px_md_block_size(PX_MD *md)
-
- return algorithm block size in bytes
-
- void px_md_update(PX_MD *md, const uint8 *data, uint dlen)
-
- updates hash state with new data
-
- void px_md_finish(PX_MD *md, uint8 *buf)
-
- puts final hash state into buf. buf should have room
- for px_md_result_size() bytes.
-
- void px_md_free(PX_MD *md)
-
- frees resources.
-
- HMAC (Hash Message Authentication Code)
- =======================================
-
- int px_hmac_init(PX_HMAC *hmac, const uint8 *key, uint klen)
-
- initalized hmac state with key.
-
- uint px_hmac_result_size(PX_HMAC *md)
-
- returns final result size in bytes
-
- void px_hmac_reset(PX_HMAC *md)
-
- resets md to state after _init()
-
- uint px_hmac_block_size(PX_HMAC *md)
-
- return algorithm block size in bytes
-
- void px_hmac_update(PX_HMAC *md, const uint8 *data, uint dlen)
-
- updates hash state with new data
-
- void px_hmac_finish(PX_HMAC *md, uint8 *buf)
-
- puts final hash state into buf. buf should have room
- for px_hmac_result_size() bytes.
-
- void px_hmac_free(PX_HMAC *md)
-
- frees resources.
-
-
- Cipher
- ======
-
- uint px_cipher_key_size(PX_Cipher *c)
-
- returns max key size in bytes
-
- uint px_cipher_block_size(PX_Cipher *c)
-
- returns cipher+mode block size in bytes. So blowfish
- in CFB mode should return 1.
-
- uint px_cipher_iv_size(PX_Cipher *c)
-
- returns IV size in bytes.
-
- int px_cipher_init(PX_Cipher *c, uint8 *key, uint klen, uint8 *iv)
-
- initializes cipher with supplied key and iv.
-
- int px_cipher_encrypt(PX_Cipher *c, uint8 *data, uint dlen, uint8 *res)
-
- encrypts data. res must have room for dlen bytes.
- data must be multiple of px_cipher_block_size().
-
- int px_cipher_decrypt(PX_Cipher *c, uint8 *data, uint dlen, uint8 *res)
-
- decrypts data. res must have room for dlen bytes.
-
- void px_cipher_free(PX_Cipher *c)
-
- frees resources assiocated.
-
- PX_Combo
- ========
-
- uint px_combo_encrypt_len(PX_Combo *c, uint dlen)
-
- calculates max result length for dlen of data.
-
- uint px_combo_decrypt_len(PX_Combo *c, uint dlen)
-
- calculates result length for dlen of data.
-
- int px_combo_init(PX_Combo *c, uint8 *key, uint klen, uint8 *iv, uint ivlen)
-
- initializes c with key and iv. If cipher uses fixed length keys,
- key will be padded with zeroes to needed length.
-
- int px_combo_encrypt(PX_Combo *c, uint8 *data, uint dlen, uint8 *res, uint rlen)
-
- int px_combo_decrypt(PX_Combo *c, uint8 *data, uint dlen, uint8 *res, uint rlen)
-
- void px_combo_free(PX_Combo *c)
-
- frees resources assiocated.
-
--- 0 ----
--