MySQL 8.0.40
Source Code Documentation
stream_cipher.h
Go to the documentation of this file.
1/* Copyright (c) 2018, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef STREAM_CIPHER_INCLUDED
25#define STREAM_CIPHER_INCLUDED
26
27#include <openssl/evp.h>
28#include <memory>
29#include <string>
30
31/**
32 @file stream_cipher.h
33
34 @brief This file includes core components for encrypting/decrypting
35 binary log files.
36*/
37
38typedef std::basic_string<unsigned char> Key_string;
39
40/**
41 @class Stream_cipher
42
43 This abstract class represents the interface of a replication logs encryption
44 cipher that can be used to encrypt/decrypt a given stream content in both
45 sequential and random way.
46
47 - Sequential means encrypting/decrypting a stream from the begin to end
48 in order. For sequential encrypting/decrypting, you just need to call
49 it like:
50
51 open();
52 encrypt();
53 ...
54 encrypt(); // call it again and again
55 ...
56 close();
57
58 - Random means encrypting/decrypting a stream data without order. For
59 example:
60
61 - It first encrypts the data of a stream at the offset from 100 to 200.
62
63 - And then encrypts the data of the stream at the offset from 0 to 99.
64
65 For random encrypting/decrypting, you need to call set_stream_offset()
66 before calling encrypt(). Example:
67
68 open();
69
70 set_stream_offset(100);
71 encrypt(...);
72 ...
73 set_stream_offset(0);
74 encrypt(...)
75
76 close();
77*/
79 public:
80 virtual ~Stream_cipher() = default;
81
82 /**
83 Open the cipher with given password.
84
85 @param[in] password The password which is used to initialize the cipher.
86 @param[in] header_size The encrypted stream offset wrt the down stream.
87
88 @retval false Success.
89 @retval true Error.
90 */
91 virtual bool open(const Key_string &password, int header_size) = 0;
92
93 /** Close the cipher. */
94 virtual void close() = 0;
95
96 /**
97 Encrypt data.
98
99 @param[in] dest The buffer for storing encrypted data. It should be
100 at least 'length' bytes.
101 @param[in] src The data which will be encrypted.
102 @param[in] length Length of the data.
103
104 @retval false Success.
105 @retval true Error.
106 */
107 virtual bool encrypt(unsigned char *dest, const unsigned char *src,
108 int length) = 0;
109
110 /**
111 Decrypt data.
112
113 @param[in] dest The buffer for storing decrypted data. It should be
114 at least 'length' bytes.
115 @param[in] src The data which will be decrypted.
116 @param[in] length Length of the data.
117
118 @retval false Success.
119 @retval true Error.
120 */
121 virtual bool decrypt(unsigned char *dest, const unsigned char *src,
122 int length) = 0;
123
124 /**
125 Support encrypting/decrypting data at random position of a stream.
126
127 @param[in] offset The stream offset of the data which will be encrypted/
128 decrypted in next encrypt()/decrypt() call.
129
130 @retval false Success.
131 @retval true Error.
132 */
133 virtual bool set_stream_offset(uint64_t offset) = 0;
134
135 /**
136 Returns the size of the header of the stream being encrypted/decrypted.
137
138 @return the size of the header of the stream being encrypted/decrypted.
139 */
140 int get_header_size();
141
142 protected:
144};
145
146/**
147 @class Aes_ctr
148
149 The class provides standards to be used by the Aes_ctr ciphers.
150*/
151class Aes_ctr {
152 public:
153 static const int PASSWORD_LENGTH = 32;
154 static const int AES_BLOCK_SIZE = 16;
155 static const int FILE_KEY_LENGTH = 32;
156 /**
157 Returns the message digest function to be uses when opening the cipher.
158
159 @return SHA-512 message digest.
160 */
161 static const EVP_MD *get_evp_md() { return EVP_sha512(); }
162 /**
163 Returns the cipher to be uses when using the cipher.
164
165 @return AES-256-CTR.
166 */
167 static const EVP_CIPHER *get_evp_cipher() { return EVP_aes_256_ctr(); }
168 /**
169 Returns a new unique Stream_cipher encryptor.
170
171 @return A new Stream_cipher encryptor.
172 */
173 static std::unique_ptr<Stream_cipher> get_encryptor();
174 /**
175 Returns a new unique Stream_cipher decryptor.
176
177 @return A new Stream_cipher decryptor.
178 */
179 static std::unique_ptr<Stream_cipher> get_decryptor();
180};
181
182enum class Cipher_type : int { ENCRYPT = 0, DECRYPT = 1 };
183
184/**
185 @class Aes_ctr_cipher
186
187 The class implements AES-CTR encryption/decryption. It supports to
188 encrypt/decrypt a stream in both sequential and random way.
189*/
190template <Cipher_type TYPE>
192 public:
196
197 ~Aes_ctr_cipher() override;
198
199 bool open(const Key_string &password, int header_size) override;
200 void close() override;
201 bool encrypt(unsigned char *dest, const unsigned char *src,
202 int length) override;
203 bool decrypt(unsigned char *dest, const unsigned char *src,
204 int length) override;
205 bool set_stream_offset(uint64_t offset) override;
206
207 private:
208 /* Cipher context */
209 EVP_CIPHER_CTX *m_ctx = nullptr;
210 /* The file key to encrypt/decrypt data. */
212 /* The initialization vector (IV) used to encrypt/decrypt data. */
213 unsigned char m_iv[AES_BLOCK_SIZE];
214
215 /**
216 Initialize OpenSSL cipher related context and IV.
217
218 @param[in] offset The stream offset to compute the AES-CTR counter which
219 will be set into IV.
220
221 @retval false Success.
222 @retval true Error.
223 */
224 bool init_cipher(uint64_t offset);
225
226 /** Destroy OpenSSL cipher related context. */
227 void deinit_cipher();
228};
229
231typedef class Aes_ctr_cipher<Cipher_type::DECRYPT> Aes_ctr_decryptor;
232#endif // STREAM_CIPHER_INCLUDED
The class implements AES-CTR encryption/decryption.
Definition: stream_cipher.h:191
static const int PASSWORD_LENGTH
Definition: stream_cipher.h:193
bool open(const Key_string &password, int header_size) override
Open the cipher with given password.
Definition: stream_cipher.cc:45
static const int FILE_KEY_LENGTH
Definition: stream_cipher.h:195
unsigned char m_file_key[FILE_KEY_LENGTH]
Definition: stream_cipher.h:211
bool encrypt(unsigned char *dest, const unsigned char *src, int length) override
Encrypt data.
Definition: stream_cipher.cc:142
void deinit_cipher()
Destroy OpenSSL cipher related context.
Definition: stream_cipher.cc:136
unsigned char m_iv[AES_BLOCK_SIZE]
Definition: stream_cipher.h:213
static const int AES_BLOCK_SIZE
Definition: stream_cipher.h:194
~Aes_ctr_cipher() override
Definition: stream_cipher.cc:72
bool decrypt(unsigned char *dest, const unsigned char *src, int length) override
Decrypt data.
Definition: stream_cipher.cc:162
bool set_stream_offset(uint64_t offset) override
Support encrypting/decrypting data at random position of a stream.
Definition: stream_cipher.cc:82
bool init_cipher(uint64_t offset)
Initialize OpenSSL cipher related context and IV.
Definition: stream_cipher.cc:104
EVP_CIPHER_CTX * m_ctx
Definition: stream_cipher.h:209
void close() override
Close the cipher.
Definition: stream_cipher.cc:77
The class provides standards to be used by the Aes_ctr ciphers.
Definition: stream_cipher.h:151
static const int AES_BLOCK_SIZE
Definition: stream_cipher.h:154
static std::unique_ptr< Stream_cipher > get_encryptor()
Returns a new unique Stream_cipher encryptor.
Definition: stream_cipher.cc:34
static std::unique_ptr< Stream_cipher > get_decryptor()
Returns a new unique Stream_cipher decryptor.
Definition: stream_cipher.cc:39
static const int PASSWORD_LENGTH
Definition: stream_cipher.h:153
static const EVP_MD * get_evp_md()
Returns the message digest function to be uses when opening the cipher.
Definition: stream_cipher.h:161
static const int FILE_KEY_LENGTH
Definition: stream_cipher.h:155
static const EVP_CIPHER * get_evp_cipher()
Returns the cipher to be uses when using the cipher.
Definition: stream_cipher.h:167
This abstract class represents the interface of a replication logs encryption cipher that can be used...
Definition: stream_cipher.h:78
virtual bool decrypt(unsigned char *dest, const unsigned char *src, int length)=0
Decrypt data.
int get_header_size()
Returns the size of the header of the stream being encrypted/decrypted.
Definition: stream_cipher.cc:32
virtual bool set_stream_offset(uint64_t offset)=0
Support encrypting/decrypting data at random position of a stream.
virtual bool open(const Key_string &password, int header_size)=0
Open the cipher with given password.
int m_header_size
Definition: stream_cipher.h:143
virtual void close()=0
Close the cipher.
virtual bool encrypt(unsigned char *dest, const unsigned char *src, int length)=0
Encrypt data.
virtual ~Stream_cipher()=default
static char * password
Definition: mysql_secure_installation.cc:56
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:76
class Aes_ctr_cipher< Cipher_type::ENCRYPT > Aes_ctr_encryptor
Definition: stream_cipher.h:230
std::basic_string< unsigned char > Key_string
Definition: stream_cipher.h:38
Cipher_type
Definition: stream_cipher.h:182
class Aes_ctr_cipher< Cipher_type::DECRYPT > Aes_ctr_decryptor
Definition: stream_cipher.h:231