Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add two buildin function ( decode and encode) #7622

Merged
merged 20 commits into from
Sep 10, 2018
Merged
Show file tree
Hide file tree
Changes from 11 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 72 additions & 2 deletions expression/builtin_encryption.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,42 @@ type decodeFunctionClass struct {
}

func (c *decodeFunctionClass) getFunction(ctx sessionctx.Context, args []Expression) (builtinFunc, error) {
return nil, errFunctionNotExists.GenByArgs("FUNCTION", "DECODE")
if err := c.verifyArgs(args); err != nil {
return nil, errors.Trace(err)
}

bf := newBaseBuiltinFuncWithTp(ctx, args, types.ETString, types.ETString, types.ETString)

bf.tp.Flen = args[0].GetType().Flen
sig := &builtinDecodeSig{bf}
return sig, nil
}

type builtinDecodeSig struct {
baseBuiltinFunc
}

func (b *builtinDecodeSig) Clone() builtinFunc {
newSig := &builtinDecodeSig{}
newSig.cloneFrom(&b.baseBuiltinFunc)
return newSig
}

// evalString evals DECODE(str, password_str).
// See https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_decode
func (b *builtinDecodeSig) evalString(row chunk.Row) (string, bool, error) {
dataStr, isNull, err := b.args[0].EvalString(b.ctx, row)
if isNull || err != nil {
return "", true, errors.Trace(err)
}

passwordStr, isNull, err := b.args[1].EvalString(b.ctx, row)
if isNull || err != nil {
return "", true, errors.Trace(err)
}

decodeStr, err := encrypt.SQLDecode(dataStr, passwordStr)
return decodeStr, false, err
}

type desDecryptFunctionClass struct {
Expand All @@ -198,7 +233,42 @@ type encodeFunctionClass struct {
}

func (c *encodeFunctionClass) getFunction(ctx sessionctx.Context, args []Expression) (builtinFunc, error) {
return nil, errFunctionNotExists.GenByArgs("FUNCTION", "ENCODE")
if err := c.verifyArgs(args); err != nil {
return nil, errors.Trace(err)
}

bf := newBaseBuiltinFuncWithTp(ctx, args, types.ETString, types.ETString, types.ETString)

bf.tp.Flen = args[0].GetType().Flen
sig := &builtinEncodeSig{bf}
return sig, nil
}

type builtinEncodeSig struct {
baseBuiltinFunc
}

func (b *builtinEncodeSig) Clone() builtinFunc {
newSig := &builtinEncodeSig{}
newSig.cloneFrom(&b.baseBuiltinFunc)
return newSig
}

// evalString evals ENCODE(crypt_str, password_str).
// See https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_encode
func (b *builtinEncodeSig) evalString(row chunk.Row) (string, bool, error) {
decodeStr, isNull, err := b.args[0].EvalString(b.ctx, row)
if isNull || err != nil {
return "", true, errors.Trace(err)
}

passwordStr, isNull, err := b.args[1].EvalString(b.ctx, row)
if isNull || err != nil {
return "", true, errors.Trace(err)
}

dataStr, err := encrypt.SQLEncode(decodeStr, passwordStr)
return dataStr, false, err
}

type encryptFunctionClass struct {
Expand Down
39 changes: 39 additions & 0 deletions expression/builtin_encryption_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,45 @@ import (
"github.com/pingcap/tidb/util/testleak"
)

var cryptTests = []struct {
origin interface{}
password interface{}
crypt interface{}
}{
{"", "", ""},
{"pingcap", "1234567890123456", "2C35B5A4ADF391"},
{"pingcap", "asdfjasfwefjfjkj", "351CC412605905"},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add some cases for NULL inputs and other conditions, like:

mysql> select hex(decode("数据库", "asdfjasfwefjfjkj"));
+----------------------------------------------+
| hex(decode("数据库", "asdfjasfwefjfjkj"))    |
+----------------------------------------------+
| 8A5F1D65A3BECDD210                           |
+----------------------------------------------+
1 row in set, 1 warning (0.00 sec)

mysql> select hex(decode(12355.5555, "asdfjasfwefjfjkj"));
+---------------------------------------------+
| hex(decode(12355.5555, "asdfjasfwefjfjkj")) |
+---------------------------------------------+
| E2359202FA4CDD5AB4F2                        |
+---------------------------------------------+
1 row in set, 1 warning (0.00 sec)

mysql> select hex(decode("分布式データベース", "asdfjasfwefjfjkj"));
+----------------------------------------------------------------+
| hex(decode("分布式データベース", "asdfjasfwefjfjkj"))          |
+----------------------------------------------------------------+
| A9F2E51CEA86CC75EB4A579CA8133E9B346D5B4B610FB575637F34         |
+----------------------------------------------------------------+
1 row in set, 1 warning (0.00 sec)

mysql> select hex(decode("数据库", null));
+--------------------------------+
| hex(decode("数据库", null))    |
+--------------------------------+
| NULL                           |
+--------------------------------+
1 row in set (0.00 sec)

mysql> select hex(decode(null, "asdfjasfwefjfjkj"));
+---------------------------------------+
| hex(decode(null, "asdfjasfwefjfjkj")) |
+---------------------------------------+
| NULL                                  |
+---------------------------------------+
1 row in set (0.00 sec)

mysql> select hex(decode("pingcap", "密匙"));
+----------------------------------+
| hex(decode("pingcap", "密匙"))   |
+----------------------------------+
| CE5C02A5010010                   |
+----------------------------------+
1 row in set, 1 warning (0.01 sec)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

{"pingcap123", "123456789012345678901234", "7698723DC6DFE7724221"},
{"pingcap#%$%^", "*^%YTu1234567", "8634B9C55FF55E5B6328F449"},
{"pingcap", "", "4A77B524BD2C5C"},
}

func (s *testEvaluatorSuite) TestSQLDecode(c *C) {
defer testleak.AfterTest(c)()
fc := funcs[ast.Decode]
for _, tt := range cryptTests {
str := types.NewDatum(tt.origin)
password := types.NewDatum(tt.password)
f, err := fc.getFunction(s.ctx, s.datumsToConstants([]types.Datum{str, password}))
crypt, err := evalBuiltinFunc(f, chunk.Row{})
c.Assert(err, IsNil)
c.Assert(toHex(crypt), DeepEquals, types.NewDatum(tt.crypt))
}
}

func (s *testEvaluatorSuite) TestSQLEncode(c *C) {
defer testleak.AfterTest(c)()
fc := funcs[ast.Encode]
for _, test := range cryptTests {
cryptStr := fromHex(test.crypt)
password := types.NewDatum(test.password)
f, err := fc.getFunction(s.ctx, s.datumsToConstants([]types.Datum{cryptStr, password}))
str, err := evalBuiltinFunc(f, chunk.Row{})
c.Assert(err, IsNil)
c.Assert(str, DeepEquals, types.NewDatum(test.origin))
}
}

var aesTests = []struct {
origin interface{}
key interface{}
Expand Down
145 changes: 145 additions & 0 deletions util/encrypt/crypt.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
// Copyright 2017 PingCAP, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.

package encrypt

import (
"fmt"
)

type randStruct struct {
seed1 uint32
seed2 uint32
maxValue uint32
maxValueDbl float64
}

// randomInit random generation structure initialization
func (rs *randStruct) randomInit(password []byte, length int) {
// Generate binary hash from raw text string
var nr, add, nr2, tmp uint32
nr = 1345345333
add = 7
nr2 = 0x12345671

for i := 0; i < length; i++ {
pswChar := password[i]
if pswChar == ' ' || pswChar == '\t' {
continue
}
tmp = uint32(pswChar)
nr ^= (((nr & 63) + add) * tmp) + (nr << 8)
nr2 += (nr2 << 8) ^ nr
add += tmp
}

seed1 := nr & ((uint32(1) << 31) - uint32(1))
seed2 := nr2 & ((uint32(1) << 31) - uint32(1))

fmt.Println(seed1)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the debug code?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done! Thanks!

fmt.Println(seed2)

// New (MySQL 3.21+) random generation structure initialization
rs.maxValue = 0x3FFFFFFF
rs.maxValueDbl = float64(rs.maxValue)
rs.seed1 = seed1 % rs.maxValue
rs.seed2 = seed2 % rs.maxValue
}

func (rs *randStruct) myRand() float64 {
rs.seed1 = (rs.seed1*3 + rs.seed2) % rs.maxValue
rs.seed2 = (rs.seed1 + rs.seed2 + 33) % rs.maxValue

return ((float64(rs.seed1)) / rs.maxValueDbl)
}

// SQLCrypt use to store initialization results
type SQLCrypt struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'd better not export struct SQLCrypt if it's not used outside module util/crypt

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK

rand randStruct
orgRand randStruct

decodeBuff [256]byte
encodeBuff [256]byte
shift uint32
}

func (sc *SQLCrypt) init(password []byte, length int) {
sc.rand.randomInit(password, length)

for i := 0; i <= 255; i++ {
sc.decodeBuff[i] = byte(i)
}

for i := 0; i <= 255; i++ {
idx := uint32(sc.rand.myRand() * 255.0)
a := sc.decodeBuff[idx]
sc.decodeBuff[idx] = sc.decodeBuff[i]
sc.decodeBuff[i] = a
}

for i := 0; i <= 255; i++ {
sc.encodeBuff[sc.decodeBuff[i]] = byte(i)
}

sc.orgRand = sc.rand
sc.shift = 0
}

func (sc *SQLCrypt) reinit() {
sc.shift = 0
sc.rand = sc.orgRand
}

func (sc *SQLCrypt) encode(str []byte, length int) {
for i := 0; i < length; i++ {
sc.shift ^= uint32(sc.rand.myRand() * 255.0)
idx := uint32(str[i])
str[i] = sc.encodeBuff[idx] ^ byte(sc.shift)
sc.shift ^= idx
}
}

func (sc *SQLCrypt) decode(str []byte, length int) {
for i := 0; i < length; i++ {
sc.shift ^= uint32(sc.rand.myRand() * 255.0)
idx := uint32(str[i] ^ byte(sc.shift))
str[i] = sc.decodeBuff[idx]
sc.shift ^= uint32(str[i])
}
}

//SQLDecode Function to handle the decode() function
func SQLDecode(str string, password string) (string, error) {
var sqlCrypt SQLCrypt

strByte := []byte(str)
passwdByte := []byte(password)

sqlCrypt.init(passwdByte, len(passwdByte))
sqlCrypt.decode(strByte, len(strByte))

return string(strByte), nil
}

// SQLEncode Function to handle the encode() function
func SQLEncode(cryptStr string, password string) (string, error) {
var sqlCrypt SQLCrypt

cryptStrByte := []byte(cryptStr)
passwdByte := []byte(password)

sqlCrypt.init(passwdByte, len(passwdByte))
sqlCrypt.encode(cryptStrByte, len(cryptStrByte))

return string(cryptStrByte), nil
}
76 changes: 76 additions & 0 deletions util/encrypt/crypt_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
// Copyright 2017 PingCAP, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.

package encrypt

import (
. "github.com/pingcap/check"
"github.com/pingcap/tidb/util/testleak"
)

func (s *testEncryptSuite) TestSQLDecode(c *C) {
defer testleak.AfterTest(c)()
tests := []struct {
str string
passwd string
expect string
isError bool
}{
{"", "", "", false},
{"pingcap", "1234567890123456", "2C35B5A4ADF391", false},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

{"pingcap", "asdfjasfwefjfjkj", "351CC412605905", false},
{"pingcap123", "123456789012345678901234", "7698723DC6DFE7724221", false},
{"pingcap#%$%^", "*^%YTu1234567", "8634B9C55FF55E5B6328F449", false},
{"pingcap", "", "4A77B524BD2C5C", false},
}

for _, t := range tests {
crypted, err := SQLDecode(t.str, t.passwd)
if t.isError {
c.Assert(err, NotNil, Commentf("%v", t))
continue
}
c.Assert(err, IsNil, Commentf("%v", t))
result := toHex([]byte(crypted))
c.Assert(result, Equals, t.expect, Commentf("%v", t))
}
}

func (s *testEncryptSuite) TestSQLEncode(c *C) {
defer testleak.AfterTest(c)()
tests := []struct {
str string
passwd string
expect string
isError bool
}{
{"", "", "", false},
{"pingcap", "1234567890123456", "pingcap", false},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

{"pingcap", "asdfjasfwefjfjkj", "pingcap", false},
{"pingcap123", "123456789012345678901234", "pingcap123", false},
{"pingcap#%$%^", "*^%YTu1234567", "pingcap#%$%^", false},
{"pingcap", "", "pingcap", false},
}

for _, t := range tests {
crypted, err := SQLDecode(t.str, t.passwd)
uncrypte, err := SQLEncode(crypted, t.passwd)

if t.isError {
c.Assert(err, NotNil, Commentf("%v", t))
continue
}
c.Assert(err, IsNil, Commentf("%v", t))
c.Assert(uncrypte, Equals, t.expect, Commentf("%v", t))
}
}