From 6a8eb1a7b6dd48bceca9ed0e449ef8d1c09967e3 Mon Sep 17 00:00:00 2001 From: Neil Conway Date: Mon, 21 Mar 2005 05:24:52 +0000 Subject: [PATCH] pgcrypto update: * test error handling * add tests for des, 3des, cast5 * add some tests to blowfish, rijndael * Makefile: ability to specify different tests for different crypto libraries, so we can skip des, 3des and cast5 for builtin. Marko Kreen --- contrib/pgcrypto/Makefile | 5 +- contrib/pgcrypto/expected/3des.out | 56 ++++++++++++++++++++ contrib/pgcrypto/expected/blowfish.out | 52 ++++++++++++++++++ contrib/pgcrypto/expected/cast5.out | 73 ++++++++++++++++++++++++++ contrib/pgcrypto/expected/des.out | 48 +++++++++++++++++ contrib/pgcrypto/expected/init.out | 9 ++++ contrib/pgcrypto/expected/rijndael.out | 42 +++++++++++++++ contrib/pgcrypto/sql/3des.sql | 26 +++++++++ contrib/pgcrypto/sql/blowfish.sql | 21 ++++++++ contrib/pgcrypto/sql/cast5.sql | 42 +++++++++++++++ contrib/pgcrypto/sql/des.sql | 24 +++++++++ contrib/pgcrypto/sql/init.sql | 6 +++ contrib/pgcrypto/sql/rijndael.sql | 15 ++++++ 13 files changed, 418 insertions(+), 1 deletion(-) create mode 100644 contrib/pgcrypto/expected/3des.out create mode 100644 contrib/pgcrypto/expected/cast5.out create mode 100644 contrib/pgcrypto/expected/des.out create mode 100644 contrib/pgcrypto/sql/3des.sql create mode 100644 contrib/pgcrypto/sql/cast5.sql create mode 100644 contrib/pgcrypto/sql/des.sql diff --git a/contrib/pgcrypto/Makefile b/contrib/pgcrypto/Makefile index 4b79d9febd..5e92f92945 100644 --- a/contrib/pgcrypto/Makefile +++ b/contrib/pgcrypto/Makefile @@ -1,5 +1,5 @@ # -# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.13 2005/03/21 05:17:16 neilc Exp $ +# $PostgreSQL: pgsql/contrib/pgcrypto/Makefile,v 1.14 2005/03/21 05:24:51 neilc Exp $ # # either 'builtin', 'openssl' @@ -26,12 +26,14 @@ ifeq ($(cryptolib), builtin) CRYPTO_CFLAGS = CRYPTO_LDFLAGS = SRCS = md5.c sha1.c internal.c blf.c rijndael.c +EXTRA_TESTS = endif ifeq ($(cryptolib), openssl) CRYPTO_CFLAGS = -I/usr/include/openssl CRYPTO_LDFLAGS = -lcrypto SRCS = openssl.c +EXTRA_TESTS = des 3des cast5 endif ifeq ($(cryptsrc), builtin) @@ -63,6 +65,7 @@ PG_CPPFLAGS = $(CRYPTO_CFLAGS) -I$(srcdir) SHLIB_LINK = $(CRYPTO_LDFLAGS) REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \ + $(EXTRA_TESTS) \ crypt-des crypt-md5 crypt-blowfish crypt-xdes diff --git a/contrib/pgcrypto/expected/3des.out b/contrib/pgcrypto/expected/3des.out new file mode 100644 index 0000000000..51de60b2bc --- /dev/null +++ b/contrib/pgcrypto/expected/3des.out @@ -0,0 +1,56 @@ +-- +-- 3DES cipher +-- +-- test vector from somewhere +SELECT encode(encrypt( +decode('80 00 00 00 00 00 00 00', 'hex'), +decode('01 01 01 01 01 01 01 01 + 01 01 01 01 01 01 01 01 + 01 01 01 01 01 01 01 01', 'hex'), +'3des-ecb/pad:none'), 'hex'); + encode +------------------ + 95f8a5e5dd31d900 +(1 row) + +-- val 95 F8 A5 E5 DD 31 D9 00 +select encode( encrypt('', 'foo', '3des'), 'hex'); + encode +------------------ + 9b641a6936249eb4 +(1 row) + +-- 10 bytes key +select encode( encrypt('foo', '0123456789', '3des'), 'hex'); + encode +------------------ + 6f02b7076a366504 +(1 row) + +-- 22 bytes key +select encode( encrypt('foo', '0123456789012345678901', '3des'), 'hex'); + encode +------------------ + a44360e699269817 +(1 row) + +-- decrypt +select decrypt(encrypt('foo', '0123456', '3des'), '0123456', '3des'); + decrypt +--------- + foo +(1 row) + +-- iv +select encode(encrypt_iv('foo', '0123456', 'abcd', '3des'), 'hex'); + encode +------------------ + df27c264fb24ed7a +(1 row) + +select decrypt_iv(decode('df27c264fb24ed7a', 'hex'), '0123456', 'abcd', '3des'); + decrypt_iv +------------ + foo +(1 row) + diff --git a/contrib/pgcrypto/expected/blowfish.out b/contrib/pgcrypto/expected/blowfish.out index 5a13b7669c..7558aa937a 100644 --- a/contrib/pgcrypto/expected/blowfish.out +++ b/contrib/pgcrypto/expected/blowfish.out @@ -106,3 +106,55 @@ decode('37363534333231204e6f77206973207468652074696d6520666f722000', 'hex'), 3ea6357a0ee7fad6d0c4b63464f2aafa40c2e91b4b7e1bba8114932fd92b5c8f111e7e50e7b2e541 (1 row) +-- blowfish-448 +SELECT encode(encrypt( +decode('fedcba9876543210', 'hex'), +decode('f0e1d2c3b4a5968778695a4b3c2d1e0f001122334455667704689104c2fd3b2f584023641aba61761f1f1f1f0e0e0e0effffffffffffffff', 'hex'), +'bf-ecb/pad:none'), 'hex'); + encode +------------------ + c04504012e4e1f53 +(1 row) + +-- result: c04504012e4e1f53 +-- empty data +select encode( encrypt('', 'foo', 'bf'), 'hex'); + encode +------------------ + 1871949bb2311c8e +(1 row) + +-- 10 bytes key +select encode( encrypt('foo', '0123456789', 'bf'), 'hex'); + encode +------------------ + 42f58af3b2c03f46 +(1 row) + +-- 22 bytes key +select encode( encrypt('foo', '0123456789012345678901', 'bf'), 'hex'); + encode +------------------ + 86ab6f0bc72b5f22 +(1 row) + +-- decrypt +select decrypt(encrypt('foo', '0123456', 'bf'), '0123456', 'bf'); + decrypt +--------- + foo +(1 row) + +-- iv +select encode(encrypt_iv('foo', '0123456', 'abcd', 'bf'), 'hex'); + encode +------------------ + 95c7e89322525d59 +(1 row) + +select decrypt_iv(decode('95c7e89322525d59', 'hex'), '0123456', 'abcd', 'bf'); + decrypt_iv +------------ + foo +(1 row) + diff --git a/contrib/pgcrypto/expected/cast5.out b/contrib/pgcrypto/expected/cast5.out new file mode 100644 index 0000000000..f5b3cf6750 --- /dev/null +++ b/contrib/pgcrypto/expected/cast5.out @@ -0,0 +1,73 @@ +-- +-- Cast5 cipher +-- +-- test vectors from RFC2144 +-- 128 bit key +SELECT encode(encrypt( +decode('01 23 45 67 89 AB CD EF', 'hex'), +decode('01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A', 'hex'), +'cast5-ecb/pad:none'), 'hex'); + encode +------------------ + 238b4fe5847e44b2 +(1 row) + +-- result: 23 8B 4F E5 84 7E 44 B2 +-- 80 bit key +SELECT encode(encrypt( +decode('01 23 45 67 89 AB CD EF', 'hex'), +decode('01 23 45 67 12 34 56 78 23 45', 'hex'), +'cast5-ecb/pad:none'), 'hex'); + encode +------------------ + eb6a711a2c02271b +(1 row) + +-- result: EB 6A 71 1A 2C 02 27 1B +-- 40 bit key +SELECT encode(encrypt( +decode('01 23 45 67 89 AB CD EF', 'hex'), +decode('01 23 45 67 12', 'hex'), +'cast5-ecb/pad:none'), 'hex'); + encode +------------------ + 7ac816d16e9b302e +(1 row) + +-- result: 7A C8 16 D1 6E 9B 30 2E +-- cbc +-- empty data +select encode( encrypt('', 'foo', 'cast5'), 'hex'); + encode +------------------ + a48bd1aabde4de10 +(1 row) + +-- 10 bytes key +select encode( encrypt('foo', '0123456789', 'cast5'), 'hex'); + encode +------------------ + b07f19255e60cb6d +(1 row) + +-- decrypt +select decrypt(encrypt('foo', '0123456', 'cast5'), '0123456', 'cast5'); + decrypt +--------- + foo +(1 row) + +-- iv +select encode(encrypt_iv('foo', '0123456', 'abcd', 'cast5'), 'hex'); + encode +------------------ + 384a970695ce016a +(1 row) + +select decrypt_iv(decode('384a970695ce016a', 'hex'), + '0123456', 'abcd', 'cast5'); + decrypt_iv +------------ + foo +(1 row) + diff --git a/contrib/pgcrypto/expected/des.out b/contrib/pgcrypto/expected/des.out new file mode 100644 index 0000000000..333b30d8cc --- /dev/null +++ b/contrib/pgcrypto/expected/des.out @@ -0,0 +1,48 @@ +-- +-- DES cipher +-- +-- no official test vectors atm +-- from blowfish.sql +SELECT encode(encrypt( +decode('0123456789abcdef', 'hex'), +decode('fedcba9876543210', 'hex'), +'des-ecb/pad:none'), 'hex'); + encode +------------------ + ed39d950fa74bcc4 +(1 row) + +-- empty data +select encode( encrypt('', 'foo', 'des'), 'hex'); + encode +------------------ + 752111e37a2d7ac3 +(1 row) + +-- 8 bytes key +select encode( encrypt('foo', '01234589', 'des'), 'hex'); + encode +------------------ + dec0f9c602b647a8 +(1 row) + +-- decrypt +select decrypt(encrypt('foo', '0123456', 'des'), '0123456', 'des'); + decrypt +--------- + foo +(1 row) + +-- iv +select encode(encrypt_iv('foo', '0123456', 'abcd', 'des'), 'hex'); + encode +------------------ + 50735067b073bb93 +(1 row) + +select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', 'des'); + decrypt_iv +------------ + foo +(1 row) + diff --git a/contrib/pgcrypto/expected/init.out b/contrib/pgcrypto/expected/init.out index 509f454047..3252d4276e 100644 --- a/contrib/pgcrypto/expected/init.out +++ b/contrib/pgcrypto/expected/init.out @@ -15,3 +15,12 @@ SELECT decode('666f6f', 'hex'); foo (1 row) +-- check error handling +select gen_salt('foo'); +ERROR: gen_salt: Unknown salt algorithm +select digest('foo', 'foo'); +ERROR: Cannot use "foo": No such hash algorithm +select hmac('foo', 'foo', 'foo'); +ERROR: Cannot use "foo": No such hash algorithm +select encrypt('foo', 'foo', 'foo'); +ERROR: Cannot use "foo": No such cipher algorithm diff --git a/contrib/pgcrypto/expected/rijndael.out b/contrib/pgcrypto/expected/rijndael.out index a5dc8ce620..fbbbc87189 100644 --- a/contrib/pgcrypto/expected/rijndael.out +++ b/contrib/pgcrypto/expected/rijndael.out @@ -67,3 +67,45 @@ decode('000102030405060708090a0b0c0d0e0f101112131415161718191a1b', 'hex'), 4facb6a041d53e0a5a73289170901fe7 (1 row) +-- empty data +select encode( encrypt('', 'foo', 'aes'), 'hex'); + encode +---------------------------------- + b48cc3338a2eb293b6007ef72c360d48 +(1 row) + +-- 10 bytes key +select encode( encrypt('foo', '0123456789', 