Bug #16713 AES_Encrypt / AES_Decrypt functions is low documented
Submitted: 22 Jan 2006 20:23 Modified: 1 May 2006 19:06
Reporter: Yuriy Pavlyutkin Email Updates:
Status: Won't fix Impact on me:
Category:MySQL Server: Documentation Severity:S4 (Feature request)
Version:5.1 OS:Any (All)
Assigned to: Paul Dubois CPU Architecture:Any
Triage: D4 (Minor)

[22 Jan 2006 20:23] Yuriy Pavlyutkin
For encryption compatibility on the server and client sides developer must have full specification of encryption functions. 
 For example, for using AES_Encrypt() / AES_Decrypt such data are necessary:

 Param                         Is specified into MySQL manual
 Block length                                Yes
 Block mode                                  No
 Data padding algorithm                 No
 Key padding algorithm                   No
 IV (Initialization vector)                 No

How to repeat:
 Read manual

Suggested fix:
Param                                        Value
 Block length                              128 bit (16 byte)
 Block mode                                ECB
 Data padding algorithm               as per RFC3369/PKCS#5
 Key padding algorithm                 Zero (0x00) - padded
 IV (Initialization vector)               Doesn't required for ECB block mode
[26 Jan 2006 6:45] Yuriy Pavlyutkin
"as per RFC3369/PKCS#5" :

 Padded by bytes which Asc() equal for number of padded bytes:

For example (bytes in Hex),
XX XX XX XX XX XX XX XX XX XX XX 05 05 05 05 05
[26 Jan 2006 7:51] Valeriy Kravchuk
Thank you for a feature request. You can always look at the code and check, but I agree that these functions should be documented in more details in the manual.
[1 May 2006 19:06] Stefan Hinz
I don't think the MySQL server documentation should go that deep into details. After all, the manual is already 1700 pages long today ...
[25 Feb 2008 22:48] Robin Daugherty
The length of the manual is irrelevant.  It is a set of web pages which are the only reference we can use to find information about this extremely important part of our infrastructure.  We don't read it from beginning to end, we don't print it, we search for the information we need and read the relevant article.  This is relevant and important information, and it's not acceptable to expect users to read the source code to get this information.
[20 Aug 2012 13:18] Christopher Yeleighton
AES_ENCRYPT is called from Item_func_aes_encrypt::val_str (sql/item_strfunc.cc).
It calls my_aes_encrypt (mysys/my_aes.c).
It converts the key to a Rijndael key using my_aes_create_key.
The key is broken into rows of equal width, the last row padded with 0.
The Rijndael key is XOR of the rows.
That probably means that keys longer than 16 (or 32) bytes 
are equivalent to shorter keys that are a result of this transformation.
In particular, 
AES_ENCRYPT ('abcd', '0123456789012345\0') 
== AES_ENCRYPT ('abcd', '\01234567890123450')
[30 Aug 2012 8:09] Christopher Yeleighton
It also probably means that everything is CAST to string before encryption.
[29 Mar 2014 10:06] Daniƫl van Eeden
There was a lot of progress on this bug.