thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-08 16:42:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
47e8783f5b
ClickHouse/tests/testflows/aes_encryption/requirements/requirements.md
Vitaliy Zakaznikov 320add7047 Adding source for the SRS.
2020-09-15 14:57:36 +03:00

109 KiB
Raw Blame History

SRS-008 ClickHouse AES Encryption Functions

Software Requirements Specification

Table of Contents

Revision History

This document is stored in an electronic form using Git source control management software hosted in a GitHub Repository. All the updates are tracked using the Revision History.

Introduction

Users need an ability to encrypt and decrypt column data with tenant specific keys. Use cases include protection of sensitive column values and GDPR right to forget policies. The implementation will support capabilities of the MySQL aes_encrypt and MySQL aes_decrypt functions which encrypt and decrypt values using the AES (Advanced Encryption Standard) algorithm. This functionality will enable encryption and decryption of data accessed on remote MySQL servers via MySQL Dictionary or MySQL Database Engine, MySQL Table Engine, or MySQL Table Function.

Terminology

  • AES - Advanced Encryption Standard (AES)

Requirements

Generic

RQ.SRS008.AES.Functions

version: 1.0

ClickHouse SHALL support AES encryption functions to encrypt and decrypt data.

RQ.SRS008.AES.Functions.Compatability.MySQL

version: 1.0

ClickHouse SHALL support AES encryption functions compatible with MySQL 5.7.

RQ.SRS008.AES.Functions.Compatability.Dictionaries

version: 1.0

ClickHouse SHALL support encryption and decryption of data accessed on remote MySQL servers using MySQL Dictionary.

RQ.SRS008.AES.Functions.Compatability.Engine.Database.MySQL

version: 1.0

ClickHouse SHALL support encryption and decryption of data accessed using MySQL Database Engine,

RQ.SRS008.AES.Functions.Compatability.Engine.Table.MySQL

version: 1.0

ClickHouse SHALL support encryption and decryption of data accessed using MySQL Table Engine.

RQ.SRS008.AES.Functions.Compatability.TableFunction.MySQL

version: 1.0

ClickHouse SHALL support encryption and decryption of data accessed using MySQL Table Function.

RQ.SRS008.AES.Functions.DifferentModes

version: 1.0

ClickHouse SHALL allow different modes to be supported in a single SQL statement using explicit function parameters.

RQ.SRS008.AES.Functions.DataFromMultipleSources

version: 1.0

ClickHouse SHALL support handling encryption and decryption of data from multiple sources in the SELECT statement, including ClickHouse MergeTree table as well as MySQL Dictionary, MySQL Database Engine, MySQL Table Engine, and MySQL Table Function with possibly different encryption schemes.

RQ.SRS008.AES.Functions.SuppressOutputOfSensitiveValues

version: 1.0

ClickHouse SHALL suppress output of AES string and key parameters to the system log, error log, and query_log table to prevent leakage of sensitive values.

RQ.SRS008.AES.Functions.InvalidParameters

version: 1.0

ClickHouse SHALL return an error when parameters are invalid.

RQ.SRS008.AES.Functions.Mismatched.Key

version: 1.0

ClickHouse SHALL return garbage for mismatched keys.

RQ.SRS008.AES.Functions.Mismatched.IV

version: 1.0

ClickHouse SHALL return garbage for mismatched initialization vector for the modes that use it.

RQ.SRS008.AES.Functions.Mismatched.AAD

version: 1.0

ClickHouse SHALL return garbage for mismatched additional authentication data for the modes that use it.

RQ.SRS008.AES.Functions.Mismatched.Mode

version: 1.0

ClickHouse SHALL return an error or garbage for mismatched mode.

RQ.SRS008.AES.Functions.Check.Performance

version: 1.0

Performance of AES encryption functions SHALL be measured.

RQ.SRS008.AES.Function.Check.Performance.BestCase

version: 1.0

Performance of AES encryption functions SHALL be checked for the best case scenario where there is one key, one initialization vector, and one large stream of data.

RQ.SRS008.AES.Function.Check.Performance.WorstCase

version: 1.0

Performance of AES encryption functions SHALL be checked for the worst case where there are N keys, N initialization vectors and N very small streams of data.

RQ.SRS008.AES.Functions.Check.Compression

version: 1.0

Effect of AES encryption on column compression SHALL be measured.

RQ.SRS008.AES.Functions.Check.Compression.LowCardinality

version: 1.0

Effect of AES encryption on the compression of a column with LowCardinality data type SHALL be measured.

Specific

RQ.SRS008.AES.Encrypt.Function

version: 1.0

ClickHouse SHALL support aes_encrypt function to encrypt data using AES.

