MySQL 9.3.0
Source Code Documentation
my_aes.h
Go to the documentation of this file.
1#ifndef MY_AES_INCLUDED
2#define MY_AES_INCLUDED
3
4/* Copyright (c) 2000, 2025, Oracle and/or its affiliates.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License, version 2.0,
8 as published by the Free Software Foundation.
9
10 This program is designed to work with certain software (including
11 but not limited to OpenSSL) that is licensed under separate terms,
12 as designated in a particular file or component or in included license
13 documentation. The authors of MySQL hereby grant you an additional
14 permission to link the program and your derivative works with the
15 separately licensed software that they have either included with
16 the program or referenced in the documentation.
17
18 This program is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 GNU General Public License, version 2.0, for more details.
22
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
26
27/**
28 @file include/my_aes.h
29 Wrapper to give simple interface for MySQL to AES standard encryption.
30*/
31
32#include "my_inttypes.h"
33#include "my_macros.h"
34
35#include <string>
36#include <vector>
37
38#include <openssl/evp.h>
39
40using std::string;
41using std::vector;
42
43/** AES IV size is 16 bytes for all supported ciphers except ECB */
44#define MY_AES_IV_SIZE 16
45
46/** AES block size is fixed to be 128 bits for CBC and ECB */
47#define MY_AES_BLOCK_SIZE 16
48
49/** Supported AES cipher/block mode combos */
50enum my_aes_opmode {
51 my_aes_128_ecb,
52 my_aes_192_ecb,
53 my_aes_256_ecb,
54 my_aes_128_cbc,
55 my_aes_192_cbc,
56 my_aes_256_cbc,
57 my_aes_128_cfb1,
58 my_aes_192_cfb1,
59 my_aes_256_cfb1,
60 my_aes_128_cfb8,
61 my_aes_192_cfb8,
62 my_aes_256_cfb8,
63 my_aes_128_cfb128,
64 my_aes_192_cfb128,
65 my_aes_256_cfb128,
66 my_aes_128_ofb,
67 my_aes_192_ofb,
68 my_aes_256_ofb
69};
70
71#define MY_AES_BEGIN my_aes_128_ecb
72#define MY_AES_END my_aes_256_ofb
73
74/* If bad data discovered during decoding */
75#define MY_AES_BAD_DATA -1
76
77/** String representations of the supported AES modes. Keep in sync with
78 * my_aes_opmode */
79extern const char *my_aes_opmode_names[];
80
81/**
82 Encrypt a buffer using AES
83
84 @param [in] source Pointer to data for encryption
85 @param [in] source_length Size of encryption data
86 @param [out] dest Buffer to place encrypted data (must be large
87 enough and not overlap with source)
88 @param [in] key Key to be used for encryption
89 @param [in] key_length Length of the key. Will handle keys of any length
90 @param [in] mode encryption mode
91 @param [in] iv 16 bytes initialization vector if needed.
92 Otherwise NULL
93 @param [in] padding if padding needed.
94 @param kdf_options KDF options
95 @return size of encrypted data, or negative in case of error
96*/
97
98int my_aes_encrypt(const unsigned char *source, uint32 source_length,
99 unsigned char *dest, const unsigned char *key,
100 uint32 key_length, enum my_aes_opmode mode,
101 const unsigned char *iv, bool padding = true,
102 vector<string> *kdf_options = nullptr);
103
104/**
105 Encrypt a buffer using AES.
106 This version accepts operation context as parameter,
107 for possible performance improvement.
108
109 @param [in] ctx Pointer to OpenSSL operation context
110 @param [in] source Pointer to data for encryption
111 @param [in] source_length Size of encryption data
112 @param [out] dest Buffer to place encrypted data (must be large
113 enough and not overlap with source)
114 @param [in] key Key to be used for encryption
115 @param [in] key_length Length of the key. Will handle keys of any length
116 @param [in] mode encryption mode
117 @param [in] iv 16 bytes initialization vector if needed.
118 Otherwise NULL
119 @param [in] padding if padding needed.
120 @param kdf_options KDF options
121 @return size of encrypted data, or negative in case of error
122*/
123
124int my_aes_encrypt(EVP_CIPHER_CTX *ctx, const unsigned char *source,
125 uint32 source_length, unsigned char *dest,
126 const unsigned char *key, uint32 key_length,
127 enum my_aes_opmode mode, const unsigned char *iv,
128 bool padding = true, vector<string> *kdf_options = nullptr);
129
130/**
131 Decrypt an AES encrypted buffer
132
133 @param source Pointer to data for decryption
134 @param source_length size of encrypted data
135 @param dest buffer to place decrypted data (must be large enough)
136 @param key Key to be used for decryption
137 @param key_length Length of the key. Will handle keys of any length
138 @param mode encryption mode
139 @param iv 16 bytes initialization vector if needed. Otherwise NULL
140 @param padding if padding needed.
141 @param kdf_options KDF options
142 @return size of original data.
143*/
144
145int my_aes_decrypt(const unsigned char *source, uint32 source_length,
146 unsigned char *dest, const unsigned char *key,
147 uint32 key_length, enum my_aes_opmode mode,
148 const unsigned char *iv, bool padding = true,
149 vector<string> *kdf_options = nullptr);
150
151/**
152 Decrypt an AES encrypted buffer.
153 This version accepts operation context as parameter,
154 for possible performance improvement.
155
156 @param ctx Pointer to OpenSSL operation context
157 @param source Pointer to data for decryption
158 @param source_length size of encrypted data
159 @param dest buffer to place decrypted data (must be large enough)
160 @param key Key to be used for decryption
161 @param key_length Length of the key. Will handle keys of any length
162 @param mode encryption mode
163 @param iv 16 bytes initialization vector if needed. Otherwise NULL
164 @param padding if padding needed.
165 @param kdf_options KDF options
166 @return size of original data.
167*/
168
169int my_aes_decrypt(EVP_CIPHER_CTX *ctx, const unsigned char *source,
170 uint32 source_length, unsigned char *dest,
171 const unsigned char *key, uint32 key_length,
172 enum my_aes_opmode mode, const unsigned char *iv,
173 bool padding = true, vector<string> *kdf_options = nullptr);
174
175/**
176 Calculate the size of a buffer large enough for encrypted data.
177
178 @param source_length length of data to be encrypted
179 @param opmode encryption mode
180 @return size of buffer required to store encrypted data
181*/
182
183longlong my_aes_get_size(uint32 source_length, enum my_aes_opmode opmode);
184
185/**
186 Return true if the AES cipher and block mode requires an IV.
187
188 @param opmode encryption mode
189
190 @retval true IV needed
191 @retval false IV not needed
192*/
193
194bool my_aes_needs_iv(my_aes_opmode opmode);
195
196#endif /* MY_AES_INCLUDED */
my_aes_needs_iv
bool my_aes_needs_iv(my_aes_opmode opmode)
Return true if the AES cipher and block mode requires an IV.
Definition: my_aes_openssl.cc:266
my_aes_encrypt
int my_aes_encrypt(const unsigned char *source, uint32 source_length, unsigned char *dest, const unsigned char *key, uint32 key_length, enum my_aes_opmode mode, const unsigned char *iv, bool padding=true, vector< string > *kdf_options=nullptr)
Encrypt a buffer using AES.
Definition: my_aes_openssl.cc:148
my_aes_opmode
my_aes_opmode
Supported AES cipher/block mode combos.
Definition: my_aes.h:50
my_aes_256_cbc
@ my_aes_256_cbc
Definition: my_aes.h:56
my_aes_128_cbc
@ my_aes_128_cbc
Definition: my_aes.h:54
my_aes_128_cfb128
@ my_aes_128_cfb128
Definition: my_aes.h:63
my_aes_128_ofb
@ my_aes_128_ofb
Definition: my_aes.h:66
my_aes_256_cfb1
@ my_aes_256_cfb1
Definition: my_aes.h:59
my_aes_128_cfb1
@ my_aes_128_cfb1
Definition: my_aes.h:57
my_aes_192_cfb8
@ my_aes_192_cfb8
Definition: my_aes.h:61
my_aes_192_ofb
@ my_aes_192_ofb
Definition: my_aes.h:67
my_aes_128_ecb
@ my_aes_128_ecb
Definition: my_aes.h:51
my_aes_192_cfb1
@ my_aes_192_cfb1
Definition: my_aes.h:58
my_aes_256_ecb
@ my_aes_256_ecb
Definition: my_aes.h:53
my_aes_192_ecb
@ my_aes_192_ecb
Definition: my_aes.h:52
my_aes_128_cfb8
@ my_aes_128_cfb8
Definition: my_aes.h:60
my_aes_192_cfb128
@ my_aes_192_cfb128
Definition: my_aes.h:64
my_aes_256_cfb8
@ my_aes_256_cfb8
Definition: my_aes.h:62
my_aes_256_ofb
@ my_aes_256_ofb
Definition: my_aes.h:68
my_aes_192_cbc
@ my_aes_192_cbc
Definition: my_aes.h:55
my_aes_256_cfb128
@ my_aes_256_cfb128
Definition: my_aes.h:65
my_aes_get_size
longlong my_aes_get_size(uint32 source_length, enum my_aes_opmode opmode)
Calculate the size of a buffer large enough for encrypted data.
Definition: my_aes_openssl.cc:255
my_aes_opmode_names
const char * my_aes_opmode_names[]
String representations of the supported AES modes.
Definition: my_aes_openssl.cc:52
my_aes_decrypt
int my_aes_decrypt(const unsigned char *source, uint32 source_length, unsigned char *dest, const unsigned char *key, uint32 key_length, enum my_aes_opmode mode, const unsigned char *iv, bool padding=true, vector< string > *kdf_options=nullptr)
Decrypt an AES encrypted buffer.
Definition: my_aes_openssl.cc:200
my_inttypes.h
Some integer typedefs for easier portability.
longlong
long long int longlong
Definition: my_inttypes.h:55
uint32
uint32_t uint32
Definition: my_inttypes.h:67
my_macros.h
Some common macros.
stdx::io::mode
mode
Definition: file_handle.h:61
ut::vector
std::vector< T, ut::allocator< T > > vector
Specialization of vector which uses allocator.
Definition: ut0new.h:2876
key
required string key
Definition: replication_asynchronous_connection_failover.proto:60
source
repeated Source source
Definition: replication_asynchronous_connection_failover.proto:42