Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
| От | cary huang |
|---|---|
| Тема | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
| Дата | |
| Msg-id | 157811823477.1198.5461323835758081696.pgcf@coridan.postgresql.org обсуждение исходный текст |
| Ответ на | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) (Ibrar Ahmed <ibrar.ahmad@gmail.com>) |
| Ответы |
Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
|
| Список | pgsql-hackers |
Hello Sawada and all I would like to elaborate more on Sehrope and Sawada's discussion on passing NULL IV in "pg_cipher_encrypt/decrypt" functionsduring kmgr_wrap_key and kmgr_unwrap_key routines in kmgr_utils.c. Openssl implements key wrap according to RFC3394as Sawada mentioned and passing NULL will make openssl to use default IV, which equals to A6A6A6A6A6A6A6A6. I haveconfirmed this on my side; A key wrapped with "NULL" IV can be unwrapped successfully with IV=A6A6A6A6A6A6A6A6, and unwrapwill fail if IV is set to anything else other than NULL or A6A6A6A6A6A6A6A6. I would like to provide some comments on the encryption and decryption routines provided by cipher_openssl.c in which cipher.cand kmgr_utils.c are using. I see that "ossl_cipher_encrypt" calls "EVP_EncryptInit_ex" and "EVP_EncryptUpdate" onlyto complete the encryption. Same thing applies to decryption routines. According to my past experience with openssl andthe usages online, it is highly recommended to use "init-update-final" cycle to complete the encryption and I see thatthe "final" part (EVP_EncryptFinal) is missing. This call will properly handle the last block of data especially whenpadding is taken into account. The functions still works now because the input is encryption key and its size is multipleof each cipher block and no padding is used. I think it will be safer to use the proper "init-update-final" cyclefor encryption/decryption According to openssl EVP documentation, "EVP_EncryptUpdate" can be called multiple times at different offset to the inputdata to be encrypted. I see that "pg_cipher_encrypt" only calls "EVP_EncryptUpdate" once, which makes me assume thatthe application should invoke "pg_cipher_encrypt" multiple times until the entire data block is encrypted? I am askingbecause if we were to use "EVP_EncryptFinal" to complete the encryption cycle, then it is better to let "pg_cipher_encrypt"to figure out how many times "EVP_EncryptUpdate" should be called and finalize it with "EVP_EncryptFinal"at last block. Lastly, I think we are missing a cleanup routine that calls "EVP_CIPHER_CTX_free()" to free up the EVP_CIPHER_CTX when encryptionis done. Thank you Cary Huang HighGo Software Canada
В списке pgsql-hackers по дате отправления: