1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove wrappers in encryption_keys.cc

Browse Source 
invoke plugin methods directly
This commit is contained in:
Sergei Golubchik 2015-04-01 18:26:19 +02:00
parent bb1b61b312
commit c0878f64c5
10 changed files with 70 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
include/mysql/plugin_audit.h.pp
View File

@ -203,26 +203,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
const unsigned char* key, unsigned int klen, const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen, const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version); int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st { struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func; encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service; };
unsigned int get_latest_encryption_key_version(); extern struct encryption_keys_service_st encryption_keys_handler;
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
struct st_mysql_xid { struct st_mysql_xid {
long formatID; long formatID;
long gtrid_length; long gtrid_length;

18
include/mysql/plugin_auth.h.pp
View File

@ -203,26 +203,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
const unsigned char* key, unsigned int klen, const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen, const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version); int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st { struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func; encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service; };
unsigned int get_latest_encryption_key_version(); extern struct encryption_keys_service_st encryption_keys_handler;
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
struct st_mysql_xid { struct st_mysql_xid {
long formatID; long formatID;
long gtrid_length; long gtrid_length;

18
include/mysql/plugin_encryption.h.pp
View File

@ -203,26 +203,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
const unsigned char* key, unsigned int klen, const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen, const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version); int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st { struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func; encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service; };
unsigned int get_latest_encryption_key_version(); extern struct encryption_keys_service_st encryption_keys_handler;
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
struct st_mysql_xid { struct st_mysql_xid {
long formatID; long formatID;
long gtrid_length; long gtrid_length;

18
include/mysql/plugin_ftparser.h.pp
View File

@ -203,26 +203,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
const unsigned char* key, unsigned int klen, const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen, const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version); int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st { struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func; encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service; };
unsigned int get_latest_encryption_key_version(); extern struct encryption_keys_service_st encryption_keys_handler;
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
struct st_mysql_xid { struct st_mysql_xid {
long formatID; long formatID;
long gtrid_length; long gtrid_length;

18
include/mysql/plugin_password_validation.h.pp
View File

@ -203,26 +203,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
const unsigned char* key, unsigned int klen, const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen, const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version); int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st { struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func; encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service; };
unsigned int get_latest_encryption_key_version(); extern struct encryption_keys_service_st encryption_keys_handler;
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
int encrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
struct st_mysql_xid { struct st_mysql_xid {
long formatID; long formatID;
long gtrid_length; long gtrid_length;

26
include/mysql/service_encryption_keys.h
View File

@ -34,16 +34,18 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
const unsigned char* iv, unsigned int ivlen, const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version); int no_padding, unsigned int key_version);
extern struct encryption_keys_service_st { struct encryption_keys_service_st {
unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*get_latest_encryption_key_version_func)();
unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*has_encryption_key_func)(unsigned int);
unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func encrypt_data_func;
encrypt_decrypt_func decrypt_data_func; encrypt_decrypt_func decrypt_data_func;
} *encryption_keys_service; };
#ifdef MYSQL_DYNAMIC_PLUGIN #ifdef MYSQL_DYNAMIC_PLUGIN
extern struct encryption_keys_service_st *encryption_keys_service;
#define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func() #define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func()
#define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V) #define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V)
#define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S)) #define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S))
@ -51,19 +53,13 @@ extern struct encryption_keys_service_st {
#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) #define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
#else #else
unsigned int get_latest_encryption_key_version(); extern struct encryption_keys_service_st encryption_keys_handler;
unsigned int has_encryption_key(unsigned int version);
unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); #define get_latest_encryption_key_version() encryption_keys_handler.get_latest_encryption_key_version_func()
int encrypt_data(const unsigned char* src, unsigned int slen, #define has_encryption_key(V) encryption_keys_handler.has_encryption_key_func(V)
unsigned char* dst, unsigned int* dlen, #define get_encryption_key(V,K,S) encryption_keys_handler.get_encryption_key_func((V), (K), (S))
const unsigned char* key, unsigned int klen, #define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_handler.encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
const unsigned char* iv, unsigned int ivlen, #define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_handler.decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV)
int no_padding, unsigned int key_version);
int decrypt_data(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int key_version);
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus

91
sql/encryption_keys.cc
View File

@ -19,61 +19,29 @@
#include "sql_plugin.h" #include "sql_plugin.h"
#include <my_crypt.h> #include <my_crypt.h>
#warning TODO rename to follow single consistent style
/* there can be only one encryption plugin enabled */ /* there can be only one encryption plugin enabled */
static plugin_ref encryption_key_manager= 0; static plugin_ref encryption_key_manager= 0;
static struct st_mariadb_encryption *handle; struct encryption_keys_service_st encryption_keys_handler;
unsigned int get_latest_encryption_key_version() unsigned int has_key(uint version)
{ {
if (encryption_key_manager) uint unused;
return handle->get_latest_key_version(); return get_encryption_key(version, NULL, &unused) != BAD_ENCRYPTION_KEY_VERSION;
}
uint no_key()
{
return BAD_ENCRYPTION_KEY_VERSION; return BAD_ENCRYPTION_KEY_VERSION;
} }
unsigned int has_encryption_key(uint version) static int no_crypt(const uchar* source, uint source_length,
uchar* dest, uint* dest_length,
const uchar* key, uint key_length,
const uchar* iv, uint iv_length,
int no_padding, uint key_version)
{ {
if (encryption_key_manager)
{
uint unused;
return handle->get_key(version, NULL, &unused) != BAD_ENCRYPTION_KEY_VERSION;
}
return 0;
}
uint get_encryption_key(uint version, uchar* key, uint *size)
{
if (encryption_key_manager)
return handle->get_key(version, key, size);
return BAD_ENCRYPTION_KEY_VERSION;
}
int encrypt_data(const uchar* source, uint source_length,
uchar* dest, uint* dest_length,
const uchar* key, uint key_length,
const uchar* iv, uint iv_length,
int no_padding, uint key_version)
{
if (encryption_key_manager)
return handle->encrypt(source, source_length,
dest, dest_length, key, key_length,
iv, iv_length, no_padding, key_version);
return 1;
}
int decrypt_data(const uchar* source, uint source_length,
uchar* dest, uint* dest_length,
const uchar* key, uint key_length,
const uchar* iv, uint iv_length,
int no_padding, uint key_version)
{
if (encryption_key_manager)
return handle->decrypt(source, source_length,
dest, dest_length, key, key_length,
iv, iv_length, no_padding, key_version);
return 1; return 1;
} }
@ -91,21 +59,36 @@ int initialize_encryption_plugin(st_plugin_int *plugin)
} }
encryption_key_manager= plugin_lock(NULL, plugin_int_to_ref(plugin)); encryption_key_manager= plugin_lock(NULL, plugin_int_to_ref(plugin));
handle= (struct st_mariadb_encryption*) st_mariadb_encryption *handle=
plugin->plugin->info; (struct st_mariadb_encryption*) plugin->plugin->info;
/* default encryption algorithm */ encryption_keys_handler.encrypt_data_func=
if (!handle->encrypt) handle->encrypt ? handle->encrypt
handle->encrypt= (encrypt_decrypt_func)my_aes_encrypt_cbc; : (encrypt_decrypt_func)my_aes_encrypt_cbc;
if (!handle->decrypt)
handle->decrypt= (encrypt_decrypt_func)my_aes_decrypt_cbc; encryption_keys_handler.decrypt_data_func=
handle->decrypt ? handle->decrypt
: (encrypt_decrypt_func)my_aes_decrypt_cbc;
encryption_keys_handler.get_encryption_key_func=
handle->get_key;
encryption_keys_handler.get_latest_encryption_key_version_func=
handle->get_latest_key_version; // must be the last
return 0; return 0;
} }
int finalize_encryption_plugin(st_plugin_int *plugin) int finalize_encryption_plugin(st_plugin_int *plugin)
{ {
if (plugin->plugin->deinit && plugin->plugin->deinit(NULL)) encryption_keys_handler.encrypt_data_func= no_crypt;
encryption_keys_handler.decrypt_data_func= no_crypt;
encryption_keys_handler.has_encryption_key_func= has_key;
encryption_keys_handler.get_encryption_key_func=
(uint (*)(uint, uchar*, uint*))no_key;
encryption_keys_handler.get_latest_encryption_key_version_func= no_key;
if (plugin && plugin->plugin->deinit && plugin->plugin->deinit(NULL))
{ {
DBUG_PRINT("warning", ("Plugin '%s' deinit function returned error.", DBUG_PRINT("warning", ("Plugin '%s' deinit function returned error.",
plugin->name.str)); plugin->name.str));

