summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorSergei Golubchik <serg@mariadb.org>2015-03-31 19:32:35 +0200
committerSergei Golubchik <serg@mariadb.org>2015-04-09 18:42:43 +0200
commitbb1b61b312088ba9f5f2cb606594b6f33c284402 (patch)
treec5b433d19434e194fb82d2407adbbfee759dfd31 /include
parent9ccafffc29526ea30151eb3e62901bfdb77aaf84 (diff)
downloadmariadb-git-bb1b61b312088ba9f5f2cb606594b6f33c284402.tar.gz
encryption plugin controls the encryption
* no --encryption-algorithm option anymore * encrypt/decrypt methods in the encryption plugin * ecnrypt/decrypt methods in the encryption_km service * file_km plugin has --file-key-management-encryption-algorithm * debug_km always uses aes_cbc * example_km changes between aes_cbc and aes_ecb for different key versions
Diffstat (limited to 'include')
-rw-r--r--include/my_aes.h80
-rw-r--r--include/my_crypt.h72
-rw-r--r--include/mysql/plugin_audit.h.pp17
-rw-r--r--include/mysql/plugin_auth.h.pp17
-rw-r--r--include/mysql/plugin_encryption.h8
-rw-r--r--include/mysql/plugin_encryption.h.pp19
-rw-r--r--include/mysql/plugin_ftparser.h.pp17
-rw-r--r--include/mysql/plugin_password_validation.h.pp17
-rw-r--r--include/mysql/service_encryption_keys.h25
9 files changed, 150 insertions, 122 deletions
diff --git a/include/my_aes.h b/include/my_aes.h
index 824fa5540ef..b5df86fb5ab 100644
--- a/include/my_aes.h
+++ b/include/my_aes.h
@@ -24,8 +24,6 @@
#include <my_global.h>
-typedef int Crypt_result;
-
#define AES_OK 0
#define AES_BAD_DATA -1
#define AES_BAD_IV -2
@@ -49,84 +47,6 @@ typedef int Crypt_result;
C_MODE_START
-/**
- Crypt buffer with AES dynamic (defined at startup) encryption algorithm.
-
- SYNOPSIS
- my_aes_encrypt_dynamic()
- @param source [in] Pointer to data for encryption
- @param source_length [in] Size of encryption data
- @param dest [out] Buffer to place encrypted data (must be large enough)
- @param dest_length [out] Pointer to size of encrypted data
- @param key [in] Key to be used for encryption
- @param key_length [in] Length of the key. 16, 24 or 32
- @param iv [in] Iv to be used for encryption
- @param iv_length [in] Length of the iv. should be 16.
- @param noPadding [in] if set, algorithm specific padding behaviour is used
-
- Method used defined by calling my_aes_init_dynamic_encrypt() at startup.
-
- @return
- != 0 error
- 0 no error
-*/
-
-typedef int (*my_aes_encrypt_dynamic_type)(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const uchar* key, uint8 key_length,
- const uchar* iv, uint8 iv_length,
- uint noPadding);
-
-extern MYSQL_PLUGIN_IMPORT my_aes_encrypt_dynamic_type my_aes_encrypt_dynamic;
-
-/**
- AES decryption AES dynamic (defined at startup) encryption algorithm.
-
- SYNOPSIS
- my_aes_decrypt_dynamic()
- @param source [in] Pointer to data to decrypt
- @param source_length [in] Size of data
- @param dest [out] Buffer to place decrypted data (must be large enough)
- @param dest_length [out] Pointer to size of decrypted data
- @param key [in] Key to be used for decryption
- @param key_length [in] Length of the key. 16, 24 or 32
- @param iv [in] Iv to be used for encryption
- @param iv_length [in] Length of the iv. should be 16.
- @param noPadding [in] if set, algorithm specific padding behaviour is used
-
- @return
- != 0 error
- 0 no error
-
- Method used defined by calling my_aes_init_dynamic_encrypt() at startup.
-*/
-
-typedef int (*my_aes_decrypt_dynamic_type)(const uchar *source,
- uint32 source_length,
- uchar *dest, uint32 *dest_length,
- const uchar *key, uint8 key_length,
- const uchar *iv, uint8 iv_length,
- uint noPadding);
-extern MYSQL_PLUGIN_IMPORT my_aes_decrypt_dynamic_type my_aes_decrypt_dynamic;
-
-/**
- Initialize dynamic crypt functions
-*/
-
-enum enum_my_aes_encryption_algorithm
-{
- MY_AES_ALGORITHM_NONE, MY_AES_ALGORITHM_ECB, MY_AES_ALGORITHM_CBC,
- MY_AES_ALGORITHM_CTR
-};
-
-my_aes_decrypt_dynamic_type get_aes_decrypt_func(enum enum_my_aes_encryption_algorithm method);
-my_aes_encrypt_dynamic_type get_aes_encrypt_func(enum enum_my_aes_encryption_algorithm method);
-
-
-my_bool my_aes_init_dynamic_encrypt(enum enum_my_aes_encryption_algorithm method);
-
-extern MYSQL_PLUGIN_IMPORT enum enum_my_aes_encryption_algorithm current_aes_dynamic_method;
-
int my_aes_get_size(int source_length);
C_MODE_END
diff --git a/include/my_crypt.h b/include/my_crypt.h
index 83665659178..c6cddbd99e3 100644
--- a/include/my_crypt.h
+++ b/include/my_crypt.h
@@ -26,45 +26,45 @@ C_MODE_START
#ifdef HAVE_EncryptAes128Ctr
-Crypt_result my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const unsigned char* key, uint8 key_length,
- const unsigned char* iv, uint8 iv_length,
- uint no_padding);
-
-Crypt_result my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const unsigned char* key, uint8 key_length,
- const unsigned char* iv, uint8 iv_length,
- uint no_padding);
+int my_aes_encrypt_ctr(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const unsigned char* key, uint key_length,
+ const unsigned char* iv, uint iv_length,
+ int no_padding);
+
+int my_aes_decrypt_ctr(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const unsigned char* key, uint key_length,
+ const unsigned char* iv, uint iv_length,
+ int no_padding);
#endif
-Crypt_result my_aes_encrypt_cbc(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const unsigned char* key, uint8 key_length,
- const unsigned char* iv, uint8 iv_length,
- uint no_padding);
-
-Crypt_result my_aes_decrypt_cbc(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const unsigned char* key, uint8 key_length,
- const unsigned char* iv, uint8 iv_length,
- uint no_padding);
-
-Crypt_result my_aes_encrypt_ecb(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const unsigned char* key, uint8 key_length,
- const unsigned char* iv, uint8 iv_length,
- uint no_padding);
-
-Crypt_result my_aes_decrypt_ecb(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const unsigned char* key, uint8 key_length,
- const unsigned char* iv, uint8 iv_length,
- uint no_padding);
-
-Crypt_result my_random_bytes(uchar* buf, int num);
+int my_aes_encrypt_cbc(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const unsigned char* key, uint key_length,
+ const unsigned char* iv, uint iv_length,
+ int no_padding);
+
+int my_aes_decrypt_cbc(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const unsigned char* key, uint key_length,
+ const unsigned char* iv, uint iv_length,
+ int no_padding);
+
+int my_aes_encrypt_ecb(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const unsigned char* key, uint key_length,
+ const unsigned char* iv, uint iv_length,
+ int no_padding);
+
+int my_aes_decrypt_ecb(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const unsigned char* key, uint key_length,
+ const unsigned char* iv, uint iv_length,
+ int no_padding);
+
+int my_random_bytes(uchar* buf, int num);
C_MODE_END
diff --git a/include/mysql/plugin_audit.h.pp b/include/mysql/plugin_audit.h.pp
index c4661e2b383..30647a7c331 100644
--- a/include/mysql/plugin_audit.h.pp
+++ b/include/mysql/plugin_audit.h.pp
@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
#include <mysql/service_encryption_keys.h>
+typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
+ encrypt_decrypt_func encrypt_data_func;
+ encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
+int encrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
+int decrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
struct st_mysql_xid {
long formatID;
long gtrid_length;
diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp
index 09986993139..e821a7d1bfb 100644
--- a/include/mysql/plugin_auth.h.pp
+++ b/include/mysql/plugin_auth.h.pp
@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
#include <mysql/service_encryption_keys.h>
+typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
+ encrypt_decrypt_func encrypt_data_func;
+ encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
+int encrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
+int decrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
struct st_mysql_xid {
long formatID;
long gtrid_length;
diff --git a/include/mysql/plugin_encryption.h b/include/mysql/plugin_encryption.h
index 43697096f04..a91a53c8ad5 100644
--- a/include/mysql/plugin_encryption.h
+++ b/include/mysql/plugin_encryption.h
@@ -1,5 +1,5 @@
#ifndef MYSQL_PLUGIN_ENCRYPTION_INCLUDED
-/* Copyright (C) 2014 Sergei Golubchik and MariaDB
+/* Copyright (C) 2014, 2015 Sergei Golubchik and MariaDB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -29,9 +29,6 @@
#define MariaDB_ENCRYPTION_INTERFACE_VERSION 0x0200
-#define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0)
-#define KEY_BUFFER_TOO_SMALL (100)
-
/**
Encryption plugin descriptor
*/
@@ -68,6 +65,9 @@ struct st_mariadb_encryption
*/
unsigned int (*get_key)(unsigned int version, unsigned char *key,
unsigned int *key_length);
+
+ encrypt_decrypt_func encrypt;
+ encrypt_decrypt_func decrypt;
};
#endif
diff --git a/include/mysql/plugin_encryption.h.pp b/include/mysql/plugin_encryption.h.pp
index a09e0e0543b..100928f0b19 100644
--- a/include/mysql/plugin_encryption.h.pp
+++ b/include/mysql/plugin_encryption.h.pp
@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
#include <mysql/service_encryption_keys.h>
+typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
+ encrypt_decrypt_func encrypt_data_func;
+ encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
+int encrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
+int decrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
struct st_mysql_xid {
long formatID;
long gtrid_length;
@@ -368,4 +385,6 @@ struct st_mariadb_encryption
unsigned int (*get_latest_key_version)();
unsigned int (*get_key)(unsigned int version, unsigned char *key,
unsigned int *key_length);
+ encrypt_decrypt_func encrypt;
+ encrypt_decrypt_func decrypt;
};
diff --git a/include/mysql/plugin_ftparser.h.pp b/include/mysql/plugin_ftparser.h.pp
index e9315f4fe83..0c58e6912ca 100644
--- a/include/mysql/plugin_ftparser.h.pp
+++ b/include/mysql/plugin_ftparser.h.pp
@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
#include <mysql/service_encryption_keys.h>
+typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
+ encrypt_decrypt_func encrypt_data_func;
+ encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
+int encrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
+int decrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
struct st_mysql_xid {
long formatID;
long gtrid_length;
diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp
index a82d5fd9150..8ab0f680815 100644
--- a/include/mysql/plugin_password_validation.h.pp
+++ b/include/mysql/plugin_password_validation.h.pp
@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
#include <mysql/service_encryption_keys.h>
+typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
+ encrypt_decrypt_func encrypt_data_func;
+ encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
+int encrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
+int decrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
struct st_mysql_xid {
long formatID;
long gtrid_length;
diff --git a/include/mysql/service_encryption_keys.h b/include/mysql/service_encryption_keys.h
index f162bba3cff..105146d00a5 100644
--- a/include/mysql/service_encryption_keys.h
+++ b/include/mysql/service_encryption_keys.h
@@ -25,10 +25,21 @@
extern "C" {
#endif
+#define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0)
+#define KEY_BUFFER_TOO_SMALL (100)
+
+typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
+
extern struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
+ encrypt_decrypt_func encrypt_data_func;
+ encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service;
#ifdef MYSQL_DYNAMIC_PLUGIN
@@ -36,13 +47,23 @@ extern struct encryption_keys_service_st {
#define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func()
#define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V)
#define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S))
-
+#define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
+#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
#else
unsigned int get_latest_encryption_key_version();
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
-
+int encrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
+int decrypt_data(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int no_padding, unsigned int key_version);
#endif
#ifdef __cplusplus
View Lorry Controller Status