Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
8706dde5
Commit
8706dde5
authored
Nov 09, 2001
by
tonu@volk.internalnet
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
des_encrypt()/des_decrypt() work much better now
parent
13f16b44
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
70 additions
and
81 deletions
+70
-81
sql/item_strfunc.cc
sql/item_strfunc.cc
+60
-79
sql/item_strfunc.h
sql/item_strfunc.h
+4
-0
sql/sql_yacc.yy
sql/sql_yacc.yy
+6
-2
No files found.
sql/item_strfunc.cc
View file @
8706dde5
...
...
@@ -202,127 +202,109 @@ void Item_func_concat::fix_length_and_dec()
}
#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
#define ascii_to_bin(c) ((c)<=57 ? (c)-46 : (c)<=90 ? (c)-53 : (c)-59)
String
*
Item_func_des_encrypt
::
val_str
(
String
*
str
)
{
String
*
res
=
args
[
0
]
->
val_str
(
str
);
#ifdef HAVE_OPENSSL
des_key_schedule
ks1
,
ks2
,
ks3
;
des_cblock
ivec
=
{
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
};
union
{
des_cblock
allkeys
[
3
];
des_cblock
key1
;
des_cblock
key2
;
des_cblock
key3
;
des_cblock
allkeys
[
3
];
// 24 bytes (168 bits) total
des_cblock
key1
,
key2
,
key3
;
// 8 bytes each
}
key
;
if
((
null_value
=
args
[
0
]
->
null_value
))
return
0
;
if
(
res
->
length
()
==
0
)
return
&
empty_string
;
String
*
in_
str
=
args
[
1
]
->
val_str
(
&
tmp_value
);
char
*
tmp
=
my_malloc
(
res
->
length
()
+
8
,
MYF
(
0
));
DBUG_PRINT
(
"info"
,(
"DES: key string='%s'"
,
in_str
->
c_ptr
()));
DBUG_PRINT
(
"info"
,(
"DES: data string='%s'"
,
res
->
c_ptr
())
);
DBUG_PRINT
(
"info"
,(
"DES: cipher pointer='%x'"
,
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
)));
String
*
key
str
=
args
[
1
]
->
val_str
(
&
tmp_value
);
int32
mode
=
0
;
if
(
arg_count
==
3
&&
!
args
[
2
]
->
null_value
)
mode
=
args
[
2
]
->
val_int
(
);
// We make good 24-byte (168 bit) key from given plaintext key with MD5
EVP_BytesToKey
(
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
),
EVP_md5
(),
NULL
,
(
unsigned
char
*
)
in_str
->
c_ptr
(),
in_str
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
(
uchar
*
)
keystr
->
c_ptr
(),
keystr
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
// Here we set all 64-bit (56 actually) one by one
des_set_key_unchecked
(
&
key
.
key1
,
ks1
);
des_set_key_unchecked
(
&
key
.
key2
,
ks2
);
des_set_key_unchecked
(
&
key
.
key3
,
ks3
);
DBUG_PRINT
(
"info"
,(
"DES: checkpoint"
));
/* The problem: DES algorithm requires original data to be in 8-bytes
* chunks. Missing bytes get filled with zeros and result of encryption
* can be up to 7 bytes longer than original string. When decrypted,
* we do not know the size of original string :(
* We add one byte with value 0x0..0x7 to original plaintext marking
* change of string length */
uchar
tail
=
8
-
(
res
->
length
()
%
8
);
// 1..8
for
(
int
i
=
0
;
i
<
(
tail
-
1
)
;
++
i
)
res
->
append
(
'*'
);
res
->
append
(
tail
-
1
);
// Write tail length 0..7 to last pos
// Real encryption
des_ede3_cbc_encrypt
(
(
const
unsigned
char
*
)(
res
->
c_ptr
())
,
(
uchar
*
)
tmp
,
res
->
length
(),
ks1
,
ks2
,
ks3
,
&
ivec
,
TRUE
);
res
->
length
(
res
->
length
()
+
8
-
(
res
->
length
()
%
8
));
DBUG_PRINT
(
"info"
,(
"DES: checkpoint"
));
DBUG_PRINT
(
"info"
,(
"DES: string length='%d' versus '%d'"
,
res
->
length
(),
strlen
(
res
->
c_ptr
())));
DBUG_PRINT
(
"info"
,(
"DES: crypted data string='%s'"
,
tmp
));
(
const
uchar
*
)(
res
->
c_ptr
()),
(
uchar
*
)(
res
->
c_ptr
()),
res
->
length
(),
ks1
,
ks2
,
ks3
,
&
ivec
,
TRUE
);
if
(
mode
)
{
// In case of ASCII mode we should convert binary string into ASCII
str
->
set
((
const
char
*
)
0
,(
uint
)
0
);
for
(
uint
i
=
0
;
i
<
res
->
length
()
;
++
i
)
{
str
->
append
(
tmp
[
i
]);
// str->append(bin_to_ascii(tmp[i] & 0x3f));
// str->append(bin_to_ascii((tmp[i] >> 5) & 0x3f));
for
(
uint
i
=
0
;
i
<
res
->
length
()
;
++
i
)
{
str
->
append
(
bin_to_ascii
((
uchar
)
res
->
c_ptr
()[
i
]
&
0x3f
));
str
->
append
(
bin_to_ascii
(((
uchar
)
res
->
c_ptr
()[
i
]
>>
5
)
&
0x3f
));
}
DBUG_PRINT
(
"info"
,(
"DES: crypted data plain string='%s'"
,
str
->
c_ptr
()));
str
->
copy
();
DBUG_PRINT
(
"info"
,(
"DES: crypted data plain string='%s'"
,
str
->
c_ptr
()));
my_free
(
tmp
,
MYF
(
0
));
return
str
;
}
else
return
res
;
#else
null_value
=
1
;
return
0
;
#endif
/* HAVE_OPENSSL */
}
String
*
Item_func_des_decrypt
::
val_str
(
String
*
str
)
{
String
*
res
=
args
[
0
]
->
val_str
(
str
);
#ifdef HAVE_OPENSSL
des_key_schedule
ks1
,
ks2
,
ks3
;
des_cblock
ivec
=
{
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
};
union
{
des_cblock
allkeys
[
3
];
des_cblock
key1
;
des_cblock
key2
;
des_cblock
key3
;
des_cblock
allkeys
[
3
];
// 24 bytes total
des_cblock
key1
,
key2
,
key3
;
// 8 bytes each
}
key
;
if
((
null_value
=
args
[
0
]
->
null_value
))
return
0
;
if
(
res
->
length
()
==
0
)
return
&
empty_string
;
String
*
in_str
=
args
[
1
]
->
val_str
(
&
tmp_value
);
char
*
tmp
=
my_malloc
(
res
->
length
()
+
8
,
MYF
(
0
));
DBUG_PRINT
(
"info"
,(
"DES: key string='%s'"
,
in_str
->
c_ptr
()));
DBUG_PRINT
(
"info"
,(
"DES: data string='%s'"
,
res
->
c_ptr
()));
/* int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
const unsigned char *salt, const unsigned char *data, int datal,
int count, unsigned char *key, unsigned char *iv)
*/
String
*
keystr
=
args
[
1
]
->
val_str
(
&
tmp_value
);
int32
mode
=
0
;
if
(
arg_count
==
3
&&
!
args
[
2
]
->
null_value
)
mode
=
args
[
2
]
->
val_int
();
// We make good 24-byte (168 bit) key from given plaintext key with MD5
EVP_BytesToKey
(
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
),
EVP_md5
(),
NULL
,
(
unsigned
char
*
)
in_str
->
c_ptr
(),
in_str
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
(
uchar
*
)
keystr
->
c_ptr
(),
keystr
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
// Here we set all 64-bit keys (56 effective) one by one
des_set_key_unchecked
(
&
key
.
key1
,
ks1
);
des_set_key_unchecked
(
&
key
.
key2
,
ks2
);
des_set_key_unchecked
(
&
key
.
key3
,
ks3
);
DBUG_PRINT
(
"info"
,(
"DES: cipher pointer='%x'"
,
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
)));
EVP_BytesToKey
(
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
),
EVP_md5
(),
NULL
,
(
unsigned
char
*
)
in_str
->
c_ptr
(),
in_str
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
DBUG_PRINT
(
"info"
,(
"DES: checkpoint"
));
str
->
set
((
const
char
*
)
0
,(
uint
)
0
);
if
(
mode
)
{
for
(
uint
i
=
0
;
i
<
res
->
length
()
;
i
+=
2
)
{
str
->
append
((
ascii_to_bin
(
res
->
c_ptr
()[
i
]))
|
(
ascii_to_bin
(
res
->
c_ptr
()[
i
+
1
])
<<
5
));
}
}
else
str
->
copy
(
res
->
c_ptr
());
// Real decryption
des_ede3_cbc_encrypt
(
(
const
u
nsigned
char
*
)(
res
->
c_ptr
())
,
(
uchar
*
)
tmp
,
res
->
length
(),
(
const
u
char
*
)(
str
->
c_ptr
()),
(
uchar
*
)(
res
->
c_ptr
()),
str
->
length
(),
ks1
,
ks2
,
ks3
,
&
ivec
,
FALSE
);
DBUG_PRINT
(
"info"
,(
"DES: checkpoint"
));
DBUG_PRINT
(
"info"
,(
"DES: string length='%d' versus '%d'"
,
res
->
length
(),
strlen
(
res
->
c_ptr
())));
DBUG_PRINT
(
"info"
,(
"DES: crypted data string='%s'"
,
tmp
));
str
->
set
((
const
char
*
)
0
,(
uint
)
0
);
for
(
uint
i
=
0
;
i
<
res
->
length
()
;
++
i
)
{
str
->
append
(
tmp
[
i
]);
// str->append(bin_to_ascii(tmp[i] & 0x3f));
// str->append(bin_to_ascii((tmp[i] >> 5) & 0x3f));
}
DBUG_PRINT
(
"info"
,(
"DES: crypted data plain string='%s'"
,
str
->
c_ptr
()));
str
->
copy
();
DBUG_PRINT
(
"info"
,(
"DES: crypted data plain string='%s'"
,
str
->
c_ptr
()));
my_free
(
tmp
,
MYF
(
0
));
return
str
;
uchar
tail
=
(
res
->
c_ptr
()[
str
->
length
()
-
1
])
&
0x7
;
res
->
length
(
str
->
length
()
-
tail
-
1
);
return
res
;
#else
null_value
=
1
;
return
0
;
...
...
@@ -331,7 +313,6 @@ String *Item_func_des_decrypt::val_str(String *str)
/*
** concat with separator. First arg is the separator
** concat_ws takes at least two arguments.
...
...
sql/item_strfunc.h
View file @
8706dde5
...
...
@@ -228,8 +228,10 @@ class Item_func_des_encrypt :public Item_str_func
public:
Item_func_des_encrypt
(
Item
*
a
)
:
Item_str_func
(
a
)
{}
Item_func_des_encrypt
(
Item
*
a
,
Item
*
b
)
:
Item_str_func
(
a
,
b
)
{}
Item_func_des_encrypt
(
Item
*
a
,
Item
*
b
,
Item
*
c
)
:
Item_str_func
(
a
,
b
,
c
)
{}
String
*
val_str
(
String
*
);
void
fix_length_and_dec
()
{
maybe_null
=
1
;
max_length
=
13
;
}
const
char
*
func_name
()
const
{
return
"des_encrypt"
;
}
};
class
Item_func_des_decrypt
:
public
Item_str_func
...
...
@@ -238,8 +240,10 @@ class Item_func_des_decrypt :public Item_str_func
public:
Item_func_des_decrypt
(
Item
*
a
)
:
Item_str_func
(
a
)
{}
Item_func_des_decrypt
(
Item
*
a
,
Item
*
b
)
:
Item_str_func
(
a
,
b
)
{}
Item_func_des_decrypt
(
Item
*
a
,
Item
*
b
,
Item
*
c
)
:
Item_str_func
(
a
,
b
,
c
)
{}
String
*
val_str
(
String
*
);
void
fix_length_and_dec
()
{
maybe_null
=
1
;
max_length
=
13
;
}
const
char
*
func_name
()
const
{
return
"des_decrypt"
;
}
};
class
Item_func_encrypt
:
public
Item_str_func
...
...
sql/sql_yacc.yy
View file @
8706dde5
...
...
@@ -1612,8 +1612,12 @@ simple_expr:
{ $$= new Item_func_decode($3,$5.str); }
| ENCODE_SYM '(' expr ',' TEXT_STRING ')'
{ $$= new Item_func_encode($3,$5.str); }
| DES_ENCRYPT '(' expr ')' { $$= new Item_func_des_encrypt($3); }
| DES_DECRYPT '(' expr ')' { $$= new Item_func_des_decrypt($3); }
| DES_ENCRYPT '(' expr ',' expr ')' { $$= new Item_func_des_encrypt($3,$5); }
| DES_DECRYPT '(' expr ',' expr ')' { $$= new Item_func_des_decrypt($3,$5); }
| DES_ENCRYPT '(' expr ',' expr ',' expr ')' { $$= new Item_func_des_encrypt($3,$5,$7); }
| DES_DECRYPT '(' expr ',' expr ',' expr ')' { $$= new Item_func_des_decrypt($3,$5,$7); }
| EXPORT_SET '(' expr ',' expr ',' expr ')'
{ $$= new Item_func_export_set($3, $5, $7); }
| EXPORT_SET '(' expr ',' expr ',' expr ',' expr ')'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment