Add encryption key id to the API as a distinct concept

which is separate from the encryption key version

3 files changed, 27 insertions, 17 deletions

diff --git a/plugin/debug_key_management/debug_key_management_plugin.cc b/plugin/debug_key_management/debug_key_management_plugin.cc
index a389a8ab04b..33e0c6ab318 100644
--- a/plugin/debug_key_management/debug_key_management_plugin.cc
+++ b/plugin/debug_key_management/debug_key_management_plugin.cc
@@ -19,6 +19,8 @@
   It's used to debug the encryption code with a fixed keys that change
   only on user request.
 
+  It does not support different key ids, the only valid key id is 1.
+
   THIS IS AN EXAMPLE ONLY! ENCRYPTION KEYS ARE HARD-CODED AND *NOT* SECRET!
   DO NOT USE THIS PLUGIN IN PRODUCTION! EVER!
 */
@@ -40,13 +42,20 @@ static struct st_mysql_sys_var* sysvars[] = {
   NULL
 };
 
-static unsigned int get_latest_key_version()
+static unsigned int get_latest_key_version(unsigned int keyid)
 {
+  if (keyid != 1)
+    return ENCRYPTION_KEY_VERSION_INVALID;
+
   return key_version;
 }
 
-static unsigned int get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen)
+static unsigned int get_key(unsigned int keyid, unsigned int version,
+                            unsigned char* dstbuf, unsigned *buflen)
 {
+  if (keyid != 1)
+    return ENCRYPTION_KEY_VERSION_INVALID;
+
   if (*buflen < KEY_SIZE)
   {
     *buflen= KEY_SIZE;
diff --git a/plugin/example_key_management/example_key_management_plugin.cc b/plugin/example_key_management/example_key_management_plugin.cc
index b26e42d598a..d3502b27d75 100644
--- a/plugin/example_key_management/example_key_management_plugin.cc
+++ b/plugin/example_key_management/example_key_management_plugin.cc
@@ -21,6 +21,8 @@
   different pages in the same tablespace encrypted with different keys
   and what the background re-encryption thread does.
 
+  It does not support different key ids, for all ids the key will be the same.
+
   THIS IS AN EXAMPLE ONLY! ENCRYPTION KEYS ARE HARD-CODED AND *NOT* SECRET!
   DO NOT USE THIS PLUGIN IN PRODUCTION! EVER!
 */
@@ -41,7 +43,7 @@ static unsigned int next_key_version = 0;
 static pthread_mutex_t mutex;
 
 static unsigned int
-get_latest_key_version()
+get_latest_key_version(unsigned int key_id)
 {
   uint now = time(0);
   pthread_mutex_lock(&mutex);
@@ -57,7 +59,8 @@ get_latest_key_version()
 }
 
 static unsigned int
-get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen)
+get_key(unsigned int key_id, unsigned int version,
+        unsigned char* dstbuf, unsigned *buflen)
 {
   if (*buflen < MY_MD5_HASH_SIZE)
   {
@@ -81,7 +84,7 @@ int encrypt(const unsigned char* src, unsigned int slen,
             unsigned char* dst, unsigned int* dlen,
             const unsigned char* key, unsigned int klen,
             const unsigned char* iv, unsigned int ivlen,
-            int no_padding, unsigned int key_version)
+            int no_padding, unsigned int keyid, unsigned int key_version)
 {
   return ((key_version & 1) ? my_aes_encrypt_cbc : my_aes_encrypt_ecb)
     (src, slen, dst, dlen, key, klen, iv, ivlen, no_padding);
@@ -91,7 +94,7 @@ int decrypt(const unsigned char* src, unsigned int slen,
             unsigned char* dst, unsigned int* dlen,
             const unsigned char* key, unsigned int klen,
             const unsigned char* iv, unsigned int ivlen,
-            int no_padding, unsigned int key_version)
+            int no_padding, unsigned int keyid, unsigned int key_version)
 {
   return ((key_version & 1) ? my_aes_decrypt_cbc : my_aes_decrypt_ecb)
     (src, slen, dst, dlen, key, klen, iv, ivlen, no_padding);
@@ -101,7 +104,7 @@ static int example_key_management_plugin_init(void *p)
 {
   /* init */
   my_rnd_init(&seed, time(0), 0);
-  get_latest_key_version();
+  get_latest_key_version(1);
   pthread_mutex_init(&mutex, NULL);
 
   return 0;
diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc
index bf193c252b3..08c0c9b74c8 100644
--- a/plugin/file_key_management/file_key_management_plugin.cc
+++ b/plugin/file_key_management/file_key_management_plugin.cc
@@ -78,20 +78,18 @@ static keyentry *get_key(unsigned int key_id)
   return a->id == key_id ? a : 0;
 }
 
-/**
-   This method is using with the id 0 if exists. 
-   This method is used by innobase/xtradb for the key
-   rotation feature of encrypting log files.
-*/
-
-static unsigned int get_highest_key_used_in_key_file()
+/* the version is always the same, no automatic key rotation */
+static unsigned int get_latest_version(uint key_id)
 {
-  return 0;
+  return  get_key(key_id) ? 1 : ENCRYPTION_KEY_VERSION_INVALID;
 }
 
 static unsigned int get_key_from_key_file(unsigned int key_id,
-                          unsigned char* dstbuf, unsigned *buflen)
+       unsigned int key_version, unsigned char* dstbuf, unsigned *buflen)
 {
+  if (key_version != 1)
+    return ENCRYPTION_KEY_VERSION_INVALID;
+
   keyentry* entry = get_key(key_id);
 
   if (entry == NULL)
@@ -112,7 +110,7 @@ static unsigned int get_key_from_key_file(unsigned int key_id,
 
 struct st_mariadb_encryption file_key_management_plugin= {
   MariaDB_ENCRYPTION_INTERFACE_VERSION,
-  get_highest_key_used_in_key_file,
+  get_latest_version,
   get_key_from_key_file,
   0,0
 };