encryption plugin controls the encryption

* no --encryption-algorithm option anymore * encrypt/decrypt methods in the encryption plugin * ecnrypt/decrypt methods in the encryption_km service * file_km plugin has --file-key-management-encryption-algorithm * debug_km always uses aes_cbc * example_km changes between aes_cbc and aes_ecb for different key versions
2025-07-18 23:03:28 +03:00 · 2015-03-31 19:32:35 +02:00
parent 9ccafffc29
commit bb1b61b312
36 changed files with 401 additions and 473 deletions
--- a/include/mysql/plugin_encryption.h.pp
+++ b/include/mysql/plugin_encryption.h.pp
@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
 void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
 int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
 #include <mysql/service_encryption_keys.h>
+typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
+                                    unsigned char* dst, unsigned int* dlen,
+                                    const unsigned char* key, unsigned int klen,
+                                    const unsigned char* iv, unsigned int ivlen,
+                                    int no_padding, unsigned int key_version);
 extern struct encryption_keys_service_st {
  unsigned int (*get_latest_encryption_key_version_func)();
  unsigned int (*has_encryption_key_func)(unsigned int);
  unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
+  encrypt_decrypt_func encrypt_data_func;
+  encrypt_decrypt_func decrypt_data_func;
 } *encryption_keys_service;
 unsigned int get_latest_encryption_key_version();
 unsigned int has_encryption_key(unsigned int version);
 unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
+int encrypt_data(const unsigned char* src, unsigned int slen,
+                 unsigned char* dst, unsigned int* dlen,
+                 const unsigned char* key, unsigned int klen,
+                 const unsigned char* iv, unsigned int ivlen,
+                 int no_padding, unsigned int key_version);
+int decrypt_data(const unsigned char* src, unsigned int slen,
+                 unsigned char* dst, unsigned int* dlen,
+                 const unsigned char* key, unsigned int klen,
+                 const unsigned char* iv, unsigned int ivlen,
+                 int no_padding, unsigned int key_version);
 struct st_mysql_xid {
  long formatID;
  long gtrid_length;
@ -368,4 +385,6 @@ struct st_mariadb_encryption
  unsigned int (*get_latest_key_version)();
  unsigned int (*get_key)(unsigned int version, unsigned char *key,
                          unsigned int *key_length);
+  encrypt_decrypt_func encrypt;
+  encrypt_decrypt_func decrypt;
 };