Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
a2cafe2c
Commit
a2cafe2c
authored
Nov 26, 2001
by
unknown
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
des_encrypt()/des_decrypt() are now ASCII protected and pass testsuite
parent
7fbb09f4
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
122 additions
and
64 deletions
+122
-64
mysql-test/r/func_encrypt.result
mysql-test/r/func_encrypt.result
+0
-0
mysql-test/t/func_encrypt.test
mysql-test/t/func_encrypt.test
+46
-0
sql/item_strfunc.cc
sql/item_strfunc.cc
+74
-62
sql/item_strfunc.h
sql/item_strfunc.h
+2
-2
No files found.
mysql-test/r/func_encrypt.result
0 → 100644
View file @
a2cafe2c
File added
mysql-test/t/func_encrypt.test
0 → 100644
View file @
a2cafe2c
--
source
include
/
have_openssl
.
inc
use
test
;
drop
table
if
exists
x
;
create
table
x
(
x
blob
);
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'a'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'a'
));
insert
into
x
values
(
des_encrypt
(
'ab'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'ab'
));
insert
into
x
values
(
des_encrypt
(
'abc'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'abc'
));
insert
into
x
values
(
des_encrypt
(
'abcd'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'abcd'
));
insert
into
x
values
(
des_encrypt
(
'abcde'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'abcde'
));
insert
into
x
values
(
des_encrypt
(
'abcdef'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'abcdef'
));
insert
into
x
values
(
des_encrypt
(
'abcdefg'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'abcdefg'
));
insert
into
x
values
(
des_encrypt
(
'abcdefgh'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'abcdefgh'
));
insert
into
x
values
(
des_encrypt
(
'abcdefghi'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'abcdefghi'
));
insert
into
x
values
(
des_encrypt
(
'abcdefghij'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'abcdefghij'
));
insert
into
x
values
(
des_encrypt
(
'abcdefghijk'
,
'The quick red fox jumped over the lazy brown dog'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'abcdefghijk'
));
insert
into
x
values
(
des_encrypt
(
'The quick red fox jumped over the lazy brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'quick red fox jumped over the lazy brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'red fox jumped over the lazy brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'fox jumped over the lazy brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'jumped over the lazy brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'over the lazy brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'the lazy brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'lazy brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'jumped over the lazy brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'jumped over the lazy brown dog'
,
'sabakala'
));
insert
into
x
values
(
des_encrypt
(
'jumped over the lazy brown dog'
,
'sabakala'
));
select
*
from
x
;
select
des_decrypt
(
x
,
'sabakala'
)
from
x
;
#drop table x;
sql/item_strfunc.cc
View file @
a2cafe2c
...
@@ -204,56 +204,65 @@ void Item_func_concat::fix_length_and_dec()
...
@@ -204,56 +204,65 @@ void Item_func_concat::fix_length_and_dec()
#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
#define ascii_to_bin(c) ((c)<=57 ? (c)-46 : (c)<=90 ? (c)-53 : (c)-59)
#define ascii_to_bin(c) ((c)<=57 ? (c)-46 : (c)<=90 ? (c)-53 : (c)-59)
/*
Function des_encrypt() by tonu@spam.ee
Works only if compiled with OpenSSL library support.
Output always starts with magic char "1" and all
encrypted output is encoded into ASCII-protected
container.
Original input is returned as output if input string
begins with magic "1". Credit card number always begin
with 4,5 or 6.
Encryption result is longer than original by formula:
new_length=(8-(original_length % 8))*2+1
*/
String
*
Item_func_des_encrypt
::
val_str
(
String
*
str
)
String
*
Item_func_des_encrypt
::
val_str
(
String
*
str
)
{
{
String
*
res
=
args
[
0
]
->
val_str
(
str
);
String
*
res
=
args
[
0
]
->
val_str
(
str
);
#ifdef HAVE_OPENSSL
#ifdef HAVE_OPENSSL
des_key_schedule
ks1
,
ks2
,
ks3
;
des_key_schedule
ks1
,
ks2
,
ks3
;
des_cblock
ivec
=
{
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
};
des_cblock
ivec
=
{
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
};
union
{
struct
{
des_cblock
allkeys
[
3
];
// 24 bytes (168 bits) total
des_cblock
key1
,
key2
,
key3
;
// 8 bytes each
des_cblock
key1
,
key2
,
key3
;
// 8 bytes each
}
key
;
}
key
block
;
if
((
null_value
=
args
[
0
]
->
null_value
))
if
((
null_value
=
args
[
0
]
->
null_value
))
return
0
;
return
0
;
if
(
res
->
length
()
==
0
)
if
(
res
->
length
()
==
0
)
return
&
empty_string
;
return
&
empty_string
;
if
(
res
->
c_ptr
()[
0
]
!=
'1'
)
{
// Skip encryption if already encrypted
String
*
keystr
=
args
[
1
]
->
val_str
(
&
tmp_value
);
String
*
keystr
=
args
[
1
]
->
val_str
(
&
tmp_value
);
int32
mode
=
0
;
/* We make good 24-byte (168 bit) key from given plaintext key with MD5 */
if
(
arg_count
==
3
&&
!
args
[
2
]
->
null_value
)
EVP_BytesToKey
(
EVP_des_ede3_cbc
(),
EVP_md5
(),
NULL
,
mode
=
args
[
2
]
->
val_int
();
// We make good 24-byte (168 bit) key from given plaintext key with MD5
EVP_BytesToKey
(
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
),
EVP_md5
(),
NULL
,
(
uchar
*
)
keystr
->
c_ptr
(),
(
uchar
*
)
keystr
->
c_ptr
(),
keystr
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
(
int
)
keystr
->
length
(),
1
,(
uchar
*
)
&
keyblock
,
ivec
);
// Here we set all 64-bit (56 actually) one by one
des_set_key_unchecked
(
&
keyblock
.
key1
,
ks1
);
// Here we set all 64-bit keys
des_set_key_unchecked
(
&
key
.
key1
,
ks1
);
des_set_key_unchecked
(
&
keyblock
.
key2
,
ks2
);
// (56 effective) one by one
des_set_key_unchecked
(
&
key
.
key2
,
ks2
);
des_set_key_unchecked
(
&
keyblock
.
key3
,
ks3
);
des_set_key_unchecked
(
&
key
.
key3
,
ks3
);
/*
/* The problem: DES algorithm requires original data to be in 8-bytes
The problem: DES algorithm requires original data to be in 8-bytes
* chunks. Missing bytes get filled with zeros and result of encryption
chunks. Missing bytes get filled with zeros and result of encryption
* can be up to 7 bytes longer than original string. When decrypted,
can be up to 7 bytes longer than original string. When decrypted,
* we do not know the size of original string :(
we do not know the size of original string :(
* We add one byte with value 0x0..0x7 to original plaintext marking
We add one byte with value 0x0..0x7 to original plaintext marking
* change of string length */
change of string length
uchar
tail
=
8
-
(
res
->
length
()
%
8
);
// 1..8
*/
for
(
int
i
=
0
;
i
<
(
tail
-
1
)
;
++
i
)
res
->
append
(
'*'
);
uchar
tail
=
7
-
(
res
->
length
()
%
8
);
// 0..7 marking real offsets 1..8
res
->
append
(
tail
-
1
);
// Write tail length 0..7 to last pos
for
(
int
i
=
0
;
i
<
tail
;
++
i
)
res
->
append
(
'*'
);
// Real encryption
res
->
append
(
tail
);
// Write tail length 0..7 to last pos
des_ede3_cbc_encrypt
(
str
->
length
(
res
->
length
());
des_ede3_cbc_encrypt
(
// Real encryption
(
const
uchar
*
)(
res
->
c_ptr
()),
(
const
uchar
*
)(
res
->
c_ptr
()),
(
uchar
*
)(
res
->
c_ptr
()),
(
uchar
*
)(
str
->
c_ptr
()),
res
->
length
(),
ks1
,
ks2
,
ks3
,
&
ivec
,
TRUE
);
res
->
length
(),
ks1
,
ks2
,
ks3
,
&
ivec
,
TRUE
);
if
(
mode
)
{
res
->
set
((
const
char
*
)
"1"
,(
uint
)
1
);
// In case of ASCII mode we should convert binary string into ASCII
for
(
uint
i
=
0
;
i
<
str
->
length
()
;
++
i
)
str
->
set
((
const
char
*
)
0
,(
uint
)
0
);
{
for
(
uint
i
=
0
;
i
<
res
->
length
()
;
++
i
)
{
res
->
append
(
bin_to_ascii
((
uchar
)
str
->
c_ptr
()[
i
]
&
0x3f
));
str
->
append
(
bin_to_ascii
((
uchar
)
res
->
c_ptr
()[
i
]
&
0x3f
));
res
->
append
(
bin_to_ascii
(((
uchar
)
str
->
c_ptr
()[
i
]
>>
5
)
&
0x3f
));
str
->
append
(
bin_to_ascii
(((
uchar
)
res
->
c_ptr
()[
i
]
>>
5
)
&
0x3f
));
}
}
}
return
str
;
}
else
return
res
;
return
res
;
#else
#else
null_value
=
1
;
null_value
=
1
;
...
@@ -267,43 +276,46 @@ String *Item_func_des_decrypt::val_str(String *str)
...
@@ -267,43 +276,46 @@ String *Item_func_des_decrypt::val_str(String *str)
#ifdef HAVE_OPENSSL
#ifdef HAVE_OPENSSL
des_key_schedule
ks1
,
ks2
,
ks3
;
des_key_schedule
ks1
,
ks2
,
ks3
;
des_cblock
ivec
=
{
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
};
des_cblock
ivec
=
{
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
};
union
{
struct
{
des_cblock
allkeys
[
3
];
// 24 bytes total
des_cblock
key1
,
key2
,
key3
;
// 8 bytes each
des_cblock
key1
,
key2
,
key3
;
// 8 bytes each
}
key
;
}
keyblock
;
if
((
null_value
=
args
[
0
]
->
null_value
))
if
((
null_value
=
args
[
0
]
->
null_value
))
return
0
;
return
0
;
if
(
res
->
length
()
==
0
)
if
(
res
->
length
()
==
0
)
return
&
empty_string
;
return
&
empty_string
;
if
(
res
->
c_ptr
()[
0
]
==
'1'
)
// Skip decryption if not encrypted
{
str
->
set
((
const
char
*
)
0
,(
uint
)
0
);
for
(
uint
i
=
1
;
i
<
res
->
length
()
;
i
+=
2
)
{
str
->
append
((
ascii_to_bin
(
res
->
c_ptr
()[
i
]))
|
(
ascii_to_bin
(
res
->
c_ptr
()[
i
+
1
])
<<
5
));
}
String
*
keystr
=
args
[
1
]
->
val_str
(
&
tmp_value
);
String
*
keystr
=
args
[
1
]
->
val_str
(
&
tmp_value
);
int32
mode
=
0
;
int32
mode
=
0
;
if
(
arg_count
==
3
&&
!
args
[
2
]
->
null_value
)
if
(
arg_count
==
3
&&
!
args
[
2
]
->
null_value
)
mode
=
args
[
2
]
->
val_int
();
mode
=
args
[
2
]
->
val_int
();
// We make good 24-byte (168 bit) key from given plaintext key with MD5
/* We make good 24-byte (168 bit) key from given plaintext key with MD5 */
EVP_BytesToKey
(
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
),
EVP_md5
(),
NULL
,
EVP_BytesToKey
(
EVP_des_ede3_cbc
(
),
EVP_md5
(),
NULL
,
(
uchar
*
)
keystr
->
c_ptr
(),
(
uchar
*
)
keystr
->
c_ptr
(),
keystr
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
(
int
)
keystr
->
length
(),
1
,(
uchar
*
)
&
keyblock
,
ivec
);
// Here we set all 64-bit keys (56 effective) one by one
des_set_key_unchecked
(
&
keyblock
.
key1
,
ks1
);
// Here we set all 64-bit keys
des_set_key_unchecked
(
&
key
.
key1
,
ks1
);
des_set_key_unchecked
(
&
keyblock
.
key2
,
ks2
);
// (56 effective) one by one
des_set_key_unchecked
(
&
key
.
key2
,
ks2
);
des_set_key_unchecked
(
&
keyblock
.
key3
,
ks3
);
des_set_key_unchecked
(
&
key
.
key3
,
ks3
);
res
->
length
(
str
->
length
());
str
->
set
((
const
char
*
)
0
,(
uint
)
0
);
des_ede3_cbc_encrypt
(
// Real decryption
if
(
mode
)
{
for
(
uint
i
=
0
;
i
<
res
->
length
()
;
i
+=
2
)
{
str
->
append
((
ascii_to_bin
(
res
->
c_ptr
()[
i
]))
|
(
ascii_to_bin
(
res
->
c_ptr
()[
i
+
1
])
<<
5
));
}
}
else
str
->
copy
(
res
->
c_ptr
());
// Real decryption
des_ede3_cbc_encrypt
(
(
const
uchar
*
)(
str
->
c_ptr
()),
(
const
uchar
*
)(
str
->
c_ptr
()),
(
uchar
*
)(
res
->
c_ptr
()),
(
uchar
*
)(
res
->
c_ptr
()),
str
->
length
(),
str
->
length
(),
ks1
,
ks2
,
ks3
,
&
ivec
,
FALSE
);
ks1
,
ks2
,
ks3
,
&
ivec
,
FALSE
);
uchar
tail
=
(
res
->
c_ptr
()[
str
->
length
()
-
1
])
&
0x7
;
uchar
tail
=
(
res
->
c_ptr
()[
res
->
length
()
-
1
])
&
0x7
;
res
->
length
(
str
->
length
()
-
tail
-
1
);
if
((
res
->
length
()
>
((
uint
)
1
+
tail
)))
// We should avoid negative length
res
->
length
(
res
->
length
()
-
1
-
tail
);
// (can happen with wrong key)
}
return
res
;
return
res
;
#else
#else
null_value
=
1
;
null_value
=
1
;
...
...
sql/item_strfunc.h
View file @
a2cafe2c
...
@@ -230,7 +230,7 @@ class Item_func_des_encrypt :public Item_str_func
...
@@ -230,7 +230,7 @@ class Item_func_des_encrypt :public Item_str_func
Item_func_des_encrypt
(
Item
*
a
,
Item
*
b
)
:
Item_str_func
(
a
,
b
)
{}
Item_func_des_encrypt
(
Item
*
a
,
Item
*
b
)
:
Item_str_func
(
a
,
b
)
{}
Item_func_des_encrypt
(
Item
*
a
,
Item
*
b
,
Item
*
c
)
:
Item_str_func
(
a
,
b
,
c
)
{}
Item_func_des_encrypt
(
Item
*
a
,
Item
*
b
,
Item
*
c
)
:
Item_str_func
(
a
,
b
,
c
)
{}
String
*
val_str
(
String
*
);
String
*
val_str
(
String
*
);
void
fix_length_and_dec
()
{
maybe_null
=
1
;
max_length
=
13
;
}
void
fix_length_and_dec
()
{
maybe_null
=
1
;
max_length
=
args
[
0
]
->
max_length
;
}
const
char
*
func_name
()
const
{
return
"des_encrypt"
;
}
const
char
*
func_name
()
const
{
return
"des_encrypt"
;
}
};
};
...
@@ -242,7 +242,7 @@ class Item_func_des_decrypt :public Item_str_func
...
@@ -242,7 +242,7 @@ class Item_func_des_decrypt :public Item_str_func
Item_func_des_decrypt
(
Item
*
a
,
Item
*
b
)
:
Item_str_func
(
a
,
b
)
{}
Item_func_des_decrypt
(
Item
*
a
,
Item
*
b
)
:
Item_str_func
(
a
,
b
)
{}
Item_func_des_decrypt
(
Item
*
a
,
Item
*
b
,
Item
*
c
)
:
Item_str_func
(
a
,
b
,
c
)
{}
Item_func_des_decrypt
(
Item
*
a
,
Item
*
b
,
Item
*
c
)
:
Item_str_func
(
a
,
b
,
c
)
{}
String
*
val_str
(
String
*
);
String
*
val_str
(
String
*
);
void
fix_length_and_dec
()
{
maybe_null
=
1
;
max_length
=
13
;
}
void
fix_length_and_dec
()
{
maybe_null
=
1
;
max_length
=
args
[
0
]
->
max_length
;
}
const
char
*
func_name
()
const
{
return
"des_decrypt"
;
}
const
char
*
func_name
()
const
{
return
"des_decrypt"
;
}
};
};
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment