diff options
25 files changed, 245 insertions, 44 deletions
diff --git a/include/my_crypt_key_management.h b/include/my_crypt_key_management.h deleted file mode 100644 index 1d144ced55c..00000000000 --- a/include/my_crypt_key_management.h +++ /dev/null @@ -1,34 +0,0 @@ - -#ifndef INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED -#define INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED - -#include "my_global.h" -#include "my_pthread.h" -#include "mysql/psi/psi.h" - -#ifndef DBUG_OFF -extern my_bool debug_use_static_encryption_keys; - -#ifdef HAVE_PSI_INTERFACE -extern PSI_rwlock_key key_LOCK_dbug_encryption_key_version; -#endif - -extern mysql_rwlock_t LOCK_dbug_encryption_key_version; -extern uint opt_debug_encryption_key_version; -#endif /* DBUG_OFF */ - -C_MODE_START - -/** - * Functions to interact with key management - */ - -uint get_latest_encryption_key_version(); -uint has_encryption_key(uint version); -uint get_encryption_key_size(uint version); -int get_encryption_key(uint version, uchar* key, uint size); -int get_encryption_iv(uint version, uchar* iv, uint size); - -C_MODE_END - -#endif // INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED diff --git a/include/mysql/plugin_audit.h.pp b/include/mysql/plugin_audit.h.pp index 10c54eedda3..65406219dc8 100644 --- a/include/mysql/plugin_audit.h.pp +++ b/include/mysql/plugin_audit.h.pp @@ -197,6 +197,19 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); +#include <mysql/service_encryption_keys.h> +extern struct encryption_keys_service_st { + unsigned int (*get_latest_encryption_key_version_func)(); + unsigned int (*has_encryption_key_func)(unsigned int); + unsigned int (*get_encryption_key_size_func)(unsigned int); + int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); +} *encryption_keys_service; +unsigned int get_latest_encryption_key_version(); +unsigned int has_encryption_key(unsigned int version); +unsigned int get_encryption_key_size(unsigned int version); +int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp index 062eb4e4ec5..ad694730330 100644 --- a/include/mysql/plugin_auth.h.pp +++ b/include/mysql/plugin_auth.h.pp @@ -197,6 +197,19 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); +#include <mysql/service_encryption_keys.h> +extern struct encryption_keys_service_st { + unsigned int (*get_latest_encryption_key_version_func)(); + unsigned int (*has_encryption_key_func)(unsigned int); + unsigned int (*get_encryption_key_size_func)(unsigned int); + int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); +} *encryption_keys_service; +unsigned int get_latest_encryption_key_version(); +unsigned int has_encryption_key(unsigned int version); +unsigned int get_encryption_key_size(unsigned int version); +int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_encryption_key_management.h.pp b/include/mysql/plugin_encryption_key_management.h.pp index 07f238d6c0d..c32cba045ec 100644 --- a/include/mysql/plugin_encryption_key_management.h.pp +++ b/include/mysql/plugin_encryption_key_management.h.pp @@ -197,6 +197,19 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); +#include <mysql/service_encryption_keys.h> +extern struct encryption_keys_service_st { + unsigned int (*get_latest_encryption_key_version_func)(); + unsigned int (*has_encryption_key_func)(unsigned int); + unsigned int (*get_encryption_key_size_func)(unsigned int); + int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); +} *encryption_keys_service; +unsigned int get_latest_encryption_key_version(); +unsigned int has_encryption_key(unsigned int version); +unsigned int get_encryption_key_size(unsigned int version); +int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_ftparser.h.pp b/include/mysql/plugin_ftparser.h.pp index 888a6bf8972..71045c170d6 100644 --- a/include/mysql/plugin_ftparser.h.pp +++ b/include/mysql/plugin_ftparser.h.pp @@ -197,6 +197,19 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); +#include <mysql/service_encryption_keys.h> +extern struct