Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pgcrypto: add helper functions for PKCS padding #104058

Merged
merged 1 commit into from
Jun 5, 2023
Merged

pgcrypto: add helper functions for PKCS padding #104058

merged 1 commit into from
Jun 5, 2023

Conversation

andyyang890
Copy link
Collaborator

This patch adds helper functions for PKCS padding/unpadding, which is
needed for pgcrypto's raw encryption functions.

Informs #21001

Release note: None

@andyyang890 andyyang890 requested a review from rafiss May 29, 2023 20:23
@andyyang890 andyyang890 requested a review from a team as a code owner May 29, 2023 20:23
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@andyyang890 andyyang890 requested a review from ecwall May 29, 2023 20:26
rafiss
rafiss requested changes May 31, 2023
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @andyyang890 and @ecwall)

pkg/sql/sem/builtins/pgcrypto/padding.go line 33 at r1 (raw file):

// PKCSUnpad removes the padding added by PKCSPad.
func PKCSUnpad(data []byte, blockSize int) ([]byte, error) {

i want to make sure i understand: why do we need the blockSize here? it wasn't mentioned in that RFC, and it seems like this other library doesn't need it https://github.com/zenazn/pkcs7pad/blob/master/pkcs7pad.go

pkg/sql/sem/builtins/pgcrypto/padding.go line 45 at r1 (raw file):

	paddingLen := data[len(data)-1]
	if paddingLen == 0 || int(paddingLen) > blockSize {

i think we should also add a check to make sure paddingLen <= len(data). otherwise i think the loop could hit an index-out-of-bounds error. and we should be able to add a test for that

pkg/sql/sem/builtins/pgcrypto/padding_test.go line 122 at r1 (raw file):

		},
		"non-empty data with partial-block padding": {
			data:      []byte{'a', 'b', 2, 2},

continuing my last comment: how about a test case like []byte{'a', 'b', 20, 20},

andyyang890
andyyang890 commented May 31, 2023
View reviewed changes
Copy link
Collaborator Author

@andyyang890 andyyang890 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @ecwall and @rafiss)

pkg/sql/sem/builtins/pgcrypto/padding.go line 33 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

i want to make sure i understand: why do we need the blockSize here? it wasn't mentioned in that RFC, and it seems like this other library doesn't need it https://github.com/zenazn/pkcs7pad/blob/master/pkcs7pad.go

I guess it's not strictly necessary but I thought it might be nice to have an extra check to make sure that the data is a multiple of the block size. (Otherwise, it was either padded incorrectly or the function is being called with the wrong block size.)

It also solves the problem you mentioned below of checking paddingLen <= len(data). Iflen(data)%blockSize==0 andpaddingLen <= blockSize, then we necessarily have that paddingLen <= len(data).

In any case, I've removed it and will move this check into the function that calls PKCSUnpad.

pkg/sql/sem/builtins/pgcrypto/padding.go line 45 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

i think we should also add a check to make sure paddingLen <= len(data). otherwise i think the loop could hit an index-out-of-bounds error. and we should be able to add a test for that

Done.

pkg/sql/sem/builtins/pgcrypto/padding_test.go line 122 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

continuing my last comment: how about a test case like []byte{'a', 'b', 20, 20},

Done.

@andyyang890
pgcrypto: add helper functions for PKCS padding
31747e7 
This patch adds helper functions for PKCS padding/unpadding, which is
needed for pgcrypto's raw encryption functions.

Release note: None
@andyyang890 andyyang890 requested a review from rafiss May 31, 2023 21:03
rafiss
rafiss approved these changes Jun 5, 2023
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @ecwall)

@andyyang890
Copy link
Collaborator Author

TFTR!

bors r=rafiss

@craig
Copy link
Contributor

craig bot commented Jun 5, 2023

Build failed (retrying...):

@craig
Copy link
Contributor

craig bot commented Jun 5, 2023

Build succeeded:

@craig craig bot merged commit 89887ee into cockroachdb:master Jun 5, 2023
@andyyang890 andyyang890 deleted the pkcs_padding branch June 5, 2023 19:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafiss rafiss rafiss approved these changes

@ecwall ecwall Awaiting requested review from ecwall

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andyyang890 @cockroach-teamcity @rafiss