database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

encryption plugin controls the encryption

Browse Source 
* no --encryption-algorithm option anymore
* encrypt/decrypt methods in the encryption plugin
* ecnrypt/decrypt methods in the encryption_km service
* file_km plugin has --file-key-management-encryption-algorithm
* debug_km always uses aes_cbc
* example_km changes between aes_cbc and aes_ecb for different key versions
This commit is contained in:
Sergei Golubchik
2015-03-31 19:32:35 +02:00
parent 9ccafffc29
commit bb1b61b312
36 changed files with 401 additions and 473 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
include/mysql/plugin_audit.h.pp
View File

@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
#include <mysql/service_encryption_keys.h>
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
struct st_mysql_xid {
long formatID;
long gtrid_length;

17
include/mysql/plugin_auth.h.pp
View File

@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
#include <mysql/service_encryption_keys.h>
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
struct st_mysql_xid {
long formatID;
long gtrid_length;

8
include/mysql/plugin_encryption.h
View File

@@ -1,5 +1,5 @@
#ifndef MYSQL_PLUGIN_ENCRYPTION_INCLUDED
/* Copyright (C) 2014 Sergei Golubchik and MariaDB
/* Copyright (C) 2014, 2015 Sergei Golubchik and MariaDB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -29,9 +29,6 @@
#define MariaDB_ENCRYPTION_INTERFACE_VERSION 0x0200
#define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0)
#define KEY_BUFFER_TOO_SMALL (100)
/**
Encryption plugin descriptor
*/
@@ -68,6 +65,9 @@ struct st_mariadb_encryption
*/
unsigned int (*get_key)(unsigned int version, unsigned char *key,
unsigned int *key_length);
encrypt_decrypt_func encrypt;
encrypt_decrypt_func decrypt;
};
#endif

19
include/mysql/plugin_encryption.h.pp
View File

@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
#include <mysql/service_encryption_keys.h>
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
struct st_mysql_xid {
long formatID;
long gtrid_length;
@@ -368,4 +385,6 @@ struct st_mariadb_encryption
unsigned int (*get_latest_key_version)();
unsigned int (*get_key)(unsigned int version, unsigned char *key,
unsigned int *key_length);
encrypt_decrypt_func encrypt;
encrypt_decrypt_func decrypt;
};

17
include/mysql/plugin_ftparser.h.pp
View File

@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
#include <mysql/service_encryption_keys.h>
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
struct st_mysql_xid {
long formatID;
long gtrid_length;

17
include/mysql/plugin_password_validation.h.pp
View File

@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
#include <mysql/service_encryption_keys.h>
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
struct st_mysql_xid {
long formatID;
long gtrid_length;

25
include/mysql/service_encryption_keys.h
View File

@@ -25,10 +25,21 @@
extern "C" {
#endif
#define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0)
#define KEY_BUFFER_TOO_SMALL (100)
typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
#ifdef MYSQL_DYNAMIC_PLUGIN
@@ -36,13 +47,23 @@ extern struct encryption_keys_service_st {
#define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func()
#define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V)
#define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S))
#define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
#else
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
#endif
#ifdef __cplusplus