Database Reference
In-Depth Information
Listing 11-19.
Hard-Code Key Version
AS
crypt_raw RAW(32767) := NULL;
app_ver v_application_key.key_version%TYPE := 4
;
app_key v_application_key.key_bytes%TYPE;
iv RAW(16);
BEGIN
SELECT key_bytes INTO app_key FROM v_application_key WHERE key_version = app_ver
;
app_key
is like the cup with the marble under it in that three-cups concentration betting game. The
code is quicker than the eye. We are going to process the bytes of the
app_key
. The first process we
perform is to take the
class_version
and concatenate with the string “SufficientLength”. Then, as shown
in Listing 11-20, we
XOR
the
app_key
with that concatenated string. Perhaps only the first 20 or so bytes of
app_key
are modified by
XOR
.
Note
We have just made this process unique to the specific version of the specific application (the one
presenting the inner class).
Listing 11-20.
XOR the Key with the Class Version and Get MD5 Hash of Key
app_key := SYS.UTL_RAW.BIT_XOR( app_key,
SYS.UTL_RAW.CAST_TO_RAW(m_class_version||'SufficientLength') );
app_key := SYS.DBMS_CRYPTO.HASH( app_key, SYS.DBMS_CRYPTO.HASH_MD5 );
app_key := SYS.UTL_RAW.CONCAT( app_key, app_key );
Our next process sets
app_key
equal to the Message Digest (MD5) hash of
app_key
. Listing 11-20
shows this. MD5 is a one-way hash algorithm that creates a 16-byte (128-bit) hash representing the
initial value. Any modification to the initial value will cause the hash to change, and if the initial value
doesn't change, MD5 will always calculate the same hash. Then, to get 32-byte key, we set
app_key
equal
to the concatenation of two of the MD5 hashes.
For the encryption algorithm we will be using, we will also need a 16-byte
RAW
initialization vector
(IV). We are going again to make this function
specific to the application
by using the application inner
class name as part of the IV. See Listing 11-21. Actually, we concatenate the
class_name
with the string
“SufficientLength,” cast that to a
RAW
, and get the first 16 bytes as the IV.
Listing 11-21.
Get Initialization Vector with Class Name and Call DBMS_CRYPTO.ENCRYPT
iv := SYS.UTL_RAW.SUBSTR(
SYS.UTL_RAW.CAST_TO_RAW(m_class_name||'SufficientLength'), 0, 16 );
crypt_raw := SYS.DBMS_CRYPTO.ENCRYPT( clear_raw,
SYS.DBMS_CRYPTO.ENCRYPT_AES256 + SYS.DBMS_CRYPTO.CHAIN_CBC +
SYS.DBMS_CRYPTO.PAD_PKCS5, app_key, iv );
RETURN crypt_raw;
END f_mask;