| From: | Vladyslav Nebozhyn <vlad(at)liberatii(dot)com> |
|---|---|
| To: | daniel(at)yesql(dot)se |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Feature Request: Add AES-128-CFB Mode Support to pgcrypto |
| Date: | 2025-01-29 10:11:54 |
| Message-ID: | CAPBGcby_zA5oWe=kiDgco4tgFKifRMZOq-YvBaFqFa4v5zZ7WQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Dear Daniel Gustafsson,
Thank you for your response and for offering to review the patch. I
really appreciate your time and willingness to assist with this!
I've prepared a patch to add AES-CFB support to pgcrypto, following
the existing structure used for other AES modes. Integrating it for
AES requires only minimal modifications.
The patch is included below for reference and is also attached as a
file (Encription-AES-CFB-is-added.patch). Please let me know if any
adjustments are needed. I’d be happy to refine it further based on
your feedback.
Patch:
From 2e246ed3c3f8909c42a192e0bb07535713987e80 Mon Sep 17 00:00:00 2001
From: vlne <vlad(at)liberatii(dot)com>
Date: Wed, 29 Jan 2025 11:42:56 +0200
Subject: [PATCH] Encription AES-CFB is added
---
contrib/pgcrypto/openssl.c | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c
index 75f40a2d03..184aa1cac3 100644
--- a/contrib/pgcrypto/openssl.c
+++ b/contrib/pgcrypto/openssl.c
@@ -617,6 +617,36 @@ ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key,
unsigned klen, const uint8 *iv
return err;
}
+static int
+ossl_aes_cfb_init(PX_Cipher *c, const uint8 *key, unsigned klen,
const uint8 *iv)
+{
+ OSSLCipher *od = c->ptr;
+ int err;
+
+ err = ossl_aes_init(c, key, klen, iv);
+ if (err)
+ return err;
+
+ switch (od->klen)
+ {
+ case 128 / 8:
+ od->evp_ciph = EVP_aes_128_cfb();
+ break;
+ case 192 / 8:
+ od->evp_ciph = EVP_aes_192_cfb();
+ break;
+ case 256 / 8:
+ od->evp_ciph = EVP_aes_256_cfb();
+ break;
+ default:
+ /* shouldn't happen */
+ err = PXE_CIPHER_INIT;
+ break;
+ }
+
+ return err;
+}
+
/*
* aliases
*/
@@ -707,6 +737,13 @@ static const struct ossl_cipher ossl_aes_cbc = {
128 / 8, 256 / 8
};
+static const struct ossl_cipher ossl_aes_cfb = {
+ ossl_aes_cfb_init,
+ NULL, /* EVP_aes_XXX_cfb(), determined in init
+ * function */
+ 128 / 8, 256 / 8
+};
+
/*
* Special handlers
*/
@@ -728,6 +765,7 @@ static const struct ossl_cipher_lookup
ossl_cipher_types[] = {
{"cast5-cbc", &ossl_cast_cbc},
{"aes-ecb", &ossl_aes_ecb},
{"aes-cbc", &ossl_aes_cbc},
+ {"aes-cfb", &ossl_aes_cfb},
{NULL}
};
--
2.40.1.windows.1
Best regards,
Vladyslav Nebozhyn
<br><div class="gmail_quote gmail_quote_container"><div dir="ltr"
class="gmail_attr">On Tue, 28 Jan 2025 at 14:14, Daniel Gustafsson
<daniel(at)yesql(dot)se> wrote:<br></div><blockquote
class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left: 1px
solid rgb(204, 204, 204); padding-left: 1ex;">> On 28 Jan 2025, at
11:46, Vladyslav Nebozhyn <<a href="mailto:vlad(at)liberatii(dot)com"
target="_blank">vlad(at)liberatii(dot)com</a>> wrote:<br>
<br>
> • Ease of Implementation: OpenSSL already
provides a straightforward API for AES-128-CFB, so adding it to
pgcrypto should require only a few lines of code.<br>
<br>
IIRC we already support CFB for Blowfish so I think it would be quite
easy to<br>
add. If you propose a patch for adding this I can volunteer to
review it.<br>
<br>
--<br>
Daniel Gustafsson<br>
<br>
</blockquote></div>
| Attachment | Content-Type | Size |
|---|---|---|
| Encription-AES-CFB-is-added.patch | application/octet-stream | 1.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bertrand Drouvot | 2025-01-29 10:12:54 | Re: Reorder shutdown sequence, to flush pgstats later |
| Previous Message | Umar Hayat | 2025-01-29 10:10:29 | Re: Feature Request: Add AES-128-CFB Mode Support to pgcrypto |