diff options
32 files changed, 198 insertions, 193 deletions
diff --git a/include/mysql/plugin_audit.h.pp b/include/mysql/plugin_audit.h.pp index 0819b053ee3..c874484288d 100644 --- a/include/mysql/plugin_audit.h.pp +++ b/include/mysql/plugin_audit.h.pp @@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); -#include <mysql/service_encryption_keys.h> +#include <mysql/service_encryption.h> typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; }; -extern struct encryption_keys_service_st encryption_keys_handler; +extern struct encryption_service_st encryption_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp index c612eda97d1..d12e4eb062b 100644 --- a/include/mysql/plugin_auth.h.pp +++ b/include/mysql/plugin_auth.h.pp @@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); -#include <mysql/service_encryption_keys.h> +#include <mysql/service_encryption.h> typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; }; -extern struct encryption_keys_service_st encryption_keys_handler; +extern struct encryption_service_st encryption_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_encryption.h.pp b/include/mysql/plugin_encryption.h.pp index 00eaa7e3095..e1c034271ce 100644 --- a/include/mysql/plugin_encryption.h.pp +++ b/include/mysql/plugin_encryption.h.pp @@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); -#include <mysql/service_encryption_keys.h> +#include <mysql/service_encryption.h> typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; }; -extern struct encryption_keys_service_st encryption_keys_handler; +extern struct encryption_service_st encryption_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_ftparser.h.pp b/include/mysql/plugin_ftparser.h.pp index 26a2e17c53a..f163a58f793 100644 --- a/include/mysql/plugin_ftparser.h.pp +++ b/include/mysql/plugin_ftparser.h.pp @@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); -#include <mysql/service_encryption_keys.h> +#include <mysql/service_encryption.h> typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; }; -extern struct encryption_keys_service_st encryption_keys_handler; +extern struct encryption_service_st encryption_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp index 9d9e2e8f25d..94d48543103 100644 --- a/include/mysql/plugin_password_validation.h.pp +++ b/include/mysql/plugin_password_validation.h.pp @@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); -#include <mysql/service_encryption_keys.h> +#include <mysql/service_encryption.h> typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; }; -extern struct encryption_keys_service_st encryption_keys_handler; +extern struct encryption_service_st encryption_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/service_encryption.h b/include/mysql/service_encryption.h new file mode 100644 index 00000000000..ed012bdb7d6 --- /dev/null +++ b/include/mysql/service_encryption.h @@ -0,0 +1,78 @@ +#ifndef MYSQL_SERVICE_ENCRYPTION_INCLUDED +/* Copyright (c) 2015, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +/** + @file + encryption service + + Functions to support data encryption and encryption key management. + They are normally implemented in an encryption plugin, so this service + connects encryption *consumers* (storage engines) to the encryption + *provider* (encryption plugin). +*/ + +#ifdef __cplusplus +extern "C" { +#endif + +/* returned from encryption_key_get_latest_version() */ +#define ENCRYPTION_KEY_VERSION_INVALID (~(unsigned int)0) +#define ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED (0) + +/* returned from encryption_key_get() */ +#define ENCRYPTION_KEY_BUFFER_TOO_SMALL (100) + +typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); + +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; +}; + +#ifdef MYSQL_DYNAMIC_PLUGIN + +extern struct encryption_service_st *encryption_service; + +#define encryption_key_get_latest_version() encryption_service->encryption_key_get_latest_version_func() +#define encryption_key_exists(V) encryption_service->encryption_key_exists_func(V) +#define encryption_key_get(V,K,S) encryption_service->encryption_key_get_func((V), (K), (S)) +#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#else + +extern struct encryption_service_st encryption_handler; + +#define encryption_key_get_latest_version() encryption_handler.encryption_key_get_latest_version_func() +#define encryption_key_exists(V) encryption_handler.encryption_key_exists_func(V) +#define encryption_key_get(V,K,S) encryption_handler.encryption_key_get_func((V), (K), (S)) +#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#endif + +#ifdef __cplusplus +} +#endif + +#define MYSQL_SERVICE_ENCRYPTION_INCLUDED +#endif + diff --git a/include/mysql/service_encryption_keys.h b/include/mysql/service_encryption_keys.h deleted file mode 100644 index 93e96650758..00000000000 --- a/include/mysql/service_encryption_keys.h +++ /dev/null @@ -1,71 +0,0 @@ -#ifndef MYSQL_SERVICE_ENCRYPTION_KEYS_INCLUDED -/* Copyright (c) 2015, MariaDB - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/** - @file - encryption keys service - - Functions to get encryption keys from the encryption plugin -*/ - -#ifdef __cplusplus -extern "C" { -#endif - -#define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0) -#define KEY_BUFFER_TOO_SMALL (100) - -typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); - -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; -}; - -#ifdef MYSQL_DYNAMIC_PLUGIN - -extern struct encryption_keys_service_st *encryption_keys_service; - -#define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func() -#define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V) -#define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S)) -#define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) -#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) -#else - -extern struct encryption_keys_service_st encryption_keys_handler; - -#define get_latest_encryption_key_version() encryption_keys_handler.get_latest_encryption_key_version_func() -#define has_encryption_key(V) encryption_keys_handler.has_encryption_key_func(V) -#define get_encryption_key(V,K,S) encryption_keys_handler.get_encryption_key_func((V), (K), (S)) -#define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_handler.encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) -#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_handler.decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) -#endif - -#ifdef __cplusplus -} -#endif - -#define MYSQL_SERVICE_ENCRYPTION_KEYS_INCLUDED -#endif - diff --git a/include/mysql/services.h b/include/mysql/services.h index 764e05b4dd1..f8f41b19bd9 100644 --- a/include/mysql/services.h +++ b/include/mysql/services.h @@ -32,7 +32,7 @@ extern "C" { #include <mysql/service_thd_autoinc.h> #include <mysql/service_thd_error_context.h> #include <mysql/service_thd_specifics.h> -#include <mysql/service_encryption_keys.h> +#include <mysql/service_encryption.h> /*#include <mysql/service_wsrep.h>*/ #ifdef __cplusplus diff --git a/include/service_versions.h b/include/service_versions.h index d25d9507dff..0f3d8af5723 100644 --- a/include/service_versions.h +++ b/include/service_versions.h @@ -35,5 +35,5 @@ #define VERSION_thd_autoinc 0x0100 #define VERSION_thd_error_context 0x0100 #define VERSION_thd_specifics 0x0100 -#define VERSION_encryption_keys 0x0200 +#define VERSION_encryption 0x0200 diff --git a/libmysqld/CMakeLists.txt b/libmysqld/CMakeLists.txt index 7168c67e57e..33037d1b32c 100644 --- a/libmysqld/CMakeLists.txt +++ b/libmysqld/CMakeLists.txt @@ -105,7 +105,7 @@ SET(SQL_EMBEDDED_SOURCES emb_qcache.cc libmysqld.c lib_sql.cc ../sql/compat56.cc ../sql/table_cache.cc ../sql/item_inetfunc.cc - ../sql/wsrep_dummy.cc ../sql/encryption_keys.cc + ../sql/wsrep_dummy.cc ../sql/encryption.cc ${GEN_SOURCES} ${MYSYS_LIBWRAP_SOURCE} ) diff --git a/libservices/CMakeLists.txt b/libservices/CMakeLists.txt index 74055ee5b11..1dc472612e6 100644 --- a/libservices/CMakeLists.txt +++ b/libservices/CMakeLists.txt @@ -28,7 +28,7 @@ SET(MYSQLSERVICES_SOURCES my_sha1_service.c my_md5_service.c wsrep_service.c - encryption_keys_service.c + encryption_service.c kill_statement_service.c