pgcrypto decrypt_iv() issue
| От | Stefan Kaltenbrunner |
|---|---|
| Тема | pgcrypto decrypt_iv() issue |
| Дата | |
| Msg-id | 4F1DB7BF.60304@kaltenbrunner.cc обсуждение исходный текст |
| Ответы |
Re: pgcrypto decrypt_iv() issue
|
| Список | pgsql-bugs |
We are using the raw decryption features of contrib/pgcrypto here to
decode certain AES128 encrypted data. However depending on the data to
decode and what statements have been executed in the same session before
we are seeing different (and sometimes completely wrong) answers
this is 9.1.2 on Debian/amd64 compiled with -enable-debug (note that the
the first and the third query do not result in the same answer):
mastermind@mastermind:~/playground$ ./pginst/bin/psql -p 5435 postgres
psql (9.1.2)
Type "help" for help.
postgres=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex');
encode
----------------------------------------------------------------------------------------------------
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(1 row)
postgres=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex');
encode
--------------------------------------------------------------------------------------------------
2f2f066d198694b1030b040369540d0004833c00000000042b3300000004ab3c000000002f2f2f2f2f2f2f2f2f2f2f2f
(1 row)
postgres=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex');
encode
----------------------------------------------------------------------------------------------------
2f2f066d198694b1030b040369540d0004833c00000000042b3300000004ab3c000000002f2f2f2f2f2f2f2f2f2f2f2f00
(1 row)
on some other 9.1.1 installation(standard debian package) we get:
test=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex'); encode
----------------------------------------------------------------------------------------------------
00000000230000002a0a000000c69327907f00000000000000000000000000000000000000000000000000000000000000
(1 row)
test=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex'); encode
----------------------------------------------------------------------------------------------------
19000000ffffffff64000000000000000300000003000000ffffffff000000000000000000000000000000000000000000
(1 row)
test=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex'); encode
----------------------------------------------------------------------------------------------------
907f0000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000
(1 row)
on 8.3 we even managed to produce(slightly different version of the
query) the following once:
select decrypt_iv(data, key, iv, 'aes-cbc/pad:none') from (select
decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea
as data, decode('636F6E73756D65723267726964303333','hex')::bytea as key,
decode('2D4C526240141e029696969696969696','hex')::bytea as iv) as c;
decrypt_iv
---------------------------------------------------------------------------------------------
/lib/postgresql/8.3/lib/pgcrypto.so\000\012\000\000\000\200\000\000\000\000\000\000\000\000
(1 row)
which seems even more of a "wtf"?!
Stefan
В списке pgsql-bugs по дате отправления: