mirror of
https://github.com/MariaDB/server.git
synced 2025-08-08 11:22:35 +03:00
Add encryption key id to the API as a distinct concept
which is separate from the encryption key version
This commit is contained in:
Sergei Golubchik
@@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||
unsigned char* dst, unsigned int* dlen,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
const unsigned char* iv, unsigned int ivlen,
|
||||
int no_padding, unsigned int key_version);
|
||||
int no_padding, unsigned int key_id,
|
||||
unsigned int key_version);
|
||||
struct encryption_service_st {
|
||||
unsigned int (*encryption_key_get_latest_version_func)();
|
||||
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||
unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
|
||||
unsigned int (*encryption_key_id_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
|
||||
encrypt_decrypt_func encryption_encrypt_func;
|
||||
encrypt_decrypt_func encryption_decrypt_func;
|
||||
};
|
||||
|
||||
@@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||
unsigned char* dst, unsigned int* dlen,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
const unsigned char* iv, unsigned int ivlen,
|
||||
int no_padding, unsigned int key_version);
|
||||
int no_padding, unsigned int key_id,
|
||||
unsigned int key_version);
|
||||
struct encryption_service_st {
|
||||
unsigned int (*encryption_key_get_latest_version_func)();
|
||||
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||
unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
|
||||
unsigned int (*encryption_key_id_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
|
||||
encrypt_decrypt_func encryption_encrypt_func;
|
||||
encrypt_decrypt_func encryption_decrypt_func;
|
||||
};
|
||||
|
||||
@@ -37,11 +37,11 @@ struct st_mariadb_encryption
|
||||
int interface_version; /**< version plugin uses */
|
||||
|
||||
/**
|
||||
function returning latest key version.
|
||||
function returning latest key version for a given key id
|
||||
|
||||
@return a version or BAD_ENCRYPTION_KEY_VERSION to indicate an error.
|
||||
@return a version or ENCRYPTION_KEY_VERSION_INVALID to indicate an error.
|
||||
*/
|
||||
unsigned int (*get_latest_key_version)();
|
||||
unsigned int (*get_latest_key_version)(unsigned int key_id);
|
||||
|
||||
/**
|
||||
function returning a key for a key version
|
||||
@@ -60,11 +60,11 @@ struct st_mariadb_encryption
|
||||
the key data or leave it untouched).
|
||||
|
||||
@return 0 on success, or
|
||||
BAD_ENCRYPTION_KEY_VERSION, KEY_BUFFER_TOO_SMALL,
|
||||
ENCRYPTION_KEY_VERSION_INVALID, ENCRYPTION_KEY_BUFFER_TOO_SMALL
|
||||
or any other non-zero number for errors
|
||||
*/
|
||||
unsigned int (*get_key)(unsigned int version, unsigned char *key,
|
||||
unsigned int *key_length);
|
||||
unsigned int (*get_key)(unsigned int key_id, unsigned int version,
|
||||
unsigned char *key, unsigned int *key_length);
|
||||
|
||||
encrypt_decrypt_func encrypt;
|
||||
encrypt_decrypt_func decrypt;
|
||||
|
||||
@@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||
unsigned char* dst, unsigned int* dlen,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
const unsigned char* iv, unsigned int ivlen,
|
||||
int no_padding, unsigned int key_version);
|
||||
int no_padding, unsigned int key_id,
|
||||
unsigned int key_version);
|
||||
struct encryption_service_st {
|
||||
unsigned int (*encryption_key_get_latest_version_func)();
|
||||
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||
unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
|
||||
unsigned int (*encryption_key_id_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
|
||||
encrypt_decrypt_func encryption_encrypt_func;
|
||||
encrypt_decrypt_func encryption_decrypt_func;
|
||||
};
|
||||
@@ -370,9 +372,9 @@ void thd_wakeup_subsequent_commits(void* thd, int wakeup_error);
|
||||
struct st_mariadb_encryption
|
||||
{
|
||||
int interface_version;
|
||||
unsigned int (*get_latest_key_version)();
|
||||
unsigned int (*get_key)(unsigned int version, unsigned char *key,
|
||||
unsigned int *key_length);
|
||||
unsigned int (*get_latest_key_version)(unsigned int key_id);
|
||||
unsigned int (*get_key)(unsigned int key_id, unsigned int version,
|
||||
unsigned char *key, unsigned int *key_length);
|
||||
encrypt_decrypt_func encrypt;
|
||||
encrypt_decrypt_func decrypt;
|
||||
};
|
||||
|
||||
@@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||
unsigned char* dst, unsigned int* dlen,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
const unsigned char* iv, unsigned int ivlen,
|
||||
int no_padding, unsigned int key_version);
|
||||
int no_padding, unsigned int key_id,
|
||||
unsigned int key_version);
|
||||
struct encryption_service_st {
|
||||
unsigned int (*encryption_key_get_latest_version_func)();
|
||||
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||
unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
|
||||
unsigned int (*encryption_key_id_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
|
||||
encrypt_decrypt_func encryption_encrypt_func;
|
||||
encrypt_decrypt_func encryption_decrypt_func;
|
||||
};
|
||||
|
||||
@@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||
unsigned char* dst, unsigned int* dlen,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
const unsigned char* iv, unsigned int ivlen,
|
||||
int no_padding, unsigned int key_version);
|
||||
int no_padding, unsigned int key_id,
|
||||
unsigned int key_version);
|
||||
struct encryption_service_st {
|
||||
unsigned int (*encryption_key_get_latest_version_func)();
|
||||
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||
unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
|
||||
unsigned int (*encryption_key_id_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
|
||||
encrypt_decrypt_func encryption_encrypt_func;
|
||||
encrypt_decrypt_func encryption_decrypt_func;
|
||||
};
|
||||
|
||||
@@ -30,7 +30,7 @@ extern "C" {
|
||||
|
||||
/* returned from encryption_key_get_latest_version() */
|
||||
#define ENCRYPTION_KEY_VERSION_INVALID (~(unsigned int)0)
|
||||
#define ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED (0)
|
||||
#define ENCRYPTION_KEY_NOT_ENCRYPTED (0)
|
||||
|
||||
/* returned from encryption_key_get() */
|
||||
#define ENCRYPTION_KEY_BUFFER_TOO_SMALL (100)
|
||||
@@ -39,12 +39,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
|
||||
unsigned char* dst, unsigned int* dlen,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
const unsigned char* iv, unsigned int ivlen,
|
||||
int no_padding, unsigned int key_version);
|
||||
int no_padding, unsigned int key_id,
|
||||
unsigned int key_version);
|
||||
|
||||
struct encryption_service_st {
|
||||
unsigned int (*encryption_key_get_latest_version_func)();
|
||||
unsigned int (*encryption_key_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
|
||||
unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
|
||||
unsigned int (*encryption_key_id_exists_func)(unsigned int);
|
||||
unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
|
||||
unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
|
||||
encrypt_decrypt_func encryption_encrypt_func;
|
||||
encrypt_decrypt_func encryption_decrypt_func;
|
||||
};
|
||||
@@ -53,20 +55,22 @@ struct encryption_service_st {
|
||||
|
||||
extern struct encryption_service_st *encryption_service;
|
||||
|
||||
#define encryption_key_get_latest_version() encryption_service->encryption_key_get_latest_version_func()
|
||||
#define encryption_key_exists(V) encryption_service->encryption_key_exists_func(V)
|
||||
#define encryption_key_get(V,K,S) encryption_service->encryption_key_get_func((V), (K), (S))
|
||||
#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
||||
#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
||||
#define encryption_key_get_latest_version(KI) encryption_service->encryption_key_get_latest_version_func(KI)
|
||||
#define encryption_key_id_exists(KI) encryption_service->encryption_key_id_exists_func((KI))
|
||||
#define encryption_key_version_exists(KI,KV) encryption_service->encryption_key_version_exists_func((KI),(KV))
|
||||
#define encryption_key_get(KI,KV,K,S) encryption_service->encryption_key_get_func((KI),(KV),(K),(S))
|
||||
#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_service->encryption_encrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV))
|
||||
#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_service->encryption_decrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV))
|
||||
#else
|
||||
|
||||
extern struct encryption_service_st encryption_handler;
|
||||
|
||||
#define encryption_key_get_latest_version() encryption_handler.encryption_key_get_latest_version_func()
|
||||
#define encryption_key_exists(V) encryption_handler.encryption_key_exists_func(V)
|
||||
#define encryption_key_get(V,K,S) encryption_handler.encryption_key_get_func((V), (K), (S))
|
||||
#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
||||
#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
|
||||
#define encryption_key_get_latest_version(KI) encryption_handler.encryption_key_get_latest_version_func(KI)
|
||||
#define encryption_key_id_exists(KI) encryption_handler.encryption_key_id_exists_func((KI))
|
||||
#define encryption_key_version_exists(KI,KV) encryption_handler.encryption_key_version_exists_func((KI),(KV))
|
||||
#define encryption_key_get(KI,KV,K,S) encryption_handler.encryption_key_get_func((KI),(KV),(K),(S))
|
||||
#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_handler.encryption_encrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV))
|
||||
#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_handler.encryption_decrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV))
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
Reference in New Issue
Block a user