diff options
| author | Jan Lindström <jan.lindstrom@mariadb.com> | 2015-04-01 19:37:00 +0300 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2015-04-07 23:44:56 +0200 |
| commit | 0ba9fa35bc119cbded96cd8587427be195603cec (patch) | |
| tree | d560c44a7cadbbffc12823d6244987ff33101b4a /storage/xtradb/include/fil0crypt.h | |
| parent | b4a4d82396dce58496a9d0741fec505452d753f6 (diff) | |
| download | mariadb-git-0ba9fa35bc119cbded96cd8587427be195603cec.tar.gz | |
InnoDB/XtraDB Encryption cleanup
Step 2:
-- Introduce temporal memory array to buffer pool where to allocate
temporary memory for encryption/compression
-- Rename PAGE_ENCRYPTION -> ENCRYPTION
-- Rename PAGE_ENCRYPTION_KEY -> ENCRYPTION_KEY
-- Rename innodb_default_page_encryption_key -> innodb_default_encryption_key
-- Allow enable/disable encryption for tables by changing
ENCRYPTION to enum having values DEFAULT, ON, OFF
-- In create table store crypt_data if ENCRYPTION is ON or OFF
-- Do not crypt tablespaces having ENCRYPTION=OFF
-- Store encryption mode to crypt_data and redo-log
Diffstat (limited to 'storage/xtradb/include/fil0crypt.h')
| -rw-r--r-- | storage/xtradb/include/fil0crypt.h | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/storage/xtradb/include/fil0crypt.h b/storage/xtradb/include/fil0crypt.h index 9d02034e4b2..359533dc50a 100644 --- a/storage/xtradb/include/fil0crypt.h +++ b/storage/xtradb/include/fil0crypt.h @@ -37,6 +37,14 @@ Created 04/01/2015 Jan Lindström /* This key will be used if nothing else is given */ #define FIL_DEFAULT_ENCRYPTION_KEY 1 +/** Enum values for encryption table option */ +typedef enum { + FIL_SPACE_ENCRYPTION_DEFAULT = 0, /* Tablespace encrypted if + srv_encrypt_tables = ON */ + FIL_SPACE_ENCRYPTION_ON = 1, /* Tablespace is encrypted always */ + FIL_SPACE_ENCRYPTION_OFF = 2 /* Tablespace is not encrypted */ +} fil_encryption_t; + /** * CRYPT_SCHEME_UNENCRYPTED * @@ -67,6 +75,8 @@ struct key_struct { uint key_version; /*!< Key version used as identifier */ + uint key_id; /*1< Key id used as + identifier */ byte key[MY_AES_MAX_KEY_LENGTH]; /*!< Cached L or key */ uint key_length; /*!< Key length */ }; @@ -95,6 +105,7 @@ struct fil_space_crypt_struct key_struct keys[3]; // cached L = AES_ECB(KEY, IV) uint min_key_version; // min key version for this space ulint page0_offset; // byte offset on page 0 for crypt data + fil_encryption_t encryption; // Encryption setup ib_mutex_t mutex; // mutex protecting following variables bool closing; // is tablespace being closed @@ -227,9 +238,7 @@ fil_space_encrypt( lsn_t lsn, /*!< in: page lsn */ const byte* src_frame,/*!< in: page frame */ ulint size, /*!< in: size of data to encrypt */ - byte* dst_frame, /*!< in: where to encrypt to */ - ulint page_encryption_key); /*!< in: page encryption key id if page - encrypted */ + byte* dst_frame); /*!< in: where to encrypt to */ /********************************************************************* Decrypt buffer page */ |