Add IP address encryption (crypto_ipcrypt) and bump to libsodium 1.0.22#123
Merged
Conversation
Implement the libsodium 1.0.22 crypto_ipcrypt_* family, exposing the ipcrypt-std IP-address encryption/anonymization primitives to SQL: - deterministic (AES-128, format-preserving) - pfx (prefix-preserving) - nd (KIASU-BC, non-deterministic, 8 byte tweak) - ndx (AES-XTS, non-deterministic, 16 byte tweak) Each variant follows existing pgsodium conventions: a bytea C core (src/ipcrypt.c) plus raw-key, server-key (by_id bigint + context) and managed-key (uuid) SQL overloads, with inet->inet overloads for the two format-preserving variants. Adds ip2bin/bin2ip helpers, four ipcrypt-* key types, and tests with the official ipcrypt-std known-answer vectors. Ships as version 3.1.11. Supporting changes required to build and test the above: - Bump the bundled libsodium to 1.0.22 (which provides crypto_ipcrypt), and align the debug/example/Windows build references to 1.0.22. - Fix the pending 3.1.10 mask_role migration: GRANT ALL ON %I quoted a schema-qualified view name as a single identifier, breaking TCE view generation. Cast view_name::regclass instead, which both rejects injection payloads (they cannot resolve to a real relation) and renders the qualified name correctly. Verified with ./test.sh across PostgreSQL 14-18 and all preload/getkey configurations (15/15 PASS), including fresh install and incremental 3.1.9 -> 3.1.11 upgrade. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
main's branch protection requires a status check named "tests", but the job was named "Linux build and tests", so the required context was never reported and pull requests stayed blocked on "Expected — Waiting for status to be reported". Rename the job to "tests" so the check it publishes matches the required context. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the libsodium 1.0.22
crypto_ipcrypt_*family, exposing the ipcrypt-std IP-address encryption/anonymization primitives to SQL, shipped as version 3.1.11.Four variants, each following existing pgsodium conventions (bytea C core in
src/ipcrypt.c+ raw-key,by_idserver-key, anduuidmanaged-key SQL overloads):crypto_ipcrypt_crypto_ipcrypt_pfx_crypto_ipcrypt_nd_crypto_ipcrypt_ndx_Also adds
crypto_ipcrypt_ip2bin/bin2iptext↔binary helpers,inet → inetoverloads for the two format-preserving variants, fouripcrypt-*key types, and a README section.Supporting changes (required to build/test the above)
crypto_ipcrypt); align debug/example/Windows references.mask_rolemigration:GRANT ALL ON %Iquoted a schema-qualified view name as one identifier, breaking TCE view generation. Now castsview_name::regclass, which rejects injection payloads (they can't resolve to a real relation) and renders the qualified name correctly.Test Plan
./test.sh— PostgreSQL 14.19 / 15.14 / 16.10 / 17.6 / 18.1 × {no preload, preload, preload+getkey} → 15/15 PASSby_id/uuidround-trips3.1.9 → 3.1.11upgrade verified🤖 Generated with Claude Code