'aes'), 'hex'); + encode +---------------------------------- + f397f03d2819b7172b68d0706fda4693 +(1 row) + +-- 22 bytes key +select encode( encrypt('foo', '0123456789012345678901', 'aes'), 'hex'); + encode +---------------------------------- + 5c9db77af02b4678117bcd8a71ae7f53 +(1 row) + +-- decrypt +select decrypt(encrypt('foo', '0123456', 'aes'), '0123456', 'aes'); + decrypt +--------- + foo +(1 row) + +-- iv +select encode(encrypt_iv('foo', '0123456', 'abcd', 'aes'), 'hex'); + encode +---------------------------------- + 2c24cb7da91d6d5699801268b0f5adad +(1 row) + +select decrypt_iv(decode('2c24cb7da91d6d5699801268b0f5adad', 'hex'), + '0123456', 'abcd', 'aes'); + decrypt_iv +------------ + foo +(1 row) + diff --git a/contrib/pgcrypto/sql/3des.sql b/contrib/pgcrypto/sql/3des.sql new file mode 100644 index 0000000000..f3c01e2908 --- /dev/null +++ b/contrib/pgcrypto/sql/3des.sql @@ -0,0 +1,26 @@ +-- +-- 3DES cipher +-- + +-- test vector from somewhere +SELECT encode(encrypt( +decode('80 00 00 00 00 00 00 00', 'hex'), +decode('01 01 01 01 01 01 01 01 + 01 01 01 01 01 01 01 01 + 01 01 01 01 01 01 01 01', 'hex'), +'3des-ecb/pad:none'), 'hex'); +-- val 95 F8 A5 E5 DD 31 D9 00 + +select encode( encrypt('', 'foo', '3des'), 'hex'); +-- 10 bytes key +select encode( encrypt('foo', '0123456789', '3des'), 'hex'); +-- 22 bytes key +select encode( encrypt('foo', '0123456789012345678901', '3des'), 'hex'); + +-- decrypt +select decrypt(encrypt('foo', '0123456', '3des'), '0123456', '3des'); + +-- iv +select encode(encrypt_iv('foo', '0123456', 'abcd', '3des'), 'hex'); +select decrypt_iv(decode('df27c264fb24ed7a', 'hex'), '0123456', 'abcd', '3des'); + diff --git a/contrib/pgcrypto/sql/blowfish.sql b/contrib/pgcrypto/sql/blowfish.sql index e5f6ddccf3..565282cb0f 100644 --- a/contrib/pgcrypto/sql/blowfish.sql +++ b/contrib/pgcrypto/sql/blowfish.sql @@ -64,3 +64,24 @@ decode('6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc', 'hex' decode('37363534333231204e6f77206973207468652074696d6520666f722000', 'hex'), 'bf-cbc'), 'hex'); +-- blowfish-448 +SELECT encode(encrypt( +decode('fedcba9876543210', 'hex'), +decode('f0e1d2c3b4a5968778695a4b3c2d1e0f001122334455667704689104c2fd3b2f584023641aba61761f1f1f1f0e0e0e0effffffffffffffff', 'hex'), +'bf-ecb/pad:none'), 'hex'); +-- result: c04504012e4e1f53 + +-- empty data +select encode( encrypt('', 'foo', 'bf'), 'hex'); +-- 10 bytes key +select encode( encrypt('foo', '0123456789', 'bf'), 'hex'); +-- 22 bytes key +select encode( encrypt('foo', '0123456789012345678901', 'bf'), 'hex'); + +-- decrypt +select decrypt(encrypt('foo', '0123456', 'bf'), '0123456', 'bf'); + +-- iv +select encode(encrypt_iv('foo', '0123456', 'abcd', 'bf'), 'hex'); +select decrypt_iv(decode('95c7e89322525d59', 'hex'), '0123456', 'abcd', 'bf'); + diff --git a/contrib/pgcrypto/sql/cast5.sql b/contrib/pgcrypto/sql/cast5.sql new file mode 100644 index 0000000000..553ae4f0f2 --- /dev/null +++ b/contrib/pgcrypto/sql/cast5.sql @@ -0,0 +1,42 @@ +-- +-- Cast5 cipher +-- + +-- test vectors from RFC2144 + +-- 128 bit key +SELECT encode(encrypt( +decode('01 23 45 67 89 AB CD EF', 'hex'), +decode('01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A', 'hex'), +'cast5-ecb/pad:none'), 'hex'); +-- result: 23 8B 4F E5 84 7E 44 B2 + +-- 80 bit key +SELECT encode(encrypt( +decode('01 23 45 67 89 AB CD EF', 'hex'), +decode('01 23 45 67 12 34 56 78 23 45', 'hex'), +'cast5-ecb/pad:none'), 'hex'); +-- result: EB 6A 71 1A 2C 02 27 1B + +-- 40 bit key +SELECT encode(encrypt( +decode('01 23 45 67 89 AB CD EF', 'hex'), +decode('01 23 45 67 12', 'hex'), +'cast5-ecb/pad:none'), 'hex'); +-- result: 7A C8 16 D1 6E 9B 30 2E + +-- cbc + +-- empty data +select encode( encrypt('', 'foo', 'cast5'), 'hex'); +-- 10 bytes key +select encode( encrypt('foo', '0123456789', 'cast5'), 'hex'); + +-- decrypt +select decrypt(encrypt('foo', '0123456', 'cast5'), '0123456', 'cast5'); + +-- iv +select encode(encrypt_iv('foo', '0123456', 'abcd', 'cast5'), 'hex'); +select decrypt_iv(decode('384a970695ce016a', 'hex'), + '0123456', 'abcd', 'cast5'); + diff --git a/contrib/pgcrypto/sql/des.sql b/contrib/pgcrypto/sql/des.sql new file mode 100644 index 0000000000..3b55ca5e3a --- /dev/null +++ b/contrib/pgcrypto/sql/des.sql @@ -0,0 +1,24 @@ +-- +-- DES cipher +-- + +-- no official test vectors atm + +-- from blowfish.sql +SELECT encode(encrypt( +decode('0123456789abcdef', 'hex'), +decode('fedcba9876543210', 'hex'), +'des-ecb/pad:none'), 'hex'); + +-- empty data +select encode( encrypt('', 'foo', 'des'), 'hex'); +-- 8 bytes key +select encode( encrypt('foo', '01234589', 'des'), 'hex'); + +-- decrypt +select decrypt(encrypt('foo', '0123456', 'des'), '0123456', 'des'); + +-- iv +select encode(encrypt_iv('foo', '0123456', 'abcd', 'des'), 'hex'); +select decrypt_iv(decode('50735067b073bb93', 'hex'), '0123456', 'abcd', 'des'); + diff --git a/contrib/pgcrypto/sql/init.sql b/contrib/pgcrypto/sql/init.sql index 9d38cb5854..e536e67ea3 100644 --- a/contrib/pgcrypto/sql/init.sql +++ b/contrib/pgcrypto/sql/init.sql @@ -10,3 +10,9 @@ SELECT encode('foo', 'hex'); SELECT decode('666f6f', 'hex'); +-- check error handling +select gen_salt('foo'); +select digest('foo', 'foo'); +select hmac('foo', 'foo', 'foo'); +select encrypt('foo', 'foo', 'foo'); + diff --git a/contrib/pgcrypto/sql/rijndael.sql b/contrib/pgcrypto/sql/rijndael.sql index 6f3dfc9622..c609a635df 100644 --- a/contrib/pgcrypto/sql/rijndael.sql +++ b/contrib/pgcrypto/sql/rijndael.sql @@ -41,3 +41,18 @@ decode('0011223344', 'hex'), decode('000102030405060708090a0b0c0d0e0f101112131415161718191a1b', 'hex'), 'aes-cbc'), 'hex'); +-- empty data +select encode( encrypt('', 'foo', 'aes'), 'hex'); +-- 10 bytes key +select encode( encrypt('foo', '0123456789', 'aes'), 'hex'); +-- 22 bytes key +select encode( encrypt('foo', '0123456789012345678901', 'aes'), 'hex'); + +-- decrypt +select decrypt(encrypt('foo', '0123456', 'aes'), '0123456', 'aes'); + +-- iv +select encode(encrypt_iv('foo', '0123456', 'abcd', 'aes'), 'hex'); +select decrypt_iv(decode('2c24cb7da91d6d5699801268b0f5adad', 'hex'), + '0123456', 'abcd', 'aes'); +