Unix Technical Forum

Re: [PATCH] pgcrypto: pgp_encrypt (v2)

This is a discussion on Re: [PATCH] pgcrypto: pgp_encrypt (v2) within the Pgsql Patches forums, part of the PostgreSQL category; --> Marko Kreen wrote: > Please use following updated patch instead. > > It implements utf8 conversion, fixes couple of ...


Go Back   Unix Technical Forum > Database Server Software > PostgreSQL > Pgsql Patches

Re: [PATCH] pgcrypto: pgp_encrypt (v2) Re: [PATCH] pgcrypto: pgp_encrypt (v2)

Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-17-2008, 11:36 PM
Neil Conway
 
Posts: n/a
Default Re: [PATCH] pgcrypto: pgp_encrypt (v2)
Marko Kreen wrote:
> Please use following updated patch instead.
>
> It implements utf8 conversion, fixes couple of bugs and has
> many code and comment cleanups.

The regression tests don't pass on my box. With the default Makefile,
there are a lot of errors WRT "no strong random source". After editing
the Makefile to make use the "random" device, I get the attached
regression.diffs.

While I understand the need to make sure people use a reasonably strong
crypto source, it would be nice if the regression tests passed out of
the box.

-Neil

*** ./expected/pgp-armor.out Mon Jul 4 16:52:12 2005
--- ./results/pgp-armor.out Mon Jul 4 16:57:55 2005
***************
*** 3,9 ****
--
select armor('');
armor
! -----------------------------
-----BEGIN PGP MESSAGE-----

=twTO
--- 3,9 ----
--
select armor('');
armor
! ---------------------------------------------------------------
-----BEGIN PGP MESSAGE-----

=twTO
***************
*** 13,19 ****

select armor('test');
armor
! -----------------------------
-----BEGIN PGP MESSAGE-----

dGVzdA==
--- 13,19 ----

select armor('test');
armor
! ------------------------------------------------------------------------
-----BEGIN PGP MESSAGE-----

dGVzdA==
***************
*** 37,43 ****
select armor('0123456789abcdef0123456789abcdef0123456789a bcdef
0123456789abcdef0123456789abcdef0123456789abcdef') ;
armor
! -----------------------------
-----BEGIN PGP MESSAGE-----

MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWYwMTIzND U2Nzg5YWJjZGVmCjAxMjM0NTY3
--- 37,43 ----
select armor('0123456789abcdef0123456789abcdef0123456789a bcdef
0123456789abcdef0123456789abcdef0123456789abcdef') ;
armor
! -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-----BEGIN PGP MESSAGE-----

MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWYwMTIzND U2Nzg5YWJjZGVmCjAxMjM0NTY3

================================================== ====================

*** ./expected/pgp-encrypt.out Mon Jul 4 16:52:12 2005
--- ./results/pgp-encrypt.out Mon Jul 4 16:57:55 2005
***************
*** 2,12 ****
-- PGP encrypt
--
select pgp_decrypt(pgp_encrypt('Secret.', 'key'), 'key');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- check whether the defaults are ok
select pgp_decrypt(pgp_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=aes256,
--- 2,8 ----
-- PGP encrypt
--
select pgp_decrypt(pgp_encrypt('Secret.', 'key'), 'key');
! ERROR: pgp_encrypt: No strong random source
-- check whether the defaults are ok
select pgp_decrypt(pgp_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=aes256,
***************
*** 16,26 ****
expect-s2k-digest-algo=sha1,
expect-compress-algo=0
');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- maybe the expect- stuff simply does not work
select pgp_decrypt(pgp_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=bf,
--- 12,18 ----
expect-s2k-digest-algo=sha1,
expect-compress-algo=0
');
! ERROR: pgp_encrypt: No strong random source
-- maybe the expect- stuff simply does not work
select pgp_decrypt(pgp_encrypt('Secret.', 'key'),
'key', 'expect-cipher-algo=bf,
***************
*** 30,189 ****
expect-s2k-digest-algo=md5,
expect-compress-algo=1
');
! NOTICE: pgp_decrypt: unexpected cipher_algo: expected 4 got 9
! NOTICE: pgp_decrypt: unexpected s2k_mode: expected 0 got 3
! NOTICE: pgp_decrypt: unexpected s2k_digest_algo: expected 1 got 2
! NOTICE: pgp_decrypt: unexpected use_sess_key: expected 1 got 0
! NOTICE: pgp_decrypt: unexpected disable_mdc: expected 1 got 0
! NOTICE: pgp_decrypt: unexpected compress_algo: expected 1 got 0
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- bytea as text
select pgp_decrypt(pgp_encrypt_bytea('Binary', 'baz'), 'baz');
! ERROR: pgp_decrypt error: Not text data
-- text as bytea
select pgp_decrypt_bytea(pgp_encrypt('Text', 'baz'), 'baz');
! pgp_decrypt_bytea
! -------------------
! Text
! (1 row)
!
-- algorithm change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=bf'),
'key', 'expect-cipher-algo=bf');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=aes'),
'key', 'expect-cipher-algo=aes128');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=aes192'),
'key', 'expect-cipher-algo=aes192');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- s2k change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=0'),
'key', 'expect-s2k-mode=0');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=1'),
'key', 'expect-s2k-mode=1');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=3'),
'key', 'expect-s2k-mode=3');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- s2k digest change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-digest-algo=md5'),
'key', 'expect-s2k-digest-algo=md5');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'),
'key', 'expect-s2k-digest-algo=sha1');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- sess key
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=0'),
'key', 'expect-sess-key=0');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1'),
'key', 'expect-sess-key=1');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'),
'key', 'expect-sess-key=1, expect-cipher-algo=bf');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes192');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes256');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- no mdc
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'disable-mdc=1'),
'key', 'expect-disable-mdc=1');
! pgp_decrypt
! -------------
! Secret.
! (1 row)
!
-- crlf
select encode(pgp_decrypt_bytea(
pgp_encrypt('1\n2\n3\r\n', 'key', 'convert-crlf=1'),
'key'), 'hex');
! encode
! ----------------------
! 310d0a320d0a330d0d0a
! (1 row)
!
-- conversion should be lossless
select encode(digest(pgp_decrypt(
pgp_encrypt('\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'),
'key', 'convert-crlf=1'), 'sha1'), 'hex') as result,
encode(digest('\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect;
! result | expect
! ------------------------------------------+------------------------------------------
! 47bde5d88d6ef8770572b9cbb4278b402aa69966 | 47bde5d88d6ef8770572b9cbb4278b402aa69966
! (1 row)
!
--- 22,103 ----
expect-s2k-digest-algo=md5,
expect-compress-algo=1
');
! ERROR: pgp_encrypt: No strong random source
-- bytea as text
select pgp_decrypt(pgp_encrypt_bytea('Binary', 'baz'), 'baz');
! ERROR: pgp_encrypt: No strong random source
-- text as bytea
select pgp_decrypt_bytea(pgp_encrypt('Text', 'baz'), 'baz');
! ERROR: pgp_encrypt: No strong random source
-- algorithm change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=bf'),
'key', 'expect-cipher-algo=bf');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=aes'),
'key', 'expect-cipher-algo=aes128');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'cipher-algo=aes192'),
'key', 'expect-cipher-algo=aes192');
! ERROR: pgp_encrypt: No strong random source
-- s2k change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=0'),
'key', 'expect-s2k-mode=0');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=1'),
'key', 'expect-s2k-mode=1');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-mode=3'),
'key', 'expect-s2k-mode=3');
! ERROR: pgp_encrypt: No strong random source
-- s2k digest change
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-digest-algo=md5'),
'key', 'expect-s2k-digest-algo=md5');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'),
'key', 'expect-s2k-digest-algo=sha1');
! ERROR: pgp_encrypt: No strong random source
-- sess key
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=0'),
'key', 'expect-sess-key=0');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1'),
'key', 'expect-sess-key=1');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'),
'key', 'expect-sess-key=1, expect-cipher-algo=bf');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes192');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'),
'key', 'expect-sess-key=1, expect-cipher-algo=aes256');
! ERROR: pgp_encrypt: No strong random source
-- no mdc
select pgp_decrypt(
pgp_encrypt('Secret.', 'key', 'disable-mdc=1'),
'key', 'expect-disable-mdc=1');
! ERROR: pgp_encrypt: No strong random source
-- crlf
select encode(pgp_decrypt_bytea(
pgp_encrypt('1\n2\n3\r\n', 'key', 'convert-crlf=1'),
'key'), 'hex');
! ERROR: pgp_encrypt: No strong random source
-- conversion should be lossless
select encode(digest(pgp_decrypt(
pgp_encrypt('\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'),
'key', 'convert-crlf=1'), 'sha1'), 'hex') as result,
encode(digest('\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect;
! ERROR: pgp_encrypt: No strong random source

