mirror of
https://github.com/MariaDB/server.git
synced 2025-08-07 00:04:31 +03:00
MDEV-34712 Add support to sha2 and pbkdf2 key derivation in file_key_management
Add two new variables:
file_key_management_digest={sha1|sha224|sha256|sha384|sha512}
This specify the digest function to use in key derivation of the key
used for decryption of the keyfile.
file_key_management_use_pbkdf2=N
This specify whether pbkdf2 is used in the key derivation, and if
so (N != 0), how many iterations.
This commit is contained in:
Yuchen Pei
@@ -169,6 +169,8 @@ extern "C" {
|
||||
enum my_aes_mode {
|
||||
MY_AES_ECB, MY_AES_CBC
|
||||
};
|
||||
enum my_digest { MY_DIGEST_SHA1, MY_DIGEST_SHA224, MY_DIGEST_SHA256,
|
||||
MY_DIGEST_SHA384, MY_DIGEST_SHA512 };
|
||||
extern struct my_crypt_service_st {
|
||||
int (*my_aes_crypt_init)(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -182,6 +184,10 @@ extern struct my_crypt_service_st {
|
||||
unsigned int (*my_aes_get_size)(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int (*my_aes_ctx_size)(enum my_aes_mode mode);
|
||||
int (*my_random_bytes)(unsigned char* buf, int num);
|
||||
void (*my_bytes_to_key)(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
} *my_crypt_service;
|
||||
int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -193,6 +199,10 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
|
||||
const unsigned char *src, unsigned int slen, unsigned char *dst, unsigned int *dlen,
|
||||
const unsigned char *key, unsigned int klen, const unsigned char *iv, unsigned int ivlen);
|
||||
int my_random_bytes(unsigned char* buf, int num);
|
||||
void my_bytes_to_key(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
unsigned int my_aes_get_size(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int my_aes_ctx_size(enum my_aes_mode mode);
|
||||
}
|
||||
|
||||
@@ -169,6 +169,8 @@ extern "C" {
|
||||
enum my_aes_mode {
|
||||
MY_AES_ECB, MY_AES_CBC
|
||||
};
|
||||
enum my_digest { MY_DIGEST_SHA1, MY_DIGEST_SHA224, MY_DIGEST_SHA256,
|
||||
MY_DIGEST_SHA384, MY_DIGEST_SHA512 };
|
||||
extern struct my_crypt_service_st {
|
||||
int (*my_aes_crypt_init)(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -182,6 +184,10 @@ extern struct my_crypt_service_st {
|
||||
unsigned int (*my_aes_get_size)(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int (*my_aes_ctx_size)(enum my_aes_mode mode);
|
||||
int (*my_random_bytes)(unsigned char* buf, int num);
|
||||
void (*my_bytes_to_key)(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
} *my_crypt_service;
|
||||
int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -193,6 +199,10 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
|
||||
const unsigned char *src, unsigned int slen, unsigned char *dst, unsigned int *dlen,
|
||||
const unsigned char *key, unsigned int klen, const unsigned char *iv, unsigned int ivlen);
|
||||
int my_random_bytes(unsigned char* buf, int num);
|
||||
void my_bytes_to_key(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
unsigned int my_aes_get_size(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int my_aes_ctx_size(enum my_aes_mode mode);
|
||||
}
|
||||
|
||||
@@ -169,6 +169,8 @@ extern "C" {
|
||||
enum my_aes_mode {
|
||||
MY_AES_ECB, MY_AES_CBC
|
||||
};
|
||||
enum my_digest { MY_DIGEST_SHA1, MY_DIGEST_SHA224, MY_DIGEST_SHA256,
|
||||
MY_DIGEST_SHA384, MY_DIGEST_SHA512 };
|
||||
extern struct my_crypt_service_st {
|
||||
int (*my_aes_crypt_init)(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -182,6 +184,10 @@ extern struct my_crypt_service_st {
|
||||
unsigned int (*my_aes_get_size)(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int (*my_aes_ctx_size)(enum my_aes_mode mode);
|
||||
int (*my_random_bytes)(unsigned char* buf, int num);
|
||||
void (*my_bytes_to_key)(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
} *my_crypt_service;
|
||||
int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -193,6 +199,10 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
|
||||
const unsigned char *src, unsigned int slen, unsigned char *dst, unsigned int *dlen,
|
||||
const unsigned char *key, unsigned int klen, const unsigned char *iv, unsigned int ivlen);
|
||||
int my_random_bytes(unsigned char* buf, int num);
|
||||
void my_bytes_to_key(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
unsigned int my_aes_get_size(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int my_aes_ctx_size(enum my_aes_mode mode);
|
||||
}
|
||||
|
||||
@@ -169,6 +169,8 @@ extern "C" {
|
||||
enum my_aes_mode {
|
||||
MY_AES_ECB, MY_AES_CBC
|
||||
};
|
||||
enum my_digest { MY_DIGEST_SHA1, MY_DIGEST_SHA224, MY_DIGEST_SHA256,
|
||||
MY_DIGEST_SHA384, MY_DIGEST_SHA512 };
|
||||
extern struct my_crypt_service_st {
|
||||
int (*my_aes_crypt_init)(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -182,6 +184,10 @@ extern struct my_crypt_service_st {
|
||||
unsigned int (*my_aes_get_size)(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int (*my_aes_ctx_size)(enum my_aes_mode mode);
|
||||
int (*my_random_bytes)(unsigned char* buf, int num);
|
||||
void (*my_bytes_to_key)(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
} *my_crypt_service;
|
||||
int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -193,6 +199,10 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
|
||||
const unsigned char *src, unsigned int slen, unsigned char *dst, unsigned int *dlen,
|
||||
const unsigned char *key, unsigned int klen, const unsigned char *iv, unsigned int ivlen);
|
||||
int my_random_bytes(unsigned char* buf, int num);
|
||||
void my_bytes_to_key(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
unsigned int my_aes_get_size(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int my_aes_ctx_size(enum my_aes_mode mode);
|
||||
}
|
||||
|
||||
@@ -169,6 +169,8 @@ extern "C" {
|
||||
enum my_aes_mode {
|
||||
MY_AES_ECB, MY_AES_CBC
|
||||
};
|
||||
enum my_digest { MY_DIGEST_SHA1, MY_DIGEST_SHA224, MY_DIGEST_SHA256,
|
||||
MY_DIGEST_SHA384, MY_DIGEST_SHA512 };
|
||||
extern struct my_crypt_service_st {
|
||||
int (*my_aes_crypt_init)(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -182,6 +184,10 @@ extern struct my_crypt_service_st {
|
||||
unsigned int (*my_aes_get_size)(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int (*my_aes_ctx_size)(enum my_aes_mode mode);
|
||||
int (*my_random_bytes)(unsigned char* buf, int num);
|
||||
void (*my_bytes_to_key)(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
} *my_crypt_service;
|
||||
int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -193,6 +199,10 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
|
||||
const unsigned char *src, unsigned int slen, unsigned char *dst, unsigned int *dlen,
|
||||
const unsigned char *key, unsigned int klen, const unsigned char *iv, unsigned int ivlen);
|
||||
int my_random_bytes(unsigned char* buf, int num);
|
||||
void my_bytes_to_key(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
unsigned int my_aes_get_size(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int my_aes_ctx_size(enum my_aes_mode mode);
|
||||
}
|
||||
|
||||
@@ -169,6 +169,8 @@ extern "C" {
|
||||
enum my_aes_mode {
|
||||
MY_AES_ECB, MY_AES_CBC
|
||||
};
|
||||
enum my_digest { MY_DIGEST_SHA1, MY_DIGEST_SHA224, MY_DIGEST_SHA256,
|
||||
MY_DIGEST_SHA384, MY_DIGEST_SHA512 };
|
||||
extern struct my_crypt_service_st {
|
||||
int (*my_aes_crypt_init)(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -182,6 +184,10 @@ extern struct my_crypt_service_st {
|
||||
unsigned int (*my_aes_get_size)(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int (*my_aes_ctx_size)(enum my_aes_mode mode);
|
||||
int (*my_random_bytes)(unsigned char* buf, int num);
|
||||
void (*my_bytes_to_key)(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
} *my_crypt_service;
|
||||
int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -193,6 +199,10 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
|
||||
const unsigned char *src, unsigned int slen, unsigned char *dst, unsigned int *dlen,
|
||||
const unsigned char *key, unsigned int klen, const unsigned char *iv, unsigned int ivlen);
|
||||
int my_random_bytes(unsigned char* buf, int num);
|
||||
void my_bytes_to_key(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
unsigned int my_aes_get_size(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int my_aes_ctx_size(enum my_aes_mode mode);
|
||||
}
|
||||
|
||||
@@ -169,6 +169,8 @@ extern "C" {
|
||||
enum my_aes_mode {
|
||||
MY_AES_ECB, MY_AES_CBC
|
||||
};
|
||||
enum my_digest { MY_DIGEST_SHA1, MY_DIGEST_SHA224, MY_DIGEST_SHA256,
|
||||
MY_DIGEST_SHA384, MY_DIGEST_SHA512 };
|
||||
extern struct my_crypt_service_st {
|
||||
int (*my_aes_crypt_init)(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -182,6 +184,10 @@ extern struct my_crypt_service_st {
|
||||
unsigned int (*my_aes_get_size)(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int (*my_aes_ctx_size)(enum my_aes_mode mode);
|
||||
int (*my_random_bytes)(unsigned char* buf, int num);
|
||||
void (*my_bytes_to_key)(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
} *my_crypt_service;
|
||||
int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -193,6 +199,10 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
|
||||
const unsigned char *src, unsigned int slen, unsigned char *dst, unsigned int *dlen,
|
||||
const unsigned char *key, unsigned int klen, const unsigned char *iv, unsigned int ivlen);
|
||||
int my_random_bytes(unsigned char* buf, int num);
|
||||
void my_bytes_to_key(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
unsigned int my_aes_get_size(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int my_aes_ctx_size(enum my_aes_mode mode);
|
||||
}
|
||||
|
||||
@@ -57,6 +57,9 @@ enum my_aes_mode {
|
||||
#endif
|
||||
};
|
||||
|
||||
enum my_digest { MY_DIGEST_SHA1, MY_DIGEST_SHA224, MY_DIGEST_SHA256,
|
||||
MY_DIGEST_SHA384, MY_DIGEST_SHA512 };
|
||||
|
||||
extern struct my_crypt_service_st {
|
||||
int (*my_aes_crypt_init)(void *ctx, enum my_aes_mode mode, int flags,
|
||||
const unsigned char* key, unsigned int klen,
|
||||
@@ -70,6 +73,10 @@ extern struct my_crypt_service_st {
|
||||
unsigned int (*my_aes_get_size)(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int (*my_aes_ctx_size)(enum my_aes_mode mode);
|
||||
int (*my_random_bytes)(unsigned char* buf, int num);
|
||||
void (*my_bytes_to_key)(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
} *my_crypt_service;
|
||||
|
||||
#ifdef MYSQL_DYNAMIC_PLUGIN
|
||||
@@ -95,6 +102,9 @@ extern struct my_crypt_service_st {
|
||||
#define my_random_bytes(A,B)\
|
||||
my_crypt_service->my_random_bytes(A,B)
|
||||
|
||||
#define my_bytes_to_key(A, B, C, D, E, F, G) \
|
||||
my_crypt_service->my_bytes_to_key(A,B,C,D,E,F,G)
|
||||
|
||||
#else
|
||||
|
||||
int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags,
|
||||
@@ -108,6 +118,10 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
|
||||
const unsigned char *key, unsigned int klen, const unsigned char *iv, unsigned int ivlen);
|
||||
|
||||
int my_random_bytes(unsigned char* buf, int num);
|
||||
void my_bytes_to_key(const unsigned char *salt, const unsigned char *input,
|
||||
unsigned int input_len, unsigned char *key,
|
||||
unsigned char *iv, enum my_digest digest,
|
||||
unsigned int use_pbkdf2);
|
||||
unsigned int my_aes_get_size(enum my_aes_mode mode, unsigned int source_length);
|
||||
unsigned int my_aes_ctx_size(enum my_aes_mode mode);
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user