diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2015-03-31 19:32:35 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2015-04-09 18:42:43 +0200 |
| commit | bb1b61b312088ba9f5f2cb606594b6f33c284402 (patch) | |
| tree | c5b433d19434e194fb82d2407adbbfee759dfd31 /plugin/file_key_management | |
| parent | 9ccafffc29526ea30151eb3e62901bfdb77aaf84 (diff) | |
| download | mariadb-git-bb1b61b312088ba9f5f2cb606594b6f33c284402.tar.gz | |
encryption plugin controls the encryption
* no --encryption-algorithm option anymore
* encrypt/decrypt methods in the encryption plugin
* ecnrypt/decrypt methods in the encryption_km service
* file_km plugin has --file-key-management-encryption-algorithm
* debug_km always uses aes_cbc
* example_km changes between aes_cbc and aes_ecb for different key versions
Diffstat (limited to 'plugin/file_key_management')
| -rw-r--r-- | plugin/file_key_management/file_key_management_plugin.cc | 55 |
1 files changed, 48 insertions, 7 deletions
diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc index be623706051..d7edeb73665 100644 --- a/plugin/file_key_management/file_key_management_plugin.cc +++ b/plugin/file_key_management/file_key_management_plugin.cc @@ -15,12 +15,28 @@ #include "parser.h" -#include <mysql_version.h> #include <mysql/plugin_encryption.h> #include <string.h> static char* filename; static char* filekey; +static unsigned long encryption_algorithm; + +static const char *encryption_algorithm_names[]= +{ + "aes_cbc", +#ifdef HAVE_EncryptAes128Ctr + "aes_ctr", +#endif + 0 +}; + +static TYPELIB encryption_algorithm_typelib= +{ + array_elements(encryption_algorithm_names)-1,"", + encryption_algorithm_names, NULL +}; + static MYSQL_SYSVAR_STR(filename, filename, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY, @@ -32,9 +48,15 @@ static MYSQL_SYSVAR_STR(filekey, filekey, "Key to encrypt / decrypt the keyfile.", NULL, NULL, ""); +static MYSQL_SYSVAR_ENUM(encryption_algorithm, encryption_algorithm, + PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY, + "Encryption algorithm to use.", + NULL, NULL, 0, &encryption_algorithm_typelib); + static struct st_mysql_sys_var* settings[] = { MYSQL_SYSVAR(filename), MYSQL_SYSVAR(filekey), + MYSQL_SYSVAR(encryption_algorithm), NULL }; @@ -88,18 +110,37 @@ static unsigned int get_key_from_key_file(unsigned int key_id, return 0; } +struct st_mariadb_encryption file_key_management_plugin= { + MariaDB_ENCRYPTION_INTERFACE_VERSION, + get_highest_key_used_in_key_file, + get_key_from_key_file, + 0,0 +}; + static int file_key_management_plugin_init(void *p) { Parser parser(filename, filekey); + switch (encryption_algorithm) { + case 0: // AES_CBC + file_key_management_plugin.encrypt= + (encrypt_decrypt_func)my_aes_encrypt_cbc; + file_key_management_plugin.decrypt= + (encrypt_decrypt_func)my_aes_decrypt_cbc; + break; +#ifdef HAVE_EncryptAes128Ctr + case 1: // AES_CTR + file_key_management_plugin.encrypt= + (encrypt_decrypt_func)my_aes_encrypt_ctr; + file_key_management_plugin.decrypt= + (encrypt_decrypt_func)my_aes_decrypt_ctr; + break; +#endif + default: + return 1; // cannot happen + } return parser.parse(&keys); } -struct st_mariadb_encryption file_key_management_plugin= { - MariaDB_ENCRYPTION_INTERFACE_VERSION, - get_highest_key_used_in_key_file, - get_key_from_key_file -}; - /* Plugin library descriptor */ |