I am tasked to do two Oracle functions which achieves the following:
The CLOB data is question is huge and the functions should take care of that.
I am able to get through the first function and it works well i.e. encrypting the CLOB, with huge data:
create or replace
function F_ENCRYPT_CLOB (ac_input IN CLOB) return CLOB is
l_clob CLOB;
lb_variable BLOB;
v_key RAW (320);
v_encryption_type PLS_INTEGER := DBMS_CRYPTO.AES_CBC_PKCS5;
v_iv RAW (320);
l_dest_offset PLS_INTEGER := 1;
l_src_offset PLS_INTEGER := 1;
l_lang_context PLS_INTEGER := DBMS_LOB.default_lang_ctx;
l_warning PLS_INTEGER;
l_step PLS_INTEGER := 1998;
begin
SELECT VALUE
INTO v_key
FROM algparameters
WHERE name = 'key';
SELECT VALUE
INTO v_iv
FROM algparameters
WHERE name = 'iv';
dbms_lob.createtemporary(lb_variable, true);
sys.DBMS_CRYPTO.ENCRYPT(
dst => lb_variable,
src => ac_input,
typ => v_encryption_type,
key => v_key,
iv => v_iv
);
DBMS_LOB.createTemporary(
lob_loc => l_clob,
cache => TRUE);
FOR i IN 0 .. TRUNC((DBMS_LOB.getlength(lb_variable) - 1 )/l_step) LOOP
l_clob := l_clob || UTL_RAW.cast_to_varchar2(UTL_ENCODE.base64_encode(DBMS_LOB.substr(lb_variable, l_step, i * l_step + 1)));
END LOOP;
RETURN l_clob;
end F_ENCRYPT_CLOB;
But I am facing issues while decrypting the previously encrypted value using similar steps:
create or replace
function F_DECRYPT_CLOB (ac_input IN CLOB) return CLOB is
lb_variable CLOB;
l_blob BLOB;
v_key RAW (320);
v_encryption_type PLS_INTEGER := DBMS_CRYPTO.AES_CBC_PKCS5;
v_iv RAW (320);
l_dest_offset PLS_INTEGER := 1;
l_src_offset PLS_INTEGER := 1;
l_lang_context PLS_INTEGER := DBMS_LOB.default_lang_ctx;
l_warning PLS_INTEGER;
l_raw RAW(32767);
l_amt NUMBER := 7700;
l_offset NUMBER := 1;
l_temp VARCHAR2(32767);
l_step PLS_INTEGER := 7700;
begin
SELECT VALUE
INTO v_key
FROM algparameters
WHERE name = 'key';
SELECT VALUE
INTO v_iv
FROM algparameters
WHERE name = 'iv';
dbms_lob.createtemporary(l_blob, true);
FOR i IN 0 .. TRUNC((DBMS_LOB.getlength(ac_input) - 1 )/l_amt) LOOP
DBMS_LOB.read(ac_input, l_amt, l_offset, l_temp);
l_offset := l_offset + l_amt;
l_raw := UTL_ENCODE.base64_decode(l_temp);
DBMS_LOB.append (l_blob, TO_BLOB(l_raw));
END LOOP;
dbms_lob.createtemporary(lb_variable, true);
sys.DBMS_CRYPTO.DECRYPT(
dst => lb_variable,
src => l_blob,
typ => v_encryption_type,--dbms_crypto.des_cbc_pkcs5,
key => v_key,
iv => v_iv
);
return lb_variable;
end F_DECRYPT_CLOB;
The error it is throwing is:
ORA-06502: PL/SQL: numeric or value error: hex to raw conversion error
ORA-06512: at "SN_PRE_STAGE_415.F_DECRYPT_CLOB", line 33
06502. 00000 - "PL/SQL: numeric or value error%s"
*Cause:
*Action:
The error is coming from line 33, which is:
l_raw := UTL_ENCODE.base64_decode(l_temp);
The base64_decode function expects a RAW argument, so you could convert the string you have now:
l_raw := UTL_ENCODE.base64_decode(UTL_RAW.cast_to_raw(l_temp));
i.e.
FOR i IN 0 .. TRUNC((DBMS_LOB.getlength(ac_input) - 1 )/l_amt) LOOP
DBMS_LOB.read(ac_input, l_amt, l_offset, l_temp);
l_offset := l_offset + l_amt;
l_raw := UTL_ENCODE.base64_decode(UTL_RAW.cast_to_raw(l_temp));
DBMS_LOB.append (l_blob, TO_BLOB(l_raw));
END LOOP;
Now it is throwing this
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 110
ORA-06512: at "SYS.DBMS_CRYPTO", line 64
ORA-06512: at "STACKOVERFLOW.F_DECRYPT_CLOB", line 39
Your base-64 string has line breaks; those are throwing out the decode. You could use a smaller chunk size, with l_amt = 64, and skip over the line breaks:
FOR i IN 0 .. TRUNC((DBMS_LOB.getlength(ac_input) - 1 )/(l_amt + 2)) LOOP
DBMS_LOB.read(ac_input, l_amt, l_offset, l_temp);
l_offset := l_offset + l_amt + 2;
but it's probably simpler and more efficient to strip them all in one go, via a new l_clob variable:
create or replace
function F_DECRYPT_CLOB (ac_input IN CLOB) return CLOB is
lb_variable CLOB;
l_clob CLOB;
l_blob BLOB;
...
begin
...
dbms_lob.createtemporary(l_blob, true);
l_clob := replace(replace(ac_input, chr(13), null), chr(10), null);
FOR i IN 0 .. TRUNC((DBMS_LOB.getlength(l_clob) - 1 )/l_amt) LOOP
DBMS_LOB.read(l_clob, l_amt, l_offset, l_temp);
l_offset := l_offset + l_amt;
l_raw := UTL_ENCODE.base64_decode(utl_raw.cast_to_raw(l_temp));
DBMS_LOB.append (l_blob, TO_BLOB(l_raw));
END LOOP;
...
end F_DECRYPT_CLOB;
/
In full:
create or replace
function F_DECRYPT_CLOB (ac_input IN CLOB) return CLOB is
lb_variable CLOB;
l_clob CLOB;
l_blob BLOB;
v_key RAW (320);
v_encryption_type PLS_INTEGER := DBMS_CRYPTO.AES_CBC_PKCS5;
v_iv RAW (320);
l_dest_offset PLS_INTEGER := 1;
l_src_offset PLS_INTEGER := 1;
l_lang_context PLS_INTEGER := DBMS_LOB.default_lang_ctx;
l_warning PLS_INTEGER;
l_raw RAW(32767);
l_amt NUMBER := 7700;
l_offset NUMBER := 1;
l_temp VARCHAR2(32767);
l_step PLS_INTEGER := 7700;
begin
SELECT VALUE
INTO v_key
FROM algparameters
WHERE name = 'key';
SELECT VALUE
INTO v_iv
FROM algparameters
WHERE name = 'iv';
dbms_lob.createtemporary(l_blob, true);
l_clob := replace(replace(ac_input, chr(13), null), chr(10), null);
FOR i IN 0 .. TRUNC((DBMS_LOB.getlength(l_clob) - 1 )/l_amt) LOOP
DBMS_LOB.read(l_clob, l_amt, l_offset, l_temp);
l_offset := l_offset + l_amt;
l_raw := UTL_ENCODE.base64_decode(utl_raw.cast_to_raw(l_temp));
DBMS_LOB.append (l_blob, TO_BLOB(l_raw));
END LOOP;
dbms_lob.createtemporary(lb_variable, true);
sys.DBMS_CRYPTO.DECRYPT(
dst => lb_variable,
src => l_blob,
typ => v_encryption_type,--dbms_crypto.des_cbc_pkcs5,
key => v_key,
iv => v_iv
);
return lb_variable;
end F_DECRYPT_CLOB;
/