[MDEV-11476] AES_ENCRYPT/DECRYPT: Improper key sizes aren't handled correctly - Jira

Details

Type: Task
Status: Open (View Workflow)
Priority: Minor
Resolution: Unresolved
Fix Version/s: None
Component/s: Encryption
Labels:
- beginner-friendly

Sprint:
10.3.3-1

Description

The AES_ENCRYPT and AES_DECRYPT functions accept keys of any size and transform them internally to 128-bit key.

A key shorter than128-bit will be right filled with zeros
A key larger than 128 bit will be xored with redundant bytes.

The AES standard (FIPS 197) doesn't cover non standard key sizes, it mentions only that key size have to be 128, 192 or 256 (depending on block cipher mode).

Bad side effects of current implementation:

Encrypted data is no interoperable with other applications (most applications and crypto libraries reject wrong key sizes)

It can result in producing very weak keys, e.g.

select aes_encrypt("foo", repeat(X'000102030405060708090A0B0C0D0E0F',2)) = aes_encrypt("foo", X'0000000000000000000000') as borked\G

*************************** 1. row ***************************

borked: 1

Proposal:
Add session variable

block_encryption_derivation

which allows the following modes:
*OFF: use old key and iv derivation routines
*STRICT: only accept keys and ivs with correct sizes

Attachments

Issue Links

is blocked by

MDEV-9069 extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm

Closed

Activity

Ascending order - Click to sort in descending order

Sergei Golubchik added a comment - 2017-05-26 20:30

I'd rather remove this completely. But gradually, first issue a warning (10.3), then make it an error and a warning in --old mode (10.4), and then just make it an error unconditionally (10.5).

Sergei Golubchik added a comment - 2017-05-26 20:30 I'd rather remove this completely. But gradually, first issue a warning (10.3), then make it an error and a warning in --old mode (10.4), and then just make it an error unconditionally (10.5).

Sergei Golubchik added a comment - 2018-11-08 12:29

We cannot support 192/256-bit keys in AES_ENCRYPT, as it'd be an incompatible change, old data won't decrypt anymore. We only can issue a warning, discouraging users from using not 128-bit keys.

So, here I'd prefer just to add a warning "two-argument variant of AES_ENCRYPT is deprecated". And in ~~MDEV-9069~~ only support 128/192/256-bit keys with no key derivation.

Sergei Golubchik added a comment - 2018-11-08 12:29 We cannot support 192/256-bit keys in AES_ENCRYPT, as it'd be an incompatible change, old data won't decrypt anymore. We only can issue a warning, discouraging users from using not 128-bit keys. So, here I'd prefer just to add a warning "two-argument variant of AES_ENCRYPT is deprecated". And in MDEV-9069 only support 128/192/256-bit keys with no key derivation.

Sergei Golubchik added a comment - 2019-09-26 08:27

Yes, in the same version as ~~MDEV-9069~~

Sergei Golubchik added a comment - 2019-09-26 08:27 Yes, in the same version as MDEV-9069

ahmedmadbouly added a comment - 2024-03-17 04:09

hello , is there any one working on this task ? i would like to start contribution with MariaDB and i want to start with this task to be more familiar with the existence base code of mariaDB.

ahmedmadbouly added a comment - 2024-03-17 04:09 hello , is there any one working on this task ? i would like to start contribution with MariaDB and i want to start with this task to be more familiar with the existence base code of mariaDB.

People

Assignee:: Sergei Golubchik

Reporter:: Georg Richter

Votes:: 2 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2016-12-02 19:01

Updated:: 2024-11-21 12:29

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server