3
sql/sql_plugin.cc
View File

@ -1562,6 +1562,9 @@ int plugin_init(int *argc, char **argv, int flags)
DBUG_ASSERT(strcmp(list_of_services[4].name, "debug_sync_service") == 0); DBUG_ASSERT(strcmp(list_of_services[4].name, "debug_sync_service") == 0);
list_of_services[4].service= *(void**)&debug_sync_C_callback_ptr; list_of_services[4].service= *(void**)&debug_sync_C_callback_ptr;
/* prepare encryption_keys service */
finalize_encryption_plugin(0);
mysql_mutex_lock(&LOCK_plugin); mysql_mutex_lock(&LOCK_plugin);
initialized= 1; initialized= 1;

9
sql/sql_plugin_services.h
View File

@ -139,15 +139,6 @@ static struct wsrep_service_st wsrep_handler = {
wsrep_unlock_rollback wsrep_unlock_rollback
}; };
static struct encryption_keys_service_st encryption_keys_handler=
{
get_latest_encryption_key_version,
has_encryption_key,
get_encryption_key,
encrypt_data,
decrypt_data
};
static struct thd_specifics_service_st thd_specifics_handler= static struct thd_specifics_service_st thd_specifics_handler=
{ {
thd_key_create, thd_key_create,

32
storage/maria/ma_check_standalone.h
View File

@ -23,39 +23,15 @@ void _mi_report_crashed(void *file __attribute__((unused)),
{ {
} }
unsigned int get_latest_encryption_key_version() static unsigned int no_key()
{ {
return BAD_ENCRYPTION_KEY_VERSION; return BAD_ENCRYPTION_KEY_VERSION;
} }
int encrypt_data(const uchar* source __attribute__((unused)), struct encryption_keys_service_st encryption_keys_handler=
uint source_length __attribute__((unused)),
uchar* dest __attribute__((unused)),
uint* dest_length __attribute__((unused)),
const uchar* key __attribute__((unused)),
uint key_length __attribute__((unused)),
const uchar* iv __attribute__((unused)),
uint iv_length __attribute__((unused)),
int no_padding __attribute__((unused)),
uint key_version __attribute__((unused)))
{ {
return 1; no_key, 0, 0, 0, 0
} };
int decrypt_data(const uchar* source __attribute__((unused)),
uint source_length __attribute__((unused)),
uchar* dest __attribute__((unused)),
uint* dest_length __attribute__((unused)),
const uchar* key __attribute__((unused)),
uint key_length __attribute__((unused)),
const uchar* iv __attribute__((unused)),
uint iv_length __attribute__((unused)),
int no_padding __attribute__((unused)),
uint key_version __attribute__((unused)))
{
return 1;
}
/* only those that included myisamchk.h may need and can use the below */ /* only those that included myisamchk.h may need and can use the below */
#ifdef _myisamchk_h #ifdef _myisamchk_h