ClickHouse/src/Functions/FunctionsAES.cpp

#include <Functions/FunctionsAES.h>

#if USE_SSL

#include <openssl/err.h>

#include <string>

namespace DB
{
namespace ErrorCodes
{
    extern const int OPENSSL_ERROR;
}
}

namespace OpenSSLDetails
{
void onError(std::string error_message)
{
    error_message += ". OpenSSL error code: " + std::to_string(ERR_get_error());
    throw DB::Exception(error_message, DB::ErrorCodes::OPENSSL_ERROR);
}

StringRef foldEncryptionKeyInMySQLCompatitableMode(size_t cipher_key_size, const StringRef & key, std::array<char, EVP_MAX_KEY_LENGTH> & folded_key)
{
    memcpy(folded_key.data(), key.data, cipher_key_size);

    for (size_t i = cipher_key_size; i < key.size; ++i)
    {
        folded_key[i % cipher_key_size] ^= key.data[i];
    }

    return StringRef(folded_key.data(), cipher_key_size);
}

const EVP_CIPHER * getCipherByName(const StringRef & cipher_name)
{
    const auto *evp_cipher = EVP_get_cipherbyname(cipher_name.data);
    if (evp_cipher == nullptr)
    {
        // For some reasons following ciphers can't be found by name.
        if (cipher_name == "aes-128-cfb128")
            evp_cipher = EVP_aes_128_cfb128();
        else if (cipher_name == "aes-192-cfb128")
            evp_cipher = EVP_aes_192_cfb128();
        else if (cipher_name == "aes-256-cfb128")
            evp_cipher = EVP_aes_256_cfb128();
    }

    return evp_cipher;
}

}

#endif
encrypt, aes_encrypt_mysql, decrypt, aes_decrypt_mysql functions Functions to encrypt/decrypt any input data with OpenSSL's ciphers with custom key, iv, and add (-gcm mode only). _mysql versions are 100% compatitable with corresponding MySQL functions Supported modes depend on OpenSSL version, but generally are: aes-{128,192,56}-{ecb,cbc,cfb1,cfb8,cfb128,ofb,gcm} Please note that in a -gcm mode a 16-byte tag is appended to the ciphertext on encryption and is expected to be found at the end of ciphertext on decryption. Added tests that verify compatibility with MySQL functions, and test vectors for GCM mode from OpenSSL. Added masking rules for aes_X funtions Rules are installed by default to config.d/query_masking_rules.xml 2020-06-16 09:22:55 +00:00			`#include <Functions/FunctionsAES.h>`

			`#if USE_SSL`

			`#include <openssl/err.h>`

			`#include <string>`

			`namespace DB`
			`{`
			`namespace ErrorCodes`
			`{`
			`extern const int OPENSSL_ERROR;`
			`}`
			`}`

			`namespace OpenSSLDetails`
			`{`
			`void onError(std::string error_message)`
			`{`
			`error_message += ". OpenSSL error code: " + std::to_string(ERR_get_error());`
			`throw DB::Exception(error_message, DB::ErrorCodes::OPENSSL_ERROR);`
			`}`

			`StringRef foldEncryptionKeyInMySQLCompatitableMode(size_t cipher_key_size, const StringRef & key, std::array<char, EVP_MAX_KEY_LENGTH> & folded_key)`
			`{`
			`memcpy(folded_key.data(), key.data, cipher_key_size);`

			`for (size_t i = cipher_key_size; i < key.size; ++i)`
			`{`
			`folded_key[i % cipher_key_size] ^= key.data[i];`
			`}`

			`return StringRef(folded_key.data(), cipher_key_size);`
			`}`

			`const EVP_CIPHER * getCipherByName(const StringRef & cipher_name)`
			`{`
			`const auto *evp_cipher = EVP_get_cipherbyname(cipher_name.data);`
			`if (evp_cipher == nullptr)`
			`{`
			`// For some reasons following ciphers can't be found by name.`
			`if (cipher_name == "aes-128-cfb128")`
			`evp_cipher = EVP_aes_128_cfb128();`
			`else if (cipher_name == "aes-192-cfb128")`
			`evp_cipher = EVP_aes_192_cfb128();`
			`else if (cipher_name == "aes-256-cfb128")`
			`evp_cipher = EVP_aes_256_cfb128();`
			`}`

			`return evp_cipher;`
			`}`

			`}`

			`#endif`