Merge pull request #5464 from percona-ysorokin/dev/PS-8389-8.0-enterp…

…rise_encryption_component

PS-8389 feature 8.0: Align PS Encryption UDFs functionality with new features from MySQL 8.0.30 Enterprise Encryption Component

extra/opensslpp/CMakeLists.txt

@@ -66,14 +66,21 @@ set(
   dsa_key.hpp
   dsa_key_fwd.hpp
   dsa_sign_verify_operations.hpp
+  evp_pkey.hpp
+  evp_pkey_fwd.hpp
+  evp_pkey_sign_verify_operations.hpp
+  evp_pkey_algorithm.hpp
+  evp_pkey_algorithm_fwd.hpp
+  evp_pkey_signature_padding.hpp
+  evp_pkey_signature_padding_fwd.hpp
   key_generation_cancellation_callback_fwd.hpp
   operation_cancelled_error.hpp
   operation_cancelled_error_fwd.hpp
   rsa_encrypt_decrypt_operations.hpp
   rsa_key.hpp
   rsa_key_fwd.hpp
-  rsa_padding.hpp
-  rsa_padding_fwd.hpp
+  rsa_encryption_padding.hpp
+  rsa_encryption_padding_fwd.hpp
   rsa_sign_verify_operations.hpp
 )
 list_transform_prepend(PUBLIC_HEADER_LIST "${PUBLIC_INCLUDE_DIR_EX}/")
@@ -87,11 +94,14 @@ set(
   dh_key_accessor.hpp
   digest_context_accessor.hpp
   dsa_key_accessor.hpp
+  evp_pkey_accessor.hpp
+  evp_pkey_algorithm_conversions.hpp
+  evp_pkey_signature_padding_conversions.hpp
   key_generation_cancellation_context.hpp
   key_generation_cancellation_context_accessor.hpp
   key_generation_cancellation_context_fwd.hpp
   rsa_key_accessor.hpp
-  rsa_padding_conversions.hpp
+  rsa_encryption_padding_conversions.hpp
   typed_accessor.hpp
 )
 list_transform_prepend(PRIVATE_HEADER_LIST "${PRIVATE_INCLUDE_DIR_EX}/")
@@ -106,6 +116,8 @@ set(
   digest_operations.cpp
   dsa_key.cpp
   dsa_sign_verify_operations.cpp
+  evp_pkey.cpp
+  evp_pkey_sign_verify_operations.cpp
   key_generation_cancellation_context.cpp
   rsa_encrypt_decrypt_operations.cpp
   rsa_key.cpp
@@ -127,7 +139,7 @@ target_compile_definitions(${PROJECT_NAME} PRIVATE OPENSSL_SUPPRESS_DEPRECATED)
 set_target_properties(
   ${PROJECT_NAME}
   PROPERTIES
-    CXX_STANDARD 14
+    CXX_STANDARD 17
     CXX_STANDARD_REQUIRED YES
     CXX_EXTENSIONS NO
     VERSION ${${PROJECT_NAME}_VERSION}

extra/opensslpp/include/opensslpp/core_error.hpp

@@ -19,6 +19,7 @@
 
 #include <stdexcept>
 #include <string>
+#include <string_view>
 
 #include <opensslpp/core_error_fwd.hpp>
 
@@ -30,7 +31,7 @@ class core_error : public std::runtime_error {
   core_error(const std::string &message) : std::runtime_error{message} {}
 
   [[noreturn]] static void raise_with_error_string(
-      const std::string &prefix = std::string());
+      std::string_view prefix = "");
 };
 
 }  // namespace opensslpp

extra/opensslpp/include/opensslpp/dh_key.hpp

@@ -21,6 +21,7 @@
 #include <memory>
 #include <ostream>
 #include <string>
+#include <string_view>
 
 #include <opensslpp/dh_key_fwd.hpp>
 
@@ -73,9 +74,9 @@ class dh_key final {
   static std::string export_private_pem(const dh_key &key);
   static std::string export_public_pem(const dh_key &key);
 
-  static dh_key import_parameters_pem(const std::string &pem);
-  static dh_key import_private_pem(const std::string &pem);
-  static dh_key import_public_pem(const std::string &pem);
+  static dh_key import_parameters_pem(std::string_view pem);
+  static dh_key import_private_pem(std::string_view pem);
+  static dh_key import_public_pem(std::string_view pem);
 
  private:
   // should not be declared final as this prevents optimization for empty

extra/opensslpp/include/opensslpp/digest_context.hpp

@@ -19,6 +19,7 @@
 
 #include <memory>
 #include <string>
+#include <string_view>
 
 #include <opensslpp/digest_context_fwd.hpp>
 
@@ -31,6 +32,7 @@ class digest_context final {
 
  public:
   digest_context() noexcept = default;
+  // no std::string_view for 'type' as we need it to be nul-terminated
   explicit digest_context(const std::string &type);
   ~digest_context() noexcept = default;
 
@@ -46,7 +48,7 @@ class digest_context final {
 
   std::size_t get_size_in_bytes() const noexcept;
 
-  void update(const std::string &data);
+  void update(std::string_view data);
   std::string finalize();
 
  private:

extra/opensslpp/include/opensslpp/digest_operations.hpp

@@ -18,10 +18,12 @@
 #define OPENSSLPP_DIGEST_OPERATIONS_HPP
 
 #include <string>
+#include <string_view>
 
 namespace opensslpp {
 
-std::string calculate_digest(const std::string &type, const std::string &data);
+// no std::string_view for 'type' as we need it to be nul-terminated
+std::string calculate_digest(const std::string &type, std::string_view data);
 
 }  // namespace opensslpp
 

extra/opensslpp/include/opensslpp/dsa_key.hpp

@@ -21,6 +21,7 @@
 #include <memory>
 #include <ostream>
 #include <string>
+#include <string_view>
 
 #include <opensslpp/dsa_key_fwd.hpp>
 
@@ -68,9 +69,9 @@ class dsa_key final {
   static std::string export_private_pem(const dsa_key &key);
   static std::string export_public_pem(const dsa_key &key);
 
-  static dsa_key import_parameters_pem(const std::string &pem);
-  static dsa_key import_private_pem(const std::string &pem);
-  static dsa_key import_public_pem(const std::string &pem);
+  static dsa_key import_parameters_pem(std::string_view pem);
+  static dsa_key import_private_pem(std::string_view pem);
+  static dsa_key import_public_pem(std::string_view pem);
 
  private:
   // should not be declared final as this prevents optimization for empty

extra/opensslpp/include/opensslpp/dsa_sign_verify_operations.hpp

@@ -18,18 +18,21 @@
 #define OPENSSLPP_DSA_SIGN_VERIFY_OPERATIONS_HPP
 
 #include <string>
+#include <string_view>
 
 #include <opensslpp/dsa_key_fwd.hpp>
 
 namespace opensslpp {
 
+// no std::string_view for 'digest_type' as we need it to be nul-terminated
 std::string sign_with_dsa_private_key(const std::string &digest_type,
-                                      const std::string &digest_data,
+                                      std::string_view digest_data,
                                       const dsa_key &key);
 
+// no std::string_view for 'digest_type' as we need it to be nul-terminated
 bool verify_with_dsa_public_key(const std::string &digest_type,
-                                const std::string &digest_data,
-                                const std::string &signature_data,
+                                std::string_view digest_data,
+                                std::string_view signature_data,
                                 const dsa_key &key);
 
 }  // namespace opensslpp

extra/opensslpp/include/opensslpp/evp_pkey.hpp

@@ -0,0 +1,85 @@
+/* Copyright (c) 2022 Percona LLC and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public License
+   as published by the Free Software Foundation; version 2 of
+   the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */
+
+#ifndef OPENSSLPP_EVP_PKEY_HPP
+#define OPENSSLPP_EVP_PKEY_HPP
+
+#include <cstdint>
+#include <memory>
+#include <ostream>
+#include <string>
+#include <string_view>
+
+#include <opensslpp/evp_pkey_fwd.hpp>
+
+#include <opensslpp/accessor_fwd.hpp>
+#include <opensslpp/evp_pkey_algorithm_fwd.hpp>
+#include <opensslpp/key_generation_cancellation_callback_fwd.hpp>
+
+namespace opensslpp {
+
+class evp_pkey final {
+  friend class accessor<evp_pkey>;
+
+ public:
+  evp_pkey() noexcept = default;
+  ~evp_pkey() noexcept = default;
+
+  evp_pkey(const evp_pkey &obj);
+  evp_pkey(evp_pkey &&obj) noexcept = default;
+
+  evp_pkey &operator=(const evp_pkey &obj);
+  evp_pkey &operator=(evp_pkey &&obj) noexcept = default;
+
+  void swap(evp_pkey &obj) noexcept;
+
+  bool is_empty() const noexcept { return !impl_; }
+  evp_pkey_algorithm get_algorithm() const noexcept;
+  bool is_private() const noexcept;
+  std::size_t get_size_in_bits() const noexcept;
+  std::size_t get_size_in_bytes() const noexcept;
+
+  evp_pkey derive_public_key() const;
+
+  static evp_pkey generate(
+      evp_pkey_algorithm algorithm, std::uint32_t bits,
+      const key_generation_cancellation_callback &cancellation_callback =
+          key_generation_cancellation_callback{});
+
+  static std::string export_private_pem(const evp_pkey &key);
+  static std::string export_public_pem(const evp_pkey &key);
+
+  static evp_pkey import_private_pem(std::string_view pem);
+  static evp_pkey import_public_pem(std::string_view pem);
+
+ private:
+  // should not be declared final as this prevents optimization for empty
+  // deleter in std::unique_ptr
+  struct evp_pkey_deleter {
+    void operator()(void *evp_pkey) const noexcept;
+  };
+
+  using impl_ptr = std::unique_ptr<void, evp_pkey_deleter>;
+  impl_ptr impl_;
+
+  static void validate_if_algorithm_supported(evp_pkey_algorithm algorithm);
+};
+
+std::ostream &operator<<(std::ostream &os, const evp_pkey &obj);
+
+}  // namespace opensslpp
+
+#endif

extra/opensslpp/include/opensslpp/rsa_padding.hpp → extra/opensslpp/include/opensslpp/evp_pkey_algorithm.hpp

@@ -14,14 +14,12 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */
 
-#ifndef OPENSSLPP_RSA_PADDING_HPP
-#define OPENSSLPP_RSA_PADDING_HPP
-
-#include <opensslpp/rsa_padding_fwd.hpp>
+#ifndef OPENSSLPP_EVP_PKEY_ALGORITHM_HPP
+#define OPENSSLPP_EVP_PKEY_ALGORITHM_HPP
 
 namespace opensslpp {
 
-enum class rsa_padding { no, pkcs1 };
+enum class evp_pkey_algorithm { unspecified, rsa, dsa, dh };
 
 }  // namespace opensslpp
 

extra/opensslpp/include/opensslpp/evp_pkey_algorithm_fwd.hpp

@@ -0,0 +1,26 @@
+/* Copyright (c) 2022 Percona LLC and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public License
+   as published by the Free Software Foundation; version 2 of
+   the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */
+
+#ifndef OPENSSLPP_EVP_PKEY_ALGORITHM_FWD_HPP
+#define OPENSSLPP_EVP_PKEY_ALGORITHM_FWD_HPP
+
+namespace opensslpp {
+
+enum class evp_pkey_algorithm;
+
+}  // namespace opensslpp
+
+#endif

extra/opensslpp/include/opensslpp/rsa_padding_fwd.hpp → extra/opensslpp/include/opensslpp/evp_pkey_fwd.hpp

@@ -14,12 +14,12 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */
 
-#ifndef OPENSSLPP_RSA_PADDING_FWD_HPP
-#define OPENSSLPP_RSA_PADDING_FWD_HPP
+#ifndef OPENSSLPP_EVP_PKEY_FWD_HPP
+#define OPENSSLPP_EVP_PKEY_FWD_HPP
 
 namespace opensslpp {
 
-enum class rsa_padding;
+class evp_pkey;
 
 }  // namespace opensslpp
 

extra/opensslpp/include/opensslpp/evp_pkey_sign_verify_operations.hpp

@@ -0,0 +1,43 @@
+/* Copyright (c) 2022 Percona LLC and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public License
+   as published by the Free Software Foundation; version 2 of
+   the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */
+
+#ifndef OPENSSLPP_EVP_PKEY_SIGN_VERIFY_OPERATIONS_HPP
+#define OPENSSLPP_EVP_PKEY_SIGN_VERIFY_OPERATIONS_HPP
+
+#include <string>
+#include <string_view>
+
+#include <opensslpp/evp_pkey_fwd.hpp>
+#include <opensslpp/evp_pkey_signature_padding_fwd.hpp>
+
+namespace opensslpp {
+
+// no std::string_view for 'digest_type' as we need it to be nul-terminated
+std::string sign_with_private_evp_pkey(const std::string &digest_type,
+                                       std::string_view digest_data,
+                                       const evp_pkey &key,
+                                       evp_pkey_signature_padding padding);
+
+// no std::string_view for 'digest_type' as we need it to be nul-terminated
+bool verify_with_public_evp_pkey(const std::string &digest_type,
+                                 std::string_view digest_data,
+                                 std::string_view signature_data,
+                                 const evp_pkey &key,
+                                 evp_pkey_signature_padding padding);
+
+}  // namespace opensslpp
+
+#endif

extra/opensslpp/include/opensslpp/evp_pkey_signature_padding.hpp

@@ -0,0 +1,26 @@
+/* Copyright (c) 2022 Percona LLC and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public License
+   as published by the Free Software Foundation; version 2 of
+   the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */
+
+#ifndef OPENSSLPP_EVP_PKEY_SIGNATURE_PADDING_HPP
+#define OPENSSLPP_EVP_PKEY_SIGNATURE_PADDING_HPP
+
+namespace opensslpp {
+
+enum class evp_pkey_signature_padding { rsa_pkcs1, rsa_pkcs1_pss };
+
+}  // namespace opensslpp
+
+#endif