MySQL 8.3.0
Source Code Documentation
my_kdf.h
Go to the documentation of this file.
1/* Copyright (c) 2022, 2023, Oracle and/or its affiliates.
2
3This program is free software; you can redistribute it and/or modify
4it under the terms of the GNU General Public License, version 2.0,
5as published by the Free Software Foundation.
6
7This program is also distributed with certain software (including
8but not limited to OpenSSL) that is licensed under separate terms,
9as designated in a particular file or component or in included license
10documentation. The authors of MySQL hereby grant you an additional
11permission to link the program and your derivative works with the
12separately licensed software that they have included with MySQL.
13
14This program is distributed in the hope that it will be useful,
15but WITHOUT ANY WARRANTY; without even the implied warranty of
16MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17GNU General Public License, version 2.0, for more details.
18
19You should have received a copy of the GNU General Public License
20along with this program; if not, write to the Free Software
21Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#include <openssl/conf.h>
24#include <string>
25#include <vector>
26
27using std::string;
28using std::vector;
29
30/**
31 Creates the required size of key using supplied key and KDF options.
32
33 KDF: key derivation function (KDF) is a cryptographic algorithm that derives
34 one or more secret keys from a secret value such as a main key, a password, or
35 a passphrase using a pseudorandom function (which typically uses a
36 cryptographic hash function or block cipher)
37
38 @param key Input key
39 @param key_length Input key length
40 @param [out] rkey output key
41 @param rkey_size output key length
42 @param kdf_options KDF function options
43
44 @return 0 on success and 1 on failure
45*/
46int create_kdf_key(const unsigned char *key, const unsigned int key_length,
47 unsigned char *rkey, unsigned int rkey_size,
48 vector<string> *kdf_options);
49
51 protected:
52 vector<string> *kdf_options_{nullptr};
53 bool options_valid_{false};
54
55 public:
57 virtual int derive_key(const unsigned char *key,
58 const unsigned int key_length, unsigned char *rkey,
59 unsigned int key_size) = 0;
60 virtual int validate_options() = 0;
61};
62
63#if OPENSSL_VERSION_NUMBER >= 0x10100000L
64
65/** Class to implement KDF method hkdf. */
66class Key_hkdf_function : public Key_derivation_function {
67 string salt_;
68 string info_;
69
70 public:
71 /**
72 hkdf Constructor.
73
74 @param kdf_options options
75
76 kdf_options has following KDF options:
77
78 1. KDF function name
79
80 2. KDF salt: The salt. Salts prevent attacks based on dictionaries of
81 common passwords and attacks based on rainbow tables. It is a public value
82 that can be safely stored along with the encryption key.
83
84 3. KDF info: The context and application specific information.
85 */
86 Key_hkdf_function(vector<string> *kdf_options);
87 virtual ~Key_hkdf_function() override {}
88 int derive_key(const unsigned char *key, const unsigned int key_length,
89 unsigned char *rkey, unsigned int key_size) override;
90 int validate_options() override;
91};
92#endif
93
94/** Class to implement KDF method pbkdf2_hmac. */
96 string salt_;
98
99 public:
100 /**
101 pbkdf2_hmac Constructor.
102
103 @param kdf_options options
104
105 kdf_options has following KDF options:
106
107 1. KDF function name
108
109 2. KDF salt: The salt. Salts prevent attacks based on dictionaries of
110 common passwords and attacks based on rainbow tables. It is a public value
111 that can be safely stored along with the encryption key.
112
113 3. KDF info: The iteration count.
114 This provides the ability to tune the algorithm.
115 It is better to use the highest count possible for the maximum resistance
116 to brute-force attacks.
117 */
118 Key_pbkdf2_hmac_function(vector<string> *kdf_options);
119 virtual ~Key_pbkdf2_hmac_function() override {}
120 int derive_key(const unsigned char *key, const unsigned int key_length,
121 unsigned char *rkey, unsigned int key_size) override;
122 int validate_options() override;
123};
Definition: my_kdf.h:50
virtual int validate_options()=0
virtual ~Key_derivation_function()
Definition: my_kdf.h:56
bool options_valid_
Definition: my_kdf.h:53
virtual int derive_key(const unsigned char *key, const unsigned int key_length, unsigned char *rkey, unsigned int key_size)=0
vector< string > * kdf_options_
Definition: my_kdf.h:52
Class to implement KDF method pbkdf2_hmac.
Definition: my_kdf.h:95
virtual ~Key_pbkdf2_hmac_function() override
Definition: my_kdf.h:119
string salt_
Definition: my_kdf.h:96
int validate_options() override
Definition: my_kdf.cc:160
Key_pbkdf2_hmac_function(vector< string > *kdf_options)
pbkdf2_hmac Constructor.
Definition: my_kdf.cc:151
int derive_key(const unsigned char *key, const unsigned int key_length, unsigned char *rkey, unsigned int key_size) override
Definition: my_kdf.cc:183
int iterations_
Definition: my_kdf.h:97
int create_kdf_key(const unsigned char *key, const unsigned int key_length, unsigned char *rkey, unsigned int rkey_size, vector< string > *kdf_options)
Creates the required size of key using supplied key and KDF options.
Definition: my_kdf.cc:45
std::vector< T, ut::allocator< T > > vector
Specialization of vector which uses allocator.
Definition: ut0new.h:2873
required string key
Definition: replication_asynchronous_connection_failover.proto:59