Oracle DBMS_CRYPTO_FFI
Version 21c

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Undocumented supporting package for the DBMS_CRYPTO API.
AUTHID DEFINER
Constants There are clearly constants in the package and for purposes of HASH and MAC appear to correspond with the constants defined the DBMS_CRYPTO package. Using that same logic, however, fails to produce a successful outcome withe the COOKIE and ENCRYPT functions.
Dependencies
CRYPTO_TOOLKIT_LIBRARY DBMS_CRYPTO  
Documented No
First Available 12.1
Security Model Owned by SYS with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/prvtobtk.plb
Subprograms
COOKIE MAC RANDOM
DECRYPT PKDECRYPT SIGN
ENCRYPT PKENCRYPT VERIFY
HASH   DECRYPT
DECRYPT
DECRYPT
ENCRYPT
ENCRYPT
ENCRYPT
HASH
HASH
HASH
MAC
MAC
MAC
RANDOM
 
COOKIE
Undocumented: And while the demo at right runs getting it to return a value is so far a non-trivial pursuit dbms_crypto_ffi.cookie(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
DECLARE
 rOut             RAW(32767);
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw        RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key            RAW(128) := utl_raw.cast_to_raw('abcdefgh');
BEGIN
  FOR i IN 1 .. 9999 LOOP
    rOut := dbms_crypto_ffi.cookie(l_ccn_raw, i, l_key);
    dbms_output.put_line(rOut);
  END LOOP;
END;
/
 
DECRYPT
Undocumented decryption

Overload 1
dbms_crypto_ffi.decrypt
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.decrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.decrypt(
dst IN OUT CLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
 
ENCRYPT
Undocumented encryption

Overload 1
dbms_crypto_ffi.encrypt(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     CLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
 
HASH
Appears to output a hash based on the raw value provided

Testing has demonstrated that valid values for "typ" are 1 through 6

Overload 1
dbms_crypto_ffi.hash(
dat IN RAW,
typ IN BINARY_INTEGER)
RETURN RAW;
DECLARE
 rOut             RAW(32767);
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw        RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
BEGIN
  FOR i IN 1 .. 6 LOOP
    rOut := dbms_crypto_ffi.hash(l_ccn_raw, i);
    dbms_output.put_line(TO_CHAR(i) || ': ' || rOut);
  END LOOP;
END;
/
Overload 2 dbms_crypto_ffi.hash(
dat IN BLOB,
typ IN BINARY_INTEGER)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.hash(
dat IN CLOB,
typ IN BINARY_INTEGER)
RETURN RAW;
TBD
 
MAC
Appears to output a Message Authentication Code algorithms provide key (mac)

Testing has demonstrated that valid values for "typ" are 1 through 5

Overload 1
dbms_crypto_ffi.mac(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
DECLARE
 rOut             RAW(32767);
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw        RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key            RAW(128) := utl_raw.cast_to_raw('abcdefgh');
BEGIN
  FOR i IN 1 .. 5 LOOP
    rOut := dbms_crypto_ffi.mac(l_ccn_raw, i, l_key);
    dbms_output.put_line(TO_CHAR(i) || ': ' || rOut);
  END LOOP;
END;
/
Overload 2 dbms_crypto_ffi.mac(
dat IN BLOB,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.mac(
dat IN CLOB,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
TBD
 
PKDECRYPT (new 21c)
Decrypts RAW data using a private key assisted with key algorithm and encryption algorithm and returns decrypted data dbms_crypto_ffi.pkDecrypt(
src        IN RAW,
prv_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
enc_alg    IN BINARY_INTEGER)
RETURN RAW;
TBD
 
PKENCRYPT (new 21c)
Encrypts RAW data using a public key assisted with key algorithm and encryption algorithm and returns encrypted data dbms_crypto_ffi.pkEncrypt(
SRC        IN RAW,
PUB_KEY    IN RAW,
PUBKEY_ALG IN BINARY_INTEGER,
ENC_ALG    IN BINARY_INTEGER)
RETURN RAW;
TBD
 
RANDOM
Returns a random raw value based on a numeric input which is probably used as a seed dbms_crypto_ffi.random(num IN BINARY_INTEGER) RETURN RAW;
SELECT dbms_crypto_ffi.random(42)
FROM dual;

DBMS_CRYPTO_FFI.RANDOM(42)
-------------------------------------------------------------------------------------
B2F7BB164058D7D40FA5AA9D183FDE74FD91BFA9B31BB48730EF33F67AC20CBFC8EAAD6E8AF06FA58E59
 
SIGN (new 21c)
Signs RAW data using a private key assisted with key algorithm and sign algorithm, and returns a signature dbms_crypto_ffi.sign(
src        IN RAW,
prv_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
sign_alg   IN BINARY_INTEGER)
RETURN RAW;
TBD
 
VERIFY (new 21c)
Verifies RAW data using the signature, public key assisted with key algorithm, and sign algorithm. It returns TRUE if the signature was verified dbms_crypto_ffi.verify(
src        IN RAW,
sign       IN RAW,
pub_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
sign_alg   IN BINARY_INTEGER)
RETURN BOOLEAN;
TBD

Related Topics
Built-in Functions
Built-in Packages
Security
DBMS_CRYPTO
DBMS_CRYPTO_INTERNAL
DBMS_RANDOM
DBMS_SQLHASH
Transparent Data Encryption (TDE)
UTL_I18N
UTL_RAW
What's New In 19c
What's New In 20c-21c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2021 Daniel A. Morgan All Rights Reserved
  DBSecWorx