AES-GCM support in file_key_management plugin

author: Sergei Golubchik <serg@mariadb.org> 2015-05-27 20:53:41 +0200
committer: Sergei Golubchik <serg@mariadb.org> 2015-06-02 19:00:23 +0200
commit: 51d67633ef52044314afff1370e9b2e9894595ff (patch)
tree: ad4613bdd76db2babb804dc361ccec1a73ff4362
parent: 0f0092720f4371556044695fa90a69b5e54a14cf (diff)
download: mariadb-git-51d67633ef52044314afff1370e9b2e9894595ff.tar.gz
2 files changed, 32 insertions, 1 deletions
diff --git a/mysql-test/suite/encryption/t/tempfiles.test b/mysql-test/suite/encryption/t/tempfiles.test
index 6395a15d8a5..34dcbdf5963 100644
--- a/mysql-test/suite/encryption/t/tempfiles.test
+++ b/mysql-test/suite/encryption/t/tempfiles.test
@@ -1,7 +1,7 @@
 #
 # Various test cases for IO_CACHE tempfiles (file==-1) encryption
 #
-source include/have_example_key_management_plugin.inc;
+source include/have_file_key_management_plugin.inc;
 source include/have_sequence.inc;
 
 # Row binlog format to fill binlog cache faster
diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc
index 74eeebbc4e3..53cb4069a95 100644
--- a/plugin/file_key_management/file_key_management_plugin.cc
+++ b/plugin/file_key_management/file_key_management_plugin.cc
@@ -120,6 +120,32 @@ struct st_mariadb_encryption file_key_management_plugin= {
   0,0
 };
 
+#ifdef HAVE_EncryptAes128Gcm
+/*
+  use AES-CTR when cyphertext length must be the same as plaintext length,
+  and AES-GCM when cyphertext can be longer than plaintext.
+*/
+static int ctr_gcm_encrypt(const unsigned char* src, unsigned int slen,
+            unsigned char* dst, unsigned int* dlen,
+            const unsigned char* key, unsigned int klen,
+            const unsigned char* iv, unsigned int ivlen,
+            int no_padding, unsigned int keyid, unsigned int key_version)
+{
+  return (no_padding ? my_aes_encrypt_ctr : my_aes_encrypt_gcm)
+            (src, slen, dst, dlen, key, klen, iv, ivlen);
+}
+
+static int ctr_gcm_decrypt(const unsigned char* src, unsigned int slen,
+            unsigned char* dst, unsigned int* dlen,
+            const unsigned char* key, unsigned int klen,
+            const unsigned char* iv, unsigned int ivlen,
+            int no_padding, unsigned int keyid, unsigned int key_version)
+{
+  return (no_padding ? my_aes_decrypt_ctr : my_aes_decrypt_gcm)
+            (src, slen, dst, dlen, key, klen, iv, ivlen);
+}
+#endif
+
 static int file_key_management_plugin_init(void *p)
 {
   Parser parser(filename, filekey);
@@ -132,10 +158,15 @@ static int file_key_management_plugin_init(void *p)
     break;
 #ifdef HAVE_EncryptAes128Ctr
   case 1: // AES_CTR
+#ifdef HAVE_EncryptAes128Gcm
+    file_key_management_plugin.encrypt= ctr_gcm_encrypt;
+    file_key_management_plugin.decrypt= ctr_gcm_decrypt;
+#else
     file_key_management_plugin.encrypt=
       (encrypt_decrypt_func)my_aes_encrypt_ctr;
     file_key_management_plugin.decrypt=
       (encrypt_decrypt_func)my_aes_decrypt_ctr;
+#endif
     break;
 #endif
   default:
author	Sergei Golubchik <serg@mariadb.org>	2015-05-27 20:53:41 +0200
committer	Sergei Golubchik <serg@mariadb.org>	2015-06-02 19:00:23 +0200
commit	51d67633ef52044314afff1370e9b2e9894595ff (patch)
tree	ad4613bdd76db2babb804dc361ccec1a73ff4362
parent	0f0092720f4371556044695fa90a69b5e54a14cf (diff)
download	mariadb-git-51d67633ef52044314afff1370e9b2e9894595ff.tar.gz