Postgres Pro
Downloads
Home   >   mailing lists

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) - Mailing list pgsql-hackers

From cary huang
Subject Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Date
Msg-id 157811823477.1198.5461323835758081696.pgcf@coridan.postgresql.org
Whole thread Raw
In response to Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)  (Ibrar Ahmed <ibrar.ahmad@gmail.com>)
Responses Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)  (Masahiko Sawada <masahiko.sawada@2ndquadrant.com>)
List pgsql-hackers
Tree view 
Hello Sawada and all

I would like to elaborate more on Sehrope and Sawada's discussion on passing NULL IV in "pg_cipher_encrypt/decrypt"
functionsduring kmgr_wrap_key and kmgr_unwrap_key routines in kmgr_utils.c. Openssl implements key wrap according to
RFC3394as Sawada mentioned and passing NULL will make openssl to use default IV, which equals to A6A6A6A6A6A6A6A6. I
haveconfirmed this on my side; A key wrapped with "NULL" IV can be unwrapped successfully with IV=A6A6A6A6A6A6A6A6, and
unwrapwill fail if IV is set to anything else other than NULL or A6A6A6A6A6A6A6A6.
 

I would like to provide some comments on the encryption and decryption routines provided by cipher_openssl.c in which
cipher.cand kmgr_utils.c are using. I see that "ossl_cipher_encrypt" calls "EVP_EncryptInit_ex" and "EVP_EncryptUpdate"
onlyto complete the encryption. Same thing applies to decryption routines. According to my past experience with openssl
andthe usages online, it is highly recommended to use "init-update-final" cycle to complete the encryption and I see
thatthe "final" part (EVP_EncryptFinal) is missing. This call will properly handle the last block of data especially
whenpadding is taken into account. The functions still works now because the input is encryption key and its size is
multipleof each cipher block and no padding is used. I think it will be safer to use the proper "init-update-final"
cyclefor encryption/decryption
 

According to openssl EVP documentation, "EVP_EncryptUpdate" can be called multiple times at different offset to the
inputdata to be encrypted. I see that "pg_cipher_encrypt" only calls "EVP_EncryptUpdate" once, which makes me assume
thatthe application should invoke "pg_cipher_encrypt" multiple times until the entire data block is encrypted? I am
askingbecause if we were to use "EVP_EncryptFinal" to complete the encryption cycle, then it is better to let
"pg_cipher_encrypt"to figure out how many times "EVP_EncryptUpdate" should be called and finalize it with
"EVP_EncryptFinal"at last block.
 

Lastly, I think we are missing a cleanup routine that calls "EVP_CIPHER_CTX_free()" to free up the EVP_CIPHER_CTX when
encryptionis done. 
 

Thank you

Cary Huang
HighGo Software Canada

pgsql-hackers by date:

Previous
From: Peter Geoghegan
Date:
Subject: Re: pgsql: Add basic TAP tests for psql's tab-completion logic.
Next
From: Dilip Kumar
Date:
Subject: Re: PATCH: logical_work_mem and logical streaming of largein-progress transactions