summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/maria.h2
-rw-r--r--include/my_aes.h194
-rw-r--r--include/my_base.h2
-rw-r--r--include/my_crypt.h42
-rw-r--r--include/my_crypt_key_management.h80
-rw-r--r--include/my_dbug.h3
-rw-r--r--include/my_md5.h2
-rw-r--r--include/mysql/plugin.h3
8 files changed, 300 insertions, 28 deletions
diff --git a/include/maria.h b/include/maria.h
index 44079f3f288..5618e8ae1a4 100644
--- a/include/maria.h
+++ b/include/maria.h
@@ -268,6 +268,8 @@ extern my_bool maria_delay_key_write;
extern my_off_t maria_max_temp_length;
extern ulong maria_bulk_insert_tree_size, maria_data_pointer_size;
extern MY_TMPDIR *maria_tmpdir;
+extern my_bool maria_encrypt_tables;
+
/*
This is used to check if a symlink points into the mysql data home,
which is normally forbidden as it can be used to get access to
diff --git a/include/my_aes.h b/include/my_aes.h
index 58a78919023..1616d79d70a 100644
--- a/include/my_aes.h
+++ b/include/my_aes.h
@@ -1,6 +1,3 @@
-#ifndef MY_AES_INCLUDED
-#define MY_AES_INCLUDED
-
/* Copyright (c) 2002, 2006 MySQL AB, 2009 Sun Microsystems, Inc.
Use is subject to license terms.
@@ -21,47 +18,192 @@
/* Header file for my_aes.c */
/* Wrapper to give simple interface for MySQL to AES standard encryption */
+#ifndef MY_AES_INCLUDED
+#define MY_AES_INCLUDED
+
+/* We expect same result code from encryption functions as in my_aes.h */
+typedef int Crypt_result;
+
+#define AES_OK 0
+#define AES_BAD_DATA -1
+#define AES_BAD_IV -2
+#define AES_INVALID -3
+#define AES_OPENSSL_ERROR -4
+#define AES_BAD_KEYSIZE -5
+#define AES_KEY_CREATION_FAILED -10
+
+#define CRYPT_KEY_OK 0
+#define CRYPT_BUFFER_TO_SMALL -11;
+#define CRYPT_KEY_UNKNOWN -48;
+
+/* The max block sizes of all supported algorithms */
+#define MY_AES_BLOCK_SIZE 16
+
+/* The max key length of all supported algorithms */
+#define MY_AES_MAX_KEY_LENGTH 32
+
+
#include "rijndael.h"
C_MODE_START
#define AES_KEY_LENGTH 128 /* Must be 128 192 or 256 */
-/*
- my_aes_encrypt - Crypt buffer with AES encryption algorithm.
- source - Pointer to data for encryption
- source_length - size of encryption data
- dest - buffer to place encrypted data (must be large enough)
- key - Key to be used for encryption
- kel_length - Length of the key. Will handle keys of any length
+/**
+ Crypt buffer with AES dynamic (defined at startup) encryption algorithm.
+
+ SYNOPSIS
+ my_aes_encrypt_dynamic()
+ @param source [in] Pointer to data for encryption
+ @param source_length [in] Size of encryption data
+ @param dest [out] Buffer to place encrypted data (must be large enough)
+ @param dest_length [out] Pointer to size of encrypted data
+ @param key [in] Key to be used for encryption
+ @param key_length [in] Length of the key. 16, 24 or 32
+ @param iv [in] Iv to be used for encryption
+ @param iv_length [in] Length of the iv. should be 16.
+ @param noPadding [in] if set, algorithm specific padding behaviour is used
+
+ Method used defined by calling my_aes_init_dynamic_encrypt() at startup.
+
+ @return
+ != 0 error
+ 0 no error
+*/
+
+typedef int (*my_aes_encrypt_dynamic_type)(const uchar* source, uint32 source_length,
+ uchar* dest, uint32* dest_length,
+ const uchar* key, uint8 key_length,
+ const uchar* iv, uint8 iv_length,
+ uint noPadding);
+
+extern my_aes_encrypt_dynamic_type my_aes_encrypt_dynamic;
+
+/**
+ AES decryption AES dynamic (defined at startup) encryption algorithm.
+
+ SYNOPSIS
+ my_aes_decrypt_dynamic()
+ @param source [in] Pointer to data to decrypt
+ @param source_length [in] Size of data
+ @param dest [out] Buffer to place decrypted data (must be large enough)
+ @param dest_length [out] Pointer to size of decrypted data
+ @param key [in] Key to be used for decryption
+ @param key_length [in] Length of the key. 16, 24 or 32
+ @param iv [in] Iv to be used for encryption
+ @param iv_length [in] Length of the iv. should be 16.
+ @param noPadding [in] if set, algorithm specific padding behaviour is used
+
+ @return
+ != 0 error
+ 0 no error
+
+ Method used defined by calling my_aes_init_dynamic_encrypt() at startup.
+*/
+
+typedef int (*my_aes_decrypt_dynamic_type)(const uchar *source,
+ uint32 source_length,
+ uchar *dest, uint32 *dest_length,
+ const uchar *key, uint8 key_length,
+ const uchar *iv, uint8 iv_length,
+ uint noPadding);
+extern my_aes_decrypt_dynamic_type my_aes_decrypt_dynamic;
+
+/**
+ Initialize dynamic crypt functions
+*/
+
+enum enum_my_aes_encryption_algorithm
+{
+ MY_AES_ALGORITHM_NONE, MY_AES_ALGORITHM_ECB, MY_AES_ALGORITHM_CBC,
+ MY_AES_ALGORITHM_CTR
+};
- returns - size of encrypted data, or negative in case of error.
+my_aes_decrypt_dynamic_type get_aes_decrypt_func(enum enum_my_aes_encryption_algorithm method);
+my_aes_encrypt_dynamic_type get_aes_encrypt_func(enum enum_my_aes_encryption_algorithm method);
+
+
+my_bool my_aes_init_dynamic_encrypt(enum enum_my_aes_encryption_algorithm method);
+
+extern MYSQL_PLUGIN_IMPORT enum enum_my_aes_encryption_algorithm current_aes_dynamic_method;
+
+
+
+/**
+ Calculate key and iv from a given salt and secret as it is handled in openssl
+ encrypted files via console
+
+ SYNOPSIS
+ my_bytes_to_key()
+
+ @param salt [in] the given salt as extracted from the encrypted file
+ @param secret [in] the given secret as String, provided by the user
+ @param key [out] 32 Bytes of key are written to this pointer
+ @param iv [out] 16 Bytes of iv are written to this pointer
+ */
+
+void my_bytes_to_key(const uchar *salt,
+ const char *secret, uchar *key,
+ uchar *iv);
+
+/**
+ Decode Hexencoded String to uint8[].
+
+ SYNOPSIS
+ my_aes_hex2uint()
+ @param iv [in] Pointer to hexadecimal encoded IV String
+ @param dest [out] Pointer to output uint8 array. Memory needs to be
+ allocated by caller
+ @param iv_length [in] Size of destination array.
+ */
+
+void my_aes_hex2uint(const char *in, uchar *out, int dest_length);
+
+/**
+ Crypt buffer with AES encryption algorithm.
+
+ SYNOPSIS
+ my_aes_encrypt()
+
+ @param source Pointer to data for encryption
+ @param source_length Size of encryption data
+ @param dest Buffer to place encrypted data (must be large enough)
+ @param key Key to be used for encryption
+ @param kel_length Length of the key. Will handle keys of any length
+
+ @return Size of encrypted data, or negative in case of error.
*/
-int my_aes_encrypt(const char *source, int source_length, char *dest,
+int my_aes_encrypt(const uchar *source, int source_length, uchar *dest,
const char *key, int key_length);
-/*
- my_aes_decrypt - DeCrypt buffer with AES encryption algorithm.
- source - Pointer to data for decryption
- source_length - size of encrypted data
- dest - buffer to place decrypted data (must be large enough)
- key - Key to be used for decryption
- kel_length - Length of the key. Will handle keys of any length
+/**
+ DeCrypt buffer with AES encryption algorithm.
+
+ SYNOPSIS
+ my_aes_decrypt()
- returns - size of original data, or negative in case of error.
+ @param source Pointer to data for decryption
+ @param source_length size of encrypted data
+ @param dest buffer to place decrypted data (must be large enough)
+ @param key Key to be used for decryption
+ @param kel_length Length of the key. Will handle keys of any length
+
+ @return size of original data, or negative in case of error.
*/
-int my_aes_decrypt(const char *source, int source_length, char *dest,
+int my_aes_decrypt(const uchar *source, int source_length, uchar *dest,
const char *key, int key_length);
-/*
- my_aes_get_size - get size of buffer which will be large enough for encrypted
- data
- source_length - length of data to be encrypted
+/**
+ get size of buffer which will be large enough for encrypted data
+
+ SYNOPSIS
+ my_aes_get_size()
+ @param source_length Length of data to be encrypted
- returns - size of buffer required to store encrypted data
+ @return Size of buffer required to store encrypted data
*/
int my_aes_get_size(int source_length);
diff --git a/include/my_base.h b/include/my_base.h
index a443b4d161c..3f34adcef6d 100644
--- a/include/my_base.h
+++ b/include/my_base.h
@@ -354,6 +354,8 @@ enum ha_base_keytype {
#define HA_CREATE_DELAY_KEY_WRITE 64
#define HA_CREATE_RELIES_ON_SQL_LAYER 128
#define HA_CREATE_INTERNAL_TABLE 256
+#define HA_CREATE_ENCRYPTED 512
+#define HA_INSERT_ORDER 1024
/* Flags used by start_bulk_insert */
diff --git a/include/my_crypt.h b/include/my_crypt.h
new file mode 100644
index 00000000000..c6b5e734b5e
--- /dev/null
+++ b/include/my_crypt.h
@@ -0,0 +1,42 @@
+// TODO: Add Windows support
+
+#ifndef MYSYS_MY_CRYPT_H_
+#define MYSYS_MY_CRYPT_H_
+
+#include <my_aes.h>
+
+#if !defined(HAVE_YASSL) && defined(HAVE_OPENSSL)
+
+#define HAVE_EncryptAes128Ctr
+
+C_MODE_START
+Crypt_result my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
+ uchar* dest, uint32* dest_length,
+ const unsigned char* key, uint8 key_length,
+ const unsigned char* iv, uint8 iv_length,
+ uint noPadding);
+
+Crypt_result my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
+ uchar* dest, uint32* dest_length,
+ const unsigned char* key, uint8 key_length,
+ const unsigned char* iv, uint8 iv_length,
+ uint noPadding);
+C_MODE_END
+
+Crypt_result EncryptAes128Ctr(const uchar* key,
+ const uchar* iv, int iv_size,
+ const uchar* plaintext, int plaintext_size,
+ uchar* ciphertext, int* ciphertext_used);
+
+Crypt_result DecryptAes128Ctr(const uchar* key,
+ const uchar* iv, int iv_size,
+ const uchar* ciphertext, int ciphertext_size,
+ uchar* plaintext, int* plaintext_used);
+
+#endif /* !defined(HAVE_YASSL) && defined(HAVE_OPENSSL) */
+
+C_MODE_START
+Crypt_result my_random_bytes(uchar* buf, int num);
+C_MODE_END
+
+#endif /* MYSYS_MY_CRYPT_H_ */
diff --git a/include/my_crypt_key_management.h b/include/my_crypt_key_management.h
new file mode 100644
index 00000000000..3da0ab2b90e
--- /dev/null
+++ b/include/my_crypt_key_management.h
@@ -0,0 +1,80 @@
+
+#ifndef MYSYS_MY_CRYPT_KEY_MANAGMENT_H_
+#define MYSYS_MY_CRYPT_KEY_MANAGMENT_H_
+
+#include "my_global.h"
+#include "my_pthread.h"
+#include "mysql/psi/psi.h"
+
+#ifndef DBUG_OFF
+extern my_bool debug_use_static_encryption_keys;
+
+#ifdef HAVE_PSI_INTERFACE
+extern PSI_rwlock_key key_LOCK_dbug_encryption_key_version;
+#endif
+
+extern mysql_rwlock_t LOCK_dbug_encryption_key_version;
+extern uint opt_debug_encryption_key_version;
+#endif /* DBUG_OFF */
+
+C_MODE_START
+/**
+ * function returning latest key version
+ */
+typedef int (* GetLatestCryptoKeyVersionFunc_t)();
+
+/**
+ * function returning if the key exists
+ */
+typedef unsigned int (* HasKeyVersionFunc_t)(unsigned int version);
+
+/**
+ * function returning the key size
+ */
+typedef int (* GetKeySizeFunc_t)(unsigned int version);
+
+/**
+ * function returning a key for a key version
+ */
+typedef int (* GetCryptoKeyFunc_t)(unsigned int version,
+ unsigned char* key,
+ unsigned keybufsize);
+
+/**
+ * function returning an iv for a key version
+ */
+typedef int (* GetCryptoIVFunc_t)(unsigned int version,
+ unsigned char* iv,
+ unsigned ivbufsize);
+
+
+struct CryptoKeyFuncs_t
+{
+ GetLatestCryptoKeyVersionFunc_t getLatestCryptoKeyVersionFunc;
+ HasKeyVersionFunc_t hasCryptoKeyFunc;
+ GetKeySizeFunc_t getCryptoKeySize;
+ GetCryptoKeyFunc_t getCryptoKeyFunc;
+ GetCryptoIVFunc_t getCryptoIVFunc;
+};
+
+/**
+ * Install functions to use for key management
+ */
+void
+InstallCryptoKeyFunctions(const struct CryptoKeyFuncs_t* cryptoKeyFuncs);
+
+/**
+ * Functions to interact with key management
+ */
+
+int GetLatestCryptoKeyVersion();
+unsigned int HasCryptoKey(unsigned int version);
+int GetCryptoKeySize(unsigned int version);
+int GetCryptoKey(unsigned int version, unsigned char* key_buffer,
+ unsigned int size);
+int GetCryptoIV(unsigned int version, unsigned char* key_buffer,
+ unsigned int size);
+
+C_MODE_END
+
+#endif // MYSYS_MY_CRYPT_KEY_MANAGMENT_H_
diff --git a/include/my_dbug.h b/include/my_dbug.h
index bcf2015466d..8d8d4fabd6c 100644
--- a/include/my_dbug.h
+++ b/include/my_dbug.h
@@ -176,6 +176,9 @@ extern void _db_suicide_();
#define DBUG_SYNC_POINT(lock_name,lock_timeout) \
debug_sync_point(lock_name,lock_timeout)
void debug_sync_point(const char* lock_name, uint lock_timeout);
+
+/* Extern function for debugging */
+extern void dump_buffer(FILE *stream, unsigned n, const unsigned char* buf);
#else
#define DBUG_SYNC_POINT(lock_name,lock_timeout)
#endif /* EXTRA_DEBUG */
diff --git a/include/my_md5.h b/include/my_md5.h
index 141ea309cae..34d3e931811 100644
--- a/include/my_md5.h
+++ b/include/my_md5.h
@@ -28,7 +28,7 @@
extern "C" {
#endif
-#define compute_md5_hash(A,B,C) my_md5(A,B,C)
+#define compute_md5_hash(A,B,C) my_md5((unsigned char *)A,B,C)
/*
Convert an array of bytes to a hexadecimal representation.
diff --git a/include/mysql/plugin.h b/include/mysql/plugin.h
index 640dc0725cc..df74be0209d 100644
--- a/include/mysql/plugin.h
+++ b/include/mysql/plugin.h
@@ -88,7 +88,8 @@ typedef struct st_mysql_xid MYSQL_XID;
#define MYSQL_AUDIT_PLUGIN 5
#define MYSQL_REPLICATION_PLUGIN 6
#define MYSQL_AUTHENTICATION_PLUGIN 7
-#define MYSQL_MAX_PLUGIN_TYPE_NUM 9 /* The number of plugin types */
+#define MYSQL_KEY_MANAGEMENT_PLUGIN 9
+#define MYSQL_MAX_PLUGIN_TYPE_NUM 10 /* The number of plugin types */
/* MariaDB plugin types */
#define MariaDB_PASSWORD_VALIDATION_PLUGIN 8
View Lorry Controller Status