[BUGS] pgcrypto decrypt_iv() issue

Mon, 23 Jan 2012 11:41:21 -0800 

We are using the raw decryption features of contrib/pgcrypto here to
decode certain AES128 encrypted data. However depending on the data to
decode and what statements have been executed in the same session before
we are seeing different (and sometimes completely wrong) answers

this is 9.1.2 on Debian/amd64 compiled with -enable-debug (note that the
the first and the third query do not result in the same answer):


mastermind@mastermind:~/playground$ ./pginst/bin/psql -p 5435 postgres
psql (9.1.2)
Type "help" for help.

postgres=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex');
                                               encode

----------------------------------------------------------------------------------------------------
 
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(1 row)

postgres=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex');
                                              encode

--------------------------------------------------------------------------------------------------
 
2f2f066d198694b1030b040369540d0004833c00000000042b3300000004ab3c000000002f2f2f2f2f2f2f2f2f2f2f2f
(1 row)

postgres=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex');
                                               encode

----------------------------------------------------------------------------------------------------
 
2f2f066d198694b1030b040369540d0004833c00000000042b3300000004ab3c000000002f2f2f2f2f2f2f2f2f2f2f2f00
(1 row)

on some other 9.1.1 installation(standard debian package) we get:

test=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex'); encode
----------------------------------------------------------------------------------------------------
00000000230000002a0a000000c69327907f00000000000000000000000000000000000000000000000000000000000000
(1 row)

test=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex'); encode
----------------------------------------------------------------------------------------------------
19000000ffffffff64000000000000000300000003000000ffffffff000000000000000000000000000000000000000000
(1 row)

test=# select
encode(decrypt_iv(decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea,
decode('636F6E73756D65723267726964303333','hex')::bytea,
decode('2D4C526240141e029696969696969696','hex')::bytea,
'aes-cbc/pad:none')::bytea, 'hex'); encode
----------------------------------------------------------------------------------------------------
907f0000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000
(1 row)


on 8.3 we even managed to produce(slightly different version of the
query) the following once:

select decrypt_iv(data, key, iv, 'aes-cbc/pad:none') from (select
decode('c89a929fa8dbefaa88609ea3b637d783ce926b8a0985ae02a100c0f89d8a8e5aca793d1519f5829a61b9fbd1d582fb66ff','hex')::bytea
as data, decode('636F6E73756D65723267726964303333','hex')::bytea as key,
decode('2D4C526240141e029696969696969696','hex')::bytea as iv) as c;
                                         decrypt_iv

---------------------------------------------------------------------------------------------
 
/lib/postgresql/8.3/lib/pgcrypto.so\000\012\000\000\000\200\000\000\000\000\000\000\000\000
(1 row)


which seems even more of a "wtf"?!




Stefan

-- 
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

Reply via email to