mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
renames to follow single consistent naming style
with namespace prefixes
This commit is contained in:
Sergei Golubchik
@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
|
|||||||
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
||||||
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
||||||
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
||||||
#include <mysql/service_encryption_keys.h>
|
#include <mysql/service_encryption.h>
|
||||||
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||||
unsigned char* dst, unsigned int* dlen,
|
unsigned char* dst, unsigned int* dlen,
|
||||||
const unsigned char* key, unsigned int klen,
|
const unsigned char* key, unsigned int klen,
|
||||||
const unsigned char* iv, unsigned int ivlen,
|
const unsigned char* iv, unsigned int ivlen,
|
||||||
int no_padding, unsigned int key_version);
|
int no_padding, unsigned int key_version);
|
||||||
struct encryption_keys_service_st {
|
struct encryption_service_st {
|
||||||
unsigned int (*get_latest_encryption_key_version_func)();
|
unsigned int (*encryption_key_get_latest_version_func)();
|
||||||
unsigned int (*has_encryption_key_func)(unsigned int);
|
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||||
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
|
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||||
encrypt_decrypt_func encrypt_data_func;
|
encrypt_decrypt_func encryption_encrypt_func;
|
||||||
encrypt_decrypt_func decrypt_data_func;
|
encrypt_decrypt_func encryption_decrypt_func;
|
||||||
};
|
};
|
||||||
extern struct encryption_keys_service_st encryption_keys_handler;
|
extern struct encryption_service_st encryption_handler;
|
||||||
struct st_mysql_xid {
|
struct st_mysql_xid {
|
||||||
long formatID;
|
long formatID;
|
||||||
long gtrid_length;
|
long gtrid_length;
|
||||||
|
|||||||
@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
|
|||||||
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
||||||
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
||||||
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
||||||
#include <mysql/service_encryption_keys.h>
|
#include <mysql/service_encryption.h>
|
||||||
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||||
unsigned char* dst, unsigned int* dlen,
|
unsigned char* dst, unsigned int* dlen,
|
||||||
const unsigned char* key, unsigned int klen,
|
const unsigned char* key, unsigned int klen,
|
||||||
const unsigned char* iv, unsigned int ivlen,
|
const unsigned char* iv, unsigned int ivlen,
|
||||||
int no_padding, unsigned int key_version);
|
int no_padding, unsigned int key_version);
|
||||||
struct encryption_keys_service_st {
|
struct encryption_service_st {
|
||||||
unsigned int (*get_latest_encryption_key_version_func)();
|
unsigned int (*encryption_key_get_latest_version_func)();
|
||||||
unsigned int (*has_encryption_key_func)(unsigned int);
|
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||||
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
|
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||||
encrypt_decrypt_func encrypt_data_func;
|
encrypt_decrypt_func encryption_encrypt_func;
|
||||||
encrypt_decrypt_func decrypt_data_func;
|
encrypt_decrypt_func encryption_decrypt_func;
|
||||||
};
|
};
|
||||||
extern struct encryption_keys_service_st encryption_keys_handler;
|
extern struct encryption_service_st encryption_handler;
|
||||||
struct st_mysql_xid {
|
struct st_mysql_xid {
|
||||||
long formatID;
|
long formatID;
|
||||||
long gtrid_length;
|
long gtrid_length;
|
||||||
|
|||||||
@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
|
|||||||
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
||||||
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
||||||
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
||||||
#include <mysql/service_encryption_keys.h>
|
#include <mysql/service_encryption.h>
|
||||||
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||||
unsigned char* dst, unsigned int* dlen,
|
unsigned char* dst, unsigned int* dlen,
|
||||||
const unsigned char* key, unsigned int klen,
|
const unsigned char* key, unsigned int klen,
|
||||||
const unsigned char* iv, unsigned int ivlen,
|
const unsigned char* iv, unsigned int ivlen,
|
||||||
int no_padding, unsigned int key_version);
|
int no_padding, unsigned int key_version);
|
||||||
struct encryption_keys_service_st {
|
struct encryption_service_st {
|
||||||
unsigned int (*get_latest_encryption_key_version_func)();
|
unsigned int (*encryption_key_get_latest_version_func)();
|
||||||
unsigned int (*has_encryption_key_func)(unsigned int);
|
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||||
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
|
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||||
encrypt_decrypt_func encrypt_data_func;
|
encrypt_decrypt_func encryption_encrypt_func;
|
||||||
encrypt_decrypt_func decrypt_data_func;
|
encrypt_decrypt_func encryption_decrypt_func;
|
||||||
};
|
};
|
||||||
extern struct encryption_keys_service_st encryption_keys_handler;
|
extern struct encryption_service_st encryption_handler;
|
||||||
struct st_mysql_xid {
|
struct st_mysql_xid {
|
||||||
long formatID;
|
long formatID;
|
||||||
long gtrid_length;
|
long gtrid_length;
|
||||||
|
|||||||
@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
|
|||||||
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
||||||
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
||||||
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
||||||
#include <mysql/service_encryption_keys.h>
|
#include <mysql/service_encryption.h>
|
||||||
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||||
unsigned char* dst, unsigned int* dlen,
|
unsigned char* dst, unsigned int* dlen,
|
||||||
const unsigned char* key, unsigned int klen,
|
const unsigned char* key, unsigned int klen,
|
||||||
const unsigned char* iv, unsigned int ivlen,
|
const unsigned char* iv, unsigned int ivlen,
|
||||||
int no_padding, unsigned int key_version);
|
int no_padding, unsigned int key_version);
|
||||||
struct encryption_keys_service_st {
|
struct encryption_service_st {
|
||||||
unsigned int (*get_latest_encryption_key_version_func)();
|
unsigned int (*encryption_key_get_latest_version_func)();
|
||||||
unsigned int (*has_encryption_key_func)(unsigned int);
|
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||||
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
|
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||||
encrypt_decrypt_func encrypt_data_func;
|
encrypt_decrypt_func encryption_encrypt_func;
|
||||||
encrypt_decrypt_func decrypt_data_func;
|
encrypt_decrypt_func encryption_decrypt_func;
|
||||||
};
|
};
|
||||||
extern struct encryption_keys_service_st encryption_keys_handler;
|
extern struct encryption_service_st encryption_handler;
|
||||||
struct st_mysql_xid {
|
struct st_mysql_xid {
|
||||||
long formatID;
|
long formatID;
|
||||||
long gtrid_length;
|
long gtrid_length;
|
||||||
|
|||||||
@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
|
|||||||
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
||||||
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
||||||
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
||||||
#include <mysql/service_encryption_keys.h>
|
#include <mysql/service_encryption.h>
|
||||||
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||||
unsigned char* dst, unsigned int* dlen,
|
unsigned char* dst, unsigned int* dlen,
|
||||||
const unsigned char* key, unsigned int klen,
|
const unsigned char* key, unsigned int klen,
|
||||||
const unsigned char* iv, unsigned int ivlen,
|
const unsigned char* iv, unsigned int ivlen,
|
||||||
int no_padding, unsigned int key_version);
|
int no_padding, unsigned int key_version);
|
||||||
struct encryption_keys_service_st {
|
struct encryption_service_st {
|
||||||
unsigned int (*get_latest_encryption_key_version_func)();
|
unsigned int (*encryption_key_get_latest_version_func)();
|
||||||
unsigned int (*has_encryption_key_func)(unsigned int);
|
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||||
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
|
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||||
encrypt_decrypt_func encrypt_data_func;
|
encrypt_decrypt_func encryption_encrypt_func;
|
||||||
encrypt_decrypt_func decrypt_data_func;
|
encrypt_decrypt_func encryption_decrypt_func;
|
||||||
};
|
};
|
||||||
extern struct encryption_keys_service_st encryption_keys_handler;
|
extern struct encryption_service_st encryption_handler;
|
||||||
struct st_mysql_xid {
|
struct st_mysql_xid {
|
||||||
long formatID;
|
long formatID;
|
||||||
long gtrid_length;
|
long gtrid_length;
|
||||||
|
|||||||
78
include/mysql/service_encryption.h
Normal file
78
include/mysql/service_encryption.h
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
#ifndef MYSQL_SERVICE_ENCRYPTION_INCLUDED
|
||||||
|
/* Copyright (c) 2015, MariaDB
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; version 2 of the License.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
|
||||||
|
|
||||||
|
/**
|
||||||
|
@file
|
||||||
|
encryption service
|
||||||
|
|
||||||
|
Functions to support data encryption and encryption key management.
|
||||||
|
They are normally implemented in an encryption plugin, so this service
|
||||||
|
connects encryption *consumers* (storage engines) to the encryption
|
||||||
|
*provider* (encryption plugin).
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* returned from encryption_key_get_latest_version() */
|
||||||
|
#define ENCRYPTION_KEY_VERSION_INVALID (~(unsigned int)0)
|
||||||
|
#define ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED (0)
|
||||||
|
|
||||||
|
/* returned from encryption_key_get() */
|
||||||
|
#define ENCRYPTION_KEY_BUFFER_TOO_SMALL (100)
|
||||||
|
|
||||||
|
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||||
|
unsigned char* dst, unsigned int* dlen,
|
||||||
|
const unsigned char* key, unsigned int klen,
|
||||||
|
const unsigned char* iv, unsigned int ivlen,
|
||||||
|
int no_padding, unsigned int key_version);
|
||||||
|
|
||||||
|
struct encryption_service_st {
|
||||||
|
unsigned int (*encryption_key_get_latest_version_func)();
|
||||||
|
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||||
|
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||||
|
encrypt_decrypt_func encryption_encrypt_func;
|
||||||
|
encrypt_decrypt_func encryption_decrypt_func;
|
||||||
|
};
|
||||||
|
|
||||||
|
#ifdef MYSQL_DYNAMIC_PLUGIN
|
||||||
|
|
||||||
|
extern struct encryption_service_st *encryption_service;
|
||||||
|
|
||||||
|
#define encryption_key_get_latest_version() encryption_service->encryption_key_get_latest_version_func()
|
||||||
|
#define encryption_key_exists(V) encryption_service->encryption_key_exists_func(V)
|
||||||
|
#define encryption_key_get(V,K,S) encryption_service->encryption_key_get_func((V), (K), (S))
|
||||||
|
#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
||||||
|
#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
||||||
|
#else
|
||||||
|
|
||||||
|
extern struct encryption_service_st encryption_handler;
|
||||||
|
|
||||||
|
#define encryption_key_get_latest_version() encryption_handler.encryption_key_get_latest_version_func()
|
||||||
|
#define encryption_key_exists(V) encryption_handler.encryption_key_exists_func(V)
|
||||||
|
#define encryption_key_get(V,K,S) encryption_handler.encryption_key_get_func((V), (K), (S))
|
||||||
|
#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
||||||
|
#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define MYSQL_SERVICE_ENCRYPTION_INCLUDED
|
||||||
|
#endif
|
||||||
|
|
||||||
@ -1,71 +0,0 @@
|
|||||||
#ifndef MYSQL_SERVICE_ENCRYPTION_KEYS_INCLUDED
|
|
||||||
/* Copyright (c) 2015, MariaDB
|
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation; version 2 of the License.
|
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
GNU General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
|
||||||
along with this program; if not, write to the Free Software
|
|
||||||
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
|
|
||||||
|
|
||||||
/**
|
|
||||||
@file
|
|
||||||
encryption keys service
|
|
||||||
|
|
||||||
Functions to get encryption keys from the encryption plugin
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0)
|
|
||||||
#define KEY_BUFFER_TOO_SMALL (100)
|
|
||||||
|
|
||||||
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
|
||||||
unsigned char* dst, unsigned int* dlen,
|
|
||||||
const unsigned char* key, unsigned int klen,
|
|
||||||
const unsigned char* iv, unsigned int ivlen,
|
|
||||||
int no_padding, unsigned int key_version);
|
|
||||||
|
|
||||||
struct encryption_keys_service_st {
|
|
||||||
unsigned int (*get_latest_encryption_key_version_func)();
|
|
||||||
unsigned int (*has_encryption_key_func)(unsigned int);
|
|
||||||
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
|
|
||||||
encrypt_decrypt_func encrypt_data_func;
|
|
||||||
encrypt_decrypt_func decrypt_data_func;
|
|
||||||
};
|
|
||||||
|
|
||||||
#ifdef MYSQL_DYNAMIC_PLUGIN
|
|
||||||
|
|
||||||
extern struct encryption_keys_service_st *encryption_keys_service;
|
|
||||||
|
|
||||||
#define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func()
|
|
||||||
#define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V)
|
|
||||||
#define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S))
|
|
||||||
#define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
|
||||||
#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
|
||||||
#else
|
|
||||||
|
|
||||||
extern struct encryption_keys_service_st encryption_keys_handler;
|
|
||||||
|
|
||||||
#define get_latest_encryption_key_version() encryption_keys_handler.get_latest_encryption_key_version_func()
|
|
||||||
#define has_encryption_key(V) encryption_keys_handler.has_encryption_key_func(V)
|
|
||||||
#define get_encryption_key(V,K,S) encryption_keys_handler.get_encryption_key_func((V), (K), (S))
|
|
||||||
#define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_handler.encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
|
||||||
#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_handler.decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define MYSQL_SERVICE_ENCRYPTION_KEYS_INCLUDED
|
|
||||||
#endif
|
|
||||||
|
|
||||||
@ -32,7 +32,7 @@ extern "C" {
|
|||||||
#include <mysql/service_thd_autoinc.h>
|
#include <mysql/service_thd_autoinc.h>
|
||||||
#include <mysql/service_thd_error_context.h>
|
#include <mysql/service_thd_error_context.h>
|
||||||
#include <mysql/service_thd_specifics.h>
|
#include <mysql/service_thd_specifics.h>
|
||||||
#include <mysql/service_encryption_keys.h>
|
#include <mysql/service_encryption.h>
|
||||||
/*#include <mysql/service_wsrep.h>*/
|
/*#include <mysql/service_wsrep.h>*/
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
|
|||||||
@ -35,5 +35,5 @@
|
|||||||
#define VERSION_thd_autoinc 0x0100
|
#define VERSION_thd_autoinc 0x0100
|
||||||
#define VERSION_thd_error_context 0x0100
|
#define VERSION_thd_error_context 0x0100
|
||||||
#define VERSION_thd_specifics 0x0100
|
#define VERSION_thd_specifics 0x0100
|
||||||
#define VERSION_encryption_keys 0x0200
|
#define VERSION_encryption 0x0200
|
||||||
|
|
||||||
|
|||||||
@ -105,7 +105,7 @@ SET(SQL_EMBEDDED_SOURCES emb_qcache.cc libmysqld.c lib_sql.cc
|
|||||||
../sql/compat56.cc
|
../sql/compat56.cc
|
||||||
../sql/table_cache.cc
|
../sql/table_cache.cc
|
||||||
../sql/item_inetfunc.cc
|
../sql/item_inetfunc.cc
|
||||||
../sql/wsrep_dummy.cc ../sql/encryption_keys.cc
|
../sql/wsrep_dummy.cc ../sql/encryption.cc
|
||||||
${GEN_SOURCES}
|
${GEN_SOURCES}
|
||||||
${MYSYS_LIBWRAP_SOURCE}
|
${MYSYS_LIBWRAP_SOURCE}
|
||||||
)
|
)
|
||||||
|
|||||||
@ -28,7 +28,7 @@ SET(MYSQLSERVICES_SOURCES
|
|||||||
my_sha1_service.c
|
my_sha1_service.c
|
||||||
my_md5_service.c
|
my_md5_service.c
|
||||||
wsrep_service.c
|
wsrep_service.c
|
||||||
encryption_keys_service.c
|
encryption_service.c
|
||||||
kill_statement_service.c
|
kill_statement_service.c
|
||||||
logger_service.c)
|
logger_service.c)
|
||||||
|
|
||||||
|
|||||||
@ -14,4 +14,4 @@
|
|||||||
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
|
||||||
|
|
||||||
#include <service_versions.h>
|
#include <service_versions.h>
|
||||||
SERVICE_VERSION encryption_keys_service= (void*)VERSION_encryption_keys;
|
SERVICE_VERSION encryption_service= (void*)VERSION_encryption;
|
||||||
@ -50,7 +50,7 @@ static unsigned int get_key(unsigned int version, unsigned char* dstbuf, unsigne
|
|||||||
if (*buflen < KEY_SIZE)
|
if (*buflen < KEY_SIZE)
|
||||||
{
|
{
|
||||||
*buflen= KEY_SIZE;
|
*buflen= KEY_SIZE;
|
||||||
return KEY_BUFFER_TOO_SMALL;
|
return ENCRYPTION_KEY_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
*buflen= KEY_SIZE;
|
*buflen= KEY_SIZE;
|
||||||
if (!dstbuf)
|
if (!dstbuf)
|
||||||
|
|||||||
@ -62,7 +62,7 @@ get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen)
|
|||||||
if (*buflen < MY_MD5_HASH_SIZE)
|
if (*buflen < MY_MD5_HASH_SIZE)
|
||||||
{
|
{
|
||||||
*buflen= MY_MD5_HASH_SIZE;
|
*buflen= MY_MD5_HASH_SIZE;
|
||||||
return KEY_BUFFER_TOO_SMALL;
|
return ENCRYPTION_KEY_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
*buflen= MY_MD5_HASH_SIZE;
|
*buflen= MY_MD5_HASH_SIZE;
|
||||||
if (!dstbuf)
|
if (!dstbuf)
|
||||||
|
|||||||
@ -95,12 +95,12 @@ static unsigned int get_key_from_key_file(unsigned int key_id,
|
|||||||
keyentry* entry = get_key(key_id);
|
keyentry* entry = get_key(key_id);
|
||||||
|
|
||||||
if (entry == NULL)
|
if (entry == NULL)
|
||||||
return BAD_ENCRYPTION_KEY_VERSION;
|
return ENCRYPTION_KEY_VERSION_INVALID;
|
||||||
|
|
||||||
if (*buflen < entry->length)
|
if (*buflen < entry->length)
|
||||||
{
|
{
|
||||||
*buflen= entry->length;
|
*buflen= entry->length;
|
||||||
return KEY_BUFFER_TOO_SMALL;
|
return ENCRYPTION_KEY_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
*buflen= entry->length;
|
*buflen= entry->length;
|
||||||
|
|||||||
@ -117,7 +117,7 @@ SET (SQL_SOURCE
|
|||||||
my_json_writer.cc my_json_writer.h
|
my_json_writer.cc my_json_writer.h
|
||||||
rpl_gtid.cc rpl_parallel.cc
|
rpl_gtid.cc rpl_parallel.cc
|
||||||
${WSREP_SOURCES}
|
${WSREP_SOURCES}
|
||||||
table_cache.cc encryption_keys.cc
|
table_cache.cc encryption.cc
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/sql_builtin.cc
|
${CMAKE_CURRENT_BINARY_DIR}/sql_builtin.cc
|
||||||
${GEN_SOURCES}
|
${GEN_SOURCES}
|
||||||
${MYSYS_LIBWRAP_SOURCE}
|
${MYSYS_LIBWRAP_SOURCE}
|
||||||
|
|||||||
@ -19,21 +19,19 @@
|
|||||||
#include "sql_plugin.h"
|
#include "sql_plugin.h"
|
||||||
#include <my_crypt.h>
|
#include <my_crypt.h>
|
||||||
|
|
||||||
#warning TODO rename to follow single consistent style
|
|
||||||
|
|
||||||
/* there can be only one encryption plugin enabled */
|
/* there can be only one encryption plugin enabled */
|
||||||
static plugin_ref encryption_key_manager= 0;
|
static plugin_ref encryption_manager= 0;
|
||||||
struct encryption_keys_service_st encryption_keys_handler;
|
struct encryption_service_st encryption_handler;
|
||||||
|
|
||||||
unsigned int has_key(uint version)
|
unsigned int has_key(uint version)
|
||||||
{
|
{
|
||||||
uint unused;
|
uint unused;
|
||||||
return get_encryption_key(version, NULL, &unused) != BAD_ENCRYPTION_KEY_VERSION;
|
return encryption_key_get(version, NULL, &unused) != ENCRYPTION_KEY_VERSION_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint no_key()
|
uint no_key()
|
||||||
{
|
{
|
||||||
return BAD_ENCRYPTION_KEY_VERSION;
|
return ENCRYPTION_KEY_VERSION_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int no_crypt(const uchar* source, uint source_length,
|
static int no_crypt(const uchar* source, uint source_length,
|
||||||
@ -48,7 +46,7 @@ static int no_crypt(const uchar* source, uint source_length,
|
|||||||
|
|
||||||
int initialize_encryption_plugin(st_plugin_int *plugin)
|
int initialize_encryption_plugin(st_plugin_int *plugin)
|
||||||
{
|
{
|
||||||
if (encryption_key_manager)
|
if (encryption_manager)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
if (plugin->plugin->init && plugin->plugin->init(plugin))
|
if (plugin->plugin->init && plugin->plugin->init(plugin))
|
||||||
@ -58,22 +56,22 @@ int initialize_encryption_plugin(st_plugin_int *plugin)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
encryption_key_manager= plugin_lock(NULL, plugin_int_to_ref(plugin));
|
encryption_manager= plugin_lock(NULL, plugin_int_to_ref(plugin));
|
||||||
st_mariadb_encryption *handle=
|
st_mariadb_encryption *handle=
|
||||||
(struct st_mariadb_encryption*) plugin->plugin->info;
|
(struct st_mariadb_encryption*) plugin->plugin->info;
|
||||||
|
|
||||||
encryption_keys_handler.encrypt_data_func=
|
encryption_handler.encryption_encrypt_func=
|
||||||
handle->encrypt ? handle->encrypt
|
handle->encrypt ? handle->encrypt
|
||||||
: (encrypt_decrypt_func)my_aes_encrypt_cbc;
|
: (encrypt_decrypt_func)my_aes_encrypt_cbc;
|
||||||
|
|
||||||
encryption_keys_handler.decrypt_data_func=
|
encryption_handler.encryption_decrypt_func=
|
||||||
handle->decrypt ? handle->decrypt
|
handle->decrypt ? handle->decrypt
|
||||||
: (encrypt_decrypt_func)my_aes_decrypt_cbc;
|
: (encrypt_decrypt_func)my_aes_decrypt_cbc;
|
||||||
|
|
||||||
encryption_keys_handler.get_encryption_key_func=
|
encryption_handler.encryption_key_get_func=
|
||||||
handle->get_key;
|
handle->get_key;
|
||||||
|
|
||||||
encryption_keys_handler.get_latest_encryption_key_version_func=
|
encryption_handler.encryption_key_get_latest_version_func=
|
||||||
handle->get_latest_key_version; // must be the last
|
handle->get_latest_key_version; // must be the last
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -81,21 +79,21 @@ int initialize_encryption_plugin(st_plugin_int *plugin)
|
|||||||
|
|
||||||
int finalize_encryption_plugin(st_plugin_int *plugin)
|
int finalize_encryption_plugin(st_plugin_int *plugin)
|
||||||
{
|
{
|
||||||
encryption_keys_handler.encrypt_data_func= no_crypt;
|
encryption_handler.encryption_encrypt_func= no_crypt;
|
||||||
encryption_keys_handler.decrypt_data_func= no_crypt;
|
encryption_handler.encryption_decrypt_func= no_crypt;
|
||||||
encryption_keys_handler.has_encryption_key_func= has_key;
|
encryption_handler.encryption_key_exists_func= has_key;
|
||||||
encryption_keys_handler.get_encryption_key_func=
|
encryption_handler.encryption_key_get_func=
|
||||||
(uint (*)(uint, uchar*, uint*))no_key;
|
(uint (*)(uint, uchar*, uint*))no_key;
|
||||||
encryption_keys_handler.get_latest_encryption_key_version_func= no_key;
|
encryption_handler.encryption_key_get_latest_version_func= no_key;
|
||||||
|
|
||||||
if (plugin && plugin->plugin->deinit && plugin->plugin->deinit(NULL))
|
if (plugin && plugin->plugin->deinit && plugin->plugin->deinit(NULL))
|
||||||
{
|
{
|
||||||
DBUG_PRINT("warning", ("Plugin '%s' deinit function returned error.",
|
DBUG_PRINT("warning", ("Plugin '%s' deinit function returned error.",
|
||||||
plugin->name.str));
|
plugin->name.str));
|
||||||
}
|
}
|
||||||
if (encryption_key_manager)
|
if (encryption_manager)
|
||||||
plugin_unlock(NULL, encryption_key_manager);
|
plugin_unlock(NULL, encryption_manager);
|
||||||
encryption_key_manager= 0;
|
encryption_manager= 0;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -161,7 +161,7 @@ static struct st_service_ref list_of_services[]=
|
|||||||
{ "logger_service", VERSION_logger, &logger_service_handler },
|
{ "logger_service", VERSION_logger, &logger_service_handler },
|
||||||
{ "thd_autoinc_service", VERSION_thd_autoinc, &thd_autoinc_handler },
|
{ "thd_autoinc_service", VERSION_thd_autoinc, &thd_autoinc_handler },
|
||||||
{ "wsrep_service", VERSION_wsrep, &wsrep_handler },
|
{ "wsrep_service", VERSION_wsrep, &wsrep_handler },
|
||||||
{ "encryption_keys_service", VERSION_encryption_keys, &encryption_keys_handler },
|
{ "encryption_service", VERSION_encryption, &encryption_handler },
|
||||||
{ "thd_specifics_service", VERSION_thd_specifics, &thd_specifics_handler },
|
{ "thd_specifics_service", VERSION_thd_specifics, &thd_specifics_handler },
|
||||||
{ "thd_error_context_service", VERSION_thd_error_context, &thd_error_conext_handler },
|
{ "thd_error_context_service", VERSION_thd_error_context, &thd_error_conext_handler },
|
||||||
};
|
};
|
||||||
|
|||||||
@ -232,7 +232,7 @@ fil_crypt_get_key(byte *dst, uint* key_length,
|
|||||||
}
|
}
|
||||||
|
|
||||||
*key_length= MY_AES_MAX_KEY_LENGTH;
|
*key_length= MY_AES_MAX_KEY_LENGTH;
|
||||||
int rc = get_encryption_key(version, (unsigned char*)keybuf, key_length);
|
int rc = encryption_key_get(version, (unsigned char*)keybuf, key_length);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
|
|
||||||
ib_logf(IB_LOG_LEVEL_FATAL,
|
ib_logf(IB_LOG_LEVEL_FATAL,
|
||||||
@ -285,7 +285,7 @@ fil_crypt_get_latest_key(byte *dst, uint* key_length,
|
|||||||
{
|
{
|
||||||
if (srv_encrypt_tables) {
|
if (srv_encrypt_tables) {
|
||||||
// used for key rotation - get the next key id from the key provider
|
// used for key rotation - get the next key id from the key provider
|
||||||
int rc = get_latest_encryption_key_version();
|
int rc = encryption_key_get_latest_version();
|
||||||
|
|
||||||
// if no new key was created use the last one
|
// if no new key was created use the last one
|
||||||
if (rc >= 0) {
|
if (rc >= 0) {
|
||||||
@ -313,7 +313,7 @@ fil_space_create_crypt_data()
|
|||||||
crypt_data->min_key_version = 0;
|
crypt_data->min_key_version = 0;
|
||||||
} else {
|
} else {
|
||||||
crypt_data->type = CRYPT_SCHEME_1;
|
crypt_data->type = CRYPT_SCHEME_1;
|
||||||
crypt_data->min_key_version = get_latest_encryption_key_version();
|
crypt_data->min_key_version = encryption_key_get_latest_version();
|
||||||
}
|
}
|
||||||
|
|
||||||
mutex_create(fil_crypt_data_mutex_key,
|
mutex_create(fil_crypt_data_mutex_key,
|
||||||
@ -693,7 +693,7 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn,
|
|||||||
srclen = page_size - FIL_PAGE_DATA;
|
srclen = page_size - FIL_PAGE_DATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
int rc = encrypt_data(src, srclen, dst, &dstlen,
|
int rc = encryption_encrypt(src, srclen, dst, &dstlen,
|
||||||
(unsigned char*)key, key_length,
|
(unsigned char*)key, key_length,
|
||||||
(unsigned char*)iv, sizeof(iv), 1, key_version);
|
(unsigned char*)iv, sizeof(iv), 1, key_version);
|
||||||
|
|
||||||
@ -865,7 +865,7 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data,
|
|||||||
srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA;
|
srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
int rc = decrypt_data(src, srclen, dst, &dstlen,
|
int rc = encryption_decrypt(src, srclen, dst, &dstlen,
|
||||||
(unsigned char*)key, key_length,
|
(unsigned char*)key, key_length,
|
||||||
(unsigned char*)iv, sizeof(iv), 1, key_version);
|
(unsigned char*)iv, sizeof(iv), 1, key_version);
|
||||||
|
|
||||||
@ -1007,7 +1007,7 @@ fil_crypt_get_key_state(
|
|||||||
key_state_t *new_state)
|
key_state_t *new_state)
|
||||||
{
|
{
|
||||||
if (srv_encrypt_tables == TRUE) {
|
if (srv_encrypt_tables == TRUE) {
|
||||||
new_state->key_version = get_latest_encryption_key_version();
|
new_state->key_version = encryption_key_get_latest_version();
|
||||||
new_state->rotate_key_age = srv_fil_crypt_rotate_key_age;
|
new_state->rotate_key_age = srv_fil_crypt_rotate_key_age;
|
||||||
ut_a(new_state->key_version > 0);
|
ut_a(new_state->key_version > 0);
|
||||||
} else {
|
} else {
|
||||||
@ -2381,7 +2381,7 @@ fil_space_crypt_get_status(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (srv_encrypt_tables == TRUE) {
|
if (srv_encrypt_tables == TRUE) {
|
||||||
status->current_key_version = get_latest_encryption_key_version();
|
status->current_key_version = encryption_key_get_latest_version();
|
||||||
} else {
|
} else {
|
||||||
status->current_key_version = 0;
|
status->current_key_version = 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1157,7 +1157,7 @@ fil_space_create(
|
|||||||
ut_a(fil_system);
|
ut_a(fil_system);
|
||||||
|
|
||||||
if (fsp_flags_is_page_encrypted(flags)) {
|
if (fsp_flags_is_page_encrypted(flags)) {
|
||||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) {
|
||||||
/* by returning here it should be avoided that
|
/* by returning here it should be avoided that
|
||||||
* the server crashes, if someone tries to access an
|
* the server crashes, if someone tries to access an
|
||||||
* encrypted table and the encryption key is not available.
|
* encrypted table and the encryption key is not available.
|
||||||
|
|||||||
@ -11404,7 +11404,7 @@ ha_innobase::check_table_options(
|
|||||||
return "PAGE_ENCRYPTION_KEY";
|
return "PAGE_ENCRYPTION_KEY";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!has_encryption_key(options->page_encryption_key)) {
|
if (!encryption_key_exists(options->page_encryption_key)) {
|
||||||
push_warning_printf(
|
push_warning_printf(
|
||||||
thd, Sql_condition::WARN_LEVEL_WARN,
|
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||||
HA_WRONG_CREATE_OPTION,
|
HA_WRONG_CREATE_OPTION,
|
||||||
|
|||||||
@ -146,9 +146,9 @@ fil_page_encryption_status(
|
|||||||
if (page_type == FIL_PAGE_TYPE_FSP_HDR) {
|
if (page_type == FIL_PAGE_TYPE_FSP_HDR) {
|
||||||
ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf);
|
ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf);
|
||||||
if (fsp_flags_is_page_encrypted(flags)) {
|
if (fsp_flags_is_page_encrypted(flags)) {
|
||||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) {
|
||||||
/* accessing table would surely fail, because no key or no key provider available */
|
/* accessing table would surely fail, because no key or no key provider available */
|
||||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) {
|
||||||
return PAGE_ENCRYPTION_KEY_MISSING;
|
return PAGE_ENCRYPTION_KEY_MISSING;
|
||||||
}
|
}
|
||||||
return PAGE_ENCRYPTION_ERROR;
|
return PAGE_ENCRYPTION_ERROR;
|
||||||
@ -158,7 +158,7 @@ fil_page_encryption_status(
|
|||||||
|
|
||||||
if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) {
|
if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) {
|
||||||
ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION);
|
ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION);
|
||||||
if (!has_encryption_key(key)) {
|
if (!encryption_key_exists(key)) {
|
||||||
return PAGE_ENCRYPTION_KEY_MISSING;
|
return PAGE_ENCRYPTION_KEY_MISSING;
|
||||||
}
|
}
|
||||||
return PAGE_ENCRYPTION_ERROR;
|
return PAGE_ENCRYPTION_ERROR;
|
||||||
|
|||||||
@ -15,7 +15,7 @@ Created 11/25/2013 Minli Zhu
|
|||||||
|
|
||||||
#define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1
|
#define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1
|
||||||
#define PURPOSE_BYTE_OFFSET 0
|
#define PURPOSE_BYTE_OFFSET 0
|
||||||
#define UNENCRYPTED_KEY_VER 0
|
#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED
|
||||||
|
|
||||||
typedef int Crypt_result;
|
typedef int Crypt_result;
|
||||||
|
|
||||||
|
|||||||
@ -117,7 +117,7 @@ log_init_crypt_key(
|
|||||||
|
|
||||||
byte mysqld_key[MY_AES_BLOCK_SIZE] = {0};
|
byte mysqld_key[MY_AES_BLOCK_SIZE] = {0};
|
||||||
uint keylen= sizeof(mysqld_key);
|
uint keylen= sizeof(mysqld_key);
|
||||||
if (get_encryption_key(crypt_ver, mysqld_key, &keylen))
|
if (encryption_key_get(crypt_ver, mysqld_key, &keylen))
|
||||||
{
|
{
|
||||||
ib_logf(IB_LOG_LEVEL_ERROR,
|
ib_logf(IB_LOG_LEVEL_ERROR,
|
||||||
"Redo log crypto: getting mysqld crypto key "
|
"Redo log crypto: getting mysqld crypto key "
|
||||||
@ -204,7 +204,7 @@ log_blocks_crypt(
|
|||||||
mach_write_to_4(aes_ctr_counter + 11, log_block_no);
|
mach_write_to_4(aes_ctr_counter + 11, log_block_no);
|
||||||
bzero(aes_ctr_counter + 15, 1);
|
bzero(aes_ctr_counter + 15, 1);
|
||||||
|
|
||||||
int rc = encrypt_data(log_block + LOG_BLOCK_HDR_SIZE, src_len,
|
int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
|
||||||
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
|
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
|
||||||
(unsigned char*)key, 16,
|
(unsigned char*)key, 16,
|
||||||
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
|
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
|
||||||
@ -259,11 +259,11 @@ log_crypt_set_ver_and_key(
|
|||||||
|
|
||||||
if (srv_encrypt_log) {
|
if (srv_encrypt_log) {
|
||||||
unsigned int vkey;
|
unsigned int vkey;
|
||||||
vkey = get_latest_encryption_key_version();
|
vkey = encryption_key_get_latest_version();
|
||||||
encrypted = true;
|
encrypted = true;
|
||||||
|
|
||||||
if (vkey == UNENCRYPTED_KEY_VER ||
|
if (vkey == UNENCRYPTED_KEY_VER ||
|
||||||
vkey == BAD_ENCRYPTION_KEY_VERSION) {
|
vkey == ENCRYPTION_KEY_VERSION_INVALID) {
|
||||||
encrypted = false;
|
encrypted = false;
|
||||||
|
|
||||||
ib_logf(IB_LOG_LEVEL_WARN,
|
ib_logf(IB_LOG_LEVEL_WARN,
|
||||||
|
|||||||
@ -25,10 +25,10 @@ void _mi_report_crashed(void *file __attribute__((unused)),
|
|||||||
|
|
||||||
static unsigned int no_key()
|
static unsigned int no_key()
|
||||||
{
|
{
|
||||||
return BAD_ENCRYPTION_KEY_VERSION;
|
return ENCRYPTION_KEY_VERSION_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct encryption_keys_service_st encryption_keys_handler=
|
struct encryption_service_st encryption_handler=
|
||||||
{
|
{
|
||||||
no_key, 0, 0, 0, 0
|
no_key, 0, 0, 0, 0
|
||||||
};
|
};
|
||||||
|
|||||||
@ -290,7 +290,7 @@ void ma_crypt_set_data_pagecache_callbacks(PAGECACHE_FILE *file,
|
|||||||
__attribute__((unused)))
|
__attribute__((unused)))
|
||||||
{
|
{
|
||||||
/* Only use encryption if we have defined it */
|
/* Only use encryption if we have defined it */
|
||||||
if (get_latest_encryption_key_version() != BAD_ENCRYPTION_KEY_VERSION)
|
if (encryption_key_get_latest_version() != ENCRYPTION_KEY_VERSION_INVALID)
|
||||||
{
|
{
|
||||||
file->pre_read_hook= ma_crypt_pre_read_hook;
|
file->pre_read_hook= ma_crypt_pre_read_hook;
|
||||||
file->post_read_hook= ma_crypt_data_post_read_hook;
|
file->post_read_hook= ma_crypt_data_post_read_hook;
|
||||||
@ -417,9 +417,9 @@ static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data,
|
|||||||
int4store(counter + 4, pageno);
|
int4store(counter + 4, pageno);
|
||||||
int8store(counter + 8, lsn);
|
int8store(counter + 8, lsn);
|
||||||
|
|
||||||
rc = encrypt_data(src, size, dst, &dstlen,
|
rc = encryption_encrypt(src, size, dst, &dstlen,
|
||||||
crypt_data->iv, CRYPT_SCHEME_1_IV_LEN,
|
crypt_data->iv, CRYPT_SCHEME_1_IV_LEN,
|
||||||
counter, sizeof(counter), 1, *key_version);
|
counter, sizeof(counter), 1, *key_version);
|
||||||
|
|
||||||
DBUG_ASSERT(rc == AES_OK);
|
DBUG_ASSERT(rc == AES_OK);
|
||||||
DBUG_ASSERT(dstlen == size);
|
DBUG_ASSERT(dstlen == size);
|
||||||
@ -449,9 +449,9 @@ static int ma_decrypt(MARIA_CRYPT_DATA *crypt_data,
|
|||||||
int4store(counter + 4, pageno);
|
int4store(counter + 4, pageno);
|
||||||
int8store(counter + 8, lsn);
|
int8store(counter + 8, lsn);
|
||||||
|
|
||||||
rc =decrypt_data(src, size, dst, &dstlen,
|
rc =encryption_decrypt(src, size, dst, &dstlen,
|
||||||
crypt_data->iv, CRYPT_SCHEME_1_IV_LEN,
|
crypt_data->iv, CRYPT_SCHEME_1_IV_LEN,
|
||||||
counter, sizeof(counter), 1, key_version);
|
counter, sizeof(counter), 1, key_version);
|
||||||
|
|
||||||
DBUG_ASSERT(rc == AES_OK);
|
DBUG_ASSERT(rc == AES_OK);
|
||||||
DBUG_ASSERT(dstlen == size);
|
DBUG_ASSERT(dstlen == size);
|
||||||
|
|||||||
@ -232,7 +232,7 @@ fil_crypt_get_key(byte *dst, uint* key_length,
|
|||||||
}
|
}
|
||||||
|
|
||||||
*key_length= MY_AES_MAX_KEY_LENGTH;
|
*key_length= MY_AES_MAX_KEY_LENGTH;
|
||||||
int rc = get_encryption_key(version, (unsigned char*)keybuf, key_length);
|
int rc = encryption_key_get(version, (unsigned char*)keybuf, key_length);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
|
|
||||||
ib_logf(IB_LOG_LEVEL_FATAL,
|
ib_logf(IB_LOG_LEVEL_FATAL,
|
||||||
@ -285,7 +285,7 @@ fil_crypt_get_latest_key(byte *dst, uint* key_length,
|
|||||||
{
|
{
|
||||||
if (srv_encrypt_tables) {
|
if (srv_encrypt_tables) {
|
||||||
// used for key rotation - get the next key id from the key provider
|
// used for key rotation - get the next key id from the key provider
|
||||||
int rc = get_latest_encryption_key_version();
|
int rc = encryption_key_get_latest_version();
|
||||||
|
|
||||||
// if no new key was created use the last one
|
// if no new key was created use the last one
|
||||||
if (rc >= 0) {
|
if (rc >= 0) {
|
||||||
@ -313,7 +313,7 @@ fil_space_create_crypt_data()
|
|||||||
crypt_data->min_key_version = 0;
|
crypt_data->min_key_version = 0;
|
||||||
} else {
|
} else {
|
||||||
crypt_data->type = CRYPT_SCHEME_1;
|
crypt_data->type = CRYPT_SCHEME_1;
|
||||||
crypt_data->min_key_version = get_latest_encryption_key_version();
|
crypt_data->min_key_version = encryption_key_get_latest_version();
|
||||||
}
|
}
|
||||||
|
|
||||||
mutex_create(fil_crypt_data_mutex_key,
|
mutex_create(fil_crypt_data_mutex_key,
|
||||||
@ -693,9 +693,9 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn,
|
|||||||
srclen = page_size - FIL_PAGE_DATA;
|
srclen = page_size - FIL_PAGE_DATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
int rc = encrypt_data(src, srclen, dst, &dstlen,
|
int rc = encryption_encrypt(src, srclen, dst, &dstlen,
|
||||||
(unsigned char*)key, key_length,
|
(unsigned char*)key, key_length,
|
||||||
(unsigned char*)iv, sizeof(iv), 1, key_version);
|
(unsigned char*)iv, sizeof(iv), 1, key_version);
|
||||||
|
|
||||||
if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) {
|
if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) {
|
||||||
ib_logf(IB_LOG_LEVEL_FATAL,
|
ib_logf(IB_LOG_LEVEL_FATAL,
|
||||||
@ -865,9 +865,9 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data,
|
|||||||
srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA;
|
srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
int rc = decrypt_data(src, srclen, dst, &dstlen,
|
int rc = encryption_decrypt(src, srclen, dst, &dstlen,
|
||||||
(unsigned char*)key, key_length,
|
(unsigned char*)key, key_length,
|
||||||
(unsigned char*)iv, sizeof(iv), 1, key_version);
|
(unsigned char*)iv, sizeof(iv), 1, key_version);
|
||||||
|
|
||||||
if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) {
|
if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) {
|
||||||
ib_logf(IB_LOG_LEVEL_FATAL,
|
ib_logf(IB_LOG_LEVEL_FATAL,
|
||||||
@ -1007,7 +1007,7 @@ fil_crypt_get_key_state(
|
|||||||
key_state_t *new_state)
|
key_state_t *new_state)
|
||||||
{
|
{
|
||||||
if (srv_encrypt_tables == TRUE) {
|
if (srv_encrypt_tables == TRUE) {
|
||||||
new_state->key_version = get_latest_encryption_key_version();
|
new_state->key_version = encryption_key_get_latest_version();
|
||||||
new_state->rotate_key_age = srv_fil_crypt_rotate_key_age;
|
new_state->rotate_key_age = srv_fil_crypt_rotate_key_age;
|
||||||
ut_a(new_state->key_version > 0);
|
ut_a(new_state->key_version > 0);
|
||||||
} else {
|
} else {
|
||||||
@ -2381,7 +2381,7 @@ fil_space_crypt_get_status(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (srv_encrypt_tables == TRUE) {
|
if (srv_encrypt_tables == TRUE) {
|
||||||
status->current_key_version = get_latest_encryption_key_version();
|
status->current_key_version = encryption_key_get_latest_version();
|
||||||
} else {
|
} else {
|
||||||
status->current_key_version = 0;
|
status->current_key_version = 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1192,7 +1192,7 @@ fil_space_create(
|
|||||||
ut_a(fil_system);
|
ut_a(fil_system);
|
||||||
|
|
||||||
if (fsp_flags_is_page_encrypted(flags)) {
|
if (fsp_flags_is_page_encrypted(flags)) {
|
||||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) {
|
||||||
/* by returning here it should be avoided that
|
/* by returning here it should be avoided that
|
||||||
* the server crashes, if someone tries to access an
|
* the server crashes, if someone tries to access an
|
||||||
* encrypted table and the encryption key is not available.
|
* encrypted table and the encryption key is not available.
|
||||||
|
|||||||
@ -11911,7 +11911,7 @@ ha_innobase::check_table_options(
|
|||||||
return "PAGE_ENCRYPTION_KEY";
|
return "PAGE_ENCRYPTION_KEY";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!has_encryption_key(options->page_encryption_key)) {
|
if (!encryption_key_exists(options->page_encryption_key)) {
|
||||||
push_warning_printf(
|
push_warning_printf(
|
||||||
thd, Sql_condition::WARN_LEVEL_WARN,
|
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||||
HA_WRONG_CREATE_OPTION,
|
HA_WRONG_CREATE_OPTION,
|
||||||
|
|||||||
@ -147,9 +147,9 @@ fil_page_encryption_status(
|
|||||||
if (page_type == FIL_PAGE_TYPE_FSP_HDR) {
|
if (page_type == FIL_PAGE_TYPE_FSP_HDR) {
|
||||||
ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf);
|
ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf);
|
||||||
if (fsp_flags_is_page_encrypted(flags)) {
|
if (fsp_flags_is_page_encrypted(flags)) {
|
||||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) {
|
||||||
/* accessing table would surely fail, because no key or no key provider available */
|
/* accessing table would surely fail, because no key or no key provider available */
|
||||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) {
|
||||||
return PAGE_ENCRYPTION_KEY_MISSING;
|
return PAGE_ENCRYPTION_KEY_MISSING;
|
||||||
}
|
}
|
||||||
return PAGE_ENCRYPTION_ERROR;
|
return PAGE_ENCRYPTION_ERROR;
|
||||||
@ -159,7 +159,7 @@ fil_page_encryption_status(
|
|||||||
|
|
||||||
if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) {
|
if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) {
|
||||||
ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION);
|
ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION);
|
||||||
if (!has_encryption_key(key)) {
|
if (!encryption_key_exists(key)) {
|
||||||
return PAGE_ENCRYPTION_KEY_MISSING;
|
return PAGE_ENCRYPTION_KEY_MISSING;
|
||||||
}
|
}
|
||||||
return PAGE_ENCRYPTION_ERROR;
|
return PAGE_ENCRYPTION_ERROR;
|
||||||
|
|||||||
@ -15,7 +15,7 @@ Created 11/25/2013 Minli Zhu
|
|||||||
|
|
||||||
#define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1
|
#define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1
|
||||||
#define PURPOSE_BYTE_OFFSET 0
|
#define PURPOSE_BYTE_OFFSET 0
|
||||||
#define UNENCRYPTED_KEY_VER 0
|
#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED
|
||||||
|
|
||||||
typedef int Crypt_result;
|
typedef int Crypt_result;
|
||||||
|
|
||||||
|
|||||||
@ -117,7 +117,7 @@ log_init_crypt_key(
|
|||||||
|
|
||||||
byte mysqld_key[MY_AES_BLOCK_SIZE] = {0};
|
byte mysqld_key[MY_AES_BLOCK_SIZE] = {0};
|
||||||
uint keylen= sizeof(mysqld_key);
|
uint keylen= sizeof(mysqld_key);
|
||||||
if (get_encryption_key(crypt_ver, mysqld_key, &keylen))
|
if (encryption_key_get(crypt_ver, mysqld_key, &keylen))
|
||||||
{
|
{
|
||||||
ib_logf(IB_LOG_LEVEL_ERROR,
|
ib_logf(IB_LOG_LEVEL_ERROR,
|
||||||
"Redo log crypto: getting mysqld crypto key "
|
"Redo log crypto: getting mysqld crypto key "
|
||||||
@ -204,11 +204,11 @@ log_blocks_crypt(
|
|||||||
mach_write_to_4(aes_ctr_counter + 11, log_block_no);
|
mach_write_to_4(aes_ctr_counter + 11, log_block_no);
|
||||||
bzero(aes_ctr_counter + 15, 1);
|
bzero(aes_ctr_counter + 15, 1);
|
||||||
|
|
||||||
int rc = encrypt_data(log_block + LOG_BLOCK_HDR_SIZE, src_len,
|
int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
|
||||||
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
|
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
|
||||||
(unsigned char*)key, 16,
|
(unsigned char*)key, 16,
|
||||||
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
|
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
|
||||||
log_sys->redo_log_crypt_ver);
|
log_sys->redo_log_crypt_ver);
|
||||||
|
|
||||||
ut_a(rc == AES_OK);
|
ut_a(rc == AES_OK);
|
||||||
ut_a(dst_len == src_len);
|
ut_a(dst_len == src_len);
|
||||||
@ -259,11 +259,11 @@ log_crypt_set_ver_and_key(
|
|||||||
|
|
||||||
if (srv_encrypt_log) {
|
if (srv_encrypt_log) {
|
||||||
unsigned int vkey;
|
unsigned int vkey;
|
||||||
vkey = get_latest_encryption_key_version();
|
vkey = encryption_key_get_latest_version();
|
||||||
encrypted = true;
|
encrypted = true;
|
||||||
|
|
||||||
if (vkey == UNENCRYPTED_KEY_VER ||
|
if (vkey == UNENCRYPTED_KEY_VER ||
|
||||||
vkey == BAD_ENCRYPTION_KEY_VERSION) {
|
vkey == ENCRYPTION_KEY_VERSION_INVALID) {
|
||||||
encrypted = false;
|
encrypted = false;
|
||||||
|
|
||||||
ib_logf(IB_LOG_LEVEL_WARN,
|
ib_logf(IB_LOG_LEVEL_WARN,
|
||||||
|
|||||||
Reference in New Issue
Block a user