RQ.SRS008.AES.Encrypt.Function.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the aes_encrypt function

aes_encrypt(plaintext, key, mode, [iv, aad])

RQ.SRS008.AES.Encrypt.Function.NIST.TestVectors

version: 1.0

ClickHouse aes_encrypt function output SHALL produce output that matches NIST test vectors.

RQ.SRS008.AES.Encrypt.Function.Parameters.PlainText

version: 1.0

ClickHouse SHALL support plaintext accepting any data type as the first parameter to the aes_encrypt function that SHALL specify the data to be encrypted.

RQ.SRS008.AES.Encrypt.Function.Parameters.Key

version: 1.0

ClickHouse SHALL support key with String or FixedString data types as the second parameter to the aes_encrypt function that SHALL specify the encryption key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode

version: 1.0

ClickHouse SHALL support mode with String or FixedString data types as the third parameter to the aes_encrypt function that SHALL specify encryption key length and block encryption mode.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.ValuesFormat

version: 1.0

ClickHouse SHALL support values of the form aes-[key length]-[mode] for the mode parameter of the aes_encrypt function where the key_length SHALL specifies the length of the key and SHALL accept 128, 192, or 256 as the values and the mode SHALL specify the block encryption mode and SHALL accept ECB, CBC, CFB1, CFB8, CFB128, or OFB as well as CTR and GCM as the values. For example, aes-256-ofb.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.Invalid

version: 1.0

ClickHouse SHALL return an error if the specified value for the mode parameter of the aes_encrypt function is not valid with the exception where such a mode is supported by the underlying OpenSSL implementation.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-128-ECB

version: 1.0

ClickHouse SHALL support aes-128-ecb as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the ECB block mode encryption with a 128 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-192-ECB

version: 1.0

ClickHouse SHALL support aes-192-ecb as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the ECB block mode encryption with a 192 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-256-ECB

version: 1.0

ClickHouse SHALL support aes-256-ecb as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the ECB block mode encryption with a 256 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-128-CBC

version: 1.0

ClickHouse SHALL support aes-128-cbc as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CBC block mode encryption with a 128 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-192-CBC

version: 1.0

ClickHouse SHALL support aes-192-cbc as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CBC block mode encryption with a 192 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-256-CBC

version: 1.0

ClickHouse SHALL support aes-256-cbc as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CBC block mode encryption with a 256 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-128-CFB1

version: 1.0

ClickHouse SHALL support aes-128-cfb1 as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CFB1 block mode encryption with a 128 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-192-CFB1

version: 1.0

ClickHouse SHALL support aes-192-cfb1 as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CFB1 block mode encryption with a 192 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-256-CFB1

version: 1.0

ClickHouse SHALL support aes-256-cfb1 as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CFB1 block mode encryption with a 256 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-128-CFB8

version: 1.0

ClickHouse SHALL support aes-128-cfb8 as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CFB8 block mode encryption with a 128 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-192-CFB8

version: 1.0

ClickHouse SHALL support aes-192-cfb8 as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CFB8 block mode encryption with a 192 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-256-CFB8

version: 1.0

ClickHouse SHALL support aes-256-cfb8 as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CFB8 block mode encryption with a 256 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-128-CFB128

version: 1.0

ClickHouse SHALL support aes-128-cfb128 as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CFB128 block mode encryption with a 128 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-192-CFB128

version: 1.0

ClickHouse SHALL support aes-192-cfb128 as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CFB128 block mode encryption with a 192 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-256-CFB128

version: 1.0

ClickHouse SHALL support aes-256-cfb128 as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CFB128 block mode encryption with a 256 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-128-OFB

version: 1.0

ClickHouse SHALL support aes-128-ofb as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the OFB block mode encryption with a 128 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-192-OFB

version: 1.0

ClickHouse SHALL support aes-192-ofb as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the OFB block mode encryption with a 192 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-256-OFB

version: 1.0

ClickHouse SHALL support aes-256-ofb as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the OFB block mode encryption with a 256 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-128-GCM

version: 1.0

ClickHouse SHALL support aes-128-gcm as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the GCM block mode encryption with a 128 bit key. An AEAD 16-byte tag is appended to the resulting ciphertext according to the RFC5116.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-192-GCM

version: 1.0

ClickHouse SHALL support aes-192-gcm as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the GCM block mode encryption with a 192 bit key. An AEAD 16-byte tag is appended to the resulting ciphertext according to the RFC5116.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-256-GCM

version: 1.0

ClickHouse SHALL support aes-256-gcm as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the GCM block mode encryption with a 256 bit key. An AEAD 16-byte tag is appended to the resulting ciphertext according to the RFC5116.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-128-CTR

version: 1.0

ClickHouse SHALL support aes-128-ctr as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CTR block mode encryption with a 128 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-192-CTR

version: 1.0

ClickHouse SHALL support aes-192-ctr as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CTR block mode encryption with a 192 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.AES-256-CTR

version: 1.0

ClickHouse SHALL support aes-256-ctr as the value for the mode parameter of the aes_encrypt function and AES algorithm SHALL use the CTR block mode encryption with a 256 bit key.

RQ.SRS008.AES.Encrypt.Function.Parameters.InitializationVector

version: 1.0

ClickHouse SHALL support iv with String or FixedString data types as the optional fourth parameter to the aes_encrypt function that SHALL specify the initialization vector for block modes that require it.

RQ.SRS008.AES.Encrypt.Function.Parameters.AdditionalAuthenticatedData

version: 1.0

ClickHouse SHALL support aad with String or FixedString data types as the optional fifth parameter to the aes_encrypt function that SHALL specify the additional authenticated data for block modes that require it.

RQ.SRS008.AES.Encrypt.Function.Parameters.ReturnValue

version: 1.0

ClickHouse SHALL return the encrypted value of the data using String data type as the result of aes_encrypt function.

RQ.SRS008.AES.Encrypt.Function.Key.Length.InvalidLengthError

version: 1.0

ClickHouse SHALL return an error if the key length is not exact for the aes_encrypt function for a given block mode.

RQ.SRS008.AES.Encrypt.Function.InitializationVector.Length.InvalidLengthError

version: 1.0

ClickHouse SHALL return an error if the iv length is specified and not of the exact size for the aes_encrypt function for a given block mode.

RQ.SRS008.AES.Encrypt.Function.InitializationVector.NotValidForMode

version: 1.0

ClickHouse SHALL return an error if the iv is specified for the aes_encrypt function for a mode that does not need it.

RQ.SRS008.AES.Encrypt.Function.AdditionalAuthenticationData.NotValidForMode

version: 1.0

ClickHouse SHALL return an error if the aad is specified for the aes_encrypt function for a mode that does not need it.

RQ.SRS008.AES.Encrypt.Function.AdditionalAuthenticationData.Length

version: 1.0

ClickHouse SHALL not limit the size of the aad parameter passed to the aes_encrypt function.

RQ.SRS008.AES.Encrypt.Function.AES-128-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-128-ecb and key is not 16 bytes or iv or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-192-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-192-ecb and key is not 24 bytes or iv or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-256-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-256-ecb and key is not 32 bytes or iv or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-128-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-128-cbc and key is not 16 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-192-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-192-cbc and key is not 24 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-256-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-256-cbc and key is not 32 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-128-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-128-cfb1 and key is not 16 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-192-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-192-cfb1 and key is not 24 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-256-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-256-cfb1 and key is not 32 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-128-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-128-cfb8 and key is not 16 bytes and if specified iv is not 16 bytes.

RQ.SRS008.AES.Encrypt.Function.AES-192-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-192-cfb8 and key is not 24 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-256-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-256-cfb8 and key is not 32 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-128-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-128-cfb128 and key is not 16 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-192-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-192-cfb128 and key is not 24 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-256-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-256-cfb128 and key is not 32 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-128-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-128-ofb and key is not 16 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-192-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-192-ofb and key is not 24 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-256-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-256-ofb and key is not 32 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Encrypt.Function.AES-128-GCM.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-128-gcm and key is not 16 bytes or iv is not specified or is less than 8 bytes.

RQ.SRS008.AES.Encrypt.Function.AES-192-GCM.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-192-gcm and key is not 24 bytes or iv is not specified or is less than 8 bytes.

RQ.SRS008.AES.Encrypt.Function.AES-256-GCM.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-256-gcm and key is not 32 bytes or iv is not specified or is less than 8 bytes.

RQ.SRS008.AES.Encrypt.Function.AES-128-CTR.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-128-ctr and key is not 16 bytes or if specified iv is not 16 bytes.

RQ.SRS008.AES.Encrypt.Function.AES-192-CTR.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-192-ctr and key is not 24 bytes or if specified iv is not 16 bytes.

RQ.SRS008.AES.Encrypt.Function.AES-256-CTR.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt function is set to aes-256-ctr and key is not 32 bytes or if specified iv is not 16 bytes.

RQ.SRS008.AES.Decrypt.Function

version: 1.0

ClickHouse SHALL support aes_decrypt function to decrypt data using AES.

RQ.SRS008.AES.Decrypt.Function.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the aes_decrypt function

aes_decrypt(ciphertext, key, mode, [iv, aad])

RQ.SRS008.AES.Decrypt.Function.Parameters.CipherText

version: 1.0

ClickHouse SHALL support ciphertext accepting FixedString or String data types as the first parameter to the aes_decrypt function that SHALL specify the data to be decrypted.

RQ.SRS008.AES.Decrypt.Function.Parameters.Key

version: 1.0

ClickHouse SHALL support key with String or FixedString data types as the second parameter to the aes_decrypt function that SHALL specify the encryption key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode

version: 1.0

ClickHouse SHALL support mode with String or FixedString data types as the third parameter to the aes_decrypt function that SHALL specify encryption key length and block encryption mode.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.ValuesFormat

version: 1.0

ClickHouse SHALL support values of the form aes-[key length]-[mode] for the mode parameter of the aes_decrypt function where the key_length SHALL specifies the length of the key and SHALL accept 128, 192, or 256 as the values and the mode SHALL specify the block encryption mode and SHALL accept ECB, CBC, CFB1, CFB8, CFB128, or OFB as well as CTR and GCM as the values. For example, aes-256-ofb.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.Invalid

version: 1.0

ClickHouse SHALL return an error if the specified value for the mode parameter of the aes_decrypt function is not valid with the exception where such a mode is supported by the underlying OpenSSL implementation.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-128-ECB

version: 1.0

ClickHouse SHALL support aes-128-ecb as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the ECB block mode encryption with a 128 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-192-ECB

version: 1.0

ClickHouse SHALL support aes-192-ecb as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the ECB block mode encryption with a 192 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-256-ECB

version: 1.0

ClickHouse SHALL support aes-256-ecb as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the ECB block mode encryption with a 256 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-128-CBC

version: 1.0

ClickHouse SHALL support aes-128-cbc as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CBC block mode encryption with a 128 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-192-CBC

version: 1.0

ClickHouse SHALL support aes-192-cbc as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CBC block mode encryption with a 192 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-256-CBC

version: 1.0

ClickHouse SHALL support aes-256-cbc as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CBC block mode encryption with a 256 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-128-CFB1

version: 1.0

ClickHouse SHALL support aes-128-cfb1 as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CFB1 block mode encryption with a 128 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-192-CFB1

version: 1.0

ClickHouse SHALL support aes-192-cfb1 as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CFB1 block mode encryption with a 192 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-256-CFB1

version: 1.0

ClickHouse SHALL support aes-256-cfb1 as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CFB1 block mode encryption with a 256 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-128-CFB8

version: 1.0

ClickHouse SHALL support aes-128-cfb8 as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CFB8 block mode encryption with a 128 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-192-CFB8

version: 1.0

ClickHouse SHALL support aes-192-cfb8 as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CFB8 block mode encryption with a 192 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-256-CFB8

version: 1.0

ClickHouse SHALL support aes-256-cfb8 as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CFB8 block mode encryption with a 256 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-128-CFB128

version: 1.0

ClickHouse SHALL support aes-128-cfb128 as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CFB128 block mode encryption with a 128 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-192-CFB128

version: 1.0

ClickHouse SHALL support aes-192-cfb128 as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CFB128 block mode encryption with a 192 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-256-CFB128

version: 1.0

ClickHouse SHALL support aes-256-cfb128 as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CFB128 block mode encryption with a 256 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-128-OFB

version: 1.0

ClickHouse SHALL support aes-128-ofb as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the OFB block mode encryption with a 128 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-192-OFB

version: 1.0

ClickHouse SHALL support aes-192-ofb as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the OFB block mode encryption with a 192 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-256-OFB

version: 1.0

ClickHouse SHALL support aes-256-ofb as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the OFB block mode encryption with a 256 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-128-GCM

version: 1.0

ClickHouse SHALL support aes-128-gcm as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the GCM block mode encryption with a 128 bit key. An [AEAD] 16-byte tag is expected present at the end of the ciphertext according to the RFC5116.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-192-GCM

version: 1.0

ClickHouse SHALL support aes-192-gcm as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the GCM block mode encryption with a 192 bit key. An [AEAD] 16-byte tag is expected present at the end of the ciphertext according to the RFC5116.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-256-GCM

version: 1.0

ClickHouse SHALL support aes-256-gcm as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the GCM block mode encryption with a 256 bit key. An [AEAD] 16-byte tag is expected present at the end of the ciphertext according to the RFC5116.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-128-CTR

version: 1.0

ClickHouse SHALL support aes-128-ctr as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CTR block mode encryption with a 128 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-192-CTR

version: 1.0

ClickHouse SHALL support aes-192-ctr as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CTR block mode encryption with a 192 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.AES-256-CTR

version: 1.0

ClickHouse SHALL support aes-256-ctr as the value for the mode parameter of the aes_decrypt function and AES algorithm SHALL use the CTR block mode encryption with a 256 bit key.

