database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-05 13:16:09 +03:00
Code Activity

MDEV-34712 Add support to sha2 and pbkdf2 key derivation in file_key_management

Browse Source 
Add two new variables:

file_key_management_digest={sha1|sha224|sha256|sha384|sha512}

This specify the digest function to use in key derivation of the key
used for decryption of the keyfile.

file_key_management_use_pbkdf2=N

This specify whether pbkdf2 is used in the key derivation, and if
so (N != 0), how many iterations.
This commit is contained in:
Yuchen Pei
2025-03-12 10:46:09 +11:00
parent ec6f320883
commit a9bdfccbc6
27 changed files with 268 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
include/mysql/plugin_function.h.pp
View File

@@ -169,6 +169,8 @@ extern "C" {
enum my_aes_mode {
MY_AES_ECB, MY_AES_CBC
};
enum my_digest { MY_DIGEST_SHA1, MY_DIGEST_SHA224, MY_DIGEST_SHA256,
MY_DIGEST_SHA384, MY_DIGEST_SHA512 };
extern struct my_crypt_service_st {
int (*my_aes_crypt_init)(void *ctx, enum my_aes_mode mode, int flags,
const unsigned char* key, unsigned int klen,
@@ -182,6 +184,10 @@ extern struct my_crypt_service_st {
unsigned int (*my_aes_get_size)(enum my_aes_mode mode, unsigned int source_length);
unsigned int (*my_aes_ctx_size)(enum my_aes_mode mode);
int (*my_random_bytes)(unsigned char* buf, int num);
void (*my_bytes_to_key)(const unsigned char *salt, const unsigned char *input,
unsigned int input_len, unsigned char *key,
unsigned char *iv, enum my_digest digest,
unsigned int use_pbkdf2);
} *my_crypt_service;
int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags,
const unsigned char* key, unsigned int klen,
@@ -193,6 +199,10 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
const unsigned char *src, unsigned int slen, unsigned char *dst, unsigned int *dlen,
const unsigned char *key, unsigned int klen, const unsigned char *iv, unsigned int ivlen);
int my_random_bytes(unsigned char* buf, int num);
void my_bytes_to_key(const unsigned char *salt, const unsigned char *input,
unsigned int input_len, unsigned char *key,
unsigned char *iv, enum my_digest digest,
unsigned int use_pbkdf2);
unsigned int my_aes_get_size(enum my_aes_mode mode, unsigned int source_length);
unsigned int my_aes_ctx_size(enum my_aes_mode mode);
}