Oracle DBMS_CRYPTO_FFI
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Undocumented supporting package for the DBMS_CRYPTO API.
AUTHID DEFINER
Constants There are clearly constants in the package and for purposes of HASH and MAC appear to correspond with the constants defined the DBMS_CRYPTO package. Using that same logic, however, fails to produce a successful outcome withe the COOKIE and ENCRYPT functions.
Dependencies
CRYPTO_TOOLKIT_LIBRARY DBMS_CRYPTO  
Documented No
First Available 12.1
Security Model Owned by SYS with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/prvtobtk.plb
Subprograms
COOKIE MAC RANDOM
DECRYPT PKDECRYPT SIGN
ENCRYPT PKENCRYPT VERIFY
HASH   DECRYPT
DECRYPT
DECRYPT
ENCRYPT
ENCRYPT
ENCRYPT
HASH
HASH
HASH
MAC
MAC
MAC
RANDOM
 
COOKIE
Undocumented: And while the demo at right runs getting it to return a value is so far a non-trivial pursuit dbms_crypto_ffi.cookie(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
DECLARE
 rOut             RAW(32767);
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw        RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key            RAW(128) := utl_raw.cast_to_raw('abcdefgh');
BEGIN
  FOR i IN 1 .. 9999 LOOP
    rOut := dbms_crypto_ffi.cookie(l_ccn_raw, i, l_key);
    dbms_output.put_line(rOut);
  END LOOP;
END;
/
 
DECRYPT
Undocumented decryption

Overload 1		 dbms_crypto_ffi.decrypt
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.decrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.decrypt(
dst IN OUT CLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
 
ENCRYPT
Undocumented encryption

Overload 1		 dbms_crypto_ffi.encrypt(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     CLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
 
HASH
Appears to output a hash based on the raw value provided

Testing has demonstrated that valid values for "typ" are 1 through 6

Overload 1		 dbms_crypto_ffi.hash(
dat IN RAW,
typ IN BINARY_INTEGER)
RETURN RAW;
DECLARE
 rOut             RAW(32767);
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw        RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
BEGIN
  FOR i IN 1 .. 6 LOOP
    rOut := dbms_crypto_ffi.hash(l_ccn_raw, i);
    dbms_output.put_line(TO_CHAR(i) || ': ' || rOut);
  END LOOP;
END;
/
Overload 2 dbms_crypto_ffi.hash(
dat IN BLOB,
typ IN BINARY_INTEGER)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.hash(
dat IN CLOB,
typ IN BINARY_INTEGER)
RETURN RAW;
TBD
 
MAC
Appears to output a Message Authentication Code algorithms provide key (mac)

Testing has demonstrated that valid values for "typ" are 1 through 5

Overload 1		 dbms_crypto_ffi.mac(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
DECLARE
 rOut             RAW(32767);
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw        RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key            RAW(128) := utl_raw.cast_to_raw('abcdefgh');
BEGIN
  FOR i IN 1 .. 5 LOOP
    rOut := dbms_crypto_ffi.mac(l_ccn_raw, i, l_key);
    dbms_output.put_line(TO_CHAR(i) || ': ' || rOut);
  END LOOP;
END;
/
Overload 2 dbms_crypto_ffi.mac(
dat IN BLOB,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.mac(
dat IN CLOB,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
TBD
 
PKDECRYPT (new 21c)
Decrypts RAW data using a private key assisted with key algorithm and encryption algorithm and returns decrypted data dbms_crypto_ffi.pkDecrypt(
src        IN RAW,
prv_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
enc_alg    IN BINARY_INTEGER)
RETURN RAW;
TBD
 
PKENCRYPT (new 21c)
Encrypts RAW data using a public key assisted with key algorithm and encryption algorithm and returns encrypted data dbms_crypto_ffi.pkEncrypt(
SRC        IN RAW,
PUB_KEY    IN RAW,
PUBKEY_ALG IN BINARY_INTEGER,
ENC_ALG    IN BINARY_INTEGER)
RETURN RAW;
TBD
 
RANDOM
Returns a random raw value based on a numeric input which is probably used as a seed dbms_crypto_ffi.random(num IN BINARY_INTEGER) RETURN RAW;
SELECT dbms_crypto_ffi.random(42)
FROM dual;

DBMS_CRYPTO_FFI.RANDOM(42)
-------------------------------------------------------------------------------------
B2F7BB164058D7D40FA5AA9D183FDE74FD91BFA9B31BB48730EF33F67AC20CBFC8EAAD6E8AF06FA58E59
 
SIGN (new 21c)
Signs RAW data using a private key assisted with key algorithm and sign algorithm, and returns a signature dbms_crypto_ffi.sign(
src        IN RAW,
prv_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
sign_alg   IN BINARY_INTEGER)
RETURN RAW;
TBD
 
VERIFY (new 21c)
Verifies RAW data using the signature, public key assisted with key algorithm, and sign algorithm. It returns TRUE if the signature was verified dbms_crypto_ffi.verify(
src        IN RAW,
sign       IN RAW,
pub_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
sign_alg   IN BINARY_INTEGER)
RETURN BOOLEAN;
TBD

Related Topics
Built-in Functions
Built-in Packages
Security
DBMS_CRYPTO
DBMS_CRYPTO_INTERNAL
DBMS_RANDOM
DBMS_SQLHASH
Transparent Data Encryption (TDE)
UTL_I18N
UTL_RAW
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx