Re: [PATCH] pgcrypto: pgp_encrypt (v2) - Mailing list pgsql-patches
From | Neil Conway |
---|---|
Subject | Re: [PATCH] pgcrypto: pgp_encrypt (v2) |
Date | |
Msg-id | 42C8DE6E.3050901@samurai.com Whole thread Raw |
In response to | Re: [PATCH] pgcrypto: pgp_encrypt (v2) (Marko Kreen <marko@l-t.ee>) |
Responses |
Re: [PATCH] pgcrypto: pgp_encrypt (v2)
|
List | pgsql-patches |
Marko Kreen wrote: > Please use following updated patch instead. > > It implements utf8 conversion, fixes couple of bugs and has > many code and comment cleanups. The regression tests don't pass on my box. With the default Makefile, there are a lot of errors WRT "no strong random source". After editing the Makefile to make use the "random" device, I get the attached regression.diffs. While I understand the need to make sure people use a reasonably strong crypto source, it would be nice if the regression tests passed out of the box. -Neil *** ./expected/pgp-armor.out Mon Jul 4 16:52:12 2005 --- ./results/pgp-armor.out Mon Jul 4 16:57:55 2005 *************** *** 3,9 **** -- select armor(''); armor ! ----------------------------- -----BEGIN PGP MESSAGE----- =twTO --- 3,9 ---- -- select armor(''); armor ! --------------------------------------------------------------- -----BEGIN PGP MESSAGE----- =twTO *************** *** 13,19 **** select armor('test'); armor ! ----------------------------- -----BEGIN PGP MESSAGE----- dGVzdA== --- 13,19 ---- select armor('test'); armor ! ------------------------------------------------------------------------ -----BEGIN PGP MESSAGE----- dGVzdA== *************** *** 37,43 **** select armor('0123456789abcdef0123456789abcdef0123456789abcdef 0123456789abcdef0123456789abcdef0123456789abcdef'); armor ! ----------------------------- -----BEGIN PGP MESSAGE----- MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWYwMTIzNDU2Nzg5YWJjZGVmCjAxMjM0NTY3 --- 37,43 ---- select armor('0123456789abcdef0123456789abcdef0123456789abcdef 0123456789abcdef0123456789abcdef0123456789abcdef'); armor ! ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -----BEGIN PGP MESSAGE----- MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWYwMTIzNDU2Nzg5YWJjZGVmCjAxMjM0NTY3 ====================================================================== *** ./expected/pgp-encrypt.out Mon Jul 4 16:52:12 2005 --- ./results/pgp-encrypt.out Mon Jul 4 16:57:55 2005 *************** *** 2,12 **** -- PGP encrypt -- select pgp_decrypt(pgp_encrypt('Secret.', 'key'), 'key'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! -- check whether the defaults are ok select pgp_decrypt(pgp_encrypt('Secret.', 'key'), 'key', 'expect-cipher-algo=aes256, --- 2,8 ---- -- PGP encrypt -- select pgp_decrypt(pgp_encrypt('Secret.', 'key'), 'key'); ! ERROR: pgp_encrypt: No strong random source -- check whether the defaults are ok select pgp_decrypt(pgp_encrypt('Secret.', 'key'), 'key', 'expect-cipher-algo=aes256, *************** *** 16,26 **** expect-s2k-digest-algo=sha1, expect-compress-algo=0 '); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! -- maybe the expect- stuff simply does not work select pgp_decrypt(pgp_encrypt('Secret.', 'key'), 'key', 'expect-cipher-algo=bf, --- 12,18 ---- expect-s2k-digest-algo=sha1, expect-compress-algo=0 '); ! ERROR: pgp_encrypt: No strong random source -- maybe the expect- stuff simply does not work select pgp_decrypt(pgp_encrypt('Secret.', 'key'), 'key', 'expect-cipher-algo=bf, *************** *** 30,189 **** expect-s2k-digest-algo=md5, expect-compress-algo=1 '); ! NOTICE: pgp_decrypt: unexpected cipher_algo: expected 4 got 9 ! NOTICE: pgp_decrypt: unexpected s2k_mode: expected 0 got 3 ! NOTICE: pgp_decrypt: unexpected s2k_digest_algo: expected 1 got 2 ! NOTICE: pgp_decrypt: unexpected use_sess_key: expected 1 got 0 ! NOTICE: pgp_decrypt: unexpected disable_mdc: expected 1 got 0 ! NOTICE: pgp_decrypt: unexpected compress_algo: expected 1 got 0 ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! -- bytea as text select pgp_decrypt(pgp_encrypt_bytea('Binary', 'baz'), 'baz'); ! ERROR: pgp_decrypt error: Not text data -- text as bytea select pgp_decrypt_bytea(pgp_encrypt('Text', 'baz'), 'baz'); ! pgp_decrypt_bytea ! ------------------- ! Text ! (1 row) ! -- algorithm change select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'cipher-algo=bf'), 'key', 'expect-cipher-algo=bf'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'cipher-algo=aes'), 'key', 'expect-cipher-algo=aes128'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'cipher-algo=aes192'), 'key', 'expect-cipher-algo=aes192'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! -- s2k change select pgp_decrypt( pgp_encrypt('Secret.', 'key', 's2k-mode=0'), 'key', 'expect-s2k-mode=0'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret.', 'key', 's2k-mode=1'), 'key', 'expect-s2k-mode=1'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret.', 'key', 's2k-mode=3'), 'key', 'expect-s2k-mode=3'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! -- s2k digest change select pgp_decrypt( pgp_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), 'key', 'expect-s2k-digest-algo=md5'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'), 'key', 'expect-s2k-digest-algo=sha1'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! -- sess key select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'sess-key=0'), 'key', 'expect-sess-key=0'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'sess-key=1'), 'key', 'expect-sess-key=1'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'), 'key', 'expect-sess-key=1, expect-cipher-algo=bf'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'), 'key', 'expect-sess-key=1, expect-cipher-algo=aes192'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'), 'key', 'expect-sess-key=1, expect-cipher-algo=aes256'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! -- no mdc select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'disable-mdc=1'), 'key', 'expect-disable-mdc=1'); ! pgp_decrypt ! ------------- ! Secret. ! (1 row) ! -- crlf select encode(pgp_decrypt_bytea( pgp_encrypt('1\n2\n3\r\n', 'key', 'convert-crlf=1'), 'key'), 'hex'); ! encode ! ---------------------- ! 310d0a320d0a330d0d0a ! (1 row) ! -- conversion should be lossless select encode(digest(pgp_decrypt( pgp_encrypt('\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'), 'key', 'convert-crlf=1'), 'sha1'), 'hex') as result, encode(digest('\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect; ! result | expect ! ------------------------------------------+------------------------------------------ ! 47bde5d88d6ef8770572b9cbb4278b402aa69966 | 47bde5d88d6ef8770572b9cbb4278b402aa69966 ! (1 row) ! --- 22,103 ---- expect-s2k-digest-algo=md5, expect-compress-algo=1 '); ! ERROR: pgp_encrypt: No strong random source -- bytea as text select pgp_decrypt(pgp_encrypt_bytea('Binary', 'baz'), 'baz'); ! ERROR: pgp_encrypt: No strong random source -- text as bytea select pgp_decrypt_bytea(pgp_encrypt('Text', 'baz'), 'baz'); ! ERROR: pgp_encrypt: No strong random source -- algorithm change select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'cipher-algo=bf'), 'key', 'expect-cipher-algo=bf'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'cipher-algo=aes'), 'key', 'expect-cipher-algo=aes128'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'cipher-algo=aes192'), 'key', 'expect-cipher-algo=aes192'); ! ERROR: pgp_encrypt: No strong random source -- s2k change select pgp_decrypt( pgp_encrypt('Secret.', 'key', 's2k-mode=0'), 'key', 