mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-12-05 05:52:05 +00:00
3221 lines
128 KiB
Python
3221 lines
128 KiB
Python
# These requirements were auto generated
|
|
# from software requirements specification (SRS)
|
|
# document by TestFlows v1.6.210101.1235930.
|
|
# Do not edit by hand but re-generate instead
|
|
# using 'tfs requirements generate' command.
|
|
from testflows.core import Specification
|
|
from testflows.core import Requirement
|
|
|
|
Heading = Specification.Heading
|
|
|
|
RQ_SRS008_AES_Functions = Requirement(
|
|
name="RQ.SRS008.AES.Functions",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support [AES] encryption functions to encrypt and decrypt data.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.1.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Compatibility_MySQL = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Compatibility.MySQL",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support [AES] encryption functions compatible with [MySQL 5.7].\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.2.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Compatibility_Dictionaries = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Compatibility.Dictionaries",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support encryption and decryption of data accessed on remote\n"
|
|
"[MySQL] servers using [MySQL Dictionary].\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.2.2",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Compatibility_Engine_Database_MySQL = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Compatibility.Engine.Database.MySQL",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support encryption and decryption of data accessed using [MySQL Database Engine],\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.2.3",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Compatibility_Engine_Table_MySQL = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Compatibility.Engine.Table.MySQL",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support encryption and decryption of data accessed using [MySQL Table Engine].\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.2.4",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Compatibility_TableFunction_MySQL = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Compatibility.TableFunction.MySQL",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support encryption and decryption of data accessed using [MySQL Table Function].\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.2.5",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_DifferentModes = Requirement(
|
|
name="RQ.SRS008.AES.Functions.DifferentModes",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL allow different modes to be supported in a single SQL statement\n"
|
|
"using explicit function parameters.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.3.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_DataFromMultipleSources = Requirement(
|
|
name="RQ.SRS008.AES.Functions.DataFromMultipleSources",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support handling encryption and decryption of data from multiple sources\n"
|
|
"in the `SELECT` statement, including [ClickHouse] [MergeTree] table as well as [MySQL Dictionary],\n"
|
|
"[MySQL Database Engine], [MySQL Table Engine], and [MySQL Table Function]\n"
|
|
"with possibly different encryption schemes.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.4.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_SuppressOutputOfSensitiveValues = Requirement(
|
|
name="RQ.SRS008.AES.Functions.SuppressOutputOfSensitiveValues",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL suppress output of [AES] `string` and `key` parameters to the system log,\n"
|
|
"error log, and `query_log` table to prevent leakage of sensitive values.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.5.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_InvalidParameters = Requirement(
|
|
name="RQ.SRS008.AES.Functions.InvalidParameters",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error when parameters are invalid.\n" "\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.6.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Mismatched_Key = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Mismatched.Key",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=("[ClickHouse] SHALL return garbage for mismatched keys.\n" "\n"),
|
|
link=None,
|
|
level=3,
|
|
num="4.7.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Mismatched_IV = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Mismatched.IV",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return garbage for mismatched initialization vector for the modes that use it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.7.2",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Mismatched_AAD = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Mismatched.AAD",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return garbage for mismatched additional authentication data for the modes that use it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.7.3",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Mismatched_Mode = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Mismatched.Mode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error or garbage for mismatched mode.\n" "\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.7.4",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Check_Performance = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Check.Performance",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=("Performance of [AES] encryption functions SHALL be measured.\n" "\n"),
|
|
link=None,
|
|
level=3,
|
|
num="4.8.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_Function_Check_Performance_BestCase = Requirement(
|
|
name="RQ.SRS008.AES.Function.Check.Performance.BestCase",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"Performance of [AES] encryption functions SHALL be checked for the best case\n"
|
|
"scenario where there is one key, one initialization vector, and one large stream of data.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.8.2",
|
|
)
|
|
|
|
RQ_SRS008_AES_Function_Check_Performance_WorstCase = Requirement(
|
|
name="RQ.SRS008.AES.Function.Check.Performance.WorstCase",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"Performance of [AES] encryption functions SHALL be checked for the worst case\n"
|
|
"where there are `N` keys, `N` initialization vectors and `N` very small streams of data.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.8.3",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Check_Compression = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Check.Compression",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"Effect of [AES] encryption on column compression SHALL be measured.\n" "\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.8.4",
|
|
)
|
|
|
|
RQ_SRS008_AES_Functions_Check_Compression_LowCardinality = Requirement(
|
|
name="RQ.SRS008.AES.Functions.Check.Compression.LowCardinality",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"Effect of [AES] encryption on the compression of a column with [LowCardinality] data type\n"
|
|
"SHALL be measured.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.8.5",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `encrypt` function to encrypt data using [AES].\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Syntax = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Syntax",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support the following syntax for the `encrypt` function\n"
|
|
"\n"
|
|
"```sql\n"
|
|
"encrypt(mode, plaintext, key, [iv, aad])\n"
|
|
"```\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.2",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_NIST_TestVectors = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.NIST.TestVectors",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] `encrypt` function output SHALL produce output that matches [NIST test vectors].\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.3",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_PlainText = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.PlainText",
|
|
version="2.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `plaintext` with `String`, `FixedString`, `Nullable(String)`,\n"
|
|
"`Nullable(FixedString)`, `LowCardinality(String)`, or `LowCardinality(FixedString(N))` data types as\n"
|
|
"the second parameter to the `encrypt` function that SHALL specify the data to be encrypted.\n"
|
|
"\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.4",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_Key = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.Key",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `key` with `String` or `FixedString` data types\n"
|
|
"as the parameter to the `encrypt` function that SHALL specify the encryption key.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.5",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_Mode = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.Mode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `mode` with `String` or `FixedString` data types as the first parameter\n"
|
|
"to the `encrypt` function that SHALL specify encryption key length and block encryption mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.6",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_Mode_ValuesFormat = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.ValuesFormat",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support values of the form `aes-[key length]-[mode]` for the `mode` parameter\n"
|
|
"of the `encrypt` function where\n"
|
|
"the `key_length` SHALL specifies the length of the key and SHALL accept\n"
|
|
"`128`, `192`, or `256` as the values and the `mode` SHALL specify the block encryption\n"
|
|
"mode and SHALL accept [CBC], [CFB128], or [OFB] as well as\n"
|
|
"[CTR] and [GCM] as the values. For example, `aes-256-ofb`.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.7",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_Mode_Value_Invalid = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.Invalid",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the specified value for the `mode` parameter of the `encrypt`\n"
|
|
"function is not valid with the exception where such a mode is supported by the underlying\n"
|
|
"[OpenSSL] implementation.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.8",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_Mode_Values = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Values",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support the following [AES] block encryption modes as the value for the `mode` parameter\n"
|
|
"of the `encrypt` function:\n"
|
|
"\n"
|
|
"* `aes-128-cbc` that SHALL use [CBC] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 192 bit key\n"
|
|
"* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 256 bit key\n"
|
|
"* `aes-128-cfb128` that SHALL use [CFB128] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-cfb128` that SHALL use [CFB128] block mode encryption with 192 bit key\n"
|
|
"* `aes-256-cfb128` that SHALL use [CFB128] block mode encryption with 256 bit key\n"
|
|
"* `aes-128-ofb` that SHALL use [OFB] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-ofb` that SHALL use [OFB] block mode encryption with 192 bit key\n"
|
|
"* `aes-256-ofb` that SHALL use [OFB] block mode encryption with 256 bit key\n"
|
|
"* `aes-128-gcm` that SHALL use [GCM] block mode encryption with 128 bit key\n"
|
|
" and [AEAD] 16-byte tag is appended to the resulting ciphertext according to\n"
|
|
" the [RFC5116]\n"
|
|
"* `aes-192-gcm` that SHALL use [GCM] block mode encryption with 192 bit key\n"
|
|
" and [AEAD] 16-byte tag is appended to the resulting ciphertext according to\n"
|
|
" the [RFC5116]\n"
|
|
"* `aes-256-gcm` that SHALL use [GCM] block mode encryption with 256 bit key\n"
|
|
" and [AEAD] 16-byte tag is appended to the resulting ciphertext according to\n"
|
|
" the [RFC5116]\n"
|
|
"* `aes-128-ctr` that SHALL use [CTR] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-ctr` that SHALL use [CTR] block mode encryption with 192 bit key\n"
|
|
"* `aes-256-ctr` that SHALL use [CTR] block mode encryption with 256 bit key\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.9",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_InitializationVector = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.InitializationVector",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `iv` with `String` or `FixedString` data types as the optional fourth\n"
|
|
"parameter to the `encrypt` function that SHALL specify the initialization vector for block modes that require\n"
|
|
"it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.10",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_AdditionalAuthenticatedData = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.AdditionalAuthenticatedData",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `aad` with `String` or `FixedString` data types as the optional fifth\n"
|
|
"parameter to the `encrypt` function that SHALL specify the additional authenticated data\n"
|
|
"for block modes that require it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.11",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_ReturnValue = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.ReturnValue",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return the encrypted value of the data\n"
|
|
"using `String` data type as the result of `encrypt` function.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.12",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_Key_Length_InvalidLengthError = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Key.Length.InvalidLengthError",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `key` length is not exact for the `encrypt` function for a given block mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.13",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_InitializationVector_Length_InvalidLengthError = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.InitializationVector.Length.InvalidLengthError",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `iv` length is specified and not of the exact size for the `encrypt` function for a given block mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.14",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_InitializationVector_NotValidForMode = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.InitializationVector.NotValidForMode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `iv` is specified for the `encrypt` function for a mode that does not need it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.15",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_AdditionalAuthenticationData_NotValidForMode = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.AdditionalAuthenticationData.NotValidForMode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `aad` is specified for the `encrypt` function for a mode that does not need it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.16",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_AdditionalAuthenticationData_Length = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.AdditionalAuthenticationData.Length",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL not limit the size of the `aad` parameter passed to the `encrypt` function.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.17",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_NonGCMMode_KeyAndInitializationVector_Length = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.NonGCMMode.KeyAndInitializationVector.Length",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error when the `encrypt` function is called with the following parameter values\n"
|
|
"when using non-GCM modes\n"
|
|
"\n"
|
|
"* `aes-128-cbc` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-192-cbc` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-256-cbc` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-128-cfb1` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-192-cfb1` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-256-cfb1` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-128-cfb8` mode and `key` is not 16 bytes and if specified `iv` is not 16 bytes\n"
|
|
"* `aes-192-cfb8` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-256-cfb8` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-128-cfb128` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-192-cfb128` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-256-cfb128` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-128-ofb` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-192-ofb` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-256-ofb` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-128-ctr` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes\n"
|
|
"* `aes-192-ctr` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes\n"
|
|
"* `aes-256-ctr` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.18",
|
|
)
|
|
|
|
RQ_SRS008_AES_Encrypt_Function_GCMMode_KeyAndInitializationVector_Length = Requirement(
|
|
name="RQ.SRS008.AES.Encrypt.Function.GCMMode.KeyAndInitializationVector.Length",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error when the `encrypt` function is called with the following parameter values\n"
|
|
"when using GCM modes\n"
|
|
"\n"
|
|
"* `aes-128-gcm` mode and `key` is not 16 bytes or `iv` is not specified\n"
|
|
"* `aes-192-gcm` mode and `key` is not 24 bytes or `iv` is not specified\n"
|
|
"* `aes-256-gcm` mode and `key` is not 32 bytes or `iv` is not specified\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.9.19",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `decrypt` function to decrypt data using [AES].\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Syntax = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Syntax",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support the following syntax for the `decrypt` function\n"
|
|
"\n"
|
|
"```sql\n"
|
|
"decrypt(mode, ciphertext, key, [iv, aad])\n"
|
|
"```\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.2",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_CipherText = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.CipherText",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `ciphertext` accepting `FixedString` or `String` data types as\n"
|
|
"the second parameter to the `decrypt` function that SHALL specify the data to be decrypted.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.3",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_Key = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.Key",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `key` with `String` or `FixedString` data types\n"
|
|
"as the third parameter to the `decrypt` function that SHALL specify the encryption key.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.4",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_Mode = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.Mode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `mode` with `String` or `FixedString` data types as the first parameter\n"
|
|
"to the `decrypt` function that SHALL specify encryption key length and block encryption mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.5",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_Mode_ValuesFormat = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.ValuesFormat",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support values of the form `aes-[key length]-[mode]` for the `mode` parameter\n"
|
|
"of the `decrypt` function where\n"
|
|
"the `key_length` SHALL specifies the length of the key and SHALL accept\n"
|
|
"`128`, `192`, or `256` as the values and the `mode` SHALL specify the block encryption\n"
|
|
"mode and SHALL accept [CBC], [CFB128], or [OFB] as well as\n"
|
|
"[CTR] and [GCM] as the values. For example, `aes-256-ofb`.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.6",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_Mode_Value_Invalid = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.Invalid",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the specified value for the `mode` parameter of the `decrypt`\n"
|
|
"function is not valid with the exception where such a mode is supported by the underlying\n"
|
|
"[OpenSSL] implementation.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.7",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_Mode_Values = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Values",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support the following [AES] block encryption modes as the value for the `mode` parameter\n"
|
|
"of the `decrypt` function:\n"
|
|
"\n"
|
|
"* `aes-128-cbc` that SHALL use [CBC] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 192 bit key\n"
|
|
"* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 256 bit key\n"
|
|
"* `aes-128-cfb128` that SHALL use [CFB128] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-cfb128` that SHALL use [CFB128] block mode encryption with 192 bit key\n"
|
|
"* `aes-256-cfb128` that SHALL use [CFB128] block mode encryption with 256 bit key\n"
|
|
"* `aes-128-ofb` that SHALL use [OFB] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-ofb` that SHALL use [OFB] block mode encryption with 192 bit key\n"
|
|
"* `aes-256-ofb` that SHALL use [OFB] block mode encryption with 256 bit key\n"
|
|
"* `aes-128-gcm` that SHALL use [GCM] block mode encryption with 128 bit key\n"
|
|
" and [AEAD] 16-byte tag is expected present at the end of the ciphertext according to\n"
|
|
" the [RFC5116]\n"
|
|
"* `aes-192-gcm` that SHALL use [GCM] block mode encryption with 192 bit key\n"
|
|
" and [AEAD] 16-byte tag is expected present at the end of the ciphertext according to\n"
|
|
" the [RFC5116]\n"
|
|
"* `aes-256-gcm` that SHALL use [GCM] block mode encryption with 256 bit key\n"
|
|
" and [AEAD] 16-byte tag is expected present at the end of the ciphertext according to\n"
|
|
" the [RFC5116]\n"
|
|
"* `aes-128-ctr` that SHALL use [CTR] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-ctr` that SHALL use [CTR] block mode encryption with 192 bit key\n"
|
|
"* `aes-256-ctr` that SHALL use [CTR] block mode encryption with 256 bit key\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.8",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_InitializationVector = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.InitializationVector",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `iv` with `String` or `FixedString` data types as the optional fourth\n"
|
|
"parameter to the `decrypt` function that SHALL specify the initialization vector for block modes that require\n"
|
|
"it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.9",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_AdditionalAuthenticatedData = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.AdditionalAuthenticatedData",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `aad` with `String` or `FixedString` data types as the optional fifth\n"
|
|
"parameter to the `decrypt` function that SHALL specify the additional authenticated data\n"
|
|
"for block modes that require it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.10",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_ReturnValue = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.ReturnValue",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return the decrypted value of the data\n"
|
|
"using `String` data type as the result of `decrypt` function.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.11",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_Key_Length_InvalidLengthError = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Key.Length.InvalidLengthError",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `key` length is not exact for the `decrypt` function for a given block mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.12",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_InitializationVector_Length_InvalidLengthError = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.InitializationVector.Length.InvalidLengthError",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `iv` is specified and the length is not exact for the `decrypt` function for a given block mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.13",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_InitializationVector_NotValidForMode = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.InitializationVector.NotValidForMode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `iv` is specified for the `decrypt` function\n"
|
|
"for a mode that does not need it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.14",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_AdditionalAuthenticationData_NotValidForMode = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.AdditionalAuthenticationData.NotValidForMode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `aad` is specified for the `decrypt` function\n"
|
|
"for a mode that does not need it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.15",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_AdditionalAuthenticationData_Length = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.AdditionalAuthenticationData.Length",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL not limit the size of the `aad` parameter passed to the `decrypt` function.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.16",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_NonGCMMode_KeyAndInitializationVector_Length = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.NonGCMMode.KeyAndInitializationVector.Length",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error when the `decrypt` function is called with the following parameter values\n"
|
|
"when using non-GCM modes\n"
|
|
"\n"
|
|
"* `aes-128-cbc` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-192-cbc` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-256-cbc` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-128-cfb1` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-192-cfb1` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-256-cfb1` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-128-cfb8` mode and `key` is not 16 bytes and if specified `iv` is not 16 bytes\n"
|
|
"* `aes-192-cfb8` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-256-cfb8` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-128-cfb128` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-192-cfb128` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-256-cfb128` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-128-ofb` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-192-ofb` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-256-ofb` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified\n"
|
|
"* `aes-128-ctr` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes\n"
|
|
"* `aes-192-ctr` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes\n"
|
|
"* `aes-256-ctr` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.17",
|
|
)
|
|
|
|
RQ_SRS008_AES_Decrypt_Function_GCMMode_KeyAndInitializationVector_Length = Requirement(
|
|
name="RQ.SRS008.AES.Decrypt.Function.GCMMode.KeyAndInitializationVector.Length",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error when the `decrypt` function is called with the following parameter values\n"
|
|
"when using GCM modes\n"
|
|
"\n"
|
|
"* `aes-128-gcm` mode and `key` is not 16 bytes or `iv` is not specified\n"
|
|
"* `aes-192-gcm` mode and `key` is not 24 bytes or `iv` is not specified\n"
|
|
"* `aes-256-gcm` mode and `key` is not 32 bytes or `iv` is not specified\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.10.18",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `aes_encrypt_mysql` function to encrypt data using [AES].\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Syntax = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Syntax",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support the following syntax for the `aes_encrypt_mysql` function\n"
|
|
"\n"
|
|
"```sql\n"
|
|
"aes_encrypt_mysql(mode, plaintext, key, [iv])\n"
|
|
"```\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.2",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_PlainText = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.PlainText",
|
|
version="2.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `plaintext` with `String`, `FixedString`, `Nullable(String)`,\n"
|
|
"`Nullable(FixedString)`, `LowCardinality(String)`, or `LowCardinality(FixedString(N))` data types as\n"
|
|
"the second parameter to the `aes_encrypt_mysql` function that SHALL specify the data to be encrypted.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.3",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Key = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Key",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `key` with `String` or `FixedString` data types\n"
|
|
"as the third parameter to the `aes_encrypt_mysql` function that SHALL specify the encryption key.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.4",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `mode` with `String` or `FixedString` data types as the first parameter\n"
|
|
"to the `aes_encrypt_mysql` function that SHALL specify encryption key length and block encryption mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.5",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode_ValuesFormat = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.ValuesFormat",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support values of the form `aes-[key length]-[mode]` for the `mode` parameter\n"
|
|
"of the `aes_encrypt_mysql` function where\n"
|
|
"the `key_length` SHALL specifies the length of the key and SHALL accept\n"
|
|
"`128`, `192`, or `256` as the values and the `mode` SHALL specify the block encryption\n"
|
|
"mode and SHALL accept [CBC], [CFB128], or [OFB]. For example, `aes-256-ofb`.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.6",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode_Value_Invalid = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.Invalid",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the specified value for the `mode` parameter of the `aes_encrypt_mysql`\n"
|
|
"function is not valid with the exception where such a mode is supported by the underlying\n"
|
|
"[OpenSSL] implementation.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.7",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode_Values = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support the following [AES] block encryption modes as the value for the `mode` parameter\n"
|
|
"of the `aes_encrypt_mysql` function:\n"
|
|
"\n"
|
|
"* `aes-128-cbc` that SHALL use [CBC] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 192 bit key\n"
|
|
"* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 256 bit key\n"
|
|
"* `aes-128-cfb128` that SHALL use [CFB128] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-cfb128` that SHALL use [CFB128] block mode encryption with 192 bit key\n"
|
|
"* `aes-256-cfb128` that SHALL use [CFB128] block mode encryption with 256 bit key\n"
|
|
"* `aes-128-ofb` that SHALL use [OFB] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-ofb` that SHALL use [OFB] block mode encryption with 192 bit key\n"
|
|
"* `aes-256-ofb` that SHALL use [OFB] block mode encryption with 256 bit key\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.8",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode_Values_GCM_Error = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values.GCM.Error",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if any of the following [GCM] modes are specified as the value \n"
|
|
"for the `mode` parameter of the `aes_encrypt_mysql` function\n"
|
|
"\n"
|
|
"* `aes-128-gcm`\n"
|
|
"* `aes-192-gcm`\n"
|
|
"* `aes-256-gcm`\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.9",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode_Values_CTR_Error = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values.CTR.Error",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if any of the following [CTR] modes are specified as the value \n"
|
|
"for the `mode` parameter of the `aes_encrypt_mysql` function\n"
|
|
"\n"
|
|
"* `aes-128-ctr`\n"
|
|
"* `aes-192-ctr`\n"
|
|
"* `aes-256-ctr`\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.10",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_InitializationVector = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.InitializationVector",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `iv` with `String` or `FixedString` data types as the optional fourth\n"
|
|
"parameter to the `aes_encrypt_mysql` function that SHALL specify the initialization vector for block modes that require\n"
|
|
"it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.11",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_ReturnValue = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.ReturnValue",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return the encrypted value of the data\n"
|
|
"using `String` data type as the result of `aes_encrypt_mysql` function.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.12",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Key_Length_TooShortError = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Key.Length.TooShortError",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `key` length is less than the minimum for the `aes_encrypt_mysql`\n"
|
|
"function for a given block mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.13",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Key_Length_TooLong = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Key.Length.TooLong",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL use folding algorithm specified below if the `key` length is longer than required\n"
|
|
"for the `aes_encrypt_mysql` function for a given block mode.\n"
|
|
"\n"
|
|
"```python\n"
|
|
"def fold_key(key, cipher_key_size):\n"
|
|
" key = list(key) if not isinstance(key, (list, tuple)) else key\n"
|
|
"\t folded_key = key[:cipher_key_size]\n"
|
|
"\t for i in range(cipher_key_size, len(key)):\n"
|
|
"\t\t print(i % cipher_key_size, i)\n"
|
|
"\t\t folded_key[i % cipher_key_size] ^= key[i]\n"
|
|
"\t return folded_key\n"
|
|
"```\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.14",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_InitializationVector_Length_TooShortError = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.Length.TooShortError",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `iv` length is specified and is less than the minimum\n"
|
|
"that is required for the `aes_encrypt_mysql` function for a given block mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.15",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_InitializationVector_Length_TooLong = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.Length.TooLong",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL use the first `N` bytes that are required if the `iv` is specified and\n"
|
|
"its length is longer than required for the `aes_encrypt_mysql` function for a given block mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.16",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_InitializationVector_NotValidForMode = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.NotValidForMode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `iv` is specified for the `aes_encrypt_mysql`\n"
|
|
"function for a mode that does not need it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.17",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Mode_KeyAndInitializationVector_Length = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Mode.KeyAndInitializationVector.Length",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error when the `aes_encrypt_mysql` function is called with the following parameter values\n"
|
|
"\n"
|
|
"* `aes-128-cbc` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-192-cbc` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-256-cbc` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-128-cfb1` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-192-cfb1` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-256-cfb1` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-128-cfb8` mode and `key` is less than 16 bytes and if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-192-cfb8` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-256-cfb8` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-128-cfb128` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-192-cfb128` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-256-cfb128` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-128-ofb` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-192-ofb` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-256-ofb` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.11.18",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `aes_decrypt_mysql` function to decrypt data using [AES].\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.1",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Syntax = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Syntax",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support the following syntax for the `aes_decrypt_mysql` function\n"
|
|
"\n"
|
|
"```sql\n"
|
|
"aes_decrypt_mysql(mode, ciphertext, key, [iv])\n"
|
|
"```\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.2",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_CipherText = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.CipherText",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `ciphertext` accepting any data type as\n"
|
|
"the second parameter to the `aes_decrypt_mysql` function that SHALL specify the data to be decrypted.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.3",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Key = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Key",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `key` with `String` or `FixedString` data types\n"
|
|
"as the third parameter to the `aes_decrypt_mysql` function that SHALL specify the encryption key.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.4",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `mode` with `String` or `FixedString` data types as the first parameter\n"
|
|
"to the `aes_decrypt_mysql` function that SHALL specify encryption key length and block encryption mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.5",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode_ValuesFormat = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.ValuesFormat",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support values of the form `aes-[key length]-[mode]` for the `mode` parameter\n"
|
|
"of the `aes_decrypt_mysql` function where\n"
|
|
"the `key_length` SHALL specifies the length of the key and SHALL accept\n"
|
|
"`128`, `192`, or `256` as the values and the `mode` SHALL specify the block encryption\n"
|
|
"mode and SHALL accept [CBC], [CFB128], or [OFB]. For example, `aes-256-ofb`.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.6",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode_Value_Invalid = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.Invalid",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the specified value for the `mode` parameter of the `aes_decrypt_mysql`\n"
|
|
"function is not valid with the exception where such a mode is supported by the underlying\n"
|
|
"[OpenSSL] implementation.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.7",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode_Values = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support the following [AES] block encryption modes as the value for the `mode` parameter\n"
|
|
"of the `aes_decrypt_mysql` function:\n"
|
|
"\n"
|
|
"* `aes-128-cbc` that SHALL use [CBC] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 192 bit key\n"
|
|
"* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 256 bit key\n"
|
|
"* `aes-128-cfb128` that SHALL use [CFB128] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-cfb128` that SHALL use [CFB128] block mode encryption with 192 bit key\n"
|
|
"* `aes-256-cfb128` that SHALL use [CFB128] block mode encryption with 256 bit key\n"
|
|
"* `aes-128-ofb` that SHALL use [OFB] block mode encryption with 128 bit key\n"
|
|
"* `aes-192-ofb` that SHALL use [OFB] block mode encryption with 192 bit key\n"
|
|
"* `aes-256-ofb` that SHALL use [OFB] block mode encryption with 256 bit key\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.8",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode_Values_GCM_Error = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values.GCM.Error",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if any of the following [GCM] modes are specified as the value \n"
|
|
"for the `mode` parameter of the `aes_decrypt_mysql` function\n"
|
|
"\n"
|
|
"* `aes-128-gcm`\n"
|
|
"* `aes-192-gcm`\n"
|
|
"* `aes-256-gcm`\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.9",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode_Values_CTR_Error = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values.CTR.Error",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if any of the following [CTR] modes are specified as the value \n"
|
|
"for the `mode` parameter of the `aes_decrypt_mysql` function\n"
|
|
"\n"
|
|
"* `aes-128-ctr`\n"
|
|
"* `aes-192-ctr`\n"
|
|
"* `aes-256-ctr`\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.10",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_InitializationVector = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.InitializationVector",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL support `iv` with `String` or `FixedString` data types as the optional fourth\n"
|
|
"parameter to the `aes_decrypt_mysql` function that SHALL specify the initialization vector for block modes that require\n"
|
|
"it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.11",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_ReturnValue = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.ReturnValue",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return the decrypted value of the data\n"
|
|
"using `String` data type as the result of `aes_decrypt_mysql` function.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.12",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Key_Length_TooShortError = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Key.Length.TooShortError",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `key` length is less than the minimum for the `aes_decrypt_mysql`\n"
|
|
"function for a given block mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.13",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Key_Length_TooLong = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Key.Length.TooLong",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL use folding algorithm specified below if the `key` length is longer than required\n"
|
|
"for the `aes_decrypt_mysql` function for a given block mode.\n"
|
|
"\n"
|
|
"```python\n"
|
|
"def fold_key(key, cipher_key_size):\n"
|
|
" key = list(key) if not isinstance(key, (list, tuple)) else key\n"
|
|
"\t folded_key = key[:cipher_key_size]\n"
|
|
"\t for i in range(cipher_key_size, len(key)):\n"
|
|
"\t\t print(i % cipher_key_size, i)\n"
|
|
"\t\t folded_key[i % cipher_key_size] ^= key[i]\n"
|
|
"\t return folded_key\n"
|
|
"```\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.14",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_InitializationVector_Length_TooShortError = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.Length.TooShortError",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `iv` length is specified and is less than the minimum\n"
|
|
"that is required for the `aes_decrypt_mysql` function for a given block mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.15",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_InitializationVector_Length_TooLong = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.Length.TooLong",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL use the first `N` bytes that are required if the `iv` is specified and\n"
|
|
"its length is longer than required for the `aes_decrypt_mysql` function for a given block mode.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.16",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_InitializationVector_NotValidForMode = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.NotValidForMode",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error if the `iv` is specified for the `aes_decrypt_mysql`\n"
|
|
"function for a mode that does not need it.\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.17",
|
|
)
|
|
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Mode_KeyAndInitializationVector_Length = Requirement(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Mode.KeyAndInitializationVector.Length",
|
|
version="1.0",
|
|
priority=None,
|
|
group=None,
|
|
type=None,
|
|
uid=None,
|
|
description=(
|
|
"[ClickHouse] SHALL return an error when the `aes_decrypt_mysql` function is called with the following parameter values\n"
|
|
"\n"
|
|
"* `aes-128-cbc` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-192-cbc` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-256-cbc` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-128-cfb1` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-192-cfb1` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-256-cfb1` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-128-cfb8` mode and `key` is less than 16 bytes and if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-192-cfb8` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-256-cfb8` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-128-cfb128` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-192-cfb128` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-256-cfb128` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-128-ofb` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-192-ofb` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"* `aes-256-ofb` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes\n"
|
|
"\n"
|
|
),
|
|
link=None,
|
|
level=3,
|
|
num="4.12.18",
|
|
)
|
|
|
|
SRS_008_ClickHouse_AES_Encryption_Functions = Specification(
|
|
name="SRS-008 ClickHouse AES Encryption Functions",
|
|
description=None,
|
|
author=None,
|
|
date=None,
|
|
status=None,
|
|
approved_by=None,
|
|
approved_date=None,
|
|
approved_version=None,
|
|
version=None,
|
|
group=None,
|
|
type=None,
|
|
link=None,
|
|
uid=None,
|
|
parent=None,
|
|
children=None,
|
|
headings=(
|
|
Heading(name="Revision History", level=1, num="1"),
|
|
Heading(name="Introduction", level=1, num="2"),
|
|
Heading(name="Terminology", level=1, num="3"),
|
|
Heading(name="AES", level=2, num="3.1"),
|
|
Heading(name="AEAD", level=2, num="3.2"),
|
|
Heading(name="Requirements", level=1, num="4"),
|
|
Heading(name="Generic", level=2, num="4.1"),
|
|
Heading(name="RQ.SRS008.AES.Functions", level=3, num="4.1.1"),
|
|
Heading(name="Compatibility", level=2, num="4.2"),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Functions.Compatibility.MySQL", level=3, num="4.2.1"
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Functions.Compatibility.Dictionaries",
|
|
level=3,
|
|
num="4.2.2",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Functions.Compatibility.Engine.Database.MySQL",
|
|
level=3,
|
|
num="4.2.3",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Functions.Compatibility.Engine.Table.MySQL",
|
|
level=3,
|
|
num="4.2.4",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Functions.Compatibility.TableFunction.MySQL",
|
|
level=3,
|
|
num="4.2.5",
|
|
),
|
|
Heading(name="Different Modes", level=2, num="4.3"),
|
|
Heading(name="RQ.SRS008.AES.Functions.DifferentModes", level=3, num="4.3.1"),
|
|
Heading(name="Multiple Sources", level=2, num="4.4"),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Functions.DataFromMultipleSources", level=3, num="4.4.1"
|
|
),
|
|
Heading(name="Suppressing Sensitive Values", level=2, num="4.5"),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Functions.SuppressOutputOfSensitiveValues",
|
|
level=3,
|
|
num="4.5.1",
|
|
),
|
|
Heading(name="Invalid Parameters", level=2, num="4.6"),
|
|
Heading(name="RQ.SRS008.AES.Functions.InvalidParameters", level=3, num="4.6.1"),
|
|
Heading(name="Mismatched Values", level=2, num="4.7"),
|
|
Heading(name="RQ.SRS008.AES.Functions.Mismatched.Key", level=3, num="4.7.1"),
|
|
Heading(name="RQ.SRS008.AES.Functions.Mismatched.IV", level=3, num="4.7.2"),
|
|
Heading(name="RQ.SRS008.AES.Functions.Mismatched.AAD", level=3, num="4.7.3"),
|
|
Heading(name="RQ.SRS008.AES.Functions.Mismatched.Mode", level=3, num="4.7.4"),
|
|
Heading(name="Performance", level=2, num="4.8"),
|
|
Heading(name="RQ.SRS008.AES.Functions.Check.Performance", level=3, num="4.8.1"),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Function.Check.Performance.BestCase",
|
|
level=3,
|
|
num="4.8.2",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Function.Check.Performance.WorstCase",
|
|
level=3,
|
|
num="4.8.3",
|
|
),
|
|
Heading(name="RQ.SRS008.AES.Functions.Check.Compression", level=3, num="4.8.4"),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Functions.Check.Compression.LowCardinality",
|
|
level=3,
|
|
num="4.8.5",
|
|
),
|
|
Heading(name="Encrypt Function", level=2, num="4.9"),
|
|
Heading(name="RQ.SRS008.AES.Encrypt.Function", level=3, num="4.9.1"),
|
|
Heading(name="RQ.SRS008.AES.Encrypt.Function.Syntax", level=3, num="4.9.2"),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.NIST.TestVectors", level=3, num="4.9.3"
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.PlainText",
|
|
level=3,
|
|
num="4.9.4",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.Key", level=3, num="4.9.5"
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.Mode", level=3, num="4.9.6"
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.ValuesFormat",
|
|
level=3,
|
|
num="4.9.7",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.Invalid",
|
|
level=3,
|
|
num="4.9.8",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Values",
|
|
level=3,
|
|
num="4.9.9",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.InitializationVector",
|
|
level=3,
|
|
num="4.9.10",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.AdditionalAuthenticatedData",
|
|
level=3,
|
|
num="4.9.11",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Parameters.ReturnValue",
|
|
level=3,
|
|
num="4.9.12",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.Key.Length.InvalidLengthError",
|
|
level=3,
|
|
num="4.9.13",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.InitializationVector.Length.InvalidLengthError",
|
|
level=3,
|
|
num="4.9.14",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.InitializationVector.NotValidForMode",
|
|
level=3,
|
|
num="4.9.15",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.AdditionalAuthenticationData.NotValidForMode",
|
|
level=3,
|
|
num="4.9.16",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.AdditionalAuthenticationData.Length",
|
|
level=3,
|
|
num="4.9.17",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.NonGCMMode.KeyAndInitializationVector.Length",
|
|
level=3,
|
|
num="4.9.18",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Encrypt.Function.GCMMode.KeyAndInitializationVector.Length",
|
|
level=3,
|
|
num="4.9.19",
|
|
),
|
|
Heading(name="Decrypt Function", level=2, num="4.10"),
|
|
Heading(name="RQ.SRS008.AES.Decrypt.Function", level=3, num="4.10.1"),
|
|
Heading(name="RQ.SRS008.AES.Decrypt.Function.Syntax", level=3, num="4.10.2"),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.CipherText",
|
|
level=3,
|
|
num="4.10.3",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.Key", level=3, num="4.10.4"
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.Mode", level=3, num="4.10.5"
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.ValuesFormat",
|
|
level=3,
|
|
num="4.10.6",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.Invalid",
|
|
level=3,
|
|
num="4.10.7",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Values",
|
|
level=3,
|
|
num="4.10.8",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.InitializationVector",
|
|
level=3,
|
|
num="4.10.9",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.AdditionalAuthenticatedData",
|
|
level=3,
|
|
num="4.10.10",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Parameters.ReturnValue",
|
|
level=3,
|
|
num="4.10.11",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.Key.Length.InvalidLengthError",
|
|
level=3,
|
|
num="4.10.12",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.InitializationVector.Length.InvalidLengthError",
|
|
level=3,
|
|
num="4.10.13",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.InitializationVector.NotValidForMode",
|
|
level=3,
|
|
num="4.10.14",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.AdditionalAuthenticationData.NotValidForMode",
|
|
level=3,
|
|
num="4.10.15",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.AdditionalAuthenticationData.Length",
|
|
level=3,
|
|
num="4.10.16",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.NonGCMMode.KeyAndInitializationVector.Length",
|
|
level=3,
|
|
num="4.10.17",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.Decrypt.Function.GCMMode.KeyAndInitializationVector.Length",
|
|
level=3,
|
|
num="4.10.18",
|
|
),
|
|
Heading(name="MySQL Encrypt Function", level=2, num="4.11"),
|
|
Heading(name="RQ.SRS008.AES.MySQL.Encrypt.Function", level=3, num="4.11.1"),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Syntax", level=3, num="4.11.2"
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.PlainText",
|
|
level=3,
|
|
num="4.11.3",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Key",
|
|
level=3,
|
|
num="4.11.4",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode",
|
|
level=3,
|
|
num="4.11.5",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.ValuesFormat",
|
|
level=3,
|
|
num="4.11.6",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.Invalid",
|
|
level=3,
|
|
num="4.11.7",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values",
|
|
level=3,
|
|
num="4.11.8",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values.GCM.Error",
|
|
level=3,
|
|
num="4.11.9",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values.CTR.Error",
|
|
level=3,
|
|
num="4.11.10",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.InitializationVector",
|
|
level=3,
|
|
num="4.11.11",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.ReturnValue",
|
|
level=3,
|
|
num="4.11.12",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Key.Length.TooShortError",
|
|
level=3,
|
|
num="4.11.13",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Key.Length.TooLong",
|
|
level=3,
|
|
num="4.11.14",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.Length.TooShortError",
|
|
level=3,
|
|
num="4.11.15",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.Length.TooLong",
|
|
level=3,
|
|
num="4.11.16",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.NotValidForMode",
|
|
level=3,
|
|
num="4.11.17",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Encrypt.Function.Mode.KeyAndInitializationVector.Length",
|
|
level=3,
|
|
num="4.11.18",
|
|
),
|
|
Heading(name="MySQL Decrypt Function", level=2, num="4.12"),
|
|
Heading(name="RQ.SRS008.AES.MySQL.Decrypt.Function", level=3, num="4.12.1"),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Syntax", level=3, num="4.12.2"
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.CipherText",
|
|
level=3,
|
|
num="4.12.3",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Key",
|
|
level=3,
|
|
num="4.12.4",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode",
|
|
level=3,
|
|
num="4.12.5",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.ValuesFormat",
|
|
level=3,
|
|
num="4.12.6",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.Invalid",
|
|
level=3,
|
|
num="4.12.7",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values",
|
|
level=3,
|
|
num="4.12.8",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values.GCM.Error",
|
|
level=3,
|
|
num="4.12.9",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values.CTR.Error",
|
|
level=3,
|
|
num="4.12.10",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.InitializationVector",
|
|
level=3,
|
|
num="4.12.11",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.ReturnValue",
|
|
level=3,
|
|
num="4.12.12",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Key.Length.TooShortError",
|
|
level=3,
|
|
num="4.12.13",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Key.Length.TooLong",
|
|
level=3,
|
|
num="4.12.14",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.Length.TooShortError",
|
|
level=3,
|
|
num="4.12.15",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.Length.TooLong",
|
|
level=3,
|
|
num="4.12.16",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.NotValidForMode",
|
|
level=3,
|
|
num="4.12.17",
|
|
),
|
|
Heading(
|
|
name="RQ.SRS008.AES.MySQL.Decrypt.Function.Mode.KeyAndInitializationVector.Length",
|
|
level=3,
|
|
num="4.12.18",
|
|
),
|
|
Heading(name="References", level=1, num="5"),
|
|
),
|
|
requirements=(
|
|
RQ_SRS008_AES_Functions,
|
|
RQ_SRS008_AES_Functions_Compatibility_MySQL,
|
|
RQ_SRS008_AES_Functions_Compatibility_Dictionaries,
|
|
RQ_SRS008_AES_Functions_Compatibility_Engine_Database_MySQL,
|
|
RQ_SRS008_AES_Functions_Compatibility_Engine_Table_MySQL,
|
|
RQ_SRS008_AES_Functions_Compatibility_TableFunction_MySQL,
|
|
RQ_SRS008_AES_Functions_DifferentModes,
|
|
RQ_SRS008_AES_Functions_DataFromMultipleSources,
|
|
RQ_SRS008_AES_Functions_SuppressOutputOfSensitiveValues,
|
|
RQ_SRS008_AES_Functions_InvalidParameters,
|
|
RQ_SRS008_AES_Functions_Mismatched_Key,
|
|
RQ_SRS008_AES_Functions_Mismatched_IV,
|
|
RQ_SRS008_AES_Functions_Mismatched_AAD,
|
|
RQ_SRS008_AES_Functions_Mismatched_Mode,
|
|
RQ_SRS008_AES_Functions_Check_Performance,
|
|
RQ_SRS008_AES_Function_Check_Performance_BestCase,
|
|
RQ_SRS008_AES_Function_Check_Performance_WorstCase,
|
|
RQ_SRS008_AES_Functions_Check_Compression,
|
|
RQ_SRS008_AES_Functions_Check_Compression_LowCardinality,
|
|
RQ_SRS008_AES_Encrypt_Function,
|
|
RQ_SRS008_AES_Encrypt_Function_Syntax,
|
|
RQ_SRS008_AES_Encrypt_Function_NIST_TestVectors,
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_PlainText,
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_Key,
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_Mode,
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_Mode_ValuesFormat,
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_Mode_Value_Invalid,
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_Mode_Values,
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_InitializationVector,
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_AdditionalAuthenticatedData,
|
|
RQ_SRS008_AES_Encrypt_Function_Parameters_ReturnValue,
|
|
RQ_SRS008_AES_Encrypt_Function_Key_Length_InvalidLengthError,
|
|
RQ_SRS008_AES_Encrypt_Function_InitializationVector_Length_InvalidLengthError,
|
|
RQ_SRS008_AES_Encrypt_Function_InitializationVector_NotValidForMode,
|
|
RQ_SRS008_AES_Encrypt_Function_AdditionalAuthenticationData_NotValidForMode,
|
|
RQ_SRS008_AES_Encrypt_Function_AdditionalAuthenticationData_Length,
|
|
RQ_SRS008_AES_Encrypt_Function_NonGCMMode_KeyAndInitializationVector_Length,
|
|
RQ_SRS008_AES_Encrypt_Function_GCMMode_KeyAndInitializationVector_Length,
|
|
RQ_SRS008_AES_Decrypt_Function,
|
|
RQ_SRS008_AES_Decrypt_Function_Syntax,
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_CipherText,
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_Key,
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_Mode,
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_Mode_ValuesFormat,
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_Mode_Value_Invalid,
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_Mode_Values,
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_InitializationVector,
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_AdditionalAuthenticatedData,
|
|
RQ_SRS008_AES_Decrypt_Function_Parameters_ReturnValue,
|
|
RQ_SRS008_AES_Decrypt_Function_Key_Length_InvalidLengthError,
|
|
RQ_SRS008_AES_Decrypt_Function_InitializationVector_Length_InvalidLengthError,
|
|
RQ_SRS008_AES_Decrypt_Function_InitializationVector_NotValidForMode,
|
|
RQ_SRS008_AES_Decrypt_Function_AdditionalAuthenticationData_NotValidForMode,
|
|
RQ_SRS008_AES_Decrypt_Function_AdditionalAuthenticationData_Length,
|
|
RQ_SRS008_AES_Decrypt_Function_NonGCMMode_KeyAndInitializationVector_Length,
|
|
RQ_SRS008_AES_Decrypt_Function_GCMMode_KeyAndInitializationVector_Length,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Syntax,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_PlainText,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Key,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode_ValuesFormat,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode_Value_Invalid,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode_Values,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode_Values_GCM_Error,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_Mode_Values_CTR_Error,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_InitializationVector,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Parameters_ReturnValue,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Key_Length_TooShortError,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Key_Length_TooLong,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_InitializationVector_Length_TooShortError,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_InitializationVector_Length_TooLong,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_InitializationVector_NotValidForMode,
|
|
RQ_SRS008_AES_MySQL_Encrypt_Function_Mode_KeyAndInitializationVector_Length,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Syntax,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_CipherText,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Key,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode_ValuesFormat,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode_Value_Invalid,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode_Values,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode_Values_GCM_Error,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_Mode_Values_CTR_Error,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_InitializationVector,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Parameters_ReturnValue,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Key_Length_TooShortError,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Key_Length_TooLong,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_InitializationVector_Length_TooShortError,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_InitializationVector_Length_TooLong,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_InitializationVector_NotValidForMode,
|
|
RQ_SRS008_AES_MySQL_Decrypt_Function_Mode_KeyAndInitializationVector_Length,
|
|
),
|
|
content="""
|
|
# SRS-008 ClickHouse AES Encryption Functions
|
|
# Software Requirements Specification
|
|
|
|
## Table of Contents
|
|
|
|
* 1 [Revision History](#revision-history)
|
|
* 2 [Introduction](#introduction)
|
|
* 3 [Terminology](#terminology)
|
|
* 3.1 [AES](#aes)
|
|
* 3.2 [AEAD](#aead)
|
|
* 4 [Requirements](#requirements)
|
|
* 4.1 [Generic](#generic)
|
|
* 4.1.1 [RQ.SRS008.AES.Functions](#rqsrs008aesfunctions)
|
|
* 4.2 [Compatibility](#compatibility)
|
|
* 4.2.1 [RQ.SRS008.AES.Functions.Compatibility.MySQL](#rqsrs008aesfunctionscompatibilitymysql)
|
|
* 4.2.2 [RQ.SRS008.AES.Functions.Compatibility.Dictionaries](#rqsrs008aesfunctionscompatibilitydictionaries)
|
|
* 4.2.3 [RQ.SRS008.AES.Functions.Compatibility.Engine.Database.MySQL](#rqsrs008aesfunctionscompatibilityenginedatabasemysql)
|
|
* 4.2.4 [RQ.SRS008.AES.Functions.Compatibility.Engine.Table.MySQL](#rqsrs008aesfunctionscompatibilityenginetablemysql)
|
|
* 4.2.5 [RQ.SRS008.AES.Functions.Compatibility.TableFunction.MySQL](#rqsrs008aesfunctionscompatibilitytablefunctionmysql)
|
|
* 4.3 [Different Modes](#different-modes)
|
|
* 4.3.1 [RQ.SRS008.AES.Functions.DifferentModes](#rqsrs008aesfunctionsdifferentmodes)
|
|
* 4.4 [Multiple Sources](#multiple-sources)
|
|
* 4.4.1 [RQ.SRS008.AES.Functions.DataFromMultipleSources](#rqsrs008aesfunctionsdatafrommultiplesources)
|
|
* 4.5 [Suppressing Sensitive Values](#suppressing-sensitive-values)
|
|
* 4.5.1 [RQ.SRS008.AES.Functions.SuppressOutputOfSensitiveValues](#rqsrs008aesfunctionssuppressoutputofsensitivevalues)
|
|
* 4.6 [Invalid Parameters](#invalid-parameters)
|
|
* 4.6.1 [RQ.SRS008.AES.Functions.InvalidParameters](#rqsrs008aesfunctionsinvalidparameters)
|
|
* 4.7 [Mismatched Values](#mismatched-values)
|
|
* 4.7.1 [RQ.SRS008.AES.Functions.Mismatched.Key](#rqsrs008aesfunctionsmismatchedkey)
|
|
* 4.7.2 [RQ.SRS008.AES.Functions.Mismatched.IV](#rqsrs008aesfunctionsmismatchediv)
|
|
* 4.7.3 [RQ.SRS008.AES.Functions.Mismatched.AAD](#rqsrs008aesfunctionsmismatchedaad)
|
|
* 4.7.4 [RQ.SRS008.AES.Functions.Mismatched.Mode](#rqsrs008aesfunctionsmismatchedmode)
|
|
* 4.8 [Performance](#performance)
|
|
* 4.8.1 [RQ.SRS008.AES.Functions.Check.Performance](#rqsrs008aesfunctionscheckperformance)
|
|
* 4.8.2 [RQ.SRS008.AES.Function.Check.Performance.BestCase](#rqsrs008aesfunctioncheckperformancebestcase)
|
|
* 4.8.3 [RQ.SRS008.AES.Function.Check.Performance.WorstCase](#rqsrs008aesfunctioncheckperformanceworstcase)
|
|
* 4.8.4 [RQ.SRS008.AES.Functions.Check.Compression](#rqsrs008aesfunctionscheckcompression)
|
|
* 4.8.5 [RQ.SRS008.AES.Functions.Check.Compression.LowCardinality](#rqsrs008aesfunctionscheckcompressionlowcardinality)
|
|
* 4.9 [Encrypt Function](#encrypt-function)
|
|
* 4.9.1 [RQ.SRS008.AES.Encrypt.Function](#rqsrs008aesencryptfunction)
|
|
* 4.9.2 [RQ.SRS008.AES.Encrypt.Function.Syntax](#rqsrs008aesencryptfunctionsyntax)
|
|
* 4.9.3 [RQ.SRS008.AES.Encrypt.Function.NIST.TestVectors](#rqsrs008aesencryptfunctionnisttestvectors)
|
|
* 4.9.4 [RQ.SRS008.AES.Encrypt.Function.Parameters.PlainText](#rqsrs008aesencryptfunctionparametersplaintext)
|
|
* 4.9.5 [RQ.SRS008.AES.Encrypt.Function.Parameters.Key](#rqsrs008aesencryptfunctionparameterskey)
|
|
* 4.9.6 [RQ.SRS008.AES.Encrypt.Function.Parameters.Mode](#rqsrs008aesencryptfunctionparametersmode)
|
|
* 4.9.7 [RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.ValuesFormat](#rqsrs008aesencryptfunctionparametersmodevaluesformat)
|
|
* 4.9.8 [RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.Invalid](#rqsrs008aesencryptfunctionparametersmodevalueinvalid)
|
|
* 4.9.9 [RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Values](#rqsrs008aesencryptfunctionparametersmodevalues)
|
|
* 4.9.10 [RQ.SRS008.AES.Encrypt.Function.Parameters.InitializationVector](#rqsrs008aesencryptfunctionparametersinitializationvector)
|
|
* 4.9.11 [RQ.SRS008.AES.Encrypt.Function.Parameters.AdditionalAuthenticatedData](#rqsrs008aesencryptfunctionparametersadditionalauthenticateddata)
|
|
* 4.9.12 [RQ.SRS008.AES.Encrypt.Function.Parameters.ReturnValue](#rqsrs008aesencryptfunctionparametersreturnvalue)
|
|
* 4.9.13 [RQ.SRS008.AES.Encrypt.Function.Key.Length.InvalidLengthError](#rqsrs008aesencryptfunctionkeylengthinvalidlengtherror)
|
|
* 4.9.14 [RQ.SRS008.AES.Encrypt.Function.InitializationVector.Length.InvalidLengthError](#rqsrs008aesencryptfunctioninitializationvectorlengthinvalidlengtherror)
|
|
* 4.9.15 [RQ.SRS008.AES.Encrypt.Function.InitializationVector.NotValidForMode](#rqsrs008aesencryptfunctioninitializationvectornotvalidformode)
|
|
* 4.9.16 [RQ.SRS008.AES.Encrypt.Function.AdditionalAuthenticationData.NotValidForMode](#rqsrs008aesencryptfunctionadditionalauthenticationdatanotvalidformode)
|
|
* 4.9.17 [RQ.SRS008.AES.Encrypt.Function.AdditionalAuthenticationData.Length](#rqsrs008aesencryptfunctionadditionalauthenticationdatalength)
|
|
* 4.9.18 [RQ.SRS008.AES.Encrypt.Function.NonGCMMode.KeyAndInitializationVector.Length](#rqsrs008aesencryptfunctionnongcmmodekeyandinitializationvectorlength)
|
|
* 4.9.19 [RQ.SRS008.AES.Encrypt.Function.GCMMode.KeyAndInitializationVector.Length](#rqsrs008aesencryptfunctiongcmmodekeyandinitializationvectorlength)
|
|
* 4.10 [Decrypt Function](#decrypt-function)
|
|
* 4.10.1 [RQ.SRS008.AES.Decrypt.Function](#rqsrs008aesdecryptfunction)
|
|
* 4.10.2 [RQ.SRS008.AES.Decrypt.Function.Syntax](#rqsrs008aesdecryptfunctionsyntax)
|
|
* 4.10.3 [RQ.SRS008.AES.Decrypt.Function.Parameters.CipherText](#rqsrs008aesdecryptfunctionparametersciphertext)
|
|
* 4.10.4 [RQ.SRS008.AES.Decrypt.Function.Parameters.Key](#rqsrs008aesdecryptfunctionparameterskey)
|
|
* 4.10.5 [RQ.SRS008.AES.Decrypt.Function.Parameters.Mode](#rqsrs008aesdecryptfunctionparametersmode)
|
|
* 4.10.6 [RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.ValuesFormat](#rqsrs008aesdecryptfunctionparametersmodevaluesformat)
|
|
* 4.10.7 [RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.Invalid](#rqsrs008aesdecryptfunctionparametersmodevalueinvalid)
|
|
* 4.10.8 [RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Values](#rqsrs008aesdecryptfunctionparametersmodevalues)
|
|
* 4.10.9 [RQ.SRS008.AES.Decrypt.Function.Parameters.InitializationVector](#rqsrs008aesdecryptfunctionparametersinitializationvector)
|
|
* 4.10.10 [RQ.SRS008.AES.Decrypt.Function.Parameters.AdditionalAuthenticatedData](#rqsrs008aesdecryptfunctionparametersadditionalauthenticateddata)
|
|
* 4.10.11 [RQ.SRS008.AES.Decrypt.Function.Parameters.ReturnValue](#rqsrs008aesdecryptfunctionparametersreturnvalue)
|
|
* 4.10.12 [RQ.SRS008.AES.Decrypt.Function.Key.Length.InvalidLengthError](#rqsrs008aesdecryptfunctionkeylengthinvalidlengtherror)
|
|
* 4.10.13 [RQ.SRS008.AES.Decrypt.Function.InitializationVector.Length.InvalidLengthError](#rqsrs008aesdecryptfunctioninitializationvectorlengthinvalidlengtherror)
|
|
* 4.10.14 [RQ.SRS008.AES.Decrypt.Function.InitializationVector.NotValidForMode](#rqsrs008aesdecryptfunctioninitializationvectornotvalidformode)
|
|
* 4.10.15 [RQ.SRS008.AES.Decrypt.Function.AdditionalAuthenticationData.NotValidForMode](#rqsrs008aesdecryptfunctionadditionalauthenticationdatanotvalidformode)
|
|
* 4.10.16 [RQ.SRS008.AES.Decrypt.Function.AdditionalAuthenticationData.Length](#rqsrs008aesdecryptfunctionadditionalauthenticationdatalength)
|
|
* 4.10.17 [RQ.SRS008.AES.Decrypt.Function.NonGCMMode.KeyAndInitializationVector.Length](#rqsrs008aesdecryptfunctionnongcmmodekeyandinitializationvectorlength)
|
|
* 4.10.18 [RQ.SRS008.AES.Decrypt.Function.GCMMode.KeyAndInitializationVector.Length](#rqsrs008aesdecryptfunctiongcmmodekeyandinitializationvectorlength)
|
|
* 4.11 [MySQL Encrypt Function](#mysql-encrypt-function)
|
|
* 4.11.1 [RQ.SRS008.AES.MySQL.Encrypt.Function](#rqsrs008aesmysqlencryptfunction)
|
|
* 4.11.2 [RQ.SRS008.AES.MySQL.Encrypt.Function.Syntax](#rqsrs008aesmysqlencryptfunctionsyntax)
|
|
* 4.11.3 [RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.PlainText](#rqsrs008aesmysqlencryptfunctionparametersplaintext)
|
|
* 4.11.4 [RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Key](#rqsrs008aesmysqlencryptfunctionparameterskey)
|
|
* 4.11.5 [RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode](#rqsrs008aesmysqlencryptfunctionparametersmode)
|
|
* 4.11.6 [RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.ValuesFormat](#rqsrs008aesmysqlencryptfunctionparametersmodevaluesformat)
|
|
* 4.11.7 [RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.Invalid](#rqsrs008aesmysqlencryptfunctionparametersmodevalueinvalid)
|
|
* 4.11.8 [RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values](#rqsrs008aesmysqlencryptfunctionparametersmodevalues)
|
|
* 4.11.9 [RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values.GCM.Error](#rqsrs008aesmysqlencryptfunctionparametersmodevaluesgcmerror)
|
|
* 4.11.10 [RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values.CTR.Error](#rqsrs008aesmysqlencryptfunctionparametersmodevaluesctrerror)
|
|
* 4.11.11 [RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.InitializationVector](#rqsrs008aesmysqlencryptfunctionparametersinitializationvector)
|
|
* 4.11.12 [RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.ReturnValue](#rqsrs008aesmysqlencryptfunctionparametersreturnvalue)
|
|
* 4.11.13 [RQ.SRS008.AES.MySQL.Encrypt.Function.Key.Length.TooShortError](#rqsrs008aesmysqlencryptfunctionkeylengthtooshorterror)
|
|
* 4.11.14 [RQ.SRS008.AES.MySQL.Encrypt.Function.Key.Length.TooLong](#rqsrs008aesmysqlencryptfunctionkeylengthtoolong)
|
|
* 4.11.15 [RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.Length.TooShortError](#rqsrs008aesmysqlencryptfunctioninitializationvectorlengthtooshorterror)
|
|
* 4.11.16 [RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.Length.TooLong](#rqsrs008aesmysqlencryptfunctioninitializationvectorlengthtoolong)
|
|
* 4.11.17 [RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.NotValidForMode](#rqsrs008aesmysqlencryptfunctioninitializationvectornotvalidformode)
|
|
* 4.11.18 [RQ.SRS008.AES.MySQL.Encrypt.Function.Mode.KeyAndInitializationVector.Length](#rqsrs008aesmysqlencryptfunctionmodekeyandinitializationvectorlength)
|
|
* 4.12 [MySQL Decrypt Function](#mysql-decrypt-function)
|
|
* 4.12.1 [RQ.SRS008.AES.MySQL.Decrypt.Function](#rqsrs008aesmysqldecryptfunction)
|
|
* 4.12.2 [RQ.SRS008.AES.MySQL.Decrypt.Function.Syntax](#rqsrs008aesmysqldecryptfunctionsyntax)
|
|
* 4.12.3 [RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.CipherText](#rqsrs008aesmysqldecryptfunctionparametersciphertext)
|
|
* 4.12.4 [RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Key](#rqsrs008aesmysqldecryptfunctionparameterskey)
|
|
* 4.12.5 [RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode](#rqsrs008aesmysqldecryptfunctionparametersmode)
|
|
* 4.12.6 [RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.ValuesFormat](#rqsrs008aesmysqldecryptfunctionparametersmodevaluesformat)
|
|
* 4.12.7 [RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.Invalid](#rqsrs008aesmysqldecryptfunctionparametersmodevalueinvalid)
|
|
* 4.12.8 [RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values](#rqsrs008aesmysqldecryptfunctionparametersmodevalues)
|
|
* 4.12.9 [RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values.GCM.Error](#rqsrs008aesmysqldecryptfunctionparametersmodevaluesgcmerror)
|
|
* 4.12.10 [RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values.CTR.Error](#rqsrs008aesmysqldecryptfunctionparametersmodevaluesctrerror)
|
|
* 4.12.11 [RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.InitializationVector](#rqsrs008aesmysqldecryptfunctionparametersinitializationvector)
|
|
* 4.12.12 [RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.ReturnValue](#rqsrs008aesmysqldecryptfunctionparametersreturnvalue)
|
|
* 4.12.13 [RQ.SRS008.AES.MySQL.Decrypt.Function.Key.Length.TooShortError](#rqsrs008aesmysqldecryptfunctionkeylengthtooshorterror)
|
|
* 4.12.14 [RQ.SRS008.AES.MySQL.Decrypt.Function.Key.Length.TooLong](#rqsrs008aesmysqldecryptfunctionkeylengthtoolong)
|
|
* 4.12.15 [RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.Length.TooShortError](#rqsrs008aesmysqldecryptfunctioninitializationvectorlengthtooshorterror)
|
|
* 4.12.16 [RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.Length.TooLong](#rqsrs008aesmysqldecryptfunctioninitializationvectorlengthtoolong)
|
|
* 4.12.17 [RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.NotValidForMode](#rqsrs008aesmysqldecryptfunctioninitializationvectornotvalidformode)
|
|
* 4.12.18 [RQ.SRS008.AES.MySQL.Decrypt.Function.Mode.KeyAndInitializationVector.Length](#rqsrs008aesmysqldecryptfunctionmodekeyandinitializationvectorlength)
|
|
* 5 [References](#references)
|
|
|
|
## Revision History
|
|
|
|
This document is stored in an electronic form using [Git] source control management software
|
|
hosted in a [GitHub Repository].
|
|
All the updates are tracked using the [Revision History].
|
|
|
|
## Introduction
|
|
|
|
Users need an ability to encrypt and decrypt column data with tenant specific keys.
|
|
Use cases include protection of sensitive column values and [GDPR] right to forget policies.
|
|
The implementation will support capabilities of the [MySQL aes_encrypt] and [MySQL aes_decrypt]
|
|
functions which encrypt and decrypt values using the [AES] (Advanced Encryption Standard)
|
|
algorithm. This functionality will enable encryption and decryption of data
|
|
accessed on remote [MySQL] servers via [MySQL Dictionary] or [MySQL Database Engine],
|
|
[MySQL Table Engine], or [MySQL Table Function].
|
|
|
|
## Terminology
|
|
|
|
### AES
|
|
|
|
Advanced Encryption Standard ([AES])
|
|
|
|
### AEAD
|
|
|
|
Authenticated Encryption with Associated Data
|
|
|
|
## Requirements
|
|
|
|
### Generic
|
|
|
|
#### RQ.SRS008.AES.Functions
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support [AES] encryption functions to encrypt and decrypt data.
|
|
|
|
### Compatibility
|
|
|
|
#### RQ.SRS008.AES.Functions.Compatibility.MySQL
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support [AES] encryption functions compatible with [MySQL 5.7].
|
|
|
|
#### RQ.SRS008.AES.Functions.Compatibility.Dictionaries
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support encryption and decryption of data accessed on remote
|
|
[MySQL] servers using [MySQL Dictionary].
|
|
|
|
#### RQ.SRS008.AES.Functions.Compatibility.Engine.Database.MySQL
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support encryption and decryption of data accessed using [MySQL Database Engine],
|
|
|
|
#### RQ.SRS008.AES.Functions.Compatibility.Engine.Table.MySQL
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support encryption and decryption of data accessed using [MySQL Table Engine].
|
|
|
|
#### RQ.SRS008.AES.Functions.Compatibility.TableFunction.MySQL
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support encryption and decryption of data accessed using [MySQL Table Function].
|
|
|
|
### Different Modes
|
|
|
|
#### RQ.SRS008.AES.Functions.DifferentModes
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL allow different modes to be supported in a single SQL statement
|
|
using explicit function parameters.
|
|
|
|
### Multiple Sources
|
|
|
|
#### RQ.SRS008.AES.Functions.DataFromMultipleSources
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support handling encryption and decryption of data from multiple sources
|
|
in the `SELECT` statement, including [ClickHouse] [MergeTree] table as well as [MySQL Dictionary],
|
|
[MySQL Database Engine], [MySQL Table Engine], and [MySQL Table Function]
|
|
with possibly different encryption schemes.
|
|
|
|
### Suppressing Sensitive Values
|
|
|
|
#### RQ.SRS008.AES.Functions.SuppressOutputOfSensitiveValues
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL suppress output of [AES] `string` and `key` parameters to the system log,
|
|
error log, and `query_log` table to prevent leakage of sensitive values.
|
|
|
|
### Invalid Parameters
|
|
|
|
#### RQ.SRS008.AES.Functions.InvalidParameters
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error when parameters are invalid.
|
|
|
|
### Mismatched Values
|
|
|
|
#### RQ.SRS008.AES.Functions.Mismatched.Key
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return garbage for mismatched keys.
|
|
|
|
#### RQ.SRS008.AES.Functions.Mismatched.IV
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return garbage for mismatched initialization vector for the modes that use it.
|
|
|
|
#### RQ.SRS008.AES.Functions.Mismatched.AAD
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return garbage for mismatched additional authentication data for the modes that use it.
|
|
|
|
#### RQ.SRS008.AES.Functions.Mismatched.Mode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error or garbage for mismatched mode.
|
|
|
|
### Performance
|
|
|
|
#### RQ.SRS008.AES.Functions.Check.Performance
|
|
version: 1.0
|
|
|
|
Performance of [AES] encryption functions SHALL be measured.
|
|
|
|
#### RQ.SRS008.AES.Function.Check.Performance.BestCase
|
|
version: 1.0
|
|
|
|
Performance of [AES] encryption functions SHALL be checked for the best case
|
|
scenario where there is one key, one initialization vector, and one large stream of data.
|
|
|
|
#### RQ.SRS008.AES.Function.Check.Performance.WorstCase
|
|
version: 1.0
|
|
|
|
Performance of [AES] encryption functions SHALL be checked for the worst case
|
|
where there are `N` keys, `N` initialization vectors and `N` very small streams of data.
|
|
|
|
#### RQ.SRS008.AES.Functions.Check.Compression
|
|
version: 1.0
|
|
|
|
Effect of [AES] encryption on column compression SHALL be measured.
|
|
|
|
#### RQ.SRS008.AES.Functions.Check.Compression.LowCardinality
|
|
version: 1.0
|
|
|
|
Effect of [AES] encryption on the compression of a column with [LowCardinality] data type
|
|
SHALL be measured.
|
|
|
|
### Encrypt Function
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `encrypt` function to encrypt data using [AES].
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Syntax
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support the following syntax for the `encrypt` function
|
|
|
|
```sql
|
|
encrypt(mode, plaintext, key, [iv, aad])
|
|
```
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.NIST.TestVectors
|
|
version: 1.0
|
|
|
|
[ClickHouse] `encrypt` function output SHALL produce output that matches [NIST test vectors].
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Parameters.PlainText
|
|
version: 2.0
|
|
|
|
[ClickHouse] SHALL support `plaintext` with `String`, `FixedString`, `Nullable(String)`,
|
|
`Nullable(FixedString)`, `LowCardinality(String)`, or `LowCardinality(FixedString(N))` data types as
|
|
the second parameter to the `encrypt` function that SHALL specify the data to be encrypted.
|
|
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Parameters.Key
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `key` with `String` or `FixedString` data types
|
|
as the parameter to the `encrypt` function that SHALL specify the encryption key.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Parameters.Mode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `mode` with `String` or `FixedString` data types as the first parameter
|
|
to the `encrypt` function that SHALL specify encryption key length and block encryption mode.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.ValuesFormat
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support values of the form `aes-[key length]-[mode]` for the `mode` parameter
|
|
of the `encrypt` function where
|
|
the `key_length` SHALL specifies the length of the key and SHALL accept
|
|
`128`, `192`, or `256` as the values and the `mode` SHALL specify the block encryption
|
|
mode and SHALL accept [CBC], [CFB128], or [OFB] as well as
|
|
[CTR] and [GCM] as the values. For example, `aes-256-ofb`.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Value.Invalid
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the specified value for the `mode` parameter of the `encrypt`
|
|
function is not valid with the exception where such a mode is supported by the underlying
|
|
[OpenSSL] implementation.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Parameters.Mode.Values
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support the following [AES] block encryption modes as the value for the `mode` parameter
|
|
of the `encrypt` function:
|
|
|
|
* `aes-128-cbc` that SHALL use [CBC] block mode encryption with 128 bit key
|
|
* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 192 bit key
|
|
* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 256 bit key
|
|
* `aes-128-cfb128` that SHALL use [CFB128] block mode encryption with 128 bit key
|
|
* `aes-192-cfb128` that SHALL use [CFB128] block mode encryption with 192 bit key
|
|
* `aes-256-cfb128` that SHALL use [CFB128] block mode encryption with 256 bit key
|
|
* `aes-128-ofb` that SHALL use [OFB] block mode encryption with 128 bit key
|
|
* `aes-192-ofb` that SHALL use [OFB] block mode encryption with 192 bit key
|
|
* `aes-256-ofb` that SHALL use [OFB] block mode encryption with 256 bit key
|
|
* `aes-128-gcm` that SHALL use [GCM] block mode encryption with 128 bit key
|
|
and [AEAD] 16-byte tag is appended to the resulting ciphertext according to
|
|
the [RFC5116]
|
|
* `aes-192-gcm` that SHALL use [GCM] block mode encryption with 192 bit key
|
|
and [AEAD] 16-byte tag is appended to the resulting ciphertext according to
|
|
the [RFC5116]
|
|
* `aes-256-gcm` that SHALL use [GCM] block mode encryption with 256 bit key
|
|
and [AEAD] 16-byte tag is appended to the resulting ciphertext according to
|
|
the [RFC5116]
|
|
* `aes-128-ctr` that SHALL use [CTR] block mode encryption with 128 bit key
|
|
* `aes-192-ctr` that SHALL use [CTR] block mode encryption with 192 bit key
|
|
* `aes-256-ctr` that SHALL use [CTR] block mode encryption with 256 bit key
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Parameters.InitializationVector
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `iv` with `String` or `FixedString` data types as the optional fourth
|
|
parameter to the `encrypt` function that SHALL specify the initialization vector for block modes that require
|
|
it.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Parameters.AdditionalAuthenticatedData
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `aad` with `String` or `FixedString` data types as the optional fifth
|
|
parameter to the `encrypt` function that SHALL specify the additional authenticated data
|
|
for block modes that require it.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Parameters.ReturnValue
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return the encrypted value of the data
|
|
using `String` data type as the result of `encrypt` function.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.Key.Length.InvalidLengthError
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `key` length is not exact for the `encrypt` function for a given block mode.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.InitializationVector.Length.InvalidLengthError
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `iv` length is specified and not of the exact size for the `encrypt` function for a given block mode.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.InitializationVector.NotValidForMode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `iv` is specified for the `encrypt` function for a mode that does not need it.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.AdditionalAuthenticationData.NotValidForMode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `aad` is specified for the `encrypt` function for a mode that does not need it.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.AdditionalAuthenticationData.Length
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL not limit the size of the `aad` parameter passed to the `encrypt` function.
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.NonGCMMode.KeyAndInitializationVector.Length
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error when the `encrypt` function is called with the following parameter values
|
|
when using non-GCM modes
|
|
|
|
* `aes-128-cbc` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-192-cbc` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-256-cbc` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-128-cfb1` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-192-cfb1` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-256-cfb1` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-128-cfb8` mode and `key` is not 16 bytes and if specified `iv` is not 16 bytes
|
|
* `aes-192-cfb8` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-256-cfb8` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-128-cfb128` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-192-cfb128` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-256-cfb128` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-128-ofb` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-192-ofb` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-256-ofb` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-128-ctr` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes
|
|
* `aes-192-ctr` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes
|
|
* `aes-256-ctr` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes
|
|
|
|
#### RQ.SRS008.AES.Encrypt.Function.GCMMode.KeyAndInitializationVector.Length
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error when the `encrypt` function is called with the following parameter values
|
|
when using GCM modes
|
|
|
|
* `aes-128-gcm` mode and `key` is not 16 bytes or `iv` is not specified
|
|
* `aes-192-gcm` mode and `key` is not 24 bytes or `iv` is not specified
|
|
* `aes-256-gcm` mode and `key` is not 32 bytes or `iv` is not specified
|
|
|
|
### Decrypt Function
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `decrypt` function to decrypt data using [AES].
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Syntax
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support the following syntax for the `decrypt` function
|
|
|
|
```sql
|
|
decrypt(mode, ciphertext, key, [iv, aad])
|
|
```
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Parameters.CipherText
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `ciphertext` accepting `FixedString` or `String` data types as
|
|
the second parameter to the `decrypt` function that SHALL specify the data to be decrypted.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Parameters.Key
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `key` with `String` or `FixedString` data types
|
|
as the third parameter to the `decrypt` function that SHALL specify the encryption key.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Parameters.Mode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `mode` with `String` or `FixedString` data types as the first parameter
|
|
to the `decrypt` function that SHALL specify encryption key length and block encryption mode.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.ValuesFormat
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support values of the form `aes-[key length]-[mode]` for the `mode` parameter
|
|
of the `decrypt` function where
|
|
the `key_length` SHALL specifies the length of the key and SHALL accept
|
|
`128`, `192`, or `256` as the values and the `mode` SHALL specify the block encryption
|
|
mode and SHALL accept [CBC], [CFB128], or [OFB] as well as
|
|
[CTR] and [GCM] as the values. For example, `aes-256-ofb`.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Value.Invalid
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the specified value for the `mode` parameter of the `decrypt`
|
|
function is not valid with the exception where such a mode is supported by the underlying
|
|
[OpenSSL] implementation.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Parameters.Mode.Values
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support the following [AES] block encryption modes as the value for the `mode` parameter
|
|
of the `decrypt` function:
|
|
|
|
* `aes-128-cbc` that SHALL use [CBC] block mode encryption with 128 bit key
|
|
* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 192 bit key
|
|
* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 256 bit key
|
|
* `aes-128-cfb128` that SHALL use [CFB128] block mode encryption with 128 bit key
|
|
* `aes-192-cfb128` that SHALL use [CFB128] block mode encryption with 192 bit key
|
|
* `aes-256-cfb128` that SHALL use [CFB128] block mode encryption with 256 bit key
|
|
* `aes-128-ofb` that SHALL use [OFB] block mode encryption with 128 bit key
|
|
* `aes-192-ofb` that SHALL use [OFB] block mode encryption with 192 bit key
|
|
* `aes-256-ofb` that SHALL use [OFB] block mode encryption with 256 bit key
|
|
* `aes-128-gcm` that SHALL use [GCM] block mode encryption with 128 bit key
|
|
and [AEAD] 16-byte tag is expected present at the end of the ciphertext according to
|
|
the [RFC5116]
|
|
* `aes-192-gcm` that SHALL use [GCM] block mode encryption with 192 bit key
|
|
and [AEAD] 16-byte tag is expected present at the end of the ciphertext according to
|
|
the [RFC5116]
|
|
* `aes-256-gcm` that SHALL use [GCM] block mode encryption with 256 bit key
|
|
and [AEAD] 16-byte tag is expected present at the end of the ciphertext according to
|
|
the [RFC5116]
|
|
* `aes-128-ctr` that SHALL use [CTR] block mode encryption with 128 bit key
|
|
* `aes-192-ctr` that SHALL use [CTR] block mode encryption with 192 bit key
|
|
* `aes-256-ctr` that SHALL use [CTR] block mode encryption with 256 bit key
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Parameters.InitializationVector
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `iv` with `String` or `FixedString` data types as the optional fourth
|
|
parameter to the `decrypt` function that SHALL specify the initialization vector for block modes that require
|
|
it.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Parameters.AdditionalAuthenticatedData
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `aad` with `String` or `FixedString` data types as the optional fifth
|
|
parameter to the `decrypt` function that SHALL specify the additional authenticated data
|
|
for block modes that require it.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Parameters.ReturnValue
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return the decrypted value of the data
|
|
using `String` data type as the result of `decrypt` function.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.Key.Length.InvalidLengthError
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `key` length is not exact for the `decrypt` function for a given block mode.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.InitializationVector.Length.InvalidLengthError
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `iv` is specified and the length is not exact for the `decrypt` function for a given block mode.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.InitializationVector.NotValidForMode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `iv` is specified for the `decrypt` function
|
|
for a mode that does not need it.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.AdditionalAuthenticationData.NotValidForMode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `aad` is specified for the `decrypt` function
|
|
for a mode that does not need it.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.AdditionalAuthenticationData.Length
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL not limit the size of the `aad` parameter passed to the `decrypt` function.
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.NonGCMMode.KeyAndInitializationVector.Length
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error when the `decrypt` function is called with the following parameter values
|
|
when using non-GCM modes
|
|
|
|
* `aes-128-cbc` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-192-cbc` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-256-cbc` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-128-cfb1` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-192-cfb1` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-256-cfb1` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-128-cfb8` mode and `key` is not 16 bytes and if specified `iv` is not 16 bytes
|
|
* `aes-192-cfb8` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-256-cfb8` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-128-cfb128` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-192-cfb128` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-256-cfb128` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-128-ofb` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-192-ofb` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-256-ofb` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes or `aad` is specified
|
|
* `aes-128-ctr` mode and `key` is not 16 bytes or if specified `iv` is not 16 bytes
|
|
* `aes-192-ctr` mode and `key` is not 24 bytes or if specified `iv` is not 16 bytes
|
|
* `aes-256-ctr` mode and `key` is not 32 bytes or if specified `iv` is not 16 bytes
|
|
|
|
#### RQ.SRS008.AES.Decrypt.Function.GCMMode.KeyAndInitializationVector.Length
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error when the `decrypt` function is called with the following parameter values
|
|
when using GCM modes
|
|
|
|
* `aes-128-gcm` mode and `key` is not 16 bytes or `iv` is not specified
|
|
* `aes-192-gcm` mode and `key` is not 24 bytes or `iv` is not specified
|
|
* `aes-256-gcm` mode and `key` is not 32 bytes or `iv` is not specified
|
|
|
|
### MySQL Encrypt Function
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `aes_encrypt_mysql` function to encrypt data using [AES].
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Syntax
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support the following syntax for the `aes_encrypt_mysql` function
|
|
|
|
```sql
|
|
aes_encrypt_mysql(mode, plaintext, key, [iv])
|
|
```
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.PlainText
|
|
version: 2.0
|
|
|
|
[ClickHouse] SHALL support `plaintext` with `String`, `FixedString`, `Nullable(String)`,
|
|
`Nullable(FixedString)`, `LowCardinality(String)`, or `LowCardinality(FixedString(N))` data types as
|
|
the second parameter to the `aes_encrypt_mysql` function that SHALL specify the data to be encrypted.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Key
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `key` with `String` or `FixedString` data types
|
|
as the third parameter to the `aes_encrypt_mysql` function that SHALL specify the encryption key.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `mode` with `String` or `FixedString` data types as the first parameter
|
|
to the `aes_encrypt_mysql` function that SHALL specify encryption key length and block encryption mode.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.ValuesFormat
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support values of the form `aes-[key length]-[mode]` for the `mode` parameter
|
|
of the `aes_encrypt_mysql` function where
|
|
the `key_length` SHALL specifies the length of the key and SHALL accept
|
|
`128`, `192`, or `256` as the values and the `mode` SHALL specify the block encryption
|
|
mode and SHALL accept [CBC], [CFB128], or [OFB]. For example, `aes-256-ofb`.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Value.Invalid
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the specified value for the `mode` parameter of the `aes_encrypt_mysql`
|
|
function is not valid with the exception where such a mode is supported by the underlying
|
|
[OpenSSL] implementation.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support the following [AES] block encryption modes as the value for the `mode` parameter
|
|
of the `aes_encrypt_mysql` function:
|
|
|
|
* `aes-128-cbc` that SHALL use [CBC] block mode encryption with 128 bit key
|
|
* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 192 bit key
|
|
* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 256 bit key
|
|
* `aes-128-cfb128` that SHALL use [CFB128] block mode encryption with 128 bit key
|
|
* `aes-192-cfb128` that SHALL use [CFB128] block mode encryption with 192 bit key
|
|
* `aes-256-cfb128` that SHALL use [CFB128] block mode encryption with 256 bit key
|
|
* `aes-128-ofb` that SHALL use [OFB] block mode encryption with 128 bit key
|
|
* `aes-192-ofb` that SHALL use [OFB] block mode encryption with 192 bit key
|
|
* `aes-256-ofb` that SHALL use [OFB] block mode encryption with 256 bit key
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values.GCM.Error
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if any of the following [GCM] modes are specified as the value
|
|
for the `mode` parameter of the `aes_encrypt_mysql` function
|
|
|
|
* `aes-128-gcm`
|
|
* `aes-192-gcm`
|
|
* `aes-256-gcm`
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.Mode.Values.CTR.Error
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if any of the following [CTR] modes are specified as the value
|
|
for the `mode` parameter of the `aes_encrypt_mysql` function
|
|
|
|
* `aes-128-ctr`
|
|
* `aes-192-ctr`
|
|
* `aes-256-ctr`
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.InitializationVector
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `iv` with `String` or `FixedString` data types as the optional fourth
|
|
parameter to the `aes_encrypt_mysql` function that SHALL specify the initialization vector for block modes that require
|
|
it.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Parameters.ReturnValue
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return the encrypted value of the data
|
|
using `String` data type as the result of `aes_encrypt_mysql` function.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Key.Length.TooShortError
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `key` length is less than the minimum for the `aes_encrypt_mysql`
|
|
function for a given block mode.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Key.Length.TooLong
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL use folding algorithm specified below if the `key` length is longer than required
|
|
for the `aes_encrypt_mysql` function for a given block mode.
|
|
|
|
```python
|
|
def fold_key(key, cipher_key_size):
|
|
key = list(key) if not isinstance(key, (list, tuple)) else key
|
|
folded_key = key[:cipher_key_size]
|
|
for i in range(cipher_key_size, len(key)):
|
|
print(i % cipher_key_size, i)
|
|
folded_key[i % cipher_key_size] ^= key[i]
|
|
return folded_key
|
|
```
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.Length.TooShortError
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `iv` length is specified and is less than the minimum
|
|
that is required for the `aes_encrypt_mysql` function for a given block mode.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.Length.TooLong
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL use the first `N` bytes that are required if the `iv` is specified and
|
|
its length is longer than required for the `aes_encrypt_mysql` function for a given block mode.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.InitializationVector.NotValidForMode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `iv` is specified for the `aes_encrypt_mysql`
|
|
function for a mode that does not need it.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Encrypt.Function.Mode.KeyAndInitializationVector.Length
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error when the `aes_encrypt_mysql` function is called with the following parameter values
|
|
|
|
* `aes-128-cbc` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-192-cbc` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-256-cbc` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-128-cfb1` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-192-cfb1` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-256-cfb1` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-128-cfb8` mode and `key` is less than 16 bytes and if specified `iv` is less than 16 bytes
|
|
* `aes-192-cfb8` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-256-cfb8` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-128-cfb128` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-192-cfb128` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-256-cfb128` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-128-ofb` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-192-ofb` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-256-ofb` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes
|
|
|
|
### MySQL Decrypt Function
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `aes_decrypt_mysql` function to decrypt data using [AES].
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Syntax
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support the following syntax for the `aes_decrypt_mysql` function
|
|
|
|
```sql
|
|
aes_decrypt_mysql(mode, ciphertext, key, [iv])
|
|
```
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.CipherText
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `ciphertext` accepting any data type as
|
|
the second parameter to the `aes_decrypt_mysql` function that SHALL specify the data to be decrypted.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Key
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `key` with `String` or `FixedString` data types
|
|
as the third parameter to the `aes_decrypt_mysql` function that SHALL specify the encryption key.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `mode` with `String` or `FixedString` data types as the first parameter
|
|
to the `aes_decrypt_mysql` function that SHALL specify encryption key length and block encryption mode.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.ValuesFormat
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support values of the form `aes-[key length]-[mode]` for the `mode` parameter
|
|
of the `aes_decrypt_mysql` function where
|
|
the `key_length` SHALL specifies the length of the key and SHALL accept
|
|
`128`, `192`, or `256` as the values and the `mode` SHALL specify the block encryption
|
|
mode and SHALL accept [CBC], [CFB128], or [OFB]. For example, `aes-256-ofb`.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Value.Invalid
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the specified value for the `mode` parameter of the `aes_decrypt_mysql`
|
|
function is not valid with the exception where such a mode is supported by the underlying
|
|
[OpenSSL] implementation.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support the following [AES] block encryption modes as the value for the `mode` parameter
|
|
of the `aes_decrypt_mysql` function:
|
|
|
|
* `aes-128-cbc` that SHALL use [CBC] block mode encryption with 128 bit key
|
|
* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 192 bit key
|
|
* `aes-192-cbc` that SHALL use [CBC] block mode encryption with 256 bit key
|
|
* `aes-128-cfb128` that SHALL use [CFB128] block mode encryption with 128 bit key
|
|
* `aes-192-cfb128` that SHALL use [CFB128] block mode encryption with 192 bit key
|
|
* `aes-256-cfb128` that SHALL use [CFB128] block mode encryption with 256 bit key
|
|
* `aes-128-ofb` that SHALL use [OFB] block mode encryption with 128 bit key
|
|
* `aes-192-ofb` that SHALL use [OFB] block mode encryption with 192 bit key
|
|
* `aes-256-ofb` that SHALL use [OFB] block mode encryption with 256 bit key
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values.GCM.Error
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if any of the following [GCM] modes are specified as the value
|
|
for the `mode` parameter of the `aes_decrypt_mysql` function
|
|
|
|
* `aes-128-gcm`
|
|
* `aes-192-gcm`
|
|
* `aes-256-gcm`
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.Mode.Values.CTR.Error
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if any of the following [CTR] modes are specified as the value
|
|
for the `mode` parameter of the `aes_decrypt_mysql` function
|
|
|
|
* `aes-128-ctr`
|
|
* `aes-192-ctr`
|
|
* `aes-256-ctr`
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.InitializationVector
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL support `iv` with `String` or `FixedString` data types as the optional fourth
|
|
parameter to the `aes_decrypt_mysql` function that SHALL specify the initialization vector for block modes that require
|
|
it.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Parameters.ReturnValue
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return the decrypted value of the data
|
|
using `String` data type as the result of `aes_decrypt_mysql` function.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Key.Length.TooShortError
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `key` length is less than the minimum for the `aes_decrypt_mysql`
|
|
function for a given block mode.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Key.Length.TooLong
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL use folding algorithm specified below if the `key` length is longer than required
|
|
for the `aes_decrypt_mysql` function for a given block mode.
|
|
|
|
```python
|
|
def fold_key(key, cipher_key_size):
|
|
key = list(key) if not isinstance(key, (list, tuple)) else key
|
|
folded_key = key[:cipher_key_size]
|
|
for i in range(cipher_key_size, len(key)):
|
|
print(i % cipher_key_size, i)
|
|
folded_key[i % cipher_key_size] ^= key[i]
|
|
return folded_key
|
|
```
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.Length.TooShortError
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `iv` length is specified and is less than the minimum
|
|
that is required for the `aes_decrypt_mysql` function for a given block mode.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.Length.TooLong
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL use the first `N` bytes that are required if the `iv` is specified and
|
|
its length is longer than required for the `aes_decrypt_mysql` function for a given block mode.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.InitializationVector.NotValidForMode
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error if the `iv` is specified for the `aes_decrypt_mysql`
|
|
function for a mode that does not need it.
|
|
|
|
#### RQ.SRS008.AES.MySQL.Decrypt.Function.Mode.KeyAndInitializationVector.Length
|
|
version: 1.0
|
|
|
|
[ClickHouse] SHALL return an error when the `aes_decrypt_mysql` function is called with the following parameter values
|
|
|
|
* `aes-128-cbc` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-192-cbc` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-256-cbc` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-128-cfb1` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-192-cfb1` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-256-cfb1` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-128-cfb8` mode and `key` is less than 16 bytes and if specified `iv` is less than 16 bytes
|
|
* `aes-192-cfb8` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-256-cfb8` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-128-cfb128` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-192-cfb128` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-256-cfb128` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-128-ofb` mode and `key` is less than 16 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-192-ofb` mode and `key` is less than 24 bytes or if specified `iv` is less than 16 bytes
|
|
* `aes-256-ofb` mode and `key` is less than 32 bytes or if specified `iv` is less than 16 bytes
|
|
|
|
## References
|
|
|
|
* **GDPR:** https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
|
|
* **MySQL:** https://www.mysql.com/
|
|
* **AES:** https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
|
|
* **ClickHouse:** https://clickhouse.com
|
|
* **Git:** https://git-scm.com/
|
|
|
|
[AEAD]: #aead
|
|
[OpenSSL]: https://www.openssl.org/
|
|
[LowCardinality]: https://clickhouse.com/docs/en/sql-reference/data-types/lowcardinality/
|
|
[MergeTree]: https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree/
|
|
[MySQL Database Engine]: https://clickhouse.com/docs/en/engines/database-engines/mysql/
|
|
[MySQL Table Engine]: https://clickhouse.com/docs/en/engines/table-engines/integrations/mysql/
|
|
[MySQL Table Function]: https://clickhouse.com/docs/en/sql-reference/table-functions/mysql/
|
|
[MySQL Dictionary]: https://clickhouse.com/docs/en/sql-reference/dictionaries/external-dictionaries/external-dicts-dict-sources/#dicts-external_dicts_dict_sources-mysql
|
|
[GCM]: https://en.wikipedia.org/wiki/Galois/Counter_Mode
|
|
[CTR]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)
|
|
[CBC]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_block_chaining_(CBC)
|
|
[CFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)
|
|
[CFB128]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)
|
|
[OFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Output_feedback_(OFB)
|
|
[GDPR]: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
|
|
[RFC5116]: https://tools.ietf.org/html/rfc5116#section-5.1
|
|
[MySQL]: https://www.mysql.com/
|
|
[MySQL 5.7]: https://dev.mysql.com/doc/refman/5.7/en/
|
|
[MySQL aes_encrypt]: https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_aes-encrypt
|
|
[MySQL aes_decrypt]: https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_aes-decrypt
|
|
[AES]: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
|
|
[ClickHouse]: https://clickhouse.com
|
|
[GitHub repository]: https://github.com/ClickHouse/ClickHouse/blob/master/tests/testflows/aes_encryption/requirements/requirements.md
|
|
[Revision history]: https://github.com/ClickHouse/ClickHouse/commits/master/tests/testflows/aes_encryption/requirements/requirements.md
|
|
[Git]: https://git-scm.com/
|
|
[NIST test vectors]: https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program
|
|
""",
|
|
)
|