MySQL 8.0.31
Source Code Documentation
stream_cipher.h
Go to the documentation of this file.
1/* Copyright (c) 2018, 2022, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#ifndef STREAM_CIPHER_INCLUDED
24#define STREAM_CIPHER_INCLUDED
25
26#include <openssl/evp.h>
27#include <memory>
28#include <string>
29
30/**
31 @file stream_cipher.h
32
33 @brief This file includes core components for encrypting/decrypting
34 binary log files.
35*/
36
37typedef std::basic_string<unsigned char> Key_string;
38
39/**
40 @class Stream_cipher
41
42 This abstract class represents the interface of a replication logs encryption
43 cipher that can be used to encrypt/decrypt a given stream content in both
44 sequential and random way.
45
46 - Sequential means encrypting/decrypting a stream from the begin to end
47 in order. For sequential encrypting/decrypting, you just need to call
48 it like:
49
50 open();
51 encrypt();
52 ...
53 encrypt(); // call it again and again
54 ...
55 close();
56
57 - Random means encrypting/decrypting a stream data without order. For
58 example:
59
60 - It first encrypts the data of a stream at the offset from 100 to 200.
61
62 - And then encrypts the data of the stream at the offset from 0 to 99.
63
64 For random encrypting/decrypting, you need to call set_stream_offset()
65 before calling encrypt(). Example:
66
67 open();
68
69 set_stream_offset(100);
70 encrypt(...);
71 ...
72 set_stream_offset(0);
73 encrypt(...)
74
75 close();
76*/
78 public:
79 virtual ~Stream_cipher() = default;
80
81 /**
82 Open the cipher with given password.
83
84 @param[in] password The password which is used to initialize the cipher.
85 @param[in] header_size The encrypted stream offset wrt the down stream.
86
87 @retval false Success.
88 @retval true Error.
89 */
90 virtual bool open(const Key_string &password, int header_size) = 0;
91
92 /** Close the cipher. */
93 virtual void close() = 0;
94
95 /**
96 Encrypt data.
97
98 @param[in] dest The buffer for storing encrypted data. It should be
99 at least 'length' bytes.
100 @param[in] src The data which will be encrypted.
101 @param[in] length Length of the data.
102
103 @retval false Success.
104 @retval true Error.
105 */
106 virtual bool encrypt(unsigned char *dest, const unsigned char *src,
107 int length) = 0;
108
109 /**
110 Decrypt data.
111
112 @param[in] dest The buffer for storing decrypted data. It should be
113 at least 'length' bytes.
114 @param[in] src The data which will be decrypted.
115 @param[in] length Length of the data.
116
117 @retval false Success.
118 @retval true Error.
119 */
120 virtual bool decrypt(unsigned char *dest, const unsigned char *src,
121 int length) = 0;
122
123 /**
124 Support encrypting/decrypting data at random position of a stream.
125
126 @param[in] offset The stream offset of the data which will be encrypted/
127 decrypted in next encrypt()/decrypt() call.
128
129 @retval false Success.
130 @retval true Error.
131 */
132 virtual bool set_stream_offset(uint64_t offset) = 0;
133
134 /**
135 Returns the size of the header of the stream being encrypted/decrypted.
136
137 @return the size of the header of the stream being encrypted/decrypted.
138 */
139 int get_header_size();
140
141 protected:
143};
144
145/**
146 @class Aes_ctr
147
148 The class provides standards to be used by the Aes_ctr ciphers.
149*/
150class Aes_ctr {
151 public:
152 static const int PASSWORD_LENGTH = 32;
153 static const int AES_BLOCK_SIZE = 16;
154 static const int FILE_KEY_LENGTH = 32;
155 /**
156 Returns the message digest function to be uses when opening the cipher.
157
158 @return SHA-512 message digest.
159 */
160 static const EVP_MD *get_evp_md() { return EVP_sha512(); }
161 /**
162 Returns the cipher to be uses when using the cipher.
163
164 @return AES-256-CTR.
165 */
166 static const EVP_CIPHER *get_evp_cipher() { return EVP_aes_256_ctr(); }
167 /**
168 Returns a new unique Stream_cipher encryptor.
169
170 @return A new Stream_cipher encryptor.
171 */
172 static std::unique_ptr<Stream_cipher> get_encryptor();
173 /**
174 Returns a new unique Stream_cipher decryptor.
175
176 @return A new Stream_cipher decryptor.
177 */
178 static std::unique_ptr<Stream_cipher> get_decryptor();
179};
180
181enum class Cipher_type : int { ENCRYPT = 0, DECRYPT = 1 };
182
183/**
184 @class Aes_ctr_cipher
185
186 The class implements AES-CTR encryption/decryption. It supports to
187 encrypt/decrypt a stream in both sequential and random way.
188*/
189template <Cipher_type TYPE>
191 public:
195
196 ~Aes_ctr_cipher() override;
197
198 bool open(const Key_string &password, int header_size) override;
199 void close() override;
200 bool encrypt(unsigned char *dest, const unsigned char *src,
201 int length) override;
202 bool decrypt(unsigned char *dest, const unsigned char *src,
203 int length) override;
204 bool set_stream_offset(uint64_t offset) override;
205
206 private:
207 /* Cipher context */
208 EVP_CIPHER_CTX *m_ctx = nullptr;
209 /* The file key to encrypt/decrypt data. */
211 /* The initialization vector (IV) used to encrypt/decrypt data. */
212 unsigned char m_iv[AES_BLOCK_SIZE];
213
214 /**
215 Initialize OpenSSL cipher related context and IV.
216
217 @param[in] offset The stream offset to compute the AES-CTR counter which
218 will be set into IV.
219
220 @retval false Success.
221 @retval true Error.
222 */
223 bool init_cipher(uint64_t offset);
224
225 /** Destroy OpenSSL cipher related context. */
226 void deinit_cipher();
227};
228
230typedef class Aes_ctr_cipher<Cipher_type::DECRYPT> Aes_ctr_decryptor;
231#endif // STREAM_CIPHER_INCLUDED
The class implements AES-CTR encryption/decryption.
Definition: stream_cipher.h:190
static const int PASSWORD_LENGTH
Definition: stream_cipher.h:192
bool open(const Key_string &password, int header_size) override
Open the cipher with given password.
Definition: stream_cipher.cc:44
static const int FILE_KEY_LENGTH
Definition: stream_cipher.h:194
unsigned char m_file_key[FILE_KEY_LENGTH]
Definition: stream_cipher.h:210
bool encrypt(unsigned char *dest, const unsigned char *src, int length) override
Encrypt data.
Definition: stream_cipher.cc:141
void deinit_cipher()
Destroy OpenSSL cipher related context.
Definition: stream_cipher.cc:135
unsigned char m_iv[AES_BLOCK_SIZE]
Definition: stream_cipher.h:212
static const int AES_BLOCK_SIZE
Definition: stream_cipher.h:193
bool decrypt(unsigned char *dest, const unsigned char *src, int length) override
Decrypt data.
Definition: stream_cipher.cc:161
bool set_stream_offset(uint64_t offset) override
Support encrypting/decrypting data at random position of a stream.
Definition: stream_cipher.cc:81
~Aes_ctr_cipher() override
Definition: stream_cipher.cc:71
bool init_cipher(uint64_t offset)
Initialize OpenSSL cipher related context and IV.
Definition: stream_cipher.cc:103
EVP_CIPHER_CTX * m_ctx
Definition: stream_cipher.h:208
void close() override
Close the cipher.
Definition: stream_cipher.cc:76
The class provides standards to be used by the Aes_ctr ciphers.
Definition: stream_cipher.h:150
static const int AES_BLOCK_SIZE
Definition: stream_cipher.h:153
static std::unique_ptr< Stream_cipher > get_encryptor()
Returns a new unique Stream_cipher encryptor.
Definition: stream_cipher.cc:33
static std::unique_ptr< Stream_cipher > get_decryptor()
Returns a new unique Stream_cipher decryptor.
Definition: stream_cipher.cc:38
static const int PASSWORD_LENGTH
Definition: stream_cipher.h:152
static const EVP_MD * get_evp_md()
Returns the message digest function to be uses when opening the cipher.
Definition: stream_cipher.h:160
static const int FILE_KEY_LENGTH
Definition: stream_cipher.h:154
static const EVP_CIPHER * get_evp_cipher()
Returns the cipher to be uses when using the cipher.
Definition: stream_cipher.h:166
This abstract class represents the interface of a replication logs encryption cipher that can be used...
Definition: stream_cipher.h:77
virtual bool decrypt(unsigned char *dest, const unsigned char *src, int length)=0
Decrypt data.
int get_header_size()
Returns the size of the header of the stream being encrypted/decrypted.
Definition: stream_cipher.cc:31
virtual bool set_stream_offset(uint64_t offset)=0
Support encrypting/decrypting data at random position of a stream.
virtual bool open(const Key_string &password, int header_size)=0
Open the cipher with given password.
int m_header_size
Definition: stream_cipher.h:142
virtual void close()=0
Close the cipher.
virtual bool encrypt(unsigned char *dest, const unsigned char *src, int length)=0
Encrypt data.
virtual ~Stream_cipher()=default
static char * password
Definition: mysql_secure_installation.cc:55
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:75
class Aes_ctr_cipher< Cipher_type::ENCRYPT > Aes_ctr_encryptor
Definition: stream_cipher.h:229
std::basic_string< unsigned char > Key_string
Definition: stream_cipher.h:37
Cipher_type
Definition: stream_cipher.h:181
class Aes_ctr_cipher< Cipher_type::DECRYPT > Aes_ctr_decryptor
Definition: stream_cipher.h:230