Add encryption key id to the API as a distinct concept

which is separate from the encryption key version
author: Sergei Golubchik <serg@mariadb.org> 2015-04-09 00:37:47 +0200
committer: Sergei Golubchik <serg@mariadb.org> 2015-04-09 19:35:40 +0200
commit: 97d5de4ccfa75af899e764dbd1c3f4b7ea370311 (patch)
tree: 19bfde638b5ccefa3e8160f39e64827f2ddba7e1 /include
parent: 5dffda3ccc72d026f0ac2eea63b5e1424cc1eca1 (diff)
download: mariadb-git-97d5de4ccfa75af899e764dbd1c3f4b7ea370311.tar.gz
7 files changed, 58 insertions, 44 deletions
diff --git a/include/mysql/plugin_audit.h.pp b/include/mysql/plugin_audit.h.pp
index c874484288d..7346c4f29b0 100644
--- a/include/mysql/plugin_audit.h.pp
+++ b/include/mysql/plugin_audit.h.pp
@@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
                                     unsigned char* dst, unsigned int* dlen,
                                     const unsigned char* key, unsigned int klen,
                                     const unsigned char* iv, unsigned int ivlen,
-                                    int no_padding, unsigned int key_version);
+                                    int no_padding, unsigned int key_id,
+                                    unsigned int key_version);
 struct encryption_service_st {
-  unsigned int (*encryption_key_get_latest_version_func)();
-  unsigned int (*encryption_key_exists_func)(unsigned int);
-  unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
+  unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
+  unsigned int (*encryption_key_id_exists_func)(unsigned int);
+  unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
+  unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
   encrypt_decrypt_func encryption_encrypt_func;
   encrypt_decrypt_func encryption_decrypt_func;
 };
diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp
index d12e4eb062b..1df73b0a41e 100644
--- a/include/mysql/plugin_auth.h.pp
+++ b/include/mysql/plugin_auth.h.pp
@@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
                                     unsigned char* dst, unsigned int* dlen,
                                     const unsigned char* key, unsigned int klen,
                                     const unsigned char* iv, unsigned int ivlen,
-                                    int no_padding, unsigned int key_version);
+                                    int no_padding, unsigned int key_id,
+                                    unsigned int key_version);
 struct encryption_service_st {
-  unsigned int (*encryption_key_get_latest_version_func)();
-  unsigned int (*encryption_key_exists_func)(unsigned int);
-  unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
+  unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
+  unsigned int (*encryption_key_id_exists_func)(unsigned int);
+  unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
+  unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
   encrypt_decrypt_func encryption_encrypt_func;
   encrypt_decrypt_func encryption_decrypt_func;
 };
diff --git a/include/mysql/plugin_encryption.h b/include/mysql/plugin_encryption.h
index a91a53c8ad5..90979017101 100644
--- a/include/mysql/plugin_encryption.h
+++ b/include/mysql/plugin_encryption.h
@@ -37,11 +37,11 @@ struct st_mariadb_encryption
   int interface_version;                        /**< version plugin uses */
 
   /**
-    function returning latest key version.
+    function returning latest key version for a given key id
 
-    @return a version or BAD_ENCRYPTION_KEY_VERSION to indicate an error.
+    @return a version or ENCRYPTION_KEY_VERSION_INVALID to indicate an error.
   */
-  unsigned int (*get_latest_key_version)();
+  unsigned int (*get_latest_key_version)(unsigned int key_id);
 
   /**
     function returning a key for a key version
@@ -60,11 +60,11 @@ struct st_mariadb_encryption
     the key data or leave it untouched).
 