encryption_keys_service_st { + unsigned int (*get_latest_encryption_key_version_func)(); + unsigned int (*has_encryption_key_func)(unsigned int); + unsigned int (*get_encryption_key_size_func)(unsigned int); + int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); +} *encryption_keys_service; +unsigned int get_latest_encryption_key_version(); +unsigned int has_encryption_key(unsigned int version); +unsigned int get_encryption_key_size(unsigned int version); +int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp index 0a88110685f..ac685de3615 100644 --- a/include/mysql/plugin_password_validation.h.pp +++ b/include/mysql/plugin_password_validation.h.pp @@ -197,6 +197,19 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); +#include <mysql/service_encryption_keys.h> +extern struct encryption_keys_service_st { + unsigned int (*get_latest_encryption_key_version_func)(); + unsigned int (*has_encryption_key_func)(unsigned int); + unsigned int (*get_encryption_key_size_func)(unsigned int); + int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); +} *encryption_keys_service; +unsigned int get_latest_encryption_key_version(); +unsigned int has_encryption_key(unsigned int version); +unsigned int get_encryption_key_size(unsigned int version); +int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/service_cryptokeys.h b/include/mysql/service_cryptokeys.h new file mode 100644 index 00000000000..d5321e2f257 --- /dev/null +++ b/include/mysql/service_cryptokeys.h @@ -0,0 +1,60 @@ +#ifndef MYSQL_SERVICE_CRYPTOKEYS_INCLUDED +/* Copyright (c) 2015, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +/** + @file + cryptokeys service + + Functions get cryptographical keys and IV from the cryptokey management plugin +*/ + +#ifdef __cplusplus +extern "C" { +#endif + +extern struct cryptokeys_service_st { + unsigned int (*get_latest_crypto_key_version_func)(); + unsigned int (*has_crypto_key_func)(unsigned int); + unsigned int (*get_crypto_key_size_func)(unsigned int); + int (*get_crypto_key_func)(unsigned int, unsigned char*, unsigned int); + int (*get_crypto_iv_func)(unsigned int, unsigned char*, unsigned int); +} *cryptokeys_service; + +#ifdef MYSQL_DYNAMIC_PLUGIN + +#define get_latest_crypto_key_version() cryptokeys_service->get_latest_crypto_key_version_func() +#define has_crypto_key(V) cryptokeys_service->has_crypto_key_func(V) +#define get_crypto_key_size(V) cryptokeys_service->get_crypto_key_size_func(V) +#define get_crypto_key(V,K,S) cryptokeys_service->get_crypto_key_func((V), (K), (S)) +#define get_crypto_iv(V, I, S) cryptokeys_service->get_crypto_iv_func((V), (I), (S)) + +#else + +unsigned int get_latest_crypto_key_version(); +unsigned int has_crypto_key(unsigned int version); +unsigned int get_crypto_key_size(unsigned int version); +int get_crypto_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +int get_crypto_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); + +#endif + +#ifdef __cplusplus +} +#endif + +#define MYSQL_SERVICE_CRYPTOKEYS_INCLUDED +#endif + diff --git a/include/mysql/service_encryption_keys.h b/include/mysql/service_encryption_keys.h new file mode 100644 index 00000000000..69cbcb70592 --- /dev/null +++ b/include/mysql/service_encryption_keys.h @@ -0,0 +1,60 @@ +#ifndef MYSQL_SERVICE_ENCRYPTION_KEYS_INCLUDED +/* Copyright (c) 2015, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +/** + @file + encryption keys service + + Functions to get encryption keys and IV from the encryption key management plugin +*/ + +#ifdef __cplusplus +extern "C" { +#endif + +extern struct encryption_keys_service_st { + unsigned int (*get_latest_encryption_key_version_func)(); + unsigned int (*has_encryption_key_func)(unsigned int); + unsigned int (*get_encryption_key_size_func)(unsigned int); + int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); +} *encryption_keys_service; + +#ifdef MYSQL_DYNAMIC_PLUGIN + +#define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func() +#define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V) +#define get_encryption_key_size(V) encryption_keys_service->get_encryption_key_size_func(V) +#define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S)) +#define get_encryption_iv(V, I, S) encryption_keys_service->get_encryption_iv_func((V), (I), (S)) + +#else + +unsigned int get_latest_encryption_key_version(); +unsigned int has_encryption_key(unsigned int version); +unsigned int get_encryption_key_size(unsigned int version); +int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); + +#endif + +#ifdef __cplusplus +} +#endif + +#define MYSQL_SERVICE_ENCRYPTION_KEYS_INCLUDED +#endif + diff --git a/include/mysql/services.h b/include/mysql/services.h index 89e2e6f1e51..764e05b4dd1 100644 --- a/include/mysql/services.h +++ b/include/mysql/services.h @@ -32,6 +32,7 @@ extern "C" { #include <mysql/service_thd_autoinc.h> #include <mysql/service_thd_error_context.h> #include <mysql/service_thd_specifics.h> +#include <mysql/service_encryption_keys.h> /*#include <mysql/service_wsrep.h>*/ #ifdef __cplusplus diff --git a/include/service_versions.h b/include/service_versions.h index ecc0d9c8266..3d85be92519 100644 --- a/include/service_versions.h +++ b/include/service_versions.h @@ -35,4 +35,5 @@ #define VERSION_thd_autoinc 0x0100 #define VERSION_thd_error_context 0x0100 #define VERSION_thd_specifics 0x0100 +#define VERSION_encryption_keys 0x0100 diff --git a/libservices/CMakeLists.txt b/libservices/CMakeLists.txt index 2d105348410..74055ee5b11 100644 --- a/libservices/CMakeLists.txt +++ b/libservices/CMakeLists.txt @@ -28,6 +28,7 @@ SET(MYSQLSERVICES_SOURCES my_sha1_service.c my_md5_service.c wsrep_service.c + encryption_keys_service.c kill_statement_service.c logger_service.c) diff --git a/libservices/cryptokeys_service.c b/libservices/cryptokeys_service.c new file mode 100644 index 00000000000..1af64aab450 --- /dev/null +++ b/libservices/cryptokeys_service.c @@ -0,0 +1,17 @@ +/* Copyright (c) 2015 MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +#include <service_versions.h> +SERVICE_VERSION cryptokeys_service= (void*)VERSION_cryptokeys; diff --git a/libservices/encryption_keys_service.c b/libservices/encryption_keys_service.c new file mode 100644 index 00000000000..81fc7def201 --- /dev/null +++ b/libservices/encryption_keys_service.c @@ -0,0 +1,17 @@ +/* Copyright (c) 2015 MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +#include <service_versions.h> +SERVICE_VERSION encryption_keys_service= (void*)VERSION_encryption_keys; diff --git a/mysys/my_thr_init.c b/mysys/my_thr_init.c index debff7d396c..d9dbacc8524 100644 --- a/mysys/my_thr_init.c +++ b/mysys/my_thr_init.c @@ -22,7 +22,6 @@ #include "mysys_priv.h" #include <m_string.h> #include <signal.h> -#include <my_crypt_key_management.h> pthread_key(struct st_my_thread_var*, THR_KEY_mysys); mysql_mutex_t THR_LOCK_malloc, THR_LOCK_open, diff --git a/plugin/file_key_management_plugin/file_key_management_plugin.cc b/plugin/file_key_management_plugin/file_key_management_plugin.cc index 7dbf8c132da..cb6485f8596 100644 --- a/plugin/file_key_management_plugin/file_key_management_plugin.cc +++ b/plugin/file_key_management_plugin/file_key_management_plugin.cc @@ -18,7 +18,6 @@ #include <mysql_version.h> #include <mysql/plugin_encryption_key_management.h> #include <my_aes.h> -#include <my_crypt_key_management.h> #include "sql_class.h" #include "KeySingleton.h" #include "EncKeys.h" diff --git a/sql/encryption_keys.cc b/sql/encryption_keys.cc index f924ad1c599..835ecd470cf 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption_keys.cc @@ -1,6 +1,6 @@ #include <my_global.h> #include <mysql/plugin_encryption_key_management.h> -#include <my_crypt_key_management.h> +#include "encryption_keys.h" #include "log.h" #include "sql_plugin.h" diff --git a/sql/encryption_keys.h b/sql/encryption_keys.h new file mode 100644 index 00000000000..10907c1332a --- /dev/null +++ b/sql/encryption_keys.h @@ -0,0 +1,11 @@ +#ifndef SQL_CRYPTOKEY_INCLUDED +#define SQL_CRYPTOKEY_INCLUDED + +#include "my_global.h" + +#ifndef DBUG_OFF + extern my_bool debug_use_static_encryption_keys; +extern uint opt_debug_encryption_key_version; +#endif /* DBUG_OFF */ + +#endif // SQL_CRYPTOKEY_INCLUDED diff --git a/sql/sql_plugin_services.h b/sql/sql_plugin_services.h index c99691ab579..aeb2d75efc5 100644 --- a/sql/sql_plugin_services.h +++ b/sql/sql_plugin_services.h @@ -139,6 +139,15 @@ static struct wsrep_service_st wsrep_handler = { wsrep_unlock_rollback }; +static struct encryption_keys_service_st encryption_keys_handler= +{ + get_latest_encryption_key_version, + has_encryption_key, + get_encryption_key_size, + get_encryption_key, + get_encryption_iv +}; + static struct thd_specifics_service_st thd_specifics_handler= { thd_key_create, @@ -161,6 +170,7 @@ static struct st_service_ref list_of_services[]= { "logger_service", VERSION_logger, &logger_service_handler }, { "thd_autoinc_service", VERSION_thd_autoinc, &thd_autoinc_handler }, { "wsrep_service", VERSION_wsrep, &wsrep_handler }, + { "encryption_keys_service", VERSION_encryption_keys, &encryption_keys_handler }, { "thd_specifics_service", VERSION_thd_specifics, &thd_specifics_handler }, { "thd_error_context_service", VERSION_thd_error_context, &thd_error_conext_handler }, }; diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 198e4073ef8..0dea5a134e9 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -62,7 +62,7 @@ #include "sql_repl.h" #include "opt_range.h" #include "rpl_parallel.h" -#include <my_crypt_key_management.h> +#include "encryption_keys.h" /* The rule for this file: everything should be 'static'. When a sys_var diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index c12bc385720..9d4c66d4343 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -13,7 +13,6 @@ #include "fil0pageencryption.h" #include <my_crypt.h> -#include <my_crypt_key_management.h> #include <my_aes.h> #include <math.h> diff --git a/storage/innobase/include/fsp0pageencryption.ic b/storage/innobase/include/fsp0pageencryption.ic index e2bd76679ee..b5c3f5ab666 100644 --- a/storage/innobase/include/fsp0pageencryption.ic +++ b/storage/innobase/include/fsp0pageencryption.ic @@ -25,7 +25,6 @@ Created 08/28/2014 #include "fsp0fsp.h" #include "fil0pageencryption.h" -#include <my_crypt_key_management.h> /********************************************************************//** diff --git a/storage/innobase/include/log0crypt.h b/storage/innobase/include/log0crypt.h index 0c0d046c471..9c7c0229ba4 100644 --- a/storage/innobase/include/log0crypt.h +++ b/storage/innobase/include/log0crypt.h @@ -12,7 +12,6 @@ Created 11/25/2013 Minli Zhu #include "ut0lst.h" #include "ut0rnd.h" #include "my_aes.h" -#include <my_crypt_key_management.h> #define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1 #define PURPOSE_BYTE_OFFSET 0 diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index be0c120c6c7..1bda5d9aab7 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -13,7 +13,6 @@ #include "fil0pageencryption.h" #include <my_crypt.h> -#include <my_crypt_key_management.h> #include <my_aes.h> #include <math.h> diff --git a/storage/xtradb/include/fsp0pageencryption.ic b/storage/xtradb/include/fsp0pageencryption.ic index 311618e905a..d3137001fc5 100644 --- a/storage/xtradb/include/fsp0pageencryption.ic +++ b/storage/xtradb/include/fsp0pageencryption.ic @@ -25,7 +25,6 @@ Created 08/28/2014 #include "fsp0fsp.h" #include "fil0pageencryption.h" -#include <my_crypt_key_management.h> /********************************************************************//** Determine if the tablespace is page encrypted from dict_table_t::flags. diff --git a/storage/xtradb/include/log0crypt.h b/storage/xtradb/include/log0crypt.h index 0c0d046c471..9c7c0229ba4 100644 --- a/storage/xtradb/include/log0crypt.h +++ b/storage/xtradb/include/log0crypt.h @@ -12,7 +12,6 @@ Created 11/25/2013 Minli Zhu #include "ut0lst.h" #include "ut0rnd.h" #include "my_aes.h" -#include <my_crypt_key_management.h> #define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1 #define PURPOSE_BYTE_OFFSET 0 |