'expect-s2k-mode=0'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret.', 'key', 's2k-mode=1'), 'key', 'expect-s2k-mode=1'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret.', 'key', 's2k-mode=3'), 'key', 'expect-s2k-mode=3'); ! ERROR: pgp_encrypt: No strong random source -- s2k digest change select pgp_decrypt( pgp_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), 'key', 'expect-s2k-digest-algo=md5'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'), 'key', 'expect-s2k-digest-algo=sha1'); ! ERROR: pgp_encrypt: No strong random source -- sess key select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'sess-key=0'), 'key', 'expect-sess-key=0'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'sess-key=1'), 'key', 'expect-sess-key=1'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'), 'key', 'expect-sess-key=1, expect-cipher-algo=bf'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'), 'key', 'expect-sess-key=1, expect-cipher-algo=aes192'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'), 'key', 'expect-sess-key=1, expect-cipher-algo=aes256'); ! ERROR: pgp_encrypt: No strong random source -- no mdc select pgp_decrypt( pgp_encrypt('Secret.', 'key', 'disable-mdc=1'), 'key', 'expect-disable-mdc=1'); ! ERROR: pgp_encrypt: No strong random source -- crlf select encode(pgp_decrypt_bytea( pgp_encrypt('1\n2\n3\r\n', 'key', 'convert-crlf=1'), 'key'), 'hex'); ! ERROR: pgp_encrypt: No strong random source -- conversion should be lossless select encode(digest(pgp_decrypt( pgp_encrypt('\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'), 'key', 'convert-crlf=1'), 'sha1'), 'hex') as result, encode(digest('\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect; ! ERROR: pgp_encrypt: No strong random source ====================================================================== *** ./expected/pgp-compression.out Mon Jul 4 16:52:12 2005 --- ./results/pgp-compression.out Mon Jul 4 16:57:55 2005 *************** *** 9,50 **** =tbSn -----END PGP MESSAGE----- '), 'key', 'expect-compress-algo=1'); ! pgp_decrypt ! ---------------- ! Secret message ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret message', 'key', 'compress-algo=0'), 'key', 'expect-compress-algo=0'); ! pgp_decrypt ! ---------------- ! Secret message ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret message', 'key', 'compress-algo=1'), 'key', 'expect-compress-algo=1'); ! pgp_decrypt ! ---------------- ! Secret message ! (1 row) ! select pgp_decrypt( pgp_encrypt('Secret message', 'key', 'compress-algo=2'), 'key', 'expect-compress-algo=2'); ! pgp_decrypt ! ---------------- ! Secret message ! (1 row) ! -- level=0 should turn compression off select pgp_decrypt( pgp_encrypt('Secret message', 'key', 'compress-algo=2, compress-level=0'), 'key', 'expect-compress-algo=0'); ! pgp_decrypt ! ---------------- ! Secret message ! (1 row) ! --- 9,30 ---- =tbSn -----END PGP MESSAGE----- '), 'key', 'expect-compress-algo=1'); ! ERROR: pgp_decrypt error: Unsupported compression algorithm select pgp_decrypt( pgp_encrypt('Secret message', 'key', 'compress-algo=0'), 'key', 'expect-compress-algo=0'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret message', 'key', 'compress-algo=1'), 'key', 'expect-compress-algo=1'); ! ERROR: pgp_encrypt: No strong random source select pgp_decrypt( pgp_encrypt('Secret message', 'key', 'compress-algo=2'), 'key', 'expect-compress-algo=2'); ! ERROR: pgp_encrypt: No strong random source -- level=0 should turn compression off select pgp_decrypt( pgp_encrypt('Secret message', 'key', 'compress-algo=2, compress-level=0'), 'key', 'expect-compress-algo=0'); ! ERROR: pgp_encrypt: No strong random source ======================================================================
pgsql-patches by date: