Re: [PATCH] pgcrypto: pgp_encrypt (v2) - Mailing list pgsql-patches
| From | Neil Conway |
|---|---|
| Subject | Re: [PATCH] pgcrypto: pgp_encrypt (v2) |
| Date | |
| Msg-id | 42C8DE6E.3050901@samurai.com Whole thread Raw |
| In response to | Re: [PATCH] pgcrypto: pgp_encrypt (v2) (Marko Kreen <marko@l-t.ee>) |
| Responses |
Re: [PATCH] pgcrypto: pgp_encrypt (v2)
|
| List | pgsql-patches |
Marko Kreen wrote:
> Please use following updated patch instead.
>
> It implements utf8 conversion, fixes couple of bugs and has
> many code and comment cleanups.
The regression tests don't pass on my box. With the default Makefile,
there are a lot of errors WRT "no strong random source". After editing
the Makefile to make use the "random" device, I get the attached
regression.diffs.
While I understand the need to make sure people use a reasonably strong
crypto source, it would be nice if the regression tests passed out of
the box.
-Neil
*** ./expected/pgp-armor.out Mon Jul 4 16:52:12 2005
--- ./results/pgp-armor.out Mon Jul 4 16:57:55 2005
***************
*** 3,9 ****
--
select armor('');
armor
! -----------------------------
-----BEGIN PGP MESSAGE-----
=twTO
--- 3,9 ----
--
select armor('');
armor
! ---------------------------------------------------------------
-----BEGIN PGP MESSAGE-----
=twTO
***************
*** 13,19 ****
select armor('test');
armor
! -----------------------------
-----BEGIN PGP MESSAGE-----
dGVzdA==
--- 13,19 ----
select armor('test');
armor
! ------------------------------------------------------------------------
-----BEGIN PGP MESSAGE-----
dGVzdA==
***************
*** 37,43 ****
select armor('0123456789abcdef0123456789abcdef0123456789abcdef
0123456789abcdef0123456789abcdef0123456789abcdef');
armor
! -----------------------------
-----BEGIN PGP MESSAGE-----
MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWYwMTIzNDU2Nzg5YWJjZGVmCjAxMjM0NTY3
--- 37,43 ----
select armor('0123456789abcdef0123456789abcdef0123456789abcdef
0123456789abcdef0123456789abcdef0123456789abcdef');
armor
!
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-----BEGIN PGP MESSAGE-----
MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWYwMTIzNDU2Nzg5YWJjZGVmCjAxMjM0NTY3
======================================================================
*** ./expected/pgp-encrypt.out Mon Jul 4 16:52:12 2005
--- ./results/pgp-encrypt.out Mon Jul 4 16:57:55 2005
***************
*** 2,12 ****
-- PGP encrypt
--
select pgp_decrypt(pgp_encrypt('Secret.', 'key'), 'key');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- check whether the defaults are ok
select pgp_decrypt(pgp_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=aes256,
--- 2,8 ----
-- PGP encrypt
--
select pgp_decrypt(pgp_encrypt('Secret.', 'key'), 'key');
! ERROR: pgp_encrypt: No strong random source
-- check whether the defaults are ok
select pgp_decrypt(pgp_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=aes256,
***************
*** 16,26 ****
expect-s2k-digest-algo=sha1,
expect-compress-algo=0
');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- maybe the expect- stuff simply does not work
select pgp_decrypt(pgp_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=bf,
--- 12,18 ----
expect-s2k-digest-algo=sha1,
expect-compress-algo=0
');
! ERROR: pgp_encrypt: No strong random source
-- maybe the expect- stuff simply does not work
select pgp_decrypt(pgp_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=bf,
***************
*** 30,189 ****
expect-s2k-digest-algo=md5,
expect-compress-algo=1
');
! NOTICE: pgp_decrypt: unexpected cipher_algo: expected 4 got 9
! NOTICE: pgp_decrypt: unexpected s2k_mode: expected 0 got 3
! NOTICE: pgp_decrypt: unexpected s2k_digest_algo: expected 1 got 2
! NOTICE: pgp_decrypt: unexpected use_sess_key: expected 1 got 0
! NOTICE: pgp_decrypt: unexpected disable_mdc: expected 1 got 0
! NOTICE: pgp_decrypt: unexpected compress_algo: expected 1 got 0
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- bytea as text
select pgp_decrypt(pgp_encrypt_bytea('Binary', 'baz'), 'baz');
! ERROR: pgp_decrypt error: Not text data
-- text as bytea
select pgp_decrypt_bytea(pgp_encrypt('Text', 'baz'), 'baz');
! pgp_decrypt_bytea
! -------------------
! Text
! (1 row)
!
-- algorithm change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=bf'),
'key', 'expect-cipher-algo=bf');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=aes'),
'key', 'expect-cipher-algo=aes128');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=aes192'),
'key', 'expect-cipher-algo=aes192');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- s2k change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=0'),
'key', 'expect-s2k-mode=0');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=1'),
'key', 'expect-s2k-mode=1');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=3'),
'key', 'expect-s2k-mode=3');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- s2k digest change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-digest-algo=md5'),
'key', 'expect-s2k-digest-algo=md5');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'),
'key', 'expect-s2k-digest-algo=sha1');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- sess key
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=0'),
'key', 'expect-sess-key=0');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1'),
'key', 'expect-sess-key=1');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'),
'key', 'expect-sess-key=1, expect-cipher-algo=bf');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes192');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes256');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- no mdc
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'disable-mdc=1'),
'key', 'expect-disable-mdc=1');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- crlf
select encode(pgp_decrypt_bytea(
pgp_encrypt('1\n2\n3\r\n', 'key', 'convert-crlf=1'),
'key'), 'hex');
! encode
! ----------------------
! 310d0a320d0a330d0d0a
! (1 row)
!
-- conversion should be lossless
select encode(digest(pgp_decrypt(
pgp_encrypt('\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'),
'key', 'convert-crlf=1'), 'sha1'), 'hex') as result,
encode(digest('\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect;
! result | expect
! ------------------------------------------+------------------------------------------
! 47bde5d88d6ef8770572b9cbb4278b402aa69966 | 47bde5d88d6ef8770572b9cbb4278b402aa69966
! (1 row)
!
--- 22,103 ----
expect-s2k-digest-algo=md5,
expect-compress-algo=1
');
! ERROR: pgp_encrypt: No strong random source
-- bytea as text
select pgp_decrypt(pgp_encrypt_bytea('Binary', 'baz'), 'baz');
! ERROR: pgp_encrypt: No strong random source
-- text as bytea
select pgp_decrypt_bytea(pgp_encrypt('Text', 'baz'), 'baz');
! ERROR: pgp_encrypt: No strong random source
-- algorithm change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=bf'),
'key', 'expect-cipher-algo=bf');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=aes'),
'key', 'expect-cipher-algo=aes128');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=aes192'),
'key', 'expect-cipher-algo=aes192');
! ERROR: pgp_encrypt: No strong random source
-- s2k change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=0'),
'key', 'expect-s2k-mode=0');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=1'),
'key', 'expect-s2k-mode=1');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=3'),
'key', 'expect-s2k-mode=3');
! ERROR: pgp_encrypt: No strong random source
-- s2k digest change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-digest-algo=md5'),
'key', 'expect-s2k-digest-algo=md5');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'),
'key', 'expect-s2k-digest-algo=sha1');
! ERROR: pgp_encrypt: No strong random source
-- sess key
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=0'),
'key', 'expect-sess-key=0');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1'),
'key', 'expect-sess-key=1');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'),
'key', 'expect-sess-key=1, expect-cipher-algo=bf');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes192');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes256');
! ERROR: pgp_encrypt: No strong random source
-- no mdc
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'disable-mdc=1'),
'key', 'expect-disable-mdc=1');
! ERROR: pgp_encrypt: No strong random source
-- crlf
select encode(pgp_decrypt_bytea(
pgp_encrypt('1\n2\n3\r\n', 'key', 'convert-crlf=1'),
'key'), 'hex');
! ERROR: pgp_encrypt: No strong random source
-- conversion should be lossless
select encode(digest(pgp_decrypt(
pgp_encrypt('\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'),
'key', 'convert-crlf=1'), 'sha1'), 'hex') as result,
encode(digest('\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect;
! ERROR: pgp_encrypt: No strong random source
======================================================================
*** ./expected/pgp-compression.out Mon Jul 4 16:52:12 2005
--- ./results/pgp-compression.out Mon Jul 4 16:57:55 2005
***************
*** 9,50 ****
=tbSn
-----END PGP MESSAGE-----
'), 'key', 'expect-compress-algo=1');
! pgp_decrypt
! ----------------
! Secret message
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=0'),
'key', 'expect-compress-algo=0');
! pgp_decrypt
! ----------------
! Secret message
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=1'),
'key', 'expect-compress-algo=1');
! pgp_decrypt
! ----------------
! Secret message
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=2'),
'key', 'expect-compress-algo=2');
! pgp_decrypt
! ----------------
! Secret message
! (1 row)
!
-- level=0 should turn compression off
select pgp_decrypt(
pgp_encrypt('Secret message', 'key',
'compress-algo=2, compress-level=0'),
'key', 'expect-compress-algo=0');
! pgp_decrypt
! ----------------
! Secret message
! (1 row)
!
--- 9,30 ----
=tbSn
-----END PGP MESSAGE-----
'), 'key', 'expect-compress-algo=1');
! ERROR: pgp_decrypt error: Unsupported compression algorithm
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=0'),
'key', 'expect-compress-algo=0');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=1'),
'key', 'expect-compress-algo=1');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=2'),
'key', 'expect-compress-algo=2');
! ERROR: pgp_encrypt: No strong random source
-- level=0 should turn compression off
select pgp_decrypt(
pgp_encrypt('Secret message', 'key',
'compress-algo=2, compress-level=0'),
'key', 'expect-compress-algo=0');
! ERROR: pgp_encrypt: No strong random source
======================================================================
pgsql-patches by date: