WL#6781: Support multiple AES Encryption modes
Affects: Server-5.7 — Status: Complete
MySQL implements AES encryption/decryption functions AES_ENCRYPT/AES_DECRYPT. These are using a relatively insecure key size (128 bits, corresponding to "SECRET" according to NSA) and block mode (ECB, encrypting equal blocks with equal code blocks) to calculate the cipher. This work aims to enhance the security strength of these functions by supporting for larger key sizes and different block modes. User Documentation ================== http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-17.html http://dev.mysql.com/doc/refman/5.6/en/encryption-functions.html#function_aes- encrypt http://dev.mysql.com/doc/refman/5.6/en/encryption-functions.html#function_aes- decrypt http://dev.mysql.com/doc/refman/5.6/en/encryption-functions.html#function_random- bytes http://dev.mysql.com/doc/refman/5.6/en/server-system- variables.html#sysvar_block_encryption_mode
Requirements for @@block_encryption_mode: 1) The variable @@block_encryption_mode must be settable for every session. The ENCRYPT and DECRYPT functions must use the value set in @@session.block_encryption_mode. 2) If @@session.block_encryption_mode is not explicitly set to anything, it must hold the value of @@global.block_encryption_mode. 3) Setting @@global.block_encryption_mode needs SUPER privileges and if anyone else tries to modify it, an error must be thrown. 4) An error must be thrown if we try to set the variable with an invalid string. Requirements for AES_ENCRYPT/DECRYPT: 5) The cipher generated/decrypted must be according to the string set for @@block_encryption_mode. Along with an mtr test, some manual testing can be done using few online tools. 6) If an initialization vector (IV) is required for a particular mode, an error must be thrown if it is not provided as an argument in AES_ENCRYPT/DECRYPT function. 7) if IV is supplied but not required by the block mode an warning will be generated 8) the IV, when supplied must be 16 bytes or longer. If a string longer than 16 bytes is supplied only the first 16 bytes will be used. if the string is shorter or null an error will be thrown. If non-string arguments are supplied they'll be implicitly converted to strings. Requirements for RANDOM_BYTES(): 9) RANDOM_BYTES will reject all sizes smaller than 1 and larger than 1024.
AES encryption/decryption SQL functions ======================================= MySQL currently provides AES_ENCRYPT() and AES_DECRYPT() functions to perform AES encryption/decryption of the given plain/cipher text using the specified key. The mode of operation used is ECB. With this worklog, the AES_ENCRYPT function fetches the encryption mode to follow, from a server variable @@block_encryption_mode. The same variable is also used by AES_DECRYPT function for decrypting the cipher. This variable has read/write in both global and session contexts and is settable from my.cnf and the command line. Setting the global context of this variable needs SUPER privileges. This variable needs to be set with a value of the format: aes-
- . For example, to encrypt data with CBC mode with key length 256, the variable needs to be set as aes-256-cbc. The default value for this variable is aes-128-ecb. Supported AES Mode of Operations ================================ The following modes of operations are supported by OpenSSL and YaSSL libraries respectively : OpenSSL: (1) ECB (2) CBC (3) CFB1 (4) CFB8 (5) CFB128 (6) OFB YaSSL: (1) ECB (2) CBC ECB mode does not require an initialization vector, where as other modes need it. Hence the AES_ENCRYPT() and AES_DECRYPT() functions will now on accept an optional argument for this purpose. AES_ENCRYPT(str, key_str [, IV]) AES_DECRYPT(crypt str, key_str [, IV]) If IV is not provided for the modes which need it, an error will be thrown. If IV is provided for ECB mode which does not need it, a warning will be thrown saying that IV will be ignored. Generation of Initialization Vector (IV) ======================================= Initialization vector would be generated using SSL libraries'RNG. YaSSL : yaSSL::RAND_bytes(buf, buf_size); OpenSSL : RAND_bytes(buf, buf_size); A new function RANDO_MBYTES can be used to generate binary random bytes string for this purpose. It does take one argument : the length of the binary string to be generated. The maximum length of the random bytes generated by that function will artificially be limited to 1023 bytes to avoid memory problems. eg: select RANDOM_BYTES(16) New Server Stat-up option ========================= --block-encryption-mode=mode_string New Server Error (ER_AES_INVALID_IV) ======================================== This new error would be raised when the initialization vector supplied to aes_encrypt()/aes_decrypt() is too short
Copyright (c) 2000, 2023, Oracle Corporation and/or its affiliates. All rights reserved.