logger_service.c) diff --git a/libservices/encryption_keys_service.c b/libservices/encryption_service.c index 81fc7def201..f57575ae3e8 100644 --- a/libservices/encryption_keys_service.c +++ b/libservices/encryption_service.c @@ -14,4 +14,4 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include <service_versions.h> -SERVICE_VERSION encryption_keys_service= (void*)VERSION_encryption_keys; +SERVICE_VERSION encryption_service= (void*)VERSION_encryption; diff --git a/plugin/debug_key_management/debug_key_management_plugin.cc b/plugin/debug_key_management/debug_key_management_plugin.cc index 5b42c70c772..a389a8ab04b 100644 --- a/plugin/debug_key_management/debug_key_management_plugin.cc +++ b/plugin/debug_key_management/debug_key_management_plugin.cc @@ -50,7 +50,7 @@ static unsigned int get_key(unsigned int version, unsigned char* dstbuf, unsigne if (*buflen < KEY_SIZE) { *buflen= KEY_SIZE; - return KEY_BUFFER_TOO_SMALL; + return ENCRYPTION_KEY_BUFFER_TOO_SMALL; } *buflen= KEY_SIZE; if (!dstbuf) diff --git a/plugin/example_key_management/example_key_management_plugin.cc b/plugin/example_key_management/example_key_management_plugin.cc index dd8416504a0..b26e42d598a 100644 --- a/plugin/example_key_management/example_key_management_plugin.cc +++ b/plugin/example_key_management/example_key_management_plugin.cc @@ -62,7 +62,7 @@ get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen) if (*buflen < MY_MD5_HASH_SIZE) { *buflen= MY_MD5_HASH_SIZE; - return KEY_BUFFER_TOO_SMALL; + return ENCRYPTION_KEY_BUFFER_TOO_SMALL; } *buflen= MY_MD5_HASH_SIZE; if (!dstbuf) diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc index d7edeb73665..bf193c252b3 100644 --- a/plugin/file_key_management/file_key_management_plugin.cc +++ b/plugin/file_key_management/file_key_management_plugin.cc @@ -95,12 +95,12 @@ static unsigned int get_key_from_key_file(unsigned int key_id, keyentry* entry = get_key(key_id); if (entry == NULL) - return BAD_ENCRYPTION_KEY_VERSION; + return ENCRYPTION_KEY_VERSION_INVALID; if (*buflen < entry->length) { *buflen= entry->length; - return KEY_BUFFER_TOO_SMALL; + return ENCRYPTION_KEY_BUFFER_TOO_SMALL; } *buflen= entry->length; diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt index 8c426d010f8..f44c2f6bad0 100644 --- a/sql/CMakeLists.txt +++ b/sql/CMakeLists.txt @@ -117,7 +117,7 @@ SET (SQL_SOURCE my_json_writer.cc my_json_writer.h rpl_gtid.cc rpl_parallel.cc ${WSREP_SOURCES} - table_cache.cc encryption_keys.cc + table_cache.cc encryption.cc ${CMAKE_CURRENT_BINARY_DIR}/sql_builtin.cc ${GEN_SOURCES} ${MYSYS_LIBWRAP_SOURCE} diff --git a/sql/encryption_keys.cc b/sql/encryption.cc index b7afedaa27b..81f6d1820cd 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption.cc @@ -19,21 +19,19 @@ #include "sql_plugin.h" #include <my_crypt.h> -#warning TODO rename to follow single consistent style - /* there can be only one encryption plugin enabled */ -static plugin_ref encryption_key_manager= 0; -struct encryption_keys_service_st encryption_keys_handler; +static plugin_ref encryption_manager= 0; +struct encryption_service_st encryption_handler; unsigned int has_key(uint version) { uint unused; - return get_encryption_key(version, NULL, &unused) != BAD_ENCRYPTION_KEY_VERSION; + return encryption_key_get(version, NULL, &unused) != ENCRYPTION_KEY_VERSION_INVALID; } uint no_key() { - return BAD_ENCRYPTION_KEY_VERSION; + return ENCRYPTION_KEY_VERSION_INVALID; } static int no_crypt(const uchar* source, uint source_length, @@ -48,7 +46,7 @@ static int no_crypt(const uchar* source, uint source_length, int initialize_encryption_plugin(st_plugin_int *plugin) { - if (encryption_key_manager) + if (encryption_manager) return 1; if (plugin->plugin->init && plugin->plugin->init(plugin)) @@ -58,22 +56,22 @@ int initialize_encryption_plugin(st_plugin_int *plugin) return 1; } - encryption_key_manager= plugin_lock(NULL, plugin_int_to_ref(plugin)); + encryption_manager= plugin_lock(NULL, plugin_int_to_ref(plugin)); st_mariadb_encryption *handle= (struct st_mariadb_encryption*) plugin->plugin->info; - encryption_keys_handler.encrypt_data_func= + encryption_handler.encryption_encrypt_func= handle->encrypt ? handle->encrypt : (encrypt_decrypt_func)my_aes_encrypt_cbc; - encryption_keys_handler.decrypt_data_func= + encryption_handler.encryption_decrypt_func= handle->decrypt ? handle->decrypt : (encrypt_decrypt_func)my_aes_decrypt_cbc; - encryption_keys_handler.get_encryption_key_func= + encryption_handler.encryption_key_get_func= handle->get_key; - encryption_keys_handler.get_latest_encryption_key_version_func= + encryption_handler.encryption_key_get_latest_version_func= handle->get_latest_key_version; // must be the last return 0; @@ -81,21 +79,21 @@ int initialize_encryption_plugin(st_plugin_int *plugin) int finalize_encryption_plugin(st_plugin_int *plugin) { - encryption_keys_handler.encrypt_data_func= no_crypt; - encryption_keys_handler.decrypt_data_func= no_crypt; - encryption_keys_handler.has_encryption_key_func= has_key; - encryption_keys_handler.get_encryption_key_func= + encryption_handler.encryption_encrypt_func= no_crypt; + encryption_handler.encryption_decrypt_func= no_crypt; + encryption_handler.encryption_key_exists_func= has_key; + encryption_handler.encryption_key_get_func= (uint (*)(uint, uchar*, uint*))no_key; - encryption_keys_handler.get_latest_encryption_key_version_func= no_key; + encryption_handler.encryption_key_get_latest_version_func= no_key; if (plugin && plugin->plugin->deinit && plugin->plugin->deinit(NULL)) { DBUG_PRINT("warning", ("Plugin '%s' deinit function returned error.", plugin->name.str)); } - if (encryption_key_manager) - plugin_unlock(NULL, encryption_key_manager); - encryption_key_manager= 0; + if (encryption_manager) + plugin_unlock(NULL, encryption_manager); + encryption_manager= 0; return 0; } diff --git a/sql/sql_plugin_services.h b/sql/sql_plugin_services.h index 768797a4381..b848dfb8f6b 100644 --- a/sql/sql_plugin_services.h +++ b/sql/sql_plugin_services.h @@ -161,7 +161,7 @@ static struct st_service_ref list_of_services[]= { "logger_service", VERSION_logger, &logger_service_handler }, { "thd_autoinc_service", VERSION_thd_autoinc, &thd_autoinc_handler }, { "wsrep_service", VERSION_wsrep, &wsrep_handler }, - { "encryption_keys_service", VERSION_encryption_keys, &encryption_keys_handler }, + { "encryption_service", VERSION_encryption, &encryption_handler }, { "thd_specifics_service", VERSION_thd_specifics, &thd_specifics_handler }, { "thd_error_context_service", VERSION_thd_error_context, &thd_error_conext_handler }, }; diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 57029c684d4..345f8f572b8 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -232,7 +232,7 @@ fil_crypt_get_key(byte *dst, uint* key_length, } *key_length= MY_AES_MAX_KEY_LENGTH; - int rc = get_encryption_key(version, (unsigned char*)keybuf, key_length); + int rc = encryption_key_get(version, (unsigned char*)keybuf, key_length); if (rc) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -285,7 +285,7 @@ fil_crypt_get_latest_key(byte *dst, uint* key_length, { if (srv_encrypt_tables) { // used for key rotation - get the next key id from the key provider - int rc = get_latest_encryption_key_version(); + int rc = encryption_key_get_latest_version(); // if no new key was created use the last one if (rc >= 0) { @@ -313,7 +313,7 @@ fil_space_create_crypt_data() crypt_data->min_key_version = 0; } else { crypt_data->type = CRYPT_SCHEME_1; - crypt_data->min_key_version = get_latest_encryption_key_version(); + crypt_data->min_key_version = encryption_key_get_latest_version(); } mutex_create(fil_crypt_data_mutex_key, @@ -693,7 +693,7 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, srclen = page_size - FIL_PAGE_DATA; } - int rc = encrypt_data(src, srclen, dst, &dstlen, + int rc = encryption_encrypt(src, srclen, dst, &dstlen, (unsigned char*)key, key_length, (unsigned char*)iv, sizeof(iv), 1, key_version); @@ -865,7 +865,7 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA; } - int rc = decrypt_data(src, srclen, dst, &dstlen, + int rc = encryption_decrypt(src, srclen, dst, &dstlen, (unsigned char*)key, key_length, (unsigned char*)iv, sizeof(iv), 1, key_version); @@ -1007,7 +1007,7 @@ fil_crypt_get_key_state( key_state_t *new_state) { if (srv_encrypt_tables == TRUE) { - new_state->key_version = get_latest_encryption_key_version(); + new_state->key_version = encryption_key_get_latest_version(); new_state->rotate_key_age = srv_fil_crypt_rotate_key_age; ut_a(new_state->key_version > 0); } else { @@ -2381,7 +2381,7 @@ fil_space_crypt_get_status( } if (srv_encrypt_tables == TRUE) { - status->current_key_version = get_latest_encryption_key_version(); + status->current_key_version = encryption_key_get_latest_version(); } else { status->current_key_version = 0; } diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index 8b0a788b7b9..399b8a63d5a 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -1157,7 +1157,7 @@ fil_space_create( ut_a(fil_system); if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { /* by returning here it should be avoided that * the server crashes, if someone tries to access an * encrypted table and the encryption key is not available. diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 3a5f961a9bb..081f0cf9adc 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -11404,7 +11404,7 @@ ha_innobase::check_table_options( return "PAGE_ENCRYPTION_KEY"; } - if (!has_encryption_key(options->page_encryption_key)) { + if (!encryption_key_exists(options->page_encryption_key)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, diff --git a/storage/innobase/include/fsp0pageencryption.ic b/storage/innobase/include/fsp0pageencryption.ic index b5c3f5ab666..1c341c47006 100644 --- a/storage/innobase/include/fsp0pageencryption.ic +++ b/storage/innobase/include/fsp0pageencryption.ic @@ -146,9 +146,9 @@ fil_page_encryption_status( if (page_type == FIL_PAGE_TYPE_FSP_HDR) { ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf); if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { /* accessing table would surely fail, because no key or no key provider available */ - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { return PAGE_ENCRYPTION_KEY_MISSING; } return PAGE_ENCRYPTION_ERROR; @@ -158,7 +158,7 @@ fil_page_encryption_status( if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - if (!has_encryption_key(key)) { + if (!encryption_key_exists(key)) { return PAGE_ENCRYPTION_KEY_MISSING; } return PAGE_ENCRYPTION_ERROR; diff --git a/storage/innobase/include/log0crypt.h b/storage/innobase/include/log0crypt.h index 8d5f8c61dd1..02cbf994e8d 100644 --- a/storage/innobase/include/log0crypt.h +++ b/storage/innobase/include/log0crypt.h @@ -15,7 +15,7 @@ Created 11/25/2013 Minli Zhu #define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1 #define PURPOSE_BYTE_OFFSET 0 -#define UNENCRYPTED_KEY_VER 0 +#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED typedef int Crypt_result; diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index f2609b9502a..596f07b95dc 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -117,7 +117,7 @@ log_init_crypt_key( byte mysqld_key[MY_AES_BLOCK_SIZE] = {0}; uint keylen= sizeof(mysqld_key); - if (get_encryption_key(crypt_ver, mysqld_key, &keylen)) + if (encryption_key_get(crypt_ver, mysqld_key, &keylen)) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting mysqld crypto key " @@ -204,7 +204,7 @@ log_blocks_crypt( mach_write_to_4(aes_ctr_counter + 11, log_block_no); bzero(aes_ctr_counter + 15, 1); - int rc = encrypt_data(log_block + LOG_BLOCK_HDR_SIZE, src_len, + int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, (unsigned char*)key, 16, aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, @@ -259,11 +259,11 @@ log_crypt_set_ver_and_key( if (srv_encrypt_log) { unsigned int vkey; - vkey = get_latest_encryption_key_version(); + vkey = encryption_key_get_latest_version(); encrypted = true; if (vkey == UNENCRYPTED_KEY_VER || - vkey == BAD_ENCRYPTION_KEY_VERSION) { + vkey == ENCRYPTION_KEY_VERSION_INVALID) { encrypted = false; ib_logf(IB_LOG_LEVEL_WARN, diff --git a/storage/maria/ma_check_standalone.h b/storage/maria/ma_check_standalone.h index 2b4e8a3560f..5dc2c601ffd 100644 --- a/storage/maria/ma_check_standalone.h +++ b/storage/maria/ma_check_standalone.h @@ -25,10 +25,10 @@ void _mi_report_crashed(void *file __attribute__((unused)), static unsigned int no_key() { - return BAD_ENCRYPTION_KEY_VERSION; + return ENCRYPTION_KEY_VERSION_INVALID; } -struct encryption_keys_service_st encryption_keys_handler= +struct encryption_service_st encryption_handler= { no_key, 0, 0, 0, 0 }; diff --git a/storage/maria/ma_crypt.c b/storage/maria/ma_crypt.c index fabfbe9d584..96f4d54e54a 100644 --- a/storage/maria/ma_crypt.c +++ b/storage/maria/ma_crypt.c @@ -290,7 +290,7 @@ void ma_crypt_set_data_pagecache_callbacks(PAGECACHE_FILE *file, __attribute__((unused))) { /* Only use encryption if we have defined it */ - if (get_latest_encryption_key_version() != BAD_ENCRYPTION_KEY_VERSION) + if (encryption_key_get_latest_version() != ENCRYPTION_KEY_VERSION_INVALID) { file->pre_read_hook= ma_crypt_pre_read_hook; file->post_read_hook= ma_crypt_data_post_read_hook; @@ -417,9 +417,9 @@ static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data, int4store(counter + 4, pageno); int8store(counter + 8, lsn); - rc = encrypt_data(src, size, dst, &dstlen, - crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, - counter, sizeof(counter), 1, *key_version); + rc = encryption_encrypt(src, size, dst, &dstlen, + crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, + counter, sizeof(counter), 1, *key_version); DBUG_ASSERT(rc == AES_OK); DBUG_ASSERT(dstlen == size); @@ -449,9 +449,9 @@ static int ma_decrypt(MARIA_CRYPT_DATA *crypt_data, int4store(counter + 4, pageno); int8store(counter + 8, lsn); - rc =decrypt_data(src, size, dst, &dstlen, - crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, - counter, sizeof(counter), 1, key_version); + rc =encryption_decrypt(src, size, dst, &dstlen, + crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, + counter, sizeof(counter), 1, key_version); DBUG_ASSERT(rc == AES_OK); DBUG_ASSERT(dstlen == size); diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index 660cfb9417d..9f94ba8145f 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -232,7 +232,7 @@ fil_crypt_get_key(byte *dst, uint* key_length, } *key_length= MY_AES_MAX_KEY_LENGTH; - int rc = get_encryption_key(version, (unsigned char*)keybuf, key_length); + int rc = encryption_key_get(version, (unsigned char*)keybuf, key_length); if (rc) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -285,7 +285,7 @@ fil_crypt_get_latest_key(byte *dst, uint* key_length, { if (srv_encrypt_tables) { // used for key rotation - get the next key id from the key provider - int rc = get_latest_encryption_key_version(); + int rc = encryption_key_get_latest_version(); // if no new key was created use the last one if (rc >= 0) { @@ -313,7 +313,7 @@ fil_space_create_crypt_data() crypt_data->min_key_version = 0; } else { crypt_data->type = CRYPT_SCHEME_1; - crypt_data->min_key_version = get_latest_encryption_key_version(); + crypt_data->min_key_version = encryption_key_get_latest_version(); } mutex_create(fil_crypt_data_mutex_key, @@ -693,9 +693,9 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, srclen = page_size - FIL_PAGE_DATA; } - int rc = encrypt_data(src, srclen, dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), 1, key_version); + int rc = encryption_encrypt(src, srclen, dst, &dstlen, + (unsigned char*)key, key_length, + (unsigned char*)iv, sizeof(iv), 1, key_version); if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -865,9 +865,9 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA; } - int rc = decrypt_data(src, srclen, dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), 1, key_version); + int rc = encryption_decrypt(src, srclen, dst, &dstlen, + (unsigned char*)key, key_length, + (unsigned char*)iv, sizeof(iv), 1, key_version); if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -1007,7 +1007,7 @@ fil_crypt_get_key_state( key_state_t *new_state) { if (srv_encrypt_tables == TRUE) { - new_state->key_version = get_latest_encryption_key_version(); + new_state->key_version = encryption_key_get_latest_version(); new_state->rotate_key_age = srv_fil_crypt_rotate_key_age; ut_a(new_state->key_version > 0); } else { @@ -2381,7 +2381,7 @@ fil_space_crypt_get_status( } if (srv_encrypt_tables == TRUE) { - status->current_key_version = get_latest_encryption_key_version(); + status->current_key_version = encryption_key_get_latest_version(); } else { status->current_key_version = 0; } diff --git a/storage/xtradb/fil/fil0fil.cc b/storage/xtradb/fil/fil0fil.cc index 14878f59f7d..3aaab69746f 100644 --- a/storage/xtradb/fil/fil0fil.cc +++ b/storage/xtradb/fil/fil0fil.cc @@ -1192,7 +1192,7 @@ fil_space_create( ut_a(fil_system); if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { /* by returning here it should be avoided that * the server crashes, if someone tries to access an * encrypted table and the encryption key is not available. diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 5cc232a3b35..84b8b6dc431 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -11911,7 +11911,7 @@ ha_innobase::check_table_options( return "PAGE_ENCRYPTION_KEY"; } - if (!has_encryption_key(options->page_encryption_key)) { + if (!encryption_key_exists(options->page_encryption_key)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, diff --git a/storage/xtradb/include/fsp0pageencryption.ic b/storage/xtradb/include/fsp0pageencryption.ic index d3137001fc5..6274d6ee737 100644 --- a/storage/xtradb/include/fsp0pageencryption.ic +++ b/storage/xtradb/include/fsp0pageencryption.ic @@ -147,9 +147,9 @@ fil_page_encryption_status( if (page_type == FIL_PAGE_TYPE_FSP_HDR) { ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf); if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { /* accessing table would surely fail, because no key or no key provider available */ - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { return PAGE_ENCRYPTION_KEY_MISSING; } return PAGE_ENCRYPTION_ERROR; @@ -159,7 +159,7 @@ fil_page_encryption_status( if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - if (!has_encryption_key(key)) { + if (!encryption_key_exists(key)) { return PAGE_ENCRYPTION_KEY_MISSING; } return PAGE_ENCRYPTION_ERROR; diff --git a/storage/xtradb/include/log0crypt.h b/storage/xtradb/include/log0crypt.h index 8d5f8c61dd1..02cbf994e8d 100644 --- a/storage/xtradb/include/log0crypt.h +++ b/storage/xtradb/include/log0crypt.h @@ -15,7 +15,7 @@ Created 11/25/2013 Minli Zhu #define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1 #define PURPOSE_BYTE_OFFSET 0 -#define UNENCRYPTED_KEY_VER 0 +#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED typedef int Crypt_result; diff --git a/storage/xtradb/log/log0crypt.cc b/storage/xtradb/log/log0crypt.cc index 643e3a08ec4..804bad34392 100644 --- a/storage/xtradb/log/log0crypt.cc +++ b/storage/xtradb/log/log0crypt.cc @@ -117,7 +117,7 @@ log_init_crypt_key( byte mysqld_key[MY_AES_BLOCK_SIZE] = {0}; uint keylen= sizeof(mysqld_key); - if (get_encryption_key(crypt_ver, mysqld_key, &keylen)) + if (encryption_key_get(crypt_ver, mysqld_key, &keylen)) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting mysqld crypto key " @@ -204,11 +204,11 @@ log_blocks_crypt( mach_write_to_4(aes_ctr_counter + 11, log_block_no); bzero(aes_ctr_counter + 15, 1); - int rc = encrypt_data(log_block + LOG_BLOCK_HDR_SIZE, src_len, - dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, - (unsigned char*)key, 16, - aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, - log_sys->redo_log_crypt_ver); + int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, + dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, + (unsigned char*)key, 16, + aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + log_sys->redo_log_crypt_ver); ut_a(rc == AES_OK); ut_a(dst_len == src_len); @@ -259,11 +259,11 @@ log_crypt_set_ver_and_key( if (srv_encrypt_log) { unsigned int vkey; - vkey = get_latest_encryption_key_version(); + vkey = encryption_key_get_latest_version(); encrypted = true; if (vkey == UNENCRYPTED_KEY_VER || - vkey == BAD_ENCRYPTION_KEY_VERSION) { + vkey == ENCRYPTION_KEY_VERSION_INVALID) { encrypted = false; ib_logf(IB_LOG_LEVEL_WARN, |