================================================== ====================

*** ./expected/pgp-compression.out Mon Jul 4 16:52:12 2005
--- ./results/pgp-compression.out Mon Jul 4 16:57:55 2005
***************
*** 9,50 ****
=tbSn
-----END PGP MESSAGE-----
'), 'key', 'expect-compress-algo=1');
! pgp_decrypt
! ----------------
! Secret message
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=0'),
'key', 'expect-compress-algo=0');
! pgp_decrypt
! ----------------
! Secret message
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=1'),
'key', 'expect-compress-algo=1');
! pgp_decrypt
! ----------------
! Secret message
! (1 row)
!
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=2'),
'key', 'expect-compress-algo=2');
! pgp_decrypt
! ----------------
! Secret message
! (1 row)
!
-- level=0 should turn compression off
select pgp_decrypt(
pgp_encrypt('Secret message', 'key',
'compress-algo=2, compress-level=0'),
'key', 'expect-compress-algo=0');
! pgp_decrypt
! ----------------
! Secret message
! (1 row)
!
--- 9,30 ----
=tbSn
-----END PGP MESSAGE-----
'), 'key', 'expect-compress-algo=1');
! ERROR: pgp_decrypt error: Unsupported compression algorithm
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=0'),
'key', 'expect-compress-algo=0');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=1'),
'key', 'expect-compress-algo=1');
! ERROR: pgp_encrypt: No strong random source
select pgp_decrypt(
pgp_encrypt('Secret message', 'key', 'compress-algo=2'),
'key', 'expect-compress-algo=2');
! ERROR: pgp_encrypt: No strong random source
-- level=0 should turn compression off
select pgp_decrypt(
pgp_encrypt('Secret message', 'key',
'compress-algo=2, compress-level=0'),
'key', 'expect-compress-algo=0');
! ERROR: pgp_encrypt: No strong random source

================================================== ====================



---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 04-17-2008, 11:36 PM
Marko Kreen
 
Posts: n/a
Default Re: [PATCH] pgcrypto: pgp_encrypt (v2)
On Mon, Jul 04, 2005 at 04:59:58PM +1000, Neil Conway wrote:
> Marko Kreen wrote:
> >Please use following updated patch instead.
> >
> >It implements utf8 conversion, fixes couple of bugs and has
> >many code and comment cleanups.
>
> The regression tests don't pass on my box. With the default Makefile,
> there are a lot of errors WRT "no strong random source". After editing
> the Makefile to make use the "random" device, I get the attached
> regression.diffs.

I don't understand the regression of the dashes in armor test,
kinda seems you have different psql than in CVS.

But for the regression with 'random = dev', I'd say you did not
do 'make clean' after changing Makefile. It only changes flags
to random.c, so if you have existing random.o, it wont be
recompiled.

> While I understand the need to make sure people use a reasonably strong
> crypto source, it would be nice if the regression tests passed out of
> the box.

Look for the 'pgp_encrypt v3' mail I sent. There I use special
empty tests for disabled functionality, that succeed, but
hopefully show user through naming that the functionality
is missing.

--
marko


---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« tiny patch to fic unixware build | Re: [HACKERS] HEAD doesn't cope with libraries in non-default locations »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT. The time now is 12:01 AM.

Contact Us - Unix Technical Forums - Top

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0
www.UnixAdminTalk.com