RQ.SRS008.AES.Decrypt.Function.Parameters.InitializationVector

version: 1.0

ClickHouse SHALL support iv with String or FixedString data types as the optional fourth parameter to the aes_decrypt function that SHALL specify the initialization vector for block modes that require it.

RQ.SRS008.AES.Decrypt.Function.Parameters.AdditionalAuthenticatedData

version: 1.0

ClickHouse SHALL support aad with String or FixedString data types as the optional fifth parameter to the aes_decrypt function that SHALL specify the additional authenticated data for block modes that require it.

RQ.SRS008.AES.Decrypt.Function.Parameters.ReturnValue

version: 1.0

ClickHouse SHALL return the decrypted value of the data using String data type as the result of aes_decrypt function.

RQ.SRS008.AES.Decrypt.Function.Key.Length.InvalidLengthError

version: 1.0

ClickHouse SHALL return an error if the key length is not exact for the aes_decrypt function for a given block mode.

RQ.SRS008.AES.Decrypt.Function.InitializationVector.Length.InvalidLengthError

version: 1.0

ClickHouse SHALL return an error if the iv is speficified and the length is not exact for the aes_decrypt function for a given block mode.

RQ.SRS008.AES.Decrypt.Function.InitializationVector.NotValidForMode

version: 1.0

ClickHouse SHALL return an error if the iv is specified for the aes_decrypt function for a mode that does not need it.

RQ.SRS008.AES.Decrypt.Function.AdditionalAuthenticationData.NotValidForMode

version: 1.0

ClickHouse SHALL return an error if the aad is specified for the aes_decrypt function for a mode that does not need it.

RQ.SRS008.AES.Decrypt.Function.AdditionalAuthenticationData.Length

version: 1.0

ClickHouse SHALL not limit the size of the aad parameter passed to the aes_decrypt function.

RQ.SRS008.AES.Decrypt.Function.AES-128-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-128-ecb and key is not 16 bytes or iv or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-192-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-192-ecb and key is not 24 bytes or iv or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-256-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-256-ecb and key is not 32 bytes or iv or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-128-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-128-cbc and key is not 16 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-192-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-192-cbc and key is not 24 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-256-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-256-cbc and key is not 32 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-128-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-128-cfb1 and key is not 16 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-192-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-192-cfb1 and key is not 24 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-256-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-256-cfb1 and key is not 32 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-128-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-128-cfb8 and key is not 16 bytes and if specified iv is not 16 bytes.

RQ.SRS008.AES.Decrypt.Function.AES-192-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-192-cfb8 and key is not 24 bytes or iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-256-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-256-cfb8 and key is not 32 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-128-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-128-cfb128 and key is not 16 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-192-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-192-cfb128 and key is not 24 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-256-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-256-cfb128 and key is not 32 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-128-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-128-ofb and key is not 16 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-192-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-192-ofb and key is not 24 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-256-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-256-ofb and key is not 32 bytes or if specified iv is not 16 bytes or aad is specified.

RQ.SRS008.AES.Decrypt.Function.AES-128-GCM.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-128-gcm and key is not 16 bytes or iv is not specified or is less than 8 bytes.

RQ.SRS008.AES.Decrypt.Function.AES-192-GCM.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-192-gcm and key is not 24 bytes or iv is not specified or is less than 8 bytes.

RQ.SRS008.AES.Decrypt.Function.AES-256-GCM.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-256-gcm and key is not 32 bytes or iv is not specified or is less than 8 bytes.

RQ.SRS008.AES.Decrypt.Function.AES-128-CTR.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-128-ctr and key is not 16 bytes or if specified iv is not 16 bytes.

RQ.SRS008.AES.Decrypt.Function.AES-192-CTR.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-192-ctr and key is not 24 bytes or if specified iv is not 16 bytes.

RQ.SRS008.AES.Decrypt.Function.AES-256-CTR.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt function is set to aes-256-ctr and key is not 32 bytes or if specified iv is not 16 bytes.

MySQL Specific Functions

RQ.SRS008.AES.MySQL.Encrypt.Function

version: 1.0

ClickHouse SHALL support aes_encrypt_mysql function to encrypt data using AES.

RQ.SRS008.AES.MySQL.Encrypt.Function.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the aes_encrypt_mysql function

aes_encrypt_mysql(plaintext, key, mode, [iv])

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.PlainText

version: 1.0

ClickHouse SHALL support plaintext accepting any data type as the first parameter to the aes_encrypt_mysql function that SHALL specify the data to be encrypted.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Key

version: 1.0

ClickHouse SHALL support key with String or FixedString data types as the second parameter to the aes_encrypt_mysql function that SHALL specify the encryption key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode

version: 1.0

ClickHouse SHALL support mode with String or FixedString data types as the third parameter to the aes_encrypt_mysql function that SHALL specify encryption key length and block encryption mode.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.ValuesFormat

version: 1.0

ClickHouse SHALL support values of the form aes-[key length]-[mode] for the mode parameter of the aes_encrypt_mysql function where the key_length SHALL specifies the length of the key and SHALL accept 128, 192, or 256 as the values and the mode SHALL specify the block encryption mode and SHALL accept ECB, CBC, CFB1, CFB8, CFB128, or OFB. For example, aes-256-ofb.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.Invalid

version: 1.0

ClickHouse SHALL return an error if the specified value for the mode parameter of the aes_encrypt_mysql function is not valid with the exception where such a mode is supported by the underlying OpenSSL implementation.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-128-ECB

version: 1.0

ClickHouse SHALL support aes-128-ecb as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the ECB block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-192-ECB

version: 1.0

ClickHouse SHALL support aes-192-ecb as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the ECB block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-256-ECB

version: 1.0

ClickHouse SHALL support aes-256-ecb as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the ECB block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-128-CBC

version: 1.0

ClickHouse SHALL support aes-128-cbc as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CBC block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-192-CBC

version: 1.0

ClickHouse SHALL support aes-192-cbc as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CBC block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-256-CBC

version: 1.0

ClickHouse SHALL support aes-256-cbc as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CBC block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-128-CFB1

version: 1.0

ClickHouse SHALL support aes-128-cfb1 as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CFB1 block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-192-CFB1

version: 1.0

ClickHouse SHALL support aes-192-cfb1 as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CFB1 block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-256-CFB1

version: 1.0

ClickHouse SHALL support aes-256-cfb1 as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CFB1 block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-128-CFB8

version: 1.0

ClickHouse SHALL support aes-128-cfb8 as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CFB8 block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-192-CFB8

version: 1.0

ClickHouse SHALL support aes-192-cfb8 as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CFB8 block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-256-CFB8

version: 1.0

ClickHouse SHALL support aes-256-cfb8 as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CFB8 block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-128-CFB128

version: 1.0

ClickHouse SHALL support aes-128-cfb128 as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CFB128 block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-192-CFB128

version: 1.0

ClickHouse SHALL support aes-192-cfb128 as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CFB128 block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-256-CFB128

version: 1.0

ClickHouse SHALL support aes-256-cfb128 as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the CFB128 block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-128-OFB

version: 1.0

ClickHouse SHALL support aes-128-ofb as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the OFB block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-192-OFB

version: 1.0

ClickHouse SHALL support aes-192-ofb as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the OFB block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-256-OFB

version: 1.0

ClickHouse SHALL support aes-256-ofb as the value for the mode parameter of the aes_encrypt_mysql function and AES algorithm SHALL use the OFB block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-128-GCM.Error

version: 1.0

ClickHouse SHALL return an error if aes-128-gcm is specified as the value for the mode parameter of the aes_encrypt_mysql function.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-192-GCM.Error

version: 1.0

ClickHouse SHALL return an error if aes-192-gcm is specified as the value for the mode parameter of the aes_encrypt_mysql function.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-256-GCM.Error

version: 1.0

ClickHouse SHALL return an error if aes-256-gcm is specified as the value for the mode parameter of the aes_encrypt_mysql function.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-128-CTR.Error

version: 1.0

ClickHouse SHALL return an error if aes-128-ctr is specified as the value for the mode parameter of the aes_encrypt_mysql function.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-192-CTR.Error

version: 1.0

ClickHouse SHALL return an error if aes-192-ctr is specified as the value for the mode parameter of the aes_encrypt_mysql function.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.AES-256-CTR.Error

version: 1.0

ClickHouse SHALL return an error if aes-256-ctr is specified as the value for the mode parameter of the aes_encrypt_mysql function.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.InitializationVector

version: 1.0

ClickHouse SHALL support iv with String or FixedString data types as the optional fourth parameter to the aes_encrypt_mysql function that SHALL specify the initialization vector for block modes that require it.

RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.ReturnValue

version: 1.0

ClickHouse SHALL return the encrypted value of the data using String data type as the result of aes_encrypt_mysql function.

RQ.SRS008.AES.MySQL.Encrypt.Function.Key.Length.TooShortError

version: 1.0

ClickHouse SHALL return an error if the key length is less than the minimum for the aes_encrypt_mysql function for a given block mode.

RQ.SRS008.AES.MySQL.Encrypt.Function.Key.Length.TooLong

version: 1.0

ClickHouse SHALL use folding algorithm specified below if the key length is longer than required for the aes_encrypt_mysql function for a given block mode.

def fold_key(key, cipher_key_size):
    key = list(key) if not isinstance(key, (list, tuple)) else key
	  folded_key = key[:cipher_key_size]
	  for i in range(cipher_key_size, len(key)):
		    print(i % cipher_key_size, i)
		    folded_key[i % cipher_key_size] ^= key[i]
	  return folded_key

RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.Length.TooShortError

version: 1.0

ClickHouse SHALL return an error if the iv length is specified and is less than the minimum that is required for the aes_encrypt_mysql function for a given block mode.

RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.Length.TooLong

version: 1.0

ClickHouse SHALL use the first N bytes that are required if the iv is specified and its length is longer than required for the aes_encrypt_mysql function for a given block mode.

RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.NotValidForMode

version: 1.0

ClickHouse SHALL return an error if the iv is specified for the aes_encrypt_mysql function for a mode that does not need it.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-128-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-128-ecb and key is less than 16 bytes or iv is specified.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-192-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-192-ecb and key is less than 24 bytes or iv is specified.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-256-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-256-ecb and key is less than 32 bytes or iv is specified.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-128-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-128-cbc and key is less than 16 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-192-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-192-cbc and key is less than 24 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-256-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-256-cbc and key is less than 32 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-128-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-128-cfb1 and key is less than 16 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-192-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-192-cfb1 and key is less than 24 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-256-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-256-cfb1 and key is less than 32 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-128-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-128-cfb8 and key is less than 16 bytes and if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-192-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-192-cfb8 and key is less than 24 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-256-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-256-cfb8 and key is less than 32 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-128-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-128-cfb128 and key is less than 16 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-192-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-192-cfb128 and key is less than 24 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-256-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-256-cfb128 and key is less than 32 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-128-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-128-ofb and key is less than 16 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-192-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-192-ofb and key is less than 24 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Encrypt.Function.AES-256-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_encrypt_mysql function is set to aes-256-ofb and key is less than 32 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function

version: 1.0

ClickHouse SHALL support aes_decrypt_mysql function to decrypt data using AES.

RQ.SRS008.AES.MySQL.Decrypt.Function.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the aes_decrypt_mysql function

aes_decrypt_mysql(ciphertext, key, mode, [iv])

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.CipherText

version: 1.0

ClickHouse SHALL support ciphertext accepting any data type as the first parameter to the aes_decrypt_mysql function that SHALL specify the data to be decrypted.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Key

version: 1.0

ClickHouse SHALL support key with String or FixedString data types as the second parameter to the aes_decrypt_mysql function that SHALL specify the encryption key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode

version: 1.0

ClickHouse SHALL support mode with String or FixedString data types as the third parameter to the aes_decrypt_mysql function that SHALL specify encryption key length and block encryption mode.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.ValuesFormat

version: 1.0

ClickHouse SHALL support values of the form aes-[key length]-[mode] for the mode parameter of the aes_decrypt_mysql function where the key_length SHALL specifies the length of the key and SHALL accept 128, 192, or 256 as the values and the mode SHALL specify the block encryption mode and SHALL accept ECB, CBC, CFB1, CFB8, CFB128, or OFB. For example, aes-256-ofb.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.Invalid

version: 1.0

ClickHouse SHALL return an error if the specified value for the mode parameter of the aes_decrypt_mysql function is not valid with the exception where such a mode is supported by the underlying OpenSSL implementation.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-128-ECB

version: 1.0

ClickHouse SHALL support aes-128-ecb as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the ECB block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-192-ECB

version: 1.0

ClickHouse SHALL support aes-192-ecb as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the ECB block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-256-ECB

version: 1.0

ClickHouse SHALL support aes-256-ecb as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the ECB block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-128-CBC

version: 1.0

ClickHouse SHALL support aes-128-cbc as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CBC block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-192-CBC

version: 1.0

ClickHouse SHALL support aes-192-cbc as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CBC block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-256-CBC

version: 1.0

ClickHouse SHALL support aes-256-cbc as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CBC block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-128-CFB1

version: 1.0

ClickHouse SHALL support aes-128-cfb1 as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CFB1 block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-192-CFB1

version: 1.0

ClickHouse SHALL support aes-192-cfb1 as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CFB1 block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-256-CFB1

version: 1.0

ClickHouse SHALL support aes-256-cfb1 as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CFB1 block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-128-CFB8

version: 1.0

ClickHouse SHALL support aes-128-cfb8 as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CFB8 block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-192-CFB8

version: 1.0

ClickHouse SHALL support aes-192-cfb8 as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CFB8 block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-256-CFB8

version: 1.0

ClickHouse SHALL support aes-256-cfb8 as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CFB8 block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-128-CFB128

version: 1.0

ClickHouse SHALL support aes-128-cfb128 as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CFB128 block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-192-CFB128

version: 1.0

ClickHouse SHALL support aes-192-cfb128 as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CFB128 block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-256-CFB128

