/src/duckdb/third_party/mbedtls/include/mbedtls_wrapper.hpp

Source
//===----------------------------------------------------------------------===//
//                         DuckDB
//
// mbedtls_wrapper.hpp
//
//
//===----------------------------------------------------------------------===//

#pragma once

#include "duckdb/common/optional_ptr.hpp"
#include "duckdb/common/typedefs.hpp"
#include "duckdb/common/encryption_state.hpp"

#include <string>

typedef struct mbedtls_cipher_context_t mbedtls_cipher_context_t;
typedef struct mbedtls_cipher_info_t mbedtls_cipher_info_t;

namespace duckdb_mbedtls {



class MbedTlsWrapper {
public:
  static void ComputeSha256Hash(const char *in, size_t in_len, char *out);
  static std::string ComputeSha256Hash(const std::string &file_content);
  static bool IsValidSha256Signature(const std::string &pubkey, const std::string &signature,
                                     const std::string &sha256_hash);
  static void Hmac256(const char *key, size_t key_len, const char *message, size_t message_len, char *out);
  static void ToBase16(char *in, char *out, size_t len);

  static constexpr size_t SHA256_HASH_LENGTH_BYTES = 32;
  static constexpr size_t SHA256_HASH_LENGTH_TEXT = 64;

  class SHA256State {
  public:
    SHA256State();
    ~SHA256State();
    void AddString(const std::string &str);
    void AddBytes(duckdb::data_ptr_t input_bytes, duckdb::idx_t len);
    void AddBytes(duckdb::const_data_ptr_t input_bytes, duckdb::idx_t len);
    void AddSalt(unsigned char *salt, size_t salt_len);
    std::string Finalize();
    void FinishHex(char *out);
    void FinalizeDerivedKey(duckdb::data_ptr_t hash);

  private:
    void *sha_context;
  };

  static constexpr size_t SHA1_HASH_LENGTH_BYTES = 20;
  static constexpr size_t SHA1_HASH_LENGTH_TEXT = 40;

  class SHA1State {
  public:
    SHA1State();
    ~SHA1State();
    void AddString(const std::string &str);
    std::string Finalize();
    void FinishHex(char *out);

  private:
    void *sha_context;
  };

class AESStateMBEDTLS : public duckdb::EncryptionState {
  public:
    DUCKDB_API explicit AESStateMBEDTLS(duckdb::EncryptionTypes::CipherType cipher_p, duckdb::idx_t key_len);
    DUCKDB_API ~AESStateMBEDTLS() override;

  public:
    DUCKDB_API void InitializeEncryption(duckdb::const_data_ptr_t iv, duckdb::idx_t iv_len, duckdb::const_data_ptr_t key, duckdb::idx_t key_len, duckdb::const_data_ptr_t aad, duckdb::idx_t aad_len) override;
    DUCKDB_API void InitializeDecryption(duckdb::const_data_ptr_t iv, duckdb::idx_t iv_len, duckdb::const_data_ptr_t key, duckdb::idx_t key_len, duckdb::const_data_ptr_t aad, duckdb::idx_t aad_len) override;

    DUCKDB_API size_t Process(duckdb::const_data_ptr_t in, duckdb::idx_t in_len, duckdb::data_ptr_t out,
                              duckdb::idx_t out_len) override;
    DUCKDB_API size_t Finalize(duckdb::data_ptr_t out, duckdb::idx_t out_len, duckdb::data_ptr_t tag, duckdb::idx_t tag_len) override;

    DUCKDB_API static void GenerateRandomDataStatic(duckdb::data_ptr_t data, duckdb::idx_t len);
    DUCKDB_API void GenerateRandomData(duckdb::data_ptr_t data, duckdb::idx_t len) override;
    DUCKDB_API void FinalizeGCM(duckdb::data_ptr_t tag, duckdb::idx_t tag_len);
    DUCKDB_API const mbedtls_cipher_info_t *GetCipher(size_t key_len);
    DUCKDB_API static void SecureClearData(duckdb::data_ptr_t data, duckdb::idx_t len);

  private:
    DUCKDB_API void InitializeInternal(duckdb::const_data_ptr_t iv, duckdb::idx_t iv_len, duckdb::const_data_ptr_t aad, duckdb::idx_t aad_len);

  private:
    duckdb::EncryptionTypes::Mode mode;
    duckdb::unique_ptr<mbedtls_cipher_context_t> context;
  };

  class AESStateMBEDTLSFactory : public duckdb::EncryptionUtil {

  public:
    duckdb::shared_ptr<duckdb::EncryptionState> CreateEncryptionState(duckdb::EncryptionTypes::CipherType cipher_p, duckdb::idx_t key_len = 0) const override {
      return duckdb::make_shared_ptr<MbedTlsWrapper::AESStateMBEDTLS>(cipher_p, key_len);
    }

    ~AESStateMBEDTLSFactory() override {} //

    DUCKDB_API bool SupportsEncryption() override {
      return false;
    }
  };
};

} // namespace duckdb_mbedtls

Line	Count	Source
1		//===----------------------------------------------------------------------===//
2		// DuckDB
3		//
4		// mbedtls_wrapper.hpp
5		//
6		//
7		//===----------------------------------------------------------------------===//
8
9		#pragma once
10
11		#include "duckdb/common/optional_ptr.hpp"
12		#include "duckdb/common/typedefs.hpp"
13		#include "duckdb/common/encryption_state.hpp"
14
15		#include <string>
16
17		typedef struct mbedtls_cipher_context_t mbedtls_cipher_context_t;
18		typedef struct mbedtls_cipher_info_t mbedtls_cipher_info_t;
19
20		namespace duckdb_mbedtls {
21
22
23
24		class MbedTlsWrapper {
25		public:
26		static void ComputeSha256Hash(const char in, size_t in_len, char out);
27		static std::string ComputeSha256Hash(const std::string &file_content);
28		static bool IsValidSha256Signature(const std::string &pubkey, const std::string &signature,
29		const std::string &sha256_hash);
30		static void Hmac256(const char key, size_t key_len, const char message, size_t message_len, char *out);
31		static void ToBase16(char in, char out, size_t len);
32
33		static constexpr size_t SHA256_HASH_LENGTH_BYTES = 32;
34		static constexpr size_t SHA256_HASH_LENGTH_TEXT = 64;
35
36		class SHA256State {
37		public:
38		SHA256State();
39		~SHA256State();
40		void AddString(const std::string &str);
41		void AddBytes(duckdb::data_ptr_t input_bytes, duckdb::idx_t len);
42		void AddBytes(duckdb::const_data_ptr_t input_bytes, duckdb::idx_t len);
43		void AddSalt(unsigned char *salt, size_t salt_len);
44		std::string Finalize();
45		void FinishHex(char *out);
46		void FinalizeDerivedKey(duckdb::data_ptr_t hash);
47
48		private:
49		void *sha_context;
50		};
51
52		static constexpr size_t SHA1_HASH_LENGTH_BYTES = 20;
53		static constexpr size_t SHA1_HASH_LENGTH_TEXT = 40;
54
55		class SHA1State {
56		public:
57		SHA1State();
58		~SHA1State();
59		void AddString(const std::string &str);
60		std::string Finalize();
61		void FinishHex(char *out);
62
63		private:
64		void *sha_context;
65		};
66
67		class AESStateMBEDTLS : public duckdb::EncryptionState {
68		public:
69		DUCKDB_API explicit AESStateMBEDTLS(duckdb::EncryptionTypes::CipherType cipher_p, duckdb::idx_t key_len);
70		DUCKDB_API ~AESStateMBEDTLS() override;
71
72		public:
73		DUCKDB_API void InitializeEncryption(duckdb::const_data_ptr_t iv, duckdb::idx_t iv_len, duckdb::const_data_ptr_t key, duckdb::idx_t key_len, duckdb::const_data_ptr_t aad, duckdb::idx_t aad_len) override;
74		DUCKDB_API void InitializeDecryption(duckdb::const_data_ptr_t iv, duckdb::idx_t iv_len, duckdb::const_data_ptr_t key, duckdb::idx_t key_len, duckdb::const_data_ptr_t aad, duckdb::idx_t aad_len) override;
75
76		DUCKDB_API size_t Process(duckdb::const_data_ptr_t in, duckdb::idx_t in_len, duckdb::data_ptr_t out,
77		duckdb::idx_t out_len) override;
78		DUCKDB_API size_t Finalize(duckdb::data_ptr_t out, duckdb::idx_t out_len, duckdb::data_ptr_t tag, duckdb::idx_t tag_len) override;
79
80		DUCKDB_API static void GenerateRandomDataStatic(duckdb::data_ptr_t data, duckdb::idx_t len);
81		DUCKDB_API void GenerateRandomData(duckdb::data_ptr_t data, duckdb::idx_t len) override;
82		DUCKDB_API void FinalizeGCM(duckdb::data_ptr_t tag, duckdb::idx_t tag_len);
83		DUCKDB_API const mbedtls_cipher_info_t *GetCipher(size_t key_len);
84		DUCKDB_API static void SecureClearData(duckdb::data_ptr_t data, duckdb::idx_t len);
85
86		private:
87		DUCKDB_API void InitializeInternal(duckdb::const_data_ptr_t iv, duckdb::idx_t iv_len, duckdb::const_data_ptr_t aad, duckdb::idx_t aad_len);
88
89		private:
90		duckdb::EncryptionTypes::Mode mode;
91		duckdb::unique_ptr<mbedtls_cipher_context_t> context;
92		};
93
94		class AESStateMBEDTLSFactory : public duckdb::EncryptionUtil {
95
96		public:
97	0	duckdb::shared_ptr<duckdb::EncryptionState> CreateEncryptionState(duckdb::EncryptionTypes::CipherType cipher_p, duckdb::idx_t key_len = 0) const override {
98	0	return duckdb::make_shared_ptr<MbedTlsWrapper::AESStateMBEDTLS>(cipher_p, key_len);
99	0	}
100
101	0	~AESStateMBEDTLSFactory() override {} //
102
103	0	DUCKDB_API bool SupportsEncryption() override {
104	0	return false;
105	0	}
106		};
107		};
108
109		} // namespace duckdb_mbedtls

Coverage Report

Created: 2026-01-31 08:06