     @return 0 on success, or
-            BAD_ENCRYPTION_KEY_VERSION, KEY_BUFFER_TOO_SMALL,
+            ENCRYPTION_KEY_VERSION_INVALID, ENCRYPTION_KEY_BUFFER_TOO_SMALL
             or any other non-zero number for errors
   */
-  unsigned int (*get_key)(unsigned int version, unsigned char *key,
-                          unsigned int *key_length);
+  unsigned int (*get_key)(unsigned int key_id, unsigned int version,
+                          unsigned char *key, unsigned int *key_length);
 
   encrypt_decrypt_func encrypt;
   encrypt_decrypt_func decrypt;
diff --git a/include/mysql/plugin_encryption.h.pp b/include/mysql/plugin_encryption.h.pp
index e1c034271ce..2cf344864e4 100644
--- a/include/mysql/plugin_encryption.h.pp
+++ b/include/mysql/plugin_encryption.h.pp
@@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
                                     unsigned char* dst, unsigned int* dlen,
                                     const unsigned char* key, unsigned int klen,
                                     const unsigned char* iv, unsigned int ivlen,
-                                    int no_padding, unsigned int key_version);
+                                    int no_padding, unsigned int key_id,
+                                    unsigned int key_version);
 struct encryption_service_st {
-  unsigned int (*encryption_key_get_latest_version_func)();
-  unsigned int (*encryption_key_exists_func)(unsigned int);
-  unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
+  unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
+  unsigned int (*encryption_key_id_exists_func)(unsigned int);
+  unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
+  unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
   encrypt_decrypt_func encryption_encrypt_func;
   encrypt_decrypt_func encryption_decrypt_func;
 };
@@ -370,9 +372,9 @@ void thd_wakeup_subsequent_commits(void* thd, int wakeup_error);
 struct st_mariadb_encryption
 {
   int interface_version;
-  unsigned int (*get_latest_key_version)();
-  unsigned int (*get_key)(unsigned int version, unsigned char *key,
-                          unsigned int *key_length);
+  unsigned int (*get_latest_key_version)(unsigned int key_id);
+  unsigned int (*get_key)(unsigned int key_id, unsigned int version,
+                          unsigned char *key, unsigned int *key_length);
   encrypt_decrypt_func encrypt;
   encrypt_decrypt_func decrypt;
 };
diff --git a/include/mysql/plugin_ftparser.h.pp b/include/mysql/plugin_ftparser.h.pp
index f163a58f793..ee8ebc4299c 100644
--- a/include/mysql/plugin_ftparser.h.pp
+++ b/include/mysql/plugin_ftparser.h.pp
@@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
                                     unsigned char* dst, unsigned int* dlen,
                                     const unsigned char* key, unsigned int klen,
                                     const unsigned char* iv, unsigned int ivlen,
-                                    int no_padding, unsigned int key_version);
+                                    int no_padding, unsigned int key_id,
+                                    unsigned int key_version);
 struct encryption_service_st {
-  unsigned int (*encryption_key_get_latest_version_func)();
-  unsigned int (*encryption_key_exists_func)(unsigned int);
-  unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
+  unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
+  unsigned int (*encryption_key_id_exists_func)(unsigned int);
+  unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
+  unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
   encrypt_decrypt_func encryption_encrypt_func;
   encrypt_decrypt_func encryption_decrypt_func;
 };
diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp
index 94d48543103..e7dcc44f07a 100644
--- a/include/mysql/plugin_password_validation.h.pp
+++ b/include/mysql/plugin_password_validation.h.pp
@@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
                                     unsigned char* dst, unsigned int* dlen,
                                     const unsigned char* key, unsigned int klen,
                                     const unsigned char* iv, unsigned int ivlen,
-                                    int no_padding, unsigned int key_version);
+                                    int no_padding, unsigned int key_id,
+                                    unsigned int key_version);
 struct encryption_service_st {
-  unsigned int (*encryption_key_get_latest_version_func)();
-  unsigned int (*encryption_key_exists_func)(unsigned int);
-  unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
+  unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
+  unsigned int (*encryption_key_id_exists_func)(unsigned int);
+  unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
+  unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
   encrypt_decrypt_func encryption_encrypt_func;
   encrypt_decrypt_func encryption_decrypt_func;
 };
diff --git a/include/mysql/service_encryption.h b/include/mysql/service_encryption.h
index ed012bdb7d6..2ed29d594a6 100644
--- a/include/mysql/service_encryption.h
+++ b/include/mysql/service_encryption.h
@@ -30,7 +30,7 @@ extern "C" {
 
 /* returned from encryption_key_get_latest_version() */
 #define ENCRYPTION_KEY_VERSION_INVALID        (~(unsigned int)0)
-#define ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED  (0)
+#define ENCRYPTION_KEY_NOT_ENCRYPTED          (0)
 
 /* returned from encryption_key_get()  */
 #define ENCRYPTION_KEY_BUFFER_TOO_SMALL    (100)
@@ -39,12 +39,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
                                     unsigned char* dst, unsigned int* dlen,
                                     const unsigned char* key, unsigned int klen,
                                     const unsigned char* iv, unsigned int ivlen,
-                                    int no_padding, unsigned int key_version);
+                                    int no_padding, unsigned int key_id,
+                                    unsigned int key_version);
 
 struct encryption_service_st {
-  unsigned int (*encryption_key_get_latest_version_func)();
-  unsigned int (*encryption_key_exists_func)(unsigned int);
-  unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*);
+  unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
+  unsigned int (*encryption_key_id_exists_func)(unsigned int);
+  unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
+  unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
   encrypt_decrypt_func encryption_encrypt_func;
   encrypt_decrypt_func encryption_decrypt_func;
 };
@@ -53,20 +55,22 @@ struct encryption_service_st {
 
 extern struct encryption_service_st *encryption_service;
 
-#define encryption_key_get_latest_version() encryption_service->encryption_key_get_latest_version_func()
-#define encryption_key_exists(V) encryption_service->encryption_key_exists_func(V)
-#define encryption_key_get(V,K,S) encryption_service->encryption_key_get_func((V), (K), (S))
-#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
-#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
+#define encryption_key_get_latest_version(KI) encryption_service->encryption_key_get_latest_version_func(KI)
+#define encryption_key_id_exists(KI) encryption_service->encryption_key_id_exists_func((KI))
+#define encryption_key_version_exists(KI,KV) encryption_service->encryption_key_version_exists_func((KI),(KV))
+#define encryption_key_get(KI,KV,K,S) encryption_service->encryption_key_get_func((KI),(KV),(K),(S))
+#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_service->encryption_encrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV))
+#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_service->encryption_decrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV))
 #else
 
 extern struct encryption_service_st encryption_handler;
 
-#define encryption_key_get_latest_version() encryption_handler.encryption_key_get_latest_version_func()
-#define encryption_key_exists(V) encryption_handler.encryption_key_exists_func(V)
-#define encryption_key_get(V,K,S) encryption_handler.encryption_key_get_func((V), (K), (S))
-#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
-#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
+#define encryption_key_get_latest_version(KI) encryption_handler.encryption_key_get_latest_version_func(KI)
+#define encryption_key_id_exists(KI) encryption_handler.encryption_key_id_exists_func((KI))
+#define encryption_key_version_exists(KI,KV) encryption_handler.encryption_key_version_exists_func((KI),(KV))
+#define encryption_key_get(KI,KV,K,S) encryption_handler.encryption_key_get_func((KI),(KV),(K),(S))
+#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_handler.encryption_encrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV))
+#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_handler.encryption_decrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV))
 #endif
 
 #ifdef __cplusplus
author	Sergei Golubchik <serg@mariadb.org>	2015-04-09 00:37:47 +0200
committer	Sergei Golubchik <serg@mariadb.org>	2015-04-09 19:35:40 +0200
commit	97d5de4ccfa75af899e764dbd1c3f4b7ea370311 (patch)
tree	19bfde638b5ccefa3e8160f39e64827f2ddba7e1 /include
parent	5dffda3ccc72d026f0ac2eea63b5e1424cc1eca1 (diff)
download	mariadb-git-97d5de4ccfa75af899e764dbd1c3f4b7ea370311.tar.gz