-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
KDF(key_str, salt [, {info | iterations} [, kdf_name [, width ]]]) kdf_name is "hkdf" or "pbkdf2_hmac" (default). width (in bits) can be any number divisible by 8, by default it's taken from @@block_encryption_mode iterations must be positive, and is 1000 by default OpenSSL 1.0 doesn't support HKDF, so it'll return NULL. This OpenSSL version is still used in SLES 12 and CentOS 7
- Loading branch information
Showing
10 changed files
with
481 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
--- main/func_kdf.result | ||
+++ main/func_kdf.reject | ||
@@ -21,10 +21,14 @@ | ||
48565B49B42FBF88537AFA1D4C0FA2C6 | ||
select hex(kdf('foo', 'bar', 'info', 'hkdf')); | ||
hex(kdf('foo', 'bar', 'info', 'hkdf')) | ||
-710583081D40A55F0B573A76E02D8975 | ||
+NULL | ||
+Warnings: | ||
+Warning 1235 This version of MariaDB doesn't yet support 'kdf(..., 'hkdf')' | ||
select hex(kdf('foo', 'bar', 'infa', 'hkdf')); | ||
hex(kdf('foo', 'bar', 'infa', 'hkdf')) | ||
-612875F859CFB4EE0DFEFF9F2A18E836 | ||
+NULL | ||
+Warnings: | ||
+Warning 1235 This version of MariaDB doesn't yet support 'kdf(..., 'hkdf')' | ||
select hex(kdf('foo', 'bar', 'info', 'pbkdf2_hmac')); | ||
hex(kdf('foo', 'bar', 'info', 'pbkdf2_hmac')) | ||
NULL | ||
@@ -55,7 +59,9 @@ | ||
NULL | ||
select hex(kdf('foo', 'bar', NULL, 'hkdf')); | ||
hex(kdf('foo', 'bar', NULL, 'hkdf')) | ||
-4AFD0088E56CAF7CB5C94F6C101D58D5 | ||
+NULL | ||
+Warnings: | ||
+Warning 1235 This version of MariaDB doesn't yet support 'kdf(..., 'hkdf')' | ||
select hex(kdf('foo', 'bar', NULL, 'pbkdf2_hmac')); | ||
hex(kdf('foo', 'bar', NULL, 'pbkdf2_hmac')) | ||
NULL | ||
@@ -81,10 +87,14 @@ | ||
set @@block_encryption_mode='aes-192-cbc'; | ||
select hex(kdf('foo', 'bar', 'info', 'hkdf')); | ||
hex(kdf('foo', 'bar', 'info', 'hkdf')) | ||
-710583081D40A55F0B573A76E02D8975AA11A4595954C0A1 | ||
+NULL | ||
+Warnings: | ||
+Warning 1235 This version of MariaDB doesn't yet support 'kdf(..., 'hkdf')' | ||
select hex(kdf('foo', 'bar', 'info', 'hkdf', 256)); | ||
hex(kdf('foo', 'bar', 'info', 'hkdf', 256)) | ||
-710583081D40A55F0B573A76E02D8975AA11A4595954C0A1487D6D33ABAB93C3 | ||
+NULL | ||
+Warnings: | ||
+Warning 1235 This version of MariaDB doesn't yet support 'kdf(..., 'hkdf')' | ||
select hex(kdf('foo', 'bar', 2000, 'pbkdf2_hmac')); | ||
hex(kdf('foo', 'bar', 2000, 'pbkdf2_hmac')) | ||
430D4780B57254EF39EE13CE53DB381A552151AA62A9FA92 | ||
@@ -110,10 +120,14 @@ | ||
Warning 3047 Invalid argument error: 0 in function kdf. | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 32768)); | ||
length(kdf('foo', 'bar', 'info', 'hkdf', 32768)) | ||
-4096 | ||
+NULL | ||
+Warnings: | ||
+Warning 1235 This version of MariaDB doesn't yet support 'kdf(..., 'hkdf')' | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 65536)); | ||
length(kdf('foo', 'bar', 'info', 'hkdf', 65536)) | ||
-8192 | ||
+NULL | ||
+Warnings: | ||
+Warning 1235 This version of MariaDB doesn't yet support 'kdf(..., 'hkdf')' | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 65537)); | ||
length(kdf('foo', 'bar', 'info', 'hkdf', 65537)) | ||
NULL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
[new] | ||
|
||
[old] | ||
# remove when no longer building with OpenSSL 1.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,158 @@ | ||
# | ||
# MDEV-31474 KDF() function | ||
# | ||
select hex(kdf('foo', 'bar')); | ||
hex(kdf('foo', 'bar')) | ||
76BA6DEC5C3F6A60704D730A2A4BAA1C | ||
select hex(kdf('foo', 'bar')); | ||
hex(kdf('foo', 'bar')) | ||
76BA6DEC5C3F6A60704D730A2A4BAA1C | ||
select hex(kdf('faa', 'bar')); | ||
hex(kdf('faa', 'bar')) | ||
62A8C6FD3E6FDA7ECE6D37CF1C95E3CC | ||
select hex(kdf('foo', 'bor')); | ||
hex(kdf('foo', 'bor')) | ||
F0FE3B0884C9733A520EC8C2EE711137 | ||
select hex(kdf('foo', 'bar', 10)); | ||
hex(kdf('foo', 'bar', 10)) | ||
1D25A9E01C2078FF10DECEC874B3F21E | ||
select hex(kdf('foo', 'bar', 11)); | ||
hex(kdf('foo', 'bar', 11)) | ||
48565B49B42FBF88537AFA1D4C0FA2C6 | ||
select hex(kdf('foo', 'bar', 'info', 'hkdf')); | ||
hex(kdf('foo', 'bar', 'info', 'hkdf')) | ||
710583081D40A55F0B573A76E02D8975 | ||
select hex(kdf('foo', 'bar', 'infa', 'hkdf')); | ||
hex(kdf('foo', 'bar', 'infa', 'hkdf')) | ||
612875F859CFB4EE0DFEFF9F2A18E836 | ||
select hex(kdf('foo', 'bar', 'info', 'pbkdf2_hmac')); | ||
hex(kdf('foo', 'bar', 'info', 'pbkdf2_hmac')) | ||
NULL | ||
Warnings: | ||
Warning 1292 Truncated incorrect INTEGER value: 'info' | ||
Warning 3047 Invalid argument error: 0 in function kdf. | ||
select hex(kdf('foo', 'bar', -1, 'pbkdf2_hmac')); | ||
hex(kdf('foo', 'bar', -1, 'pbkdf2_hmac')) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: -1 in function kdf. | ||
select hex(kdf('foo', 'bar', 0, 'pbkdf2_hmac')); | ||
hex(kdf('foo', 'bar', 0, 'pbkdf2_hmac')) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: 0 in function kdf. | ||
select hex(kdf('foo', 'bar', 1, 'pbkdf2_hmac')); | ||
hex(kdf('foo', 'bar', 1, 'pbkdf2_hmac')) | ||
DB658012DC3E52AEC1F4933C280B6E10 | ||
select hex(kdf('foo', 'bar', 10, 'pbkdf2_hmac')); | ||
hex(kdf('foo', 'bar', 10, 'pbkdf2_hmac')) | ||
1D25A9E01C2078FF10DECEC874B3F21E | ||
select hex(kdf(NULL, 'bar')); | ||
hex(kdf(NULL, 'bar')) | ||
NULL | ||
select hex(kdf('foo', NULL)); | ||
hex(kdf('foo', NULL)) | ||
NULL | ||
select hex(kdf('foo', 'bar', NULL, 'hkdf')); | ||
hex(kdf('foo', 'bar', NULL, 'hkdf')) | ||
4AFD0088E56CAF7CB5C94F6C101D58D5 | ||
select hex(kdf('foo', 'bar', NULL, 'pbkdf2_hmac')); | ||
hex(kdf('foo', 'bar', NULL, 'pbkdf2_hmac')) | ||
NULL | ||
select hex(kdf('foo', 'bar', 2000, NULL)); | ||
hex(kdf('foo', 'bar', 2000, NULL)) | ||
NULL | ||
select hex(kdf('foo', 'bar', 2000, 'foo')); | ||
hex(kdf('foo', 'bar', 2000, 'foo')) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: 'foo' in function kdf. | ||
select hex(kdf('foo', 'bar', 2000, '\n\n\n\0!!!')); | ||
hex(kdf('foo', 'bar', 2000, '\n\n\n\0!!!')) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: ' | ||
|
||
|
||
\0000!!!' in function kdf. | ||
select hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', NULL)); | ||
hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', NULL)) | ||
NULL | ||
select hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', -8)); | ||
hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', -8)) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: -8 in function kdf. | ||
select hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', 10)); | ||
hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', 10)) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: 10 in function kdf. | ||
select hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', 16)); | ||
hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', 16)) | ||
76BA | ||
set @@block_encryption_mode='aes-192-cbc'; | ||
select hex(kdf('foo', 'bar', 'info', 'hkdf')); | ||
hex(kdf('foo', 'bar', 'info', 'hkdf')) | ||
710583081D40A55F0B573A76E02D8975AA11A4595954C0A1 | ||
select hex(kdf('foo', 'bar', 'info', 'hkdf', 256)); | ||
hex(kdf('foo', 'bar', 'info', 'hkdf', 256)) | ||
710583081D40A55F0B573A76E02D8975AA11A4595954C0A1487D6D33ABAB93C3 | ||
select hex(kdf('foo', 'bar', 2000, 'pbkdf2_hmac')); | ||
hex(kdf('foo', 'bar', 2000, 'pbkdf2_hmac')) | ||
430D4780B57254EF39EE13CE53DB381A552151AA62A9FA92 | ||
select hex(kdf('foo', 'bar', 2000, 'pbkdf2_hmac', 256)); | ||
hex(kdf('foo', 'bar', 2000, 'pbkdf2_hmac', 256)) | ||
430D4780B57254EF39EE13CE53DB381A552151AA62A9FA922B9949DF270AE10C | ||
set @key=kdf('password', 'salt', 2048); | ||
select hex(aes_encrypt('secret', @key, '1234123412341234')); | ||
hex(aes_encrypt('secret', @key, '1234123412341234')) | ||
9EED553CDDEE426D5635EF559E015ECA | ||
select aes_decrypt(x'9EED553CDDEE426D5635EF559E015ECA', @key, '1234123412341234'); | ||
aes_decrypt(x'9EED553CDDEE426D5635EF559E015ECA', @key, '1234123412341234') | ||
secret | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', -1)); | ||
length(kdf('foo', 'bar', 'info', 'hkdf', -1)) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: -1 in function kdf. | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 0)); | ||
length(kdf('foo', 'bar', 'info', 'hkdf', 0)) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: 0 in function kdf. | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 32768)); | ||
length(kdf('foo', 'bar', 'info', 'hkdf', 32768)) | ||
4096 | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 65536)); | ||
length(kdf('foo', 'bar', 'info', 'hkdf', 65536)) | ||
8192 | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 65537)); | ||
length(kdf('foo', 'bar', 'info', 'hkdf', 65537)) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: 65537 in function kdf. | ||
select length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', -1)); | ||
length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', -1)) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: -1 in function kdf. | ||
select length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 0)); | ||
length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 0)) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: 0 in function kdf. | ||
select length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 32768)); | ||
length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 32768)) | ||
4096 | ||
select length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 65536)); | ||
length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 65536)) | ||
8192 | ||
select length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 65537)); | ||
length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 65537)) | ||
NULL | ||
Warnings: | ||
Warning 3047 Invalid argument error: 65537 in function kdf. | ||
# | ||
# End of 11.3 tests | ||
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
--echo # | ||
--echo # MDEV-31474 KDF() function | ||
--echo # | ||
select hex(kdf('foo', 'bar')); | ||
select hex(kdf('foo', 'bar')); # same result every time | ||
select hex(kdf('faa', 'bar')); | ||
select hex(kdf('foo', 'bor')); | ||
|
||
select hex(kdf('foo', 'bar', 10)); | ||
select hex(kdf('foo', 'bar', 11)); | ||
|
||
select hex(kdf('foo', 'bar', 'info', 'hkdf')); | ||
select hex(kdf('foo', 'bar', 'infa', 'hkdf')); | ||
select hex(kdf('foo', 'bar', 'info', 'pbkdf2_hmac')); | ||
select hex(kdf('foo', 'bar', -1, 'pbkdf2_hmac')); | ||
select hex(kdf('foo', 'bar', 0, 'pbkdf2_hmac')); | ||
select hex(kdf('foo', 'bar', 1, 'pbkdf2_hmac')); | ||
select hex(kdf('foo', 'bar', 10, 'pbkdf2_hmac')); | ||
|
||
select hex(kdf(NULL, 'bar')); | ||
select hex(kdf('foo', NULL)); | ||
select hex(kdf('foo', 'bar', NULL, 'hkdf')); | ||
select hex(kdf('foo', 'bar', NULL, 'pbkdf2_hmac')); | ||
select hex(kdf('foo', 'bar', 2000, NULL)); | ||
select hex(kdf('foo', 'bar', 2000, 'foo')); | ||
select hex(kdf('foo', 'bar', 2000, '\n\n\n\0!!!')); | ||
select hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', NULL)); | ||
select hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', -8)); | ||
select hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', 10)); | ||
select hex(kdf('foo', 'bar', 1000, 'pbkdf2_hmac', 16)); | ||
|
||
set @@block_encryption_mode='aes-192-cbc'; | ||
select hex(kdf('foo', 'bar', 'info', 'hkdf')); | ||
select hex(kdf('foo', 'bar', 'info', 'hkdf', 256)); | ||
select hex(kdf('foo', 'bar', 2000, 'pbkdf2_hmac')); | ||
select hex(kdf('foo', 'bar', 2000, 'pbkdf2_hmac', 256)); | ||
|
||
set @key=kdf('password', 'salt', 2048); | ||
select hex(aes_encrypt('secret', @key, '1234123412341234')); | ||
select aes_decrypt(x'9EED553CDDEE426D5635EF559E015ECA', @key, '1234123412341234'); | ||
|
||
select length(kdf('foo', 'bar', 'info', 'hkdf', -1)); | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 0)); | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 32768)); | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 65536)); | ||
select length(kdf('foo', 'bar', 'info', 'hkdf', 65537)); | ||
|
||
select length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', -1)); | ||
select length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 0)); | ||
select length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 32768)); | ||
select length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 65536)); | ||
select length(kdf('foo', 'bar', 100, 'pbkdf2_hmac', 65537)); | ||
|
||
--echo # | ||
--echo # End of 11.3 tests | ||
--echo # | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.