MySQL 9.0.0
Source Code Documentation
my_kdf.h
Go to the documentation of this file.
1/* Copyright (c) 2022, 2024, Oracle and/or its affiliates.
2
3This program is free software; you can redistribute it and/or modify
4it under the terms of the GNU General Public License, version 2.0,
5as published by the Free Software Foundation.
6
7This program is designed to work with certain software (including
8but not limited to OpenSSL) that is licensed under separate terms,
9as designated in a particular file or component or in included license
10documentation. The authors of MySQL hereby grant you an additional
11permission to link the program and your derivative works with the
12separately licensed software that they have either included with
13the program or referenced in the documentation.
14
15This program is distributed in the hope that it will be useful,
16but WITHOUT ANY WARRANTY; without even the implied warranty of
17MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18GNU General Public License, version 2.0, for more details.
19
20You should have received a copy of the GNU General Public License
21along with this program; if not, write to the Free Software
22Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#include <openssl/conf.h>
25#include <string>
26#include <vector>
27
28using std::string;
29using std::vector;
30
31/**
32 Creates the required size of key using supplied key and KDF options.
33
34 KDF: key derivation function (KDF) is a cryptographic algorithm that derives
35 one or more secret keys from a secret value such as a main key, a password, or
36 a passphrase using a pseudorandom function (which typically uses a
37 cryptographic hash function or block cipher)
38
39 @param key Input key
40 @param key_length Input key length
41 @param [out] rkey output key
42 @param rkey_size output key length
43 @param kdf_options KDF function options
44
45 @return 0 on success and 1 on failure
46*/
47int create_kdf_key(const unsigned char *key, const unsigned int key_length,
48 unsigned char *rkey, unsigned int rkey_size,
49 vector<string> *kdf_options);
50
52 protected:
53 vector<string> *kdf_options_{nullptr};
54 bool options_valid_{false};
55
56 public:
58 virtual int derive_key(const unsigned char *key,
59 const unsigned int key_length, unsigned char *rkey,
60 unsigned int key_size) = 0;
61 virtual int validate_options() = 0;
62};
63
64#if OPENSSL_VERSION_NUMBER >= 0x10100000L
65
66/** Class to implement KDF method hkdf. */
67class Key_hkdf_function : public Key_derivation_function {
68 string salt_;
69 string info_;
70
71 public:
72 /**
73 hkdf Constructor.
74
75 @param kdf_options options
76
77 kdf_options has following KDF options:
78
79 1. KDF function name
80
81 2. KDF salt: The salt. Salts prevent attacks based on dictionaries of
82 common passwords and attacks based on rainbow tables. It is a public value
83 that can be safely stored along with the encryption key.
84
85 3. KDF info: The context and application specific information.
86 */
87 Key_hkdf_function(vector<string> *kdf_options);
88 virtual ~Key_hkdf_function() override {}
89 int derive_key(const unsigned char *key, const unsigned int key_length,
90 unsigned char *rkey, unsigned int key_size) override;
91 int validate_options() override;
92};
93#endif
94
95/** Class to implement KDF method pbkdf2_hmac. */
97 string salt_;
99
100 public:
101 /**
102 pbkdf2_hmac Constructor.
103
104 @param kdf_options options
105
106 kdf_options has following KDF options:
107
108 1. KDF function name
109
110 2. KDF salt: The salt. Salts prevent attacks based on dictionaries of
111 common passwords and attacks based on rainbow tables. It is a public value
112 that can be safely stored along with the encryption key.
113
114 3. KDF info: The iteration count.
115 This provides the ability to tune the algorithm.
116 It is better to use the highest count possible for the maximum resistance
117 to brute-force attacks.
118 */
119 Key_pbkdf2_hmac_function(vector<string> *kdf_options);
120 virtual ~Key_pbkdf2_hmac_function() override {}
121 int derive_key(const unsigned char *key, const unsigned int key_length,
122 unsigned char *rkey, unsigned int key_size) override;
123 int validate_options() override;
124};
Definition: my_kdf.h:51
virtual int validate_options()=0
virtual ~Key_derivation_function()
Definition: my_kdf.h:57
bool options_valid_
Definition: my_kdf.h:54
virtual int derive_key(const unsigned char *key, const unsigned int key_length, unsigned char *rkey, unsigned int key_size)=0
vector< string > * kdf_options_
Definition: my_kdf.h:53
Class to implement KDF method pbkdf2_hmac.
Definition: my_kdf.h:96
virtual ~Key_pbkdf2_hmac_function() override
Definition: my_kdf.h:120
string salt_
Definition: my_kdf.h:97
int validate_options() override
Definition: my_kdf.cc:161
Key_pbkdf2_hmac_function(vector< string > *kdf_options)
pbkdf2_hmac Constructor.
Definition: my_kdf.cc:152
int derive_key(const unsigned char *key, const unsigned int key_length, unsigned char *rkey, unsigned int key_size) override
Definition: my_kdf.cc:184
int iterations_
Definition: my_kdf.h:98
int create_kdf_key(const unsigned char *key, const unsigned int key_length, unsigned char *rkey, unsigned int rkey_size, vector< string > *kdf_options)
Creates the required size of key using supplied key and KDF options.
Definition: my_kdf.cc:46
std::vector< T, ut::allocator< T > > vector
Specialization of vector which uses allocator.
Definition: ut0new.h:2875
required string key
Definition: replication_asynchronous_connection_failover.proto:60