version: 1.0

ClickHouse SHALL support aes-256-cfb128 as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the CFB128 block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-128-OFB

version: 1.0

ClickHouse SHALL support aes-128-ofb as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the OFB block mode encryption with a 128 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-192-OFB

version: 1.0

ClickHouse SHALL support aes-192-ofb as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the OFB block mode encryption with a 192 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-256-OFB

version: 1.0

ClickHouse SHALL support aes-256-ofb as the value for the mode parameter of the aes_decrypt_mysql function and AES algorithm SHALL use the OFB block mode encryption with a 256 bit key.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-128-GCM.Error

version: 1.0

ClickHouse SHALL return an error if aes-128-gcm is specified as the value for the mode parameter of the aes_decrypt_mysql function.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-192-GCM.Error

version: 1.0

ClickHouse SHALL return an error if aes-192-gcm is specified as the value for the mode parameter of the aes_decrypt_mysql function.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-256-GCM.Error

version: 1.0

ClickHouse SHALL return an error if aes-256-gcm is specified as the value for the mode parameter of the aes_decrypt_mysql function.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-128-CTR.Error

version: 1.0

ClickHouse SHALL return an error if aes-128-ctr is specified as the value for the mode parameter of the aes_decrypt_mysql function.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-192-CTR.Error

version: 1.0

ClickHouse SHALL return an error if aes-192-ctr is specified as the value for the mode parameter of the aes_decrypt_mysql function.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.AES-256-CTR.Error

version: 1.0

ClickHouse SHALL return an error if aes-256-ctr is specified as the value for the mode parameter of the aes_decrypt_mysql function.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.InitializationVector

version: 1.0

ClickHouse SHALL support iv with String or FixedString data types as the optional fourth parameter to the aes_decrypt_mysql function that SHALL specify the initialization vector for block modes that require it.

RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.ReturnValue

version: 1.0

ClickHouse SHALL return the decrypted value of the data using String data type as the result of aes_decrypt_mysql function.

RQ.SRS008.AES.MySQL.Decrypt.Function.Key.Length.TooShortError

version: 1.0

ClickHouse SHALL return an error if the key length is less than the minimum for the aes_decrypt_mysql function for a given block mode.

RQ.SRS008.AES.MySQL.Decrypt.Function.Key.Length.TooLong

version: 1.0

ClickHouse SHALL use folding algorithm specified below if the key length is longer than required for the aes_decrypt_mysql function for a given block mode.

def fold_key(key, cipher_key_size):
    key = list(key) if not isinstance(key, (list, tuple)) else key
	  folded_key = key[:cipher_key_size]
	  for i in range(cipher_key_size, len(key)):
		    print(i % cipher_key_size, i)
		    folded_key[i % cipher_key_size] ^= key[i]
	  return folded_key

RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.Length.TooShortError

version: 1.0

ClickHouse SHALL return an error if the iv length is specified and is less than the minimum that is required for the aes_decrypt_mysql function for a given block mode.

RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.Length.TooLong

version: 1.0

ClickHouse SHALL use the first N bytes that are required if the iv is specified and its length is longer than required for the aes_decrypt_mysql function for a given block mode.

RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.NotValidForMode

version: 1.0

ClickHouse SHALL return an error if the iv is specified for the aes_decrypt_mysql function for a mode that does not need it.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-128-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-128-ecb and key is less than 16 bytes or iv is specified.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-192-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-192-ecb and key is less than 24 bytes or iv is specified.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-256-ECB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-256-ecb and key is less than 32 bytes or iv is specified.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-128-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-128-cbc and key is less than 16 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-192-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-192-cbc and key is less than 24 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-256-CBC.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-256-cbc and key is less than 32 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-128-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-128-cfb1 and key is less than 16 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-192-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-192-cfb1 and key is less than 24 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-256-CFB1.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-256-cfb1 and key is less than 32 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-128-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-128-cfb8 and key is less than 16 bytes and if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-192-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-192-cfb8 and key is less than 24 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-256-CFB8.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-256-cfb8 and key is less than 32 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-128-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-128-cfb128 and key is less than 16 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-192-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-192-cfb128 and key is less than 24 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-256-CFB128.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-256-cfb128 and key is less than 32 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-128-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-128-ofb and key is less than 16 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-192-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-192-ofb and key is less than 24 bytes or if specified iv is less than 16 bytes.

RQ.SRS008.AES.MySQL.Decrypt.Function.AES-256-OFB.KeyAndInitializationVector.Length

version: 1.0

ClickHouse SHALL return an error when mode for the aes_decrypt_mysql function is set to aes-256-ofb and key is less than 32 bytes or if specified iv is less than 16 bytes.

References