MySQL  8.0.27
Source Code Documentation
stream_cipher.h
Go to the documentation of this file.
1 /* Copyright (c) 2018, 2021, Oracle and/or its affiliates.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef STREAM_CIPHER_INCLUDED
24 #define STREAM_CIPHER_INCLUDED
25 
26 #include <openssl/evp.h>
27 #include <memory>
28 #include <string>
29 
30 /**
31  @file stream_cipher.h
32 
33  @brief This file includes core components for encrypting/decrypting
34  binary log files.
35 */
36 
37 typedef std::basic_string<unsigned char> Key_string;
38 
39 /**
40  @class Stream_cipher
41 
42  This abstract class represents the interface of a replication logs encryption
43  cipher that can be used to encrypt/decrypt a given stream content in both
44  sequential and random way.
45 
46  - Sequential means encrypting/decrypting a stream from the begin to end
47  in order. For sequential encrypting/decrypting, you just need to call
48  it like:
49 
50  open();
51  encrypt();
52  ...
53  encrypt(); // call it again and again
54  ...
55  close();
56 
57  - Random means encrypting/decrypting a stream data without order. For
58  example:
59 
60  - It first encrypts the data of a stream at the offset from 100 to 200.
61 
62  - And then encrypts the data of the stream at the offset from 0 to 99.
63 
64  For random encrypting/decrypting, you need to call set_stream_offset()
65  before calling encrypt(). Example:
66 
67  open();
68 
69  set_stream_offset(100);
70  encrypt(...);
71  ...
72  set_stream_offset(0);
73  encrypt(...)
74 
75  close();
76 */
78  public:
79  virtual ~Stream_cipher() = default;
80 
81  /**
82  Open the cipher with given password.
83 
84  @param[in] password The password which is used to initialize the cipher.
85  @param[in] header_size The encrypted stream offset wrt the down stream.
86 
87  @retval false Success.
88  @retval true Error.
89  */
90  virtual bool open(const Key_string &password, int header_size) = 0;
91 
92  /** Close the cipher. */
93  virtual void close() = 0;
94 
95  /**
96  Encrypt data.
97 
98  @param[in] dest The buffer for storing encrypted data. It should be
99  at least 'length' bytes.
100  @param[in] src The data which will be encrypted.
101  @param[in] length Length of the data.
102 
103  @retval false Success.
104  @retval true Error.
105  */
106  virtual bool encrypt(unsigned char *dest, const unsigned char *src,
107  int length) = 0;
108 
109  /**
110  Decrypt data.
111 
112  @param[in] dest The buffer for storing decrypted data. It should be
113  at least 'length' bytes.
114  @param[in] src The data which will be decrypted.
115  @param[in] length Length of the data.
116 
117  @retval false Success.
118  @retval true Error.
119  */
120  virtual bool decrypt(unsigned char *dest, const unsigned char *src,
121  int length) = 0;
122 
123  /**
124  Support encrypting/decrypting data at random position of a stream.
125 
126  @param[in] offset The stream offset of the data which will be encrypted/
127  decrypted in next encrypt()/decrypt() call.
128 
129  @retval false Success.
130  @retval true Error.
131  */
132  virtual bool set_stream_offset(uint64_t offset) = 0;
133 
134  /**
135  Returns the size of the header of the stream being encrypted/decrypted.
136 
137  @return the size of the header of the stream being encrypted/decrypted.
138  */
139  int get_header_size();
140 
141  protected:
142  int m_header_size = 0;
143 };
144 
145 /**
146  @class Aes_ctr
147 
148  The class provides standards to be used by the Aes_ctr ciphers.
149 */
150 class Aes_ctr {
151  public:
152  static const int PASSWORD_LENGTH = 32;
153  static const int AES_BLOCK_SIZE = 16;
154  static const int FILE_KEY_LENGTH = 32;
155  /**
156  Returns the message digest function to be uses when opening the cipher.
157 
158  @return SHA-512 message digest.
159  */
160  static const EVP_MD *get_evp_md() { return EVP_sha512(); }
161  /**
162  Returns the cipher to be uses when using the cipher.
163 
164  @return AES-256-CTR.
165  */
166  static const EVP_CIPHER *get_evp_cipher() { return EVP_aes_256_ctr(); }
167  /**
168  Returns a new unique Stream_cipher encryptor.
169 
170  @return A new Stream_cipher encryptor.
171  */
172  static std::unique_ptr<Stream_cipher> get_encryptor();
173  /**
174  Returns a new unique Stream_cipher decryptor.
175 
176  @return A new Stream_cipher decryptor.
177  */
178  static std::unique_ptr<Stream_cipher> get_decryptor();
179 };
180 
181 enum class Cipher_type : int { ENCRYPT = 0, DECRYPT = 1 };
182 
183 /**
184  @class Aes_ctr_cipher
185 
186  The class implements AES-CTR encryption/decryption. It supports to
187  encrypt/decrypt a stream in both sequential and random way.
188 */
189 template <Cipher_type TYPE>
191  public:
195 
196  ~Aes_ctr_cipher() override;
197 
198  bool open(const Key_string &password, int header_size) override;
199  void close() override;
200  bool encrypt(unsigned char *dest, const unsigned char *src,
201  int length) override;
202  bool decrypt(unsigned char *dest, const unsigned char *src,
203  int length) override;
204  bool set_stream_offset(uint64_t offset) override;
205 
206  private:
207  /* Cipher context */
208  EVP_CIPHER_CTX *m_ctx = nullptr;
209  /* The file key to encrypt/decrypt data. */
210  unsigned char m_file_key[FILE_KEY_LENGTH];
211  /* The initialization vector (IV) used to encrypt/decrypt data. */
212  unsigned char m_iv[AES_BLOCK_SIZE];
213 
214  /**
215  Initialize OpenSSL cipher related context and IV.
216 
217  @param[in] offset The stream offset to compute the AES-CTR counter which
218  will be set into IV.
219 
220  @retval false Success.
221  @retval true Error.
222  */
223  bool init_cipher(uint64_t offset);
224 
225  /** Destroy OpenSSL cipher related context. */
226  void deinit_cipher();
227 };
228 
230 typedef class Aes_ctr_cipher<Cipher_type::DECRYPT> Aes_ctr_decryptor;
231 #endif // STREAM_CIPHER_INCLUDED
The class implements AES-CTR encryption/decryption.
Definition: stream_cipher.h:190
static const int PASSWORD_LENGTH
Definition: stream_cipher.h:192
bool open(const Key_string &password, int header_size) override
Open the cipher with given password.
Definition: stream_cipher.cc:44
static const int FILE_KEY_LENGTH
Definition: stream_cipher.h:194
unsigned char m_file_key[FILE_KEY_LENGTH]
Definition: stream_cipher.h:210
bool encrypt(unsigned char *dest, const unsigned char *src, int length) override
Encrypt data.
Definition: stream_cipher.cc:141
void deinit_cipher()
Destroy OpenSSL cipher related context.
Definition: stream_cipher.cc:135
unsigned char m_iv[AES_BLOCK_SIZE]
Definition: stream_cipher.h:212
static const int AES_BLOCK_SIZE
Definition: stream_cipher.h:193
bool decrypt(unsigned char *dest, const unsigned char *src, int length) override
Decrypt data.
Definition: stream_cipher.cc:161
bool set_stream_offset(uint64_t offset) override
Support encrypting/decrypting data at random position of a stream.
Definition: stream_cipher.cc:81
~Aes_ctr_cipher() override
Definition: stream_cipher.cc:71
bool init_cipher(uint64_t offset)
Initialize OpenSSL cipher related context and IV.
Definition: stream_cipher.cc:103
EVP_CIPHER_CTX * m_ctx
Definition: stream_cipher.h:208
void close() override
Close the cipher.
Definition: stream_cipher.cc:76
The class provides standards to be used by the Aes_ctr ciphers.
Definition: stream_cipher.h:150
static const int AES_BLOCK_SIZE
Definition: stream_cipher.h:153
static std::unique_ptr< Stream_cipher > get_encryptor()
Returns a new unique Stream_cipher encryptor.
Definition: stream_cipher.cc:33
static const EVP_MD * get_evp_md()
Returns the message digest function to be uses when opening the cipher.
Definition: stream_cipher.h:160
static std::unique_ptr< Stream_cipher > get_decryptor()
Returns a new unique Stream_cipher decryptor.
Definition: stream_cipher.cc:38
static const int PASSWORD_LENGTH
Definition: stream_cipher.h:152
static const EVP_CIPHER * get_evp_cipher()
Returns the cipher to be uses when using the cipher.
Definition: stream_cipher.h:166
static const int FILE_KEY_LENGTH
Definition: stream_cipher.h:154
This abstract class represents the interface of a replication logs encryption cipher that can be used...
Definition: stream_cipher.h:77
virtual bool decrypt(unsigned char *dest, const unsigned char *src, int length)=0
Decrypt data.
int get_header_size()
Returns the size of the header of the stream being encrypted/decrypted.
Definition: stream_cipher.cc:31
virtual bool set_stream_offset(uint64_t offset)=0
Support encrypting/decrypting data at random position of a stream.
virtual bool open(const Key_string &password, int header_size)=0
Open the cipher with given password.
int m_header_size
Definition: stream_cipher.h:142
virtual void close()=0
Close the cipher.
virtual bool encrypt(unsigned char *dest, const unsigned char *src, int length)=0
Encrypt data.
virtual ~Stream_cipher()=default
static char * password
Definition: mysql_secure_installation.cc:55
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:75
class Aes_ctr_cipher< Cipher_type::ENCRYPT > Aes_ctr_encryptor
Definition: stream_cipher.h:229
std::basic_string< unsigned char > Key_string
Definition: stream_cipher.h:37
Cipher_type
Definition: stream_cipher.h:181
class Aes_ctr_cipher< Cipher_type::DECRYPT > Aes_ctr_decryptor
Definition: stream_cipher.h:230