diff options
Diffstat (limited to 'include/mysql/service_encryption.h')
-rw-r--r-- | include/mysql/service_encryption.h | 84 |
1 files changed, 63 insertions, 21 deletions
diff --git a/include/mysql/service_encryption.h b/include/mysql/service_encryption.h index 2b79e00fa40..eb1a6b0e629 100644 --- a/include/mysql/service_encryption.h +++ b/include/mysql/service_encryption.h @@ -20,7 +20,7 @@ Functions to support data encryption and encryption key management. They are normally implemented in an encryption plugin, so this service - connects encryption *consumers* (storage engines) to the encryption + connects encryption *consumers* (e.g. storage engines) to the encryption *provider* (encryption plugin). */ @@ -28,6 +28,15 @@ extern "C" { #endif +#ifndef MYSQL_ABI_CHECK +#ifdef _WIN32 +#include <malloc.h> +#define inline __inline +#else +#include <alloca.h> +#endif +#endif + /* returned from encryption_key_get_latest_version() */ #define ENCRYPTION_KEY_VERSION_INVALID (~(unsigned int)0) #define ENCRYPTION_KEY_NOT_ENCRYPTED (0) @@ -38,20 +47,23 @@ extern "C" { /* returned from encryption_key_get() */ #define ENCRYPTION_KEY_BUFFER_TOO_SMALL (100) -typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_id, - unsigned int key_version); +#define ENCRYPTION_FLAG_DECRYPT 0 +#define ENCRYPTION_FLAG_ENCRYPT 1 +#define ENCRYPTION_FLAG_NOPAD 2 struct encryption_service_st { - unsigned int (*encryption_key_get_latest_version_func)(unsigned int); - unsigned int (*encryption_key_id_exists_func)(unsigned int); - unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int); - unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encryption_encrypt_func; - encrypt_decrypt_func encryption_decrypt_func; + unsigned int (*encryption_key_get_latest_version_func)(unsigned int key_id); + unsigned int (*encryption_key_get_func)(unsigned int key_id, unsigned int key_version, + unsigned char* buffer, unsigned int* length); + unsigned int (*encryption_ctx_size_func)(unsigned int key_id, unsigned int key_version); + int (*encryption_ctx_init_func)(void *ctx, const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int flags, unsigned int key_id, + unsigned int key_version); + int (*encryption_ctx_update_func)(void *ctx, const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen); + int (*encryption_ctx_finish_func)(void *ctx, unsigned char* dst, unsigned int* dlen); + unsigned int (*encryption_encrypted_length_func)(unsigned int slen, unsigned int key_id, unsigned int key_version); }; #ifdef MYSQL_DYNAMIC_PLUGIN @@ -59,23 +71,53 @@ struct encryption_service_st { extern struct encryption_service_st *encryption_service; #define encryption_key_get_latest_version(KI) encryption_service->encryption_key_get_latest_version_func(KI) -#define encryption_key_id_exists(KI) encryption_service->encryption_key_id_exists_func((KI)) -#define encryption_key_version_exists(KI,KV) encryption_service->encryption_key_version_exists_func((KI),(KV)) #define encryption_key_get(KI,KV,K,S) encryption_service->encryption_key_get_func((KI),(KV),(K),(S)) -#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_service->encryption_encrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV)) -#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_service->encryption_decrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV)) +#define encryption_ctx_size(KI,KV) encryption_service->encryption_ctx_size_func((KI),(KV)) +#define encryption_ctx_init(CTX,K,KL,IV,IVL,F,KI,KV) encryption_service->encryption_ctx_init_func((CTX),(K),(KL),(IV),(IVL),(F),(KI),(KV)) +#define encryption_ctx_update(CTX,S,SL,D,DL) encryption_service->encryption_ctx_update_func((CTX),(S),(SL),(D),(DL)) +#define encryption_ctx_finish(CTX,D,DL) encryption_service->encryption_ctx_finish_func((CTX),(D),(DL)) +#define encryption_encrypted_length(SL,KI,KV) encryption_service->encryption_encrypted_length_func((SL),(KI),(KV)) #else extern struct encryption_service_st encryption_handler; #define encryption_key_get_latest_version(KI) encryption_handler.encryption_key_get_latest_version_func(KI) -#define encryption_key_id_exists(KI) encryption_handler.encryption_key_id_exists_func((KI)) -#define encryption_key_version_exists(KI,KV) encryption_handler.encryption_key_version_exists_func((KI),(KV)) #define encryption_key_get(KI,KV,K,S) encryption_handler.encryption_key_get_func((KI),(KV),(K),(S)) -#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_handler.encryption_encrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV)) -#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_handler.encryption_decrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV)) +#define encryption_ctx_size(KI,KV) encryption_handler.encryption_ctx_size_func((KI),(KV)) +#define encryption_ctx_init(CTX,K,KL,IV,IVL,F,KI,KV) encryption_handler.encryption_ctx_init_func((CTX),(K),(KL),(IV),(IVL),(F),(KI),(KV)) +#define encryption_ctx_update(CTX,S,SL,D,DL) encryption_handler.encryption_ctx_update_func((CTX),(S),(SL),(D),(DL)) +#define encryption_ctx_finish(CTX,D,DL) encryption_handler.encryption_ctx_finish_func((CTX),(D),(DL)) +#define encryption_encrypted_length(SL,KI,KV) encryption_handler.encryption_encrypted_length_func((SL),(KI),(KV)) #endif +static inline unsigned int encryption_key_id_exists(unsigned int id) +{ + return encryption_key_get_latest_version(id) != ENCRYPTION_KEY_VERSION_INVALID; +} + +static inline unsigned int encryption_key_version_exists(unsigned int id, unsigned int version) +{ + unsigned int unused; + return encryption_key_get(id, version, NULL, &unused) != ENCRYPTION_KEY_VERSION_INVALID; +} + +static inline int encryption_crypt(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int flags, unsigned int key_id, unsigned int key_version) +{ + void *ctx= alloca(encryption_ctx_size(key_id, key_version)); + int res1, res2; + unsigned int d1, d2; + if ((res1= encryption_ctx_init(ctx, key, klen, iv, ivlen, flags, key_id, key_version))) + return res1; + res1= encryption_ctx_update(ctx, src, slen, dst, &d1); + res2= encryption_ctx_finish(ctx, dst + d1, &d2); + *dlen= d1 + d2; + return res1 ? res1 : res2; +} + #ifdef __cplusplus } #endif |