encryption key management plugin api
This commit is contained in:
parent
c8997c39b4
commit
cf8bf0b68e
@ -44,6 +44,7 @@ IF(CMAKE_COMPILER_IS_GNUCC AND RUN_ABI_CHECK)
|
||||
${CMAKE_SOURCE_DIR}/include/mysql/client_plugin.h
|
||||
${CMAKE_SOURCE_DIR}/include/mysql/plugin_auth.h
|
||||
${CMAKE_SOURCE_DIR}/include/mysql/plugin_password_validation.h
|
||||
${CMAKE_SOURCE_DIR}/include/mysql/plugin_encryption_key_management.h
|
||||
)
|
||||
|
||||
ADD_CUSTOM_TARGET(abi_check ALL
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#ifndef MYSYS_MY_CRYPT_KEY_MANAGMENT_H_
|
||||
#define MYSYS_MY_CRYPT_KEY_MANAGMENT_H_
|
||||
#ifndef INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED
|
||||
#define INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED
|
||||
|
||||
#include "my_global.h"
|
||||
#include "my_pthread.h"
|
||||
@ -18,63 +18,17 @@ extern uint opt_debug_encryption_key_version;
|
||||
#endif /* DBUG_OFF */
|
||||
|
||||
C_MODE_START
|
||||
/**
|
||||
* function returning latest key version
|
||||
*/
|
||||
typedef int (* GetLatestCryptoKeyVersionFunc_t)();
|
||||
|
||||
/**
|
||||
* function returning if the key exists
|
||||
*/
|
||||
typedef unsigned int (* HasKeyVersionFunc_t)(unsigned int version);
|
||||
|
||||
/**
|
||||
* function returning the key size
|
||||
*/
|
||||
typedef int (* GetKeySizeFunc_t)(unsigned int version);
|
||||
|
||||
/**
|
||||
* function returning a key for a key version
|
||||
*/
|
||||
typedef int (* GetCryptoKeyFunc_t)(unsigned int version,
|
||||
unsigned char* key,
|
||||
unsigned keybufsize);
|
||||
|
||||
/**
|
||||
* function returning an iv for a key version
|
||||
*/
|
||||
typedef int (* GetCryptoIVFunc_t)(unsigned int version,
|
||||
unsigned char* iv,
|
||||
unsigned ivbufsize);
|
||||
|
||||
|
||||
struct CryptoKeyFuncs_t
|
||||
{
|
||||
GetLatestCryptoKeyVersionFunc_t getLatestCryptoKeyVersionFunc;
|
||||
HasKeyVersionFunc_t hasCryptoKeyFunc;
|
||||
GetKeySizeFunc_t getCryptoKeySize;
|
||||
GetCryptoKeyFunc_t getCryptoKeyFunc;
|
||||
GetCryptoIVFunc_t getCryptoIVFunc;
|
||||
};
|
||||
|
||||
/**
|
||||
* Install functions to use for key management
|
||||
*/
|
||||
void
|
||||
InstallCryptoKeyFunctions(const struct CryptoKeyFuncs_t* cryptoKeyFuncs);
|
||||
|
||||
/**
|
||||
* Functions to interact with key management
|
||||
*/
|
||||
|
||||
int GetLatestCryptoKeyVersion();
|
||||
unsigned int HasCryptoKey(unsigned int version);
|
||||
int GetCryptoKeySize(unsigned int version);
|
||||
int GetCryptoKey(unsigned int version, unsigned char* key_buffer,
|
||||
unsigned int size);
|
||||
int GetCryptoIV(unsigned int version, unsigned char* key_buffer,
|
||||
unsigned int size);
|
||||
uint get_latest_encryption_key_version();
|
||||
uint has_encryption_key(uint version);
|
||||
uint get_encryption_key_size(uint version);
|
||||
int get_encryption_key(uint version, uchar* key, uint size);
|
||||
int get_encryption_iv(uint version, uchar* iv, uint size);
|
||||
|
||||
C_MODE_END
|
||||
|
||||
#endif // MYSYS_MY_CRYPT_KEY_MANAGMENT_H_
|
||||
#endif // INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED
|
||||
|
@ -88,11 +88,11 @@ typedef struct st_mysql_xid MYSQL_XID;
|
||||
#define MYSQL_AUDIT_PLUGIN 5
|
||||
#define MYSQL_REPLICATION_PLUGIN 6
|
||||
#define MYSQL_AUTHENTICATION_PLUGIN 7
|
||||
#define MYSQL_KEY_MANAGEMENT_PLUGIN 9
|
||||
#define MYSQL_MAX_PLUGIN_TYPE_NUM 10 /* The number of plugin types */
|
||||
|
||||
/* MariaDB plugin types */
|
||||
#define MariaDB_PASSWORD_VALIDATION_PLUGIN 8
|
||||
#define MariaDB_PASSWORD_VALIDATION_PLUGIN 8
|
||||
#define MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN 9
|
||||
|
||||
/* We use the following strings to define licenses for plugins */
|
||||
#define PLUGIN_LICENSE_PROPRIETARY 0
|
||||
|
73
include/mysql/plugin_encryption_key_management.h
Normal file
73
include/mysql/plugin_encryption_key_management.h
Normal file
@ -0,0 +1,73 @@
|
||||
#ifndef MYSQL_PLUGIN_ENCRYPTION_KEY_MANAGEMENT_INCLUDED
|
||||
/* Copyright (C) 2014 Sergei Golubchik and MariaDB
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; version 2 of the License.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
|
||||
|
||||
/**
|
||||
@file
|
||||
|
||||
Encryption key Management Plugin API.
|
||||
|
||||
This file defines the API for server plugins that manage encryption
|
||||
keys for MariaDB on-disk data encryption.
|
||||
*/
|
||||
|
||||
#define MYSQL_PLUGIN_ENCRYPTION_KEY_MANAGEMENT_INCLUDED
|
||||
|
||||
#include <mysql/plugin.h>
|
||||
|
||||
#define MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION 0x0100
|
||||
|
||||
#define BAD_ENCRYPTION_KEY_VERSION (~0U)
|
||||
|
||||
/**
|
||||
Encryption key management plugin descriptor
|
||||
*/
|
||||
struct st_mariadb_encryption_key_management
|
||||
{
|
||||
int interface_version; /**< version plugin uses */
|
||||
|
||||
/**
|
||||
function returning latest key version.
|
||||
|
||||
@return a version or BAD_ENCRYPTION_KEY_VERSION to indicate an error.
|
||||
*/
|
||||
unsigned int (*get_latest_key_version)();
|
||||
|
||||
/** function returning if a key of the given version exists */
|
||||
unsigned int (*has_key_version)(unsigned int version);
|
||||
|
||||
/** function returning the key size in bytes */
|
||||
unsigned int (*get_key_size)(unsigned int version);
|
||||
|
||||
/**
|
||||
function returning a key for a key version
|
||||
|
||||
the key is put in 'key' buffer, that has size of 'keybufsize' bytes.
|
||||
|
||||
@return 0 on success, non-zero on failure
|
||||
*/
|
||||
int (*get_key)(unsigned int version, unsigned char* key, unsigned int keybufsize);
|
||||
|
||||
/**
|
||||
function returning an IV for a key version
|
||||
|
||||
the IV is put in 'iv' buffer, that has size of 'ivbufsize' bytes.
|
||||
|
||||
@return 0 on success, non-zero on failure
|
||||
*/
|
||||
int (*get_iv)(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
|
||||
};
|
||||
#endif
|
||||
|
364
include/mysql/plugin_encryption_key_management.h.pp
Normal file
364
include/mysql/plugin_encryption_key_management.h.pp
Normal file
@ -0,0 +1,364 @@
|
||||
#include <mysql/plugin.h>
|
||||
typedef char my_bool;
|
||||
typedef void * MYSQL_PLUGIN;
|
||||
#include <mysql/services.h>
|
||||
#include <mysql/service_my_snprintf.h>
|
||||
extern struct my_snprintf_service_st {
|
||||
size_t (*my_snprintf_type)(char*, size_t, const char*, ...);
|
||||
size_t (*my_vsnprintf_type)(char *, size_t, const char*, va_list);
|
||||
} *my_snprintf_service;
|
||||
size_t my_snprintf(char* to, size_t n, const char* fmt, ...);
|
||||
size_t my_vsnprintf(char *to, size_t n, const char* fmt, va_list ap);
|
||||
#include <mysql/service_thd_alloc.h>
|
||||
struct st_mysql_lex_string
|
||||
{
|
||||
char *str;
|
||||
size_t length;
|
||||
};
|
||||
typedef struct st_mysql_lex_string MYSQL_LEX_STRING;
|
||||
extern struct thd_alloc_service_st {
|
||||
void *(*thd_alloc_func)(void*, unsigned int);
|
||||
void *(*thd_calloc_func)(void*, unsigned int);
|
||||
char *(*thd_strdup_func)(void*, const char *);
|
||||
char *(*thd_strmake_func)(void*, const char *, unsigned int);
|
||||
void *(*thd_memdup_func)(void*, const void*, unsigned int);
|
||||
MYSQL_LEX_STRING *(*thd_make_lex_string_func)(void*, MYSQL_LEX_STRING *,
|
||||
const char *, unsigned int, int);
|
||||
} *thd_alloc_service;
|
||||
void *thd_alloc(void* thd, unsigned int size);
|
||||
void *thd_calloc(void* thd, unsigned int size);
|
||||
char *thd_strdup(void* thd, const char *str);
|
||||
char *thd_strmake(void* thd, const char *str, unsigned int size);
|
||||
void *thd_memdup(void* thd, const void* str, unsigned int size);
|
||||
MYSQL_LEX_STRING *thd_make_lex_string(void* thd, MYSQL_LEX_STRING *lex_str,
|
||||
const char *str, unsigned int size,
|
||||
int allocate_lex_string);
|
||||
#include <mysql/service_thd_wait.h>
|
||||
typedef enum _thd_wait_type_e {
|
||||
THD_WAIT_SLEEP= 1,
|
||||
THD_WAIT_DISKIO= 2,
|
||||
THD_WAIT_ROW_LOCK= 3,
|
||||
THD_WAIT_GLOBAL_LOCK= 4,
|
||||
THD_WAIT_META_DATA_LOCK= 5,
|
||||
THD_WAIT_TABLE_LOCK= 6,
|
||||
THD_WAIT_USER_LOCK= 7,
|
||||
THD_WAIT_BINLOG= 8,
|
||||
THD_WAIT_GROUP_COMMIT= 9,
|
||||
THD_WAIT_SYNC= 10,
|
||||
THD_WAIT_NET= 11,
|
||||
THD_WAIT_LAST= 12
|
||||
} thd_wait_type;
|
||||
extern struct thd_wait_service_st {
|
||||
void (*thd_wait_begin_func)(void*, int);
|
||||
void (*thd_wait_end_func)(void*);
|
||||
} *thd_wait_service;
|
||||
void thd_wait_begin(void* thd, int wait_type);
|
||||
void thd_wait_end(void* thd);
|
||||
#include <mysql/service_progress_report.h>
|
||||
extern struct progress_report_service_st {
|
||||
void (*thd_progress_init_func)(void* thd, unsigned int max_stage);
|
||||
void (*thd_progress_report_func)(void* thd,
|
||||
unsigned long long progress,
|
||||
unsigned long long max_progress);
|
||||
void (*thd_progress_next_stage_func)(void* thd);
|
||||
void (*thd_progress_end_func)(void* thd);
|
||||
const char *(*set_thd_proc_info_func)(void*, const char *info,
|
||||
const char *func,
|
||||
const char *file,
|
||||
unsigned int line);
|
||||
} *progress_report_service;
|
||||
void thd_progress_init(void* thd, unsigned int max_stage);
|
||||
void thd_progress_report(void* thd,
|
||||
unsigned long long progress,
|
||||
unsigned long long max_progress);
|
||||
void thd_progress_next_stage(void* thd);
|
||||
void thd_progress_end(void* thd);
|
||||
const char *set_thd_proc_info(void*, const char * info, const char *func,
|
||||
const char *file, unsigned int line);
|
||||
#include <mysql/service_debug_sync.h>
|
||||
extern void (*debug_sync_C_callback_ptr)(void*, const char *, size_t);
|
||||
#include <mysql/service_kill_statement.h>
|
||||
enum thd_kill_levels {
|
||||
THD_IS_NOT_KILLED=0,
|
||||
THD_ABORT_SOFTLY=50,
|
||||
THD_ABORT_ASAP=100,
|
||||
};
|
||||
extern struct kill_statement_service_st {
|
||||
enum thd_kill_levels (*thd_kill_level_func)(const void*);
|
||||
} *thd_kill_statement_service;
|
||||
enum thd_kill_levels thd_kill_level(const void*);
|
||||
#include <mysql/service_thd_timezone.h>
|
||||
#include "mysql_time.h"
|
||||
typedef long my_time_t;
|
||||
enum enum_mysql_timestamp_type
|
||||
{
|
||||
MYSQL_TIMESTAMP_NONE= -2, MYSQL_TIMESTAMP_ERROR= -1,
|
||||
MYSQL_TIMESTAMP_DATE= 0, MYSQL_TIMESTAMP_DATETIME= 1, MYSQL_TIMESTAMP_TIME= 2
|
||||
};
|
||||
typedef struct st_mysql_time
|
||||
{
|
||||
unsigned int year, month, day, hour, minute, second;
|
||||
unsigned long second_part;
|
||||
my_bool neg;
|
||||
enum enum_mysql_timestamp_type time_type;
|
||||
} MYSQL_TIME;
|
||||
extern struct thd_timezone_service_st {
|
||||
my_time_t (*thd_TIME_to_gmt_sec)(void* thd, const MYSQL_TIME *ltime, unsigned int *errcode);
|
||||
void (*thd_gmt_sec_to_TIME)(void* thd, MYSQL_TIME *ltime, my_time_t t);
|
||||
} *thd_timezone_service;
|
||||
my_time_t thd_TIME_to_gmt_sec(void* thd, const MYSQL_TIME *ltime, unsigned int *errcode);
|
||||
void thd_gmt_sec_to_TIME(void* thd, MYSQL_TIME *ltime, my_time_t t);
|
||||
#include <mysql/service_sha1.h>
|
||||
extern struct my_sha1_service_st {
|
||||
void (*my_sha1_type)(unsigned char*, const char*, size_t);
|
||||
void (*my_sha1_multi_type)(unsigned char*, ...);
|
||||
size_t (*my_sha1_context_size_type)();
|
||||
void (*my_sha1_init_type)(void *);
|
||||
void (*my_sha1_input_type)(void *, const unsigned char *, size_t);
|
||||
void (*my_sha1_result_type)(void *, unsigned char *);
|
||||
} *my_sha1_service;
|
||||
void my_sha1(unsigned char*, const char*, size_t);
|
||||
void my_sha1_multi(unsigned char*, ...);
|
||||
size_t my_sha1_context_size();
|
||||
void my_sha1_init(void *context);
|
||||
void my_sha1_input(void *context, const unsigned char *buf, size_t len);
|
||||
void my_sha1_result(void *context, unsigned char *digest);
|
||||
#include <mysql/service_md5.h>
|
||||
extern struct my_md5_service_st {
|
||||
void (*my_md5_type)(unsigned char*, const char*, size_t);
|
||||
void (*my_md5_multi_type)(unsigned char*, ...);
|
||||
size_t (*my_md5_context_size_type)();
|
||||
void (*my_md5_init_type)(void *);
|
||||
void (*my_md5_input_type)(void *, const unsigned char *, size_t);
|
||||
void (*my_md5_result_type)(void *, unsigned char *);
|
||||
} *my_md5_service;
|
||||
void my_md5(unsigned char*, const char*, size_t);
|
||||
void my_md5_multi(unsigned char*, ...);
|
||||
size_t my_md5_context_size();
|
||||
void my_md5_init(void *context);
|
||||
void my_md5_input(void *context, const unsigned char *buf, size_t len);
|
||||
void my_md5_result(void *context, unsigned char *digest);
|
||||
#include <mysql/service_logger.h>
|
||||
typedef struct logger_handle_st LOGGER_HANDLE;
|
||||
extern struct logger_service_st {
|
||||
void (*logger_init_mutexes)();
|
||||
LOGGER_HANDLE* (*open)(const char *path,
|
||||
unsigned long long size_limit,
|
||||
unsigned int rotations);
|
||||
int (*close)(LOGGER_HANDLE *log);
|
||||
int (*vprintf)(LOGGER_HANDLE *log, const char *fmt, va_list argptr);
|
||||
int (*printf)(LOGGER_HANDLE *log, const char *fmt, ...);
|
||||
int (*write)(LOGGER_HANDLE *log, const char *buffer, size_t size);
|
||||
int (*rotate)(LOGGER_HANDLE *log);
|
||||
} *logger_service;
|
||||
void logger_init_mutexes();
|
||||
LOGGER_HANDLE *logger_open(const char *path,
|
||||
unsigned long long size_limit,
|
||||
unsigned int rotations);
|
||||
int logger_close(LOGGER_HANDLE *log);
|
||||
int logger_vprintf(LOGGER_HANDLE *log, const char *fmt, va_list argptr);
|
||||
int logger_printf(LOGGER_HANDLE *log, const char *fmt, ...);
|
||||
int logger_write(LOGGER_HANDLE *log, const char *buffer, size_t size);
|
||||
int logger_rotate(LOGGER_HANDLE *log);
|
||||
#include <mysql/service_thd_autoinc.h>
|
||||
extern struct thd_autoinc_service_st {
|
||||
void (*thd_get_autoinc_func)(const void* thd,
|
||||
unsigned long* off, unsigned long* inc);
|
||||
} *thd_autoinc_service;
|
||||
void thd_get_autoinc(const void* thd,
|
||||
unsigned long* off, unsigned long* inc);
|
||||
#include <mysql/service_thd_error_context.h>
|
||||
extern struct thd_error_context_service_st {
|
||||
const char *(*thd_get_error_message_func)(const void* thd);
|
||||
unsigned int (*thd_get_error_number_func)(const void* thd);
|
||||
unsigned long (*thd_get_error_row_func)(const void* thd);
|
||||
void (*thd_inc_error_row_func)(void* thd);
|
||||
char *(*thd_get_error_context_description_func)(void* thd,
|
||||
char *buffer,
|
||||
unsigned int length,
|
||||
unsigned int max_query_length);
|
||||
} *thd_error_context_service;
|
||||
const char *thd_get_error_message(const void* thd);
|
||||
unsigned int thd_get_error_number(const void* thd);
|
||||
unsigned long thd_get_error_row(const void* thd);
|
||||
void thd_inc_error_row(void* thd);
|
||||
char *thd_get_error_context_description(void* thd,
|
||||
char *buffer, unsigned int length,
|
||||
unsigned int max_query_length);
|
||||
#include <mysql/service_thd_specifics.h>
|
||||
typedef int MYSQL_THD_KEY_T;
|
||||
extern struct thd_specifics_service_st {
|
||||
int (*thd_key_create_func)(MYSQL_THD_KEY_T *key);
|
||||
void (*thd_key_delete_func)(MYSQL_THD_KEY_T *key);
|
||||
void *(*thd_getspecific_func)(void* thd, MYSQL_THD_KEY_T key);
|
||||
int (*thd_setspecific_func)(void* thd, MYSQL_THD_KEY_T key, void *value);
|
||||
} *thd_specifics_service;
|
||||
int thd_key_create(MYSQL_THD_KEY_T *key);
|
||||
void thd_key_delete(MYSQL_THD_KEY_T *key);
|
||||
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
|
||||
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
|
||||
struct st_mysql_xid {
|
||||
long formatID;
|
||||
long gtrid_length;
|
||||
long bqual_length;
|
||||
char data[128];
|
||||
};
|
||||
typedef struct st_mysql_xid MYSQL_XID;
|
||||
enum enum_mysql_show_type
|
||||
{
|
||||
SHOW_UNDEF, SHOW_BOOL, SHOW_UINT, SHOW_ULONG,
|
||||
SHOW_ULONGLONG, SHOW_CHAR, SHOW_CHAR_PTR,
|
||||
SHOW_ARRAY, SHOW_FUNC, SHOW_DOUBLE,
|
||||
SHOW_SINT, SHOW_SLONG, SHOW_SLONGLONG, SHOW_SIMPLE_FUNC,
|
||||
SHOW_always_last
|
||||
};
|
||||
enum enum_var_type
|
||||
{
|
||||
SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL
|
||||
};
|
||||
struct st_mysql_show_var {
|
||||
const char *name;
|
||||
char *value;
|
||||
enum enum_mysql_show_type type;
|
||||
};
|
||||
typedef int (*mysql_show_var_func)(void*, struct st_mysql_show_var*, char *, enum enum_var_type);
|
||||
struct st_mysql_sys_var;
|
||||
struct st_mysql_value;
|
||||
typedef int (*mysql_var_check_func)(void* thd,
|
||||
struct st_mysql_sys_var *var,
|
||||
void *save, struct st_mysql_value *value);
|
||||
typedef void (*mysql_var_update_func)(void* thd,
|
||||
struct st_mysql_sys_var *var,
|
||||
void *var_ptr, const void *save);
|
||||
struct st_mysql_plugin
|
||||
{
|
||||
int type;
|
||||
void *info;
|
||||
const char *name;
|
||||
const char *author;
|
||||
const char *descr;
|
||||
int license;
|
||||
int (*init)(void *);
|
||||
int (*deinit)(void *);
|
||||
unsigned int version;
|
||||
struct st_mysql_show_var *status_vars;
|
||||
struct st_mysql_sys_var **system_vars;
|
||||
void * __reserved1;
|
||||
unsigned long flags;
|
||||
};
|
||||
struct st_maria_plugin
|
||||
{
|
||||
int type;
|
||||
void *info;
|
||||
const char *name;
|
||||
const char *author;
|
||||
const char *descr;
|
||||
int license;
|
||||
int (*init)(void *);
|
||||
int (*deinit)(void *);
|
||||
unsigned int version;
|
||||
struct st_mysql_show_var *status_vars;
|
||||
struct st_mysql_sys_var **system_vars;
|
||||
const char *version_info;
|
||||
unsigned int maturity;
|
||||
};
|
||||
#include "plugin_ftparser.h"
|
||||
#include "plugin.h"
|
||||
enum enum_ftparser_mode
|
||||
{
|
||||
MYSQL_FTPARSER_SIMPLE_MODE= 0,
|
||||
MYSQL_FTPARSER_WITH_STOPWORDS= 1,
|
||||
MYSQL_FTPARSER_FULL_BOOLEAN_INFO= 2
|
||||
};
|
||||
enum enum_ft_token_type
|
||||
{
|
||||
FT_TOKEN_EOF= 0,
|
||||
FT_TOKEN_WORD= 1,
|
||||
FT_TOKEN_LEFT_PAREN= 2,
|
||||
FT_TOKEN_RIGHT_PAREN= 3,
|
||||
FT_TOKEN_STOPWORD= 4
|
||||
};
|
||||
typedef struct st_mysql_ftparser_boolean_info
|
||||
{
|
||||
enum enum_ft_token_type type;
|
||||
int yesno;
|
||||
int weight_adjust;
|
||||
char wasign;
|
||||
char trunc;
|
||||
char prev;
|
||||
char *quot;
|
||||
} MYSQL_FTPARSER_BOOLEAN_INFO;
|
||||
typedef struct st_mysql_ftparser_param
|
||||
{
|
||||
int (*mysql_parse)(struct st_mysql_ftparser_param *,
|
||||
const char *doc, int doc_len);
|
||||
int (*mysql_add_word)(struct st_mysql_ftparser_param *,
|
||||
const char *word, int word_len,
|
||||
MYSQL_FTPARSER_BOOLEAN_INFO *boolean_info);
|
||||
void *ftparser_state;
|
||||
void *mysql_ftparam;
|
||||
const struct charset_info_st *cs;
|
||||
const char *doc;
|
||||
int length;
|
||||
unsigned int flags;
|
||||
enum enum_ftparser_mode mode;
|
||||
} MYSQL_FTPARSER_PARAM;
|
||||
struct st_mysql_ftparser
|
||||
{
|
||||
int interface_version;
|
||||
int (*parse)(MYSQL_FTPARSER_PARAM *param);
|
||||
int (*init)(MYSQL_FTPARSER_PARAM *param);
|
||||
int (*deinit)(MYSQL_FTPARSER_PARAM *param);
|
||||
};
|
||||
struct st_mysql_daemon
|
||||
{
|
||||
int interface_version;
|
||||
};
|
||||
struct st_mysql_information_schema
|
||||
{
|
||||
int interface_version;
|
||||
};
|
||||
struct st_mysql_storage_engine
|
||||
{
|
||||
int interface_version;
|
||||
};
|
||||
struct handlerton;
|
||||
struct Mysql_replication {
|
||||
int interface_version;
|
||||
};
|
||||
struct st_mysql_value
|
||||
{
|
||||
int (*value_type)(struct st_mysql_value *);
|
||||
const char *(*val_str)(struct st_mysql_value *, char *buffer, int *length);
|
||||
int (*val_real)(struct st_mysql_value *, double *realbuf);
|
||||
int (*val_int)(struct st_mysql_value *, long long *intbuf);
|
||||
int (*is_unsigned)(struct st_mysql_value *);
|
||||
};
|
||||
int thd_in_lock_tables(const void* thd);
|
||||
int thd_tablespace_op(const void* thd);
|
||||
long long thd_test_options(const void* thd, long long test_options);
|
||||
int thd_sql_command(const void* thd);
|
||||
void **thd_ha_data(const void* thd, const struct handlerton *hton);
|
||||
void thd_storage_lock_wait(void* thd, long long value);
|
||||
int thd_tx_isolation(const void* thd);
|
||||
int thd_tx_is_read_only(const void* thd);
|
||||
int thd_rpl_is_parallel(const void* thd);
|
||||
int mysql_tmpfile(const char *prefix);
|
||||
unsigned long thd_get_thread_id(const void* thd);
|
||||
void thd_get_xid(const void* thd, MYSQL_XID *xid);
|
||||
void mysql_query_cache_invalidate4(void* thd,
|
||||
const char *key, unsigned int key_length,
|
||||
int using_trx);
|
||||
void *thd_get_ha_data(const void* thd, const struct handlerton *hton);
|
||||
void thd_set_ha_data(void* thd, const struct handlerton *hton,
|
||||
const void *ha_data);
|
||||
void thd_wakeup_subsequent_commits(void* thd, int wakeup_error);
|
||||
struct st_mariadb_encryption_key_management
|
||||
{
|
||||
int interface_version;
|
||||
unsigned int (*get_latest_key_version)();
|
||||
unsigned int (*has_key_version)(unsigned int version);
|
||||
unsigned int (*get_key_size)(unsigned int version);
|
||||
int (*get_key)(unsigned int version, unsigned char* key, unsigned int keybufsize);
|
||||
int (*get_iv)(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
|
||||
};
|
@ -105,7 +105,7 @@ SET(SQL_EMBEDDED_SOURCES emb_qcache.cc libmysqld.c lib_sql.cc
|
||||
../sql/compat56.cc
|
||||
../sql/table_cache.cc
|
||||
../sql/item_inetfunc.cc
|
||||
../sql/wsrep_dummy.cc
|
||||
../sql/wsrep_dummy.cc ../sql/encryption_keys.cc
|
||||
${GEN_SOURCES}
|
||||
${MYSYS_LIBWRAP_SOURCE}
|
||||
)
|
||||
|
@ -0,0 +1,5 @@
|
||||
if (`select count(*) = 0 from information_schema.plugins
|
||||
where plugin_name = 'example_key_management_plugin' and plugin_status='active'`)
|
||||
{
|
||||
--skip Needs example_key_management_plugin
|
||||
}
|
@ -0,0 +1,2 @@
|
||||
--plugin-load-add=$EXAMPLE_KEY_MANAGEMENT_PLUGIN_SO
|
||||
--loose-example-key-management-plugin
|
5
mysql-test/include/have_file_key_management_plugin.inc
Normal file
5
mysql-test/include/have_file_key_management_plugin.inc
Normal file
@ -0,0 +1,5 @@
|
||||
if (`select count(*) = 0 from information_schema.plugins
|
||||
where plugin_name = 'file_key_management_plugin' and plugin_status='active'`)
|
||||
{
|
||||
--skip Needs file_key_management_plugin
|
||||
}
|
4
mysql-test/include/have_file_key_management_plugin.opt
Normal file
4
mysql-test/include/have_file_key_management_plugin.opt
Normal file
@ -0,0 +1,4 @@
|
||||
--plugin-load-add=$FILE_KEY_MANAGEMENT_PLUGIN_SO
|
||||
--loose-file-key-management-plugin
|
||||
--loose-file-key-management-plugin-filename=$MYSQL_TEST_DIR/std_data/keys.txt
|
||||
--encryption-algorithm=aes_cbc
|
@ -1,4 +0,0 @@
|
||||
--default-storage-engine=InnoDB
|
||||
--encryption-algorithm=aes_cbs
|
||||
--file-key-management-plugin-filename=$MYSQL_TEST_DIR/suite/innodb/include/keys.txt
|
||||
--innodb-buffer-pool-size=24M
|
2
mysql-test/suite/innodb/t/innodb-page_encryption-32k.opt
Normal file
2
mysql-test/suite/innodb/t/innodb-page_encryption-32k.opt
Normal file
@ -0,0 +1,2 @@
|
||||
--default_storage_engine=InnoDB
|
||||
--innodb-buffer-pool-size=24M
|
@ -1,3 +0,0 @@
|
||||
--enable-file-key-management-plugin
|
||||
--encryption-algorithm=aes_cbs
|
||||
--file-key-management-plugin-filename=$MYSQL_TEST_DIR/suite/innodb/include/keys.txt
|
@ -1,4 +1,5 @@
|
||||
-- source include/have_innodb.inc
|
||||
-- source include/have_file_key_management_plugin.inc
|
||||
|
||||
--disable_query_log
|
||||
let $innodb_file_format_orig = `SELECT @@innodb_file_format`;
|
||||
|
@ -1,3 +0,0 @@
|
||||
--enable-file-key-management-plugin
|
||||
--encryption-algorithm=aes_cbs
|
||||
--file-key-management-plugin-filename=$MYSQL_TEST_DIR/suite/innodb/include/keys.txt
|
@ -1,4 +1,5 @@
|
||||
-- source include/have_innodb.inc
|
||||
-- source include/have_file_key_management_plugin.inc
|
||||
|
||||
--disable_query_log
|
||||
let $innodb_compression_algorithm_orig=`SELECT @@innodb_compression_algorithm`;
|
||||
|
@ -1,8 +1,7 @@
|
||||
--enable-example-key-management-plugin
|
||||
--encrypt-tmp-disk-tables=ON
|
||||
--aria-encrypt-tables=ON
|
||||
--innodb-encryption-threads=4
|
||||
--innodb-encryption-rotate-key-age=15
|
||||
--encrypt-tmp-disk-tables=ON
|
||||
--innodb-encrypt-tables=ON
|
||||
--innodb-encryption-rotate-key-age=15
|
||||
--innodb-encryption-threads=4
|
||||
--innodb-tablespaces-encryption
|
||||
--encryption-algorithm=aes_ctr
|
||||
|
@ -2,6 +2,7 @@
|
||||
#
|
||||
#
|
||||
-- source include/have_innodb.inc
|
||||
-- source include/have_example_key_management_plugin.inc
|
||||
|
||||
# embedded does not support restart
|
||||
-- source include/not_embedded.inc
|
||||
|
@ -1,14 +1,13 @@
|
||||
--enable-example-key-management-plugin
|
||||
--aria-encrypt-tables=ON
|
||||
--encrypt-tmp-disk-tables=ON
|
||||
--innodb-background-scrub-data-compressed=OFF
|
||||
--innodb-background-scrub-data-uncompressed=OFF
|
||||
--innodb-encrypt-tables=0
|
||||
--innodb-encrypt-tables=ON
|
||||
--innodb-encryption-rotate-key-age=15
|
||||
--innodb-encryption-threads=0
|
||||
--innodb-encryption-threads=4
|
||||
--innodb-file-format=Barracuda
|
||||
--innodb-file-per-table=1
|
||||
--innodb-immediate-scrub-data-uncompressed=ON
|
||||
--loose-aria-encrypt-tables=ON
|
||||
--loose-encrypt-tmp-disk-tables=ON
|
||||
--loose-innodb-encrypt-tables=ON
|
||||
--loose-innodb-encryption-rotate-key-age=15
|
||||
--loose-innodb-encryption-threads=4
|
||||
--loose-innodb-scrub-force-testing=ON
|
||||
|
@ -1,5 +1,6 @@
|
||||
-- source include/have_innodb.inc
|
||||
-- source include/not_embedded.inc
|
||||
-- source include/have_example_key_management_plugin.inc
|
||||
|
||||
let $MYSQLD_DATADIR=`select @@datadir`;
|
||||
let ib1_IBD = $MYSQLD_DATADIR/ibdata1;
|
||||
|
@ -1,15 +1,14 @@
|
||||
--enable-example-key-management-plugin
|
||||
--innodb-background-scrub-data-compressed=ON
|
||||
--innodb-background-scrub-data-uncompressed=ON
|
||||
--innodb-file-per-table=1
|
||||
--innodb-file-format=Barracuda
|
||||
--innodb-encrypt-tables=0
|
||||
--innodb-encryption-threads=0
|
||||
--innodb-file-format=Barracuda
|
||||
--innodb-file-per-table=1
|
||||
--innodb-immediate-scrub-data-uncompressed=OFF
|
||||
--innodb-tablespaces-scrubbing
|
||||
--loose-aria-encrypt-tables=ON
|
||||
--loose-encrypt-tmp-disk-tables=ON
|
||||
--loose-innodb-encrypt-tables=ON
|
||||
--loose-innodb-encryption-rotate-key-age=15
|
||||
--loose-innodb-encryption-threads=4
|
||||
--innodb-background-scrub-data-uncompressed=ON
|
||||
--innodb-background-scrub-data-compressed=ON
|
||||
--loose-innodb-scrub-force-testing=ON
|
||||
--encrypt-tmp-disk-tables=ON
|
||||
--aria-encrypt-tables=ON
|
||||
--innodb-encryption-threads=4
|
||||
--innodb-encryption-rotate-key-age=15
|
||||
--innodb-encrypt-tables=ON
|
||||
--innodb-tablespaces-scrubbing
|
||||
|
@ -1,5 +1,6 @@
|
||||
-- source include/have_innodb.inc
|
||||
-- source include/not_embedded.inc
|
||||
-- source include/have_example_key_management_plugin.inc
|
||||
|
||||
let $MYSQLD_DATADIR=`select @@datadir`;
|
||||
let ib1_IBD = $MYSQLD_DATADIR/ibdata1;
|
||||
|
@ -1,15 +1,15 @@
|
||||
--enable-example-key-management-plugin
|
||||
--innodb-background-scrub-data-compressed=ON
|
||||
--innodb-background-scrub-data-uncompressed=ON
|
||||
--innodb-encrypt-tables=off
|
||||
--innodb-encryption-threads=0
|
||||
--innodb-file-format=Barracuda
|
||||
--innodb-file-per-table=1
|
||||
--innodb-file-format=Barracuda
|
||||
--innodb-encrypt-tables=off
|
||||
--innodb-immediate-scrub-data-uncompressed=ON
|
||||
--innodb-tablespaces-scrubbing
|
||||
--loose-aria-encrypt-tables=ON
|
||||
--loose-encrypt-tmp-disk-tables=ON
|
||||
--loose-innodb-encrypt-tables=ON
|
||||
--loose-innodb-encryption-rotate-key-age=15
|
||||
--loose-innodb-encryption-threads=4
|
||||
--innodb-background-scrub-data-uncompressed=ON
|
||||
--innodb-background-scrub-data-compressed=ON
|
||||
--loose-innodb-scrub-force-testing=ON
|
||||
--innodb-encryption-threads=0
|
||||
--encrypt-tmp-disk-tables=ON
|
||||
--aria-encrypt-tables=ON
|
||||
--innodb-encryption-threads=4
|
||||
--innodb-encryption-rotate-key-age=15
|
||||
--innodb-encrypt-tables=ON
|
||||
--innodb-tablespaces-scrubbing
|
||||
|
||||
|
@ -1,5 +1,6 @@
|
||||
-- source include/have_innodb.inc
|
||||
-- source include/not_embedded.inc
|
||||
-- source include/have_example_key_management_plugin.inc
|
||||
|
||||
let $MYSQLD_DATADIR=`select @@datadir`;
|
||||
let ib1_IBD = $MYSQLD_DATADIR/ibdata1;
|
||||
|
@ -21,11 +21,12 @@ Name Status Type Library License
|
||||
EXAMPLE NOT INSTALLED STORAGE ENGINE ha_example.so GPL
|
||||
UNUSABLE NOT INSTALLED DAEMON ha_example.so GPL
|
||||
daemon_example NOT INSTALLED DAEMON libdaemon_example.so GPL
|
||||
example_key_management_plugin NOT INSTALLED ENCRYPTION KEY MANAGEMENT example_key_management_plugin.so GPL
|
||||
three_attempts NOT INSTALLED AUTHENTICATION dialog_examples.so GPL
|
||||
two_questions NOT INSTALLED AUTHENTICATION dialog_examples.so GPL
|
||||
show status like '%libraries%';
|
||||
Variable_name Value
|
||||
Opened_plugin_libraries 6
|
||||
Opened_plugin_libraries 7
|
||||
show plugins soname where library = 'ha_example.so';
|
||||
Name Status Type Library License
|
||||
EXAMPLE NOT INSTALLED STORAGE ENGINE ha_example.so GPL
|
||||
|
@ -66,10 +66,6 @@ static void my_thread_init_common_mutex(void)
|
||||
#if !defined(HAVE_LOCALTIME_R) || !defined(HAVE_GMTIME_R)
|
||||
mysql_mutex_init(key_LOCK_localtime_r, &LOCK_localtime_r, MY_MUTEX_INIT_SLOW);
|
||||
#endif
|
||||
#ifndef DBUG_OFF
|
||||
mysql_rwlock_init(key_LOCK_dbug_encryption_key_version,
|
||||
&LOCK_dbug_encryption_key_version);
|
||||
#endif
|
||||
}
|
||||
|
||||
void my_thread_destroy_common_mutex(void)
|
||||
@ -84,9 +80,6 @@ void my_thread_destroy_common_mutex(void)
|
||||
#if !defined(HAVE_LOCALTIME_R) || !defined(HAVE_GMTIME_R)
|
||||
mysql_mutex_destroy(&LOCK_localtime_r);
|
||||
#endif
|
||||
#ifndef DBUG_OFF
|
||||
mysql_rwlock_destroy(&LOCK_dbug_encryption_key_version);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
|
@ -40,8 +40,6 @@ SET(MYSYS_SSL_SOURCES
|
||||
my_md5.cc
|
||||
my_rnd.cc
|
||||
my_crypt.cc
|
||||
my_crypt_key_management.cc
|
||||
my_crypt_key_management_impl.cc
|
||||
)
|
||||
|
||||
ADD_CONVENIENCE_LIBRARY(mysys_ssl ${MYSYS_SSL_SOURCES})
|
||||
|
@ -1,110 +0,0 @@
|
||||
#include <my_global.h>
|
||||
#include <my_crypt_key_management.h>
|
||||
#include <cstring>
|
||||
|
||||
#ifndef DBUG_OFF
|
||||
#include <myisampack.h>
|
||||
my_bool debug_use_static_encryption_keys = 0;
|
||||
|
||||
#ifdef HAVE_PSI_INTERFACE
|
||||
PSI_rwlock_key key_LOCK_dbug_encryption_key_version;
|
||||
#endif
|
||||
mysql_rwlock_t LOCK_dbug_encryption_key_version;
|
||||
unsigned int opt_debug_encryption_key_version = 0;
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Default functions
|
||||
*/
|
||||
int GetLatestCryptoKeyVersionImpl();
|
||||
unsigned int HasCryptoKeyImpl(unsigned int version);
|
||||
int GetCryptoKeySizeImpl(unsigned int version);
|
||||
int GetCryptoKeyImpl(unsigned int version, unsigned char* key_buffer,
|
||||
unsigned int size);
|
||||
int GetCryptoIVImpl(unsigned int version, unsigned char* key_buffer,
|
||||
unsigned int size);
|
||||
|
||||
/**
|
||||
* Function pointers for
|
||||
* - GetLatestCryptoKeyVersion
|
||||
* - GetCryptoKey
|
||||
*/
|
||||
static
|
||||
struct CryptoKeyFuncs_t cryptoKeyFuncs = {
|
||||
GetLatestCryptoKeyVersionImpl,
|
||||
HasCryptoKeyImpl,
|
||||
GetCryptoKeySizeImpl,
|
||||
GetCryptoKeyImpl,
|
||||
GetCryptoIVImpl
|
||||
};
|
||||
|
||||
extern "C"
|
||||
int GetLatestCryptoKeyVersion() {
|
||||
#ifndef DBUG_OFF
|
||||
if (debug_use_static_encryption_keys) {
|
||||
mysql_rwlock_rdlock(&LOCK_dbug_encryption_key_version);
|
||||
unsigned int res = opt_debug_encryption_key_version;
|
||||
mysql_rwlock_unlock(&LOCK_dbug_encryption_key_version);
|
||||
return res;
|
||||
}
|
||||
#endif
|
||||
|
||||
return (* cryptoKeyFuncs.getLatestCryptoKeyVersionFunc)();
|
||||
}
|
||||
|
||||
extern "C"
|
||||
unsigned int HasCryptoKey(unsigned int version) {
|
||||
return (* cryptoKeyFuncs.hasCryptoKeyFunc)(version);
|
||||
}
|
||||
|
||||
extern "C"
|
||||
int GetCryptoKeySize(unsigned int version) {
|
||||
return (* cryptoKeyFuncs.getCryptoKeySize)(version);
|
||||
}
|
||||
|
||||
extern "C"
|
||||
int GetCryptoKey(unsigned int version, unsigned char* key, unsigned int size) {
|
||||
#ifndef DBUG_OFF
|
||||
if (debug_use_static_encryption_keys) {
|
||||
memset(key, 0, size);
|
||||
// Just don't support tiny keys, no point anyway.
|
||||
if (size < 4) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
mi_int4store(key, version);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
return (* cryptoKeyFuncs.getCryptoKeyFunc)(version, key, size);
|
||||
}
|
||||
|
||||
extern "C"
|
||||
int GetCryptoIV(unsigned int version, unsigned char* key, unsigned int size) {
|
||||
return (* cryptoKeyFuncs.getCryptoIVFunc)(version, key, size);
|
||||
}
|
||||
|
||||
extern "C"
|
||||
void
|
||||
InstallCryptoKeyFunctions(const struct CryptoKeyFuncs_t* _cryptoKeyFuncs)
|
||||
{
|
||||
if (_cryptoKeyFuncs == NULL)
|
||||
{
|
||||
/* restore defaults wHashhen called with NULL argument */
|
||||
cryptoKeyFuncs.getLatestCryptoKeyVersionFunc =
|
||||
GetLatestCryptoKeyVersionImpl;
|
||||
cryptoKeyFuncs.hasCryptoKeyFunc =
|
||||
HasCryptoKeyImpl;
|
||||
cryptoKeyFuncs.getCryptoKeySize =
|
||||
GetCryptoKeySizeImpl;
|
||||
cryptoKeyFuncs.getCryptoKeyFunc =
|
||||
GetCryptoKeyImpl;
|
||||
cryptoKeyFuncs.getCryptoIVFunc =
|
||||
GetCryptoIVImpl;
|
||||
}
|
||||
else
|
||||
{
|
||||
cryptoKeyFuncs = *_cryptoKeyFuncs;
|
||||
}
|
||||
}
|
@ -1,34 +0,0 @@
|
||||
#include <my_global.h>
|
||||
|
||||
// TODO Not yet implemented.
|
||||
int GetLatestCryptoKeyVersionImpl()
|
||||
{
|
||||
abort();
|
||||
return 0; /* Keep compiler happy */
|
||||
}
|
||||
|
||||
unsigned int HasCryptoKeyImpl(unsigned int version)
|
||||
{
|
||||
abort();
|
||||
return 0; /* Keep compiler happy */
|
||||
}
|
||||
|
||||
int GetCryptoKeySizeImpl(unsigned int version)
|
||||
{
|
||||
abort();
|
||||
return 0; /* Keep compiler happy */
|
||||
}
|
||||
|
||||
int GetCryptoKeyImpl(unsigned int version, unsigned char* key,
|
||||
unsigned int key_size)
|
||||
{
|
||||
abort();
|
||||
return 0; /* Keep compiler happy */
|
||||
}
|
||||
|
||||
int GetCryptoIVImpl(unsigned int version, unsigned char* key,
|
||||
unsigned int key_size)
|
||||
{
|
||||
abort();
|
||||
return 0; /* Keep compiler happy */
|
||||
}
|
@ -1 +1,2 @@
|
||||
MYSQL_ADD_PLUGIN(EXAMPLE_KEY_MANAGEMENT_PLUGIN example_key_management_plugin.cc MANDATORY)
|
||||
MYSQL_ADD_PLUGIN(EXAMPLE_KEY_MANAGEMENT_PLUGIN example_key_management_plugin.cc
|
||||
MODULE_ONLY)
|
||||
|
@ -1,10 +1,9 @@
|
||||
// Copyright (C) 2014 Google Inc.
|
||||
|
||||
#include <mysql_version.h>
|
||||
#include <my_global.h>
|
||||
#include <my_pthread.h>
|
||||
#include <my_aes.h>
|
||||
#include <my_crypt_key_management.h>
|
||||
#include <mysql/plugin_encryption_key_management.h>
|
||||
#include <my_md5.h>
|
||||
#include <my_rnd.h>
|
||||
|
||||
@ -17,8 +16,7 @@ static unsigned int key_version = 0;
|
||||
static unsigned int next_key_version = 0;
|
||||
static pthread_mutex_t mutex;
|
||||
|
||||
static
|
||||
int
|
||||
static unsigned int
|
||||
get_latest_key_version()
|
||||
{
|
||||
uint now = time(0);
|
||||
@ -34,8 +32,7 @@ get_latest_key_version()
|
||||
return key_version;
|
||||
}
|
||||
|
||||
static
|
||||
int
|
||||
static int
|
||||
get_key(unsigned int version, unsigned char* dstbuf, unsigned buflen)
|
||||
{
|
||||
char *dst = (char*)dstbuf; // md5 function takes char* as argument...
|
||||
@ -58,7 +55,7 @@ static unsigned int has_key_func(unsigned int keyID)
|
||||
return true;
|
||||
}
|
||||
|
||||
static int get_key_size(unsigned int keyID)
|
||||
static unsigned int get_key_size(unsigned int keyID)
|
||||
{
|
||||
return 16;
|
||||
}
|
||||
@ -87,13 +84,6 @@ static int example_key_management_plugin_init(void *p)
|
||||
|
||||
pthread_mutex_init(&mutex, NULL);
|
||||
|
||||
struct CryptoKeyFuncs_t func;
|
||||
func.getLatestCryptoKeyVersionFunc = get_latest_key_version;
|
||||
func.hasCryptoKeyFunc = has_key_func;
|
||||
func.getCryptoKeySize = get_key_size;
|
||||
func.getCryptoKeyFunc = get_key;
|
||||
func.getCryptoIVFunc = get_iv;
|
||||
InstallCryptoKeyFunctions(&func);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -103,8 +93,13 @@ static int example_key_management_plugin_deinit(void *p)
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct st_mysql_daemon example_key_management_plugin= {
|
||||
MYSQL_DAEMON_INTERFACE_VERSION
|
||||
struct st_mariadb_encryption_key_management example_key_management_plugin= {
|
||||
MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION,
|
||||
get_latest_key_version,
|
||||
has_key_func,
|
||||
get_key_size,
|
||||
get_key,
|
||||
get_iv
|
||||
};
|
||||
|
||||
/*
|
||||
@ -112,7 +107,7 @@ struct st_mysql_daemon example_key_management_plugin= {
|
||||
*/
|
||||
maria_declare_plugin(example_key_management_plugin)
|
||||
{
|
||||
MYSQL_DAEMON_PLUGIN,
|
||||
MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN,
|
||||
&example_key_management_plugin,
|
||||
"example_key_management_plugin",
|
||||
"Jonas Oreland",
|
||||
@ -124,6 +119,6 @@ maria_declare_plugin(example_key_management_plugin)
|
||||
NULL, /* status variables */
|
||||
NULL, /* system variables */
|
||||
"1.0",
|
||||
MariaDB_PLUGIN_MATURITY_UNKNOWN
|
||||
MariaDB_PLUGIN_MATURITY_EXPERIMENTAL
|
||||
}
|
||||
maria_declare_plugin_end;
|
||||
|
@ -1,4 +1,4 @@
|
||||
SET(FILE_KEY_MANAGEMENT_PLUGIN_SOURCES file_key_management_plugin.cc EncKeys.cc KeySingleton.cc)
|
||||
|
||||
MYSQL_ADD_PLUGIN(FILE_KEY_MANAGEMENT_PLUGIN ${FILE_KEY_MANAGEMENT_PLUGIN_SOURCES} DEFAULT
|
||||
MYSQL_ADD_PLUGIN(FILE_KEY_MANAGEMENT_PLUGIN ${FILE_KEY_MANAGEMENT_PLUGIN_SOURCES}
|
||||
LINK_LIBRARIES pcre)
|
||||
|
@ -16,6 +16,7 @@
|
||||
|
||||
#include <my_global.h>
|
||||
#include <mysql_version.h>
|
||||
#include <mysql/plugin_encryption_key_management.h>
|
||||
#include <my_aes.h>
|
||||
#include <my_crypt_key_management.h>
|
||||
#include "sql_class.h"
|
||||
@ -50,7 +51,7 @@ static struct st_mysql_sys_var* settings[] = {
|
||||
rotation feature of encrypting log files.
|
||||
*/
|
||||
|
||||
static int get_highest_key_used_in_key_file()
|
||||
static unsigned int get_highest_key_used_in_key_file()
|
||||
{
|
||||
if (KeySingleton::getInstance().hasKey(0))
|
||||
{
|
||||
@ -67,7 +68,7 @@ static unsigned int has_key_from_key_file(unsigned int keyID)
|
||||
return entry != NULL;
|
||||
}
|
||||
|
||||
static int get_key_size_from_key_file(unsigned int keyID)
|
||||
static unsigned int get_key_size_from_key_file(unsigned int keyID)
|
||||
{
|
||||
keyentry* entry = KeySingleton::getInstance().getKeys(keyID);
|
||||
|
||||
@ -146,16 +147,6 @@ static int file_key_management_plugin_init(void *p)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Initializing the key provider */
|
||||
struct CryptoKeyFuncs_t func;
|
||||
func.getLatestCryptoKeyVersionFunc = get_highest_key_used_in_key_file;
|
||||
func.hasCryptoKeyFunc = has_key_from_key_file;
|
||||
func.getCryptoKeySize = get_key_size_from_key_file;
|
||||
func.getCryptoKeyFunc = get_key_from_key_file;
|
||||
func.getCryptoIVFunc = get_iv_from_key_file;
|
||||
|
||||
InstallCryptoKeyFunctions(&func);
|
||||
|
||||
if (filename == NULL || strcmp("", filename) == 0)
|
||||
{
|
||||
sql_print_error("Parameter file_key_management_plugin_filename is required");
|
||||
@ -175,8 +166,13 @@ static int file_key_management_plugin_deinit(void *p)
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct st_mysql_daemon file_key_management_plugin= {
|
||||
MYSQL_DAEMON_INTERFACE_VERSION
|
||||
struct st_mariadb_encryption_key_management file_key_management_plugin= {
|
||||
MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION,
|
||||
get_highest_key_used_in_key_file,
|
||||
has_key_from_key_file,
|
||||
get_key_size_from_key_file,
|
||||
get_key_from_key_file,
|
||||
get_iv_from_key_file
|
||||
};
|
||||
|
||||
/*
|
||||
@ -184,7 +180,7 @@ struct st_mysql_daemon file_key_management_plugin= {
|
||||
*/
|
||||
maria_declare_plugin(file_key_management_plugin)
|
||||
{
|
||||
MYSQL_KEY_MANAGEMENT_PLUGIN,
|
||||
MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN,
|
||||
&file_key_management_plugin,
|
||||
"file_key_management_plugin",
|
||||
"Denis Endro eperi GmbH",
|
||||
|
@ -115,7 +115,7 @@ SET (SQL_SOURCE
|
||||
my_json_writer.cc my_json_writer.h
|
||||
rpl_gtid.cc rpl_parallel.cc
|
||||
${WSREP_SOURCES}
|
||||
table_cache.cc
|
||||
table_cache.cc encryption_keys.cc
|
||||
${CMAKE_CURRENT_BINARY_DIR}/sql_builtin.cc
|
||||
${GEN_SOURCES}
|
||||
${MYSYS_LIBWRAP_SOURCE}
|
||||
|
110
sql/encryption_keys.cc
Normal file
110
sql/encryption_keys.cc
Normal file
@ -0,0 +1,110 @@
|
||||
#include <my_global.h>
|
||||
#include <mysql/plugin_encryption_key_management.h>
|
||||
#include <my_crypt_key_management.h>
|
||||
#include "log.h"
|
||||
#include "sql_plugin.h"
|
||||
|
||||
#ifndef DBUG_OFF
|
||||
my_bool debug_use_static_encryption_keys = 0;
|
||||
uint opt_debug_encryption_key_version = 0;
|
||||
#endif
|
||||
|
||||
/* there can be only one encryption key management plugin enabled */
|
||||
static plugin_ref encryption_key_manager= 0;
|
||||
static struct st_mariadb_encryption_key_management *handle;
|
||||
|
||||
uint get_latest_encryption_key_version()
|
||||
{
|
||||
#ifndef DBUG_OFF
|
||||
if (debug_use_static_encryption_keys)
|
||||
{
|
||||
//mysql_mutex_lock(&LOCK_global_system_variables);
|
||||
uint res = opt_debug_encryption_key_version;
|
||||
//mysql_mutex_unlock(&LOCK_global_system_variables);
|
||||
return res;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (encryption_key_manager)
|
||||
return handle->get_latest_key_version();
|
||||
|
||||
return BAD_ENCRYPTION_KEY_VERSION;
|
||||
}
|
||||
|
||||
uint has_encryption_key(uint version)
|
||||
{
|
||||
if (encryption_key_manager)
|
||||
return handle->has_key_version(version);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
uint get_encryption_key_size(uint version)
|
||||
{
|
||||
if (encryption_key_manager)
|
||||
return handle->get_key_size(version);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int get_encryption_key(uint version, uchar* key, uint size)
|
||||
{
|
||||
#ifndef DBUG_OFF
|
||||
if (debug_use_static_encryption_keys)
|
||||
{
|
||||
memset(key, 0, size);
|
||||
// Just don't support tiny keys, no point anyway.
|
||||
if (size < 4)
|
||||
return 1;
|
||||
|
||||
mi_int4store(key, version);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (encryption_key_manager)
|
||||
return handle->get_key(version, key, size);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int get_encryption_iv(uint version, uchar* iv, uint size)
|
||||
{
|
||||
if (encryption_key_manager)
|
||||
return handle->get_iv(version, iv, size);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int initialize_encryption_key_management_plugin(st_plugin_int *plugin)
|
||||
{
|
||||
if (encryption_key_manager)
|
||||
return 1;
|
||||
|
||||
if (plugin->plugin->init && plugin->plugin->init(plugin))
|
||||
{
|
||||
sql_print_error("Plugin '%s' init function returned error.",
|
||||
plugin->name.str);
|
||||
return 1;
|
||||
}
|
||||
|
||||
encryption_key_manager= plugin_lock(NULL, plugin_int_to_ref(plugin));
|
||||
handle= (struct st_mariadb_encryption_key_management*)
|
||||
plugin->plugin->info;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int finalize_encryption_key_management_plugin(st_plugin_int *plugin)
|
||||
{
|
||||
DBUG_ASSERT(encryption_key_manager);
|
||||
|
||||
if (plugin->plugin->deinit && plugin->plugin->deinit(NULL))
|
||||
{
|
||||
DBUG_PRINT("warning", ("Plugin '%s' deinit function returned error.",
|
||||
plugin->name.str));
|
||||
}
|
||||
plugin_unlock(NULL, encryption_key_manager);
|
||||
encryption_key_manager= 0;
|
||||
return 0;
|
||||
}
|
||||
|
@ -37,6 +37,7 @@
|
||||
#include "lock.h" // MYSQL_LOCK_IGNORE_TIMEOUT
|
||||
#include <mysql/plugin_auth.h>
|
||||
#include <mysql/plugin_password_validation.h>
|
||||
#include <mysql/plugin_encryption_key_management.h>
|
||||
#include "sql_plugin_compat.h"
|
||||
|
||||
#define REPORT_TO_LOG 1
|
||||
@ -85,7 +86,8 @@ const LEX_STRING plugin_type_names[MYSQL_MAX_PLUGIN_TYPE_NUM]=
|
||||
{ C_STRING_WITH_LEN("AUDIT") },
|
||||
{ C_STRING_WITH_LEN("REPLICATION") },
|
||||
{ C_STRING_WITH_LEN("AUTHENTICATION") },
|
||||
{ C_STRING_WITH_LEN("PASSWORD VALIDATION") }
|
||||
{ C_STRING_WITH_LEN("PASSWORD VALIDATION") },
|
||||
{ C_STRING_WITH_LEN("ENCRYPTION KEY MANAGEMENT") }
|
||||
};
|
||||
|
||||
extern int initialize_schema_table(st_plugin_int *plugin);
|
||||
@ -94,6 +96,9 @@ extern int finalize_schema_table(st_plugin_int *plugin);
|
||||
extern int initialize_audit_plugin(st_plugin_int *plugin);
|
||||
extern int finalize_audit_plugin(st_plugin_int *plugin);
|
||||
|
||||
extern int initialize_encryption_key_management_plugin(st_plugin_int *plugin);
|
||||
extern int finalize_encryption_key_management_plugin(st_plugin_int *plugin);
|
||||
|
||||
/*
|
||||
The number of elements in both plugin_type_initialize and
|
||||
plugin_type_deinitialize should equal to the number of plugins
|
||||
@ -102,13 +107,13 @@ extern int finalize_audit_plugin(st_plugin_int *plugin);
|
||||
plugin_type_init plugin_type_initialize[MYSQL_MAX_PLUGIN_TYPE_NUM]=
|
||||
{
|
||||
0, ha_initialize_handlerton, 0, 0,initialize_schema_table,
|
||||
initialize_audit_plugin, 0, 0, 0
|
||||
initialize_audit_plugin, 0, 0, 0, initialize_encryption_key_management_plugin
|
||||
};
|
||||
|
||||
plugin_type_init plugin_type_deinitialize[MYSQL_MAX_PLUGIN_TYPE_NUM]=
|
||||
{
|
||||
0, ha_finalize_handlerton, 0, 0, finalize_schema_table,
|
||||
finalize_audit_plugin, 0, 0, 0
|
||||
finalize_audit_plugin, 0, 0, 0, finalize_encryption_key_management_plugin
|
||||
};
|
||||
|
||||
/*
|
||||
@ -119,7 +124,7 @@ plugin_type_init plugin_type_deinitialize[MYSQL_MAX_PLUGIN_TYPE_NUM]=
|
||||
static int plugin_type_initialization_order[MYSQL_MAX_PLUGIN_TYPE_NUM]=
|
||||
{
|
||||
MYSQL_DAEMON_PLUGIN,
|
||||
MYSQL_KEY_MANAGEMENT_PLUGIN,
|
||||
MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN,
|
||||
MYSQL_STORAGE_ENGINE_PLUGIN,
|
||||
MYSQL_INFORMATION_SCHEMA_PLUGIN,
|
||||
MYSQL_FTPARSER_PLUGIN,
|
||||
@ -160,7 +165,8 @@ static int min_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]=
|
||||
MYSQL_AUDIT_INTERFACE_VERSION,
|
||||
MYSQL_REPLICATION_INTERFACE_VERSION,
|
||||
MIN_AUTHENTICATION_INTERFACE_VERSION,
|
||||
MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION
|
||||
MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION,
|
||||
MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION
|
||||
};
|
||||
static int cur_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]=
|
||||
{
|
||||
@ -172,7 +178,8 @@ static int cur_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]=
|
||||
MYSQL_AUDIT_INTERFACE_VERSION,
|
||||
MYSQL_REPLICATION_INTERFACE_VERSION,
|
||||
MYSQL_AUTHENTICATION_INTERFACE_VERSION,
|
||||
MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION
|
||||
MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION,
|
||||
MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION
|
||||
};
|
||||
|
||||
static struct
|
||||
@ -1954,8 +1961,6 @@ void plugin_shutdown(void)
|
||||
if (!(plugins[i]->state & (PLUGIN_IS_UNINITIALIZED | PLUGIN_IS_FREED |
|
||||
PLUGIN_IS_DISABLED)))
|
||||
{
|
||||
sql_print_warning("Plugin '%s' will be forced to shutdown",
|
||||
plugins[i]->name.str);
|
||||
/*
|
||||
We are forcing deinit on plugins so we don't want to do a ref_count
|
||||
check until we have processed all the plugins.
|
||||
|
@ -62,7 +62,7 @@
|
||||
#include "sql_repl.h"
|
||||
#include "opt_range.h"
|
||||
#include "rpl_parallel.h"
|
||||
#include "my_crypt_key_management.h"
|
||||
#include <my_crypt_key_management.h>
|
||||
|
||||
/*
|
||||
The rule for this file: everything should be 'static'. When a sys_var
|
||||
@ -1134,15 +1134,12 @@ static Sys_var_mybool Sys_debug_use_static_keys(
|
||||
READ_ONLY GLOBAL_VAR(debug_use_static_encryption_keys),
|
||||
CMD_LINE(OPT_ARG), DEFAULT(FALSE));
|
||||
|
||||
static PolyLock_rwlock PLock_sys_debug_encryption_key_version(
|
||||
&LOCK_dbug_encryption_key_version);
|
||||
|
||||
static Sys_var_uint Sys_debug_encryption_key_version(
|
||||
"debug_encryption_key_version",
|
||||
"Encryption key version. Only to be used in internal testing.",
|
||||
GLOBAL_VAR(opt_debug_encryption_key_version),
|
||||
CMD_LINE(REQUIRED_ARG), VALID_RANGE(0,UINT_MAX), DEFAULT(0),
|
||||
BLOCK_SIZE(1), &PLock_sys_debug_encryption_key_version);
|
||||
BLOCK_SIZE(1));
|
||||
#endif
|
||||
|
||||
static Sys_var_mybool Sys_trust_function_creators(
|
||||
|
@ -210,7 +210,7 @@ fil_crypt_get_key(byte *dst, uint* key_length,
|
||||
{
|
||||
// load iv
|
||||
|
||||
int rc = GetCryptoIV(version, (unsigned char*)iv, iv_len);
|
||||
int rc = get_encryption_iv(version, (unsigned char*)iv, iv_len);
|
||||
|
||||
if (rc != CRYPT_KEY_OK) {
|
||||
ib_logf(IB_LOG_LEVEL_FATAL,
|
||||
@ -219,10 +219,10 @@ fil_crypt_get_key(byte *dst, uint* key_length,
|
||||
}
|
||||
}
|
||||
|
||||
if (HasCryptoKey(version)) {
|
||||
*key_length = GetCryptoKeySize(version);
|
||||
if (has_encryption_key(version)) {
|
||||
*key_length = get_encryption_key_size(version);
|
||||
|
||||
int rc = GetCryptoKey(version, (unsigned char*)keybuf, *key_length);
|
||||
int rc = get_encryption_key(version, (unsigned char*)keybuf, *key_length);
|
||||
|
||||
if (rc != CRYPT_KEY_OK) {
|
||||
ib_logf(IB_LOG_LEVEL_FATAL,
|
||||
@ -295,7 +295,7 @@ fil_crypt_get_latest_key(byte *dst, uint* key_length,
|
||||
{
|
||||
if (srv_encrypt_tables) {
|
||||
// used for key rotation - get the next key id from the key provider
|
||||
int rc = GetLatestCryptoKeyVersion();
|
||||
int rc = get_latest_encryption_key_version();
|
||||
|
||||
// if no new key was created use the last one
|
||||
if (rc >= 0)
|
||||
@ -325,7 +325,7 @@ fil_space_create_crypt_data()
|
||||
crypt_data->min_key_version = 0;
|
||||
} else {
|
||||
crypt_data->type = CRYPT_SCHEME_1;
|
||||
crypt_data->min_key_version = GetLatestCryptoKeyVersion();
|
||||
crypt_data->min_key_version = get_latest_encryption_key_version();
|
||||
}
|
||||
|
||||
mutex_create(fil_crypt_data_mutex_key,
|
||||
@ -652,7 +652,7 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn,
|
||||
{
|
||||
// take the iv from the key provider
|
||||
|
||||
int load_iv_rc = GetCryptoIV(key_version, (uchar *) iv, sizeof(iv));
|
||||
int load_iv_rc = get_encryption_iv(key_version, (uchar *) iv, sizeof(iv));
|
||||
|
||||
// if the iv can not be loaded the whole page can not be encrypted
|
||||
if (load_iv_rc != CRYPT_KEY_OK)
|
||||
@ -869,7 +869,7 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data,
|
||||
{
|
||||
// take the iv from the key provider
|
||||
|
||||
int load_iv_rc = GetCryptoIV(key_version, (uchar *) iv, sizeof(iv));
|
||||
int load_iv_rc = get_encryption_iv(key_version, (uchar *) iv, sizeof(iv));
|
||||
|
||||
// if the iv can not be loaded the whole page can not be decrypted
|
||||
if (load_iv_rc != CRYPT_KEY_OK)
|
||||
@ -1049,7 +1049,7 @@ fil_crypt_get_key_state(
|
||||
key_state_t *new_state)
|
||||
{
|
||||
if (srv_encrypt_tables == TRUE) {
|
||||
new_state->key_version = GetLatestCryptoKeyVersion();
|
||||
new_state->key_version = get_latest_encryption_key_version();
|
||||
new_state->rotate_key_age = srv_fil_crypt_rotate_key_age;
|
||||
ut_a(new_state->key_version > 0);
|
||||
} else {
|
||||
@ -2375,7 +2375,7 @@ fil_space_crypt_get_status(
|
||||
}
|
||||
|
||||
if (srv_encrypt_tables == TRUE) {
|
||||
status->current_key_version = GetLatestCryptoKeyVersion();
|
||||
status->current_key_version = get_latest_encryption_key_version();
|
||||
} else {
|
||||
status->current_key_version = 0;
|
||||
}
|
||||
|
@ -1153,7 +1153,7 @@ fil_space_create(
|
||||
ut_a(fil_system);
|
||||
|
||||
if (fsp_flags_is_page_encrypted(flags)) {
|
||||
if (!HasCryptoKey(fsp_flags_get_page_encryption_key(flags))) {
|
||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
||||
/* by returning here it should be avoided that
|
||||
* the server crashes, if someone tries to access an
|
||||
* encrypted table and the encryption key is not available.
|
||||
|
@ -11370,7 +11370,7 @@ ha_innobase::check_table_options(
|
||||
return "PAGE_ENCRYPTION_KEY";
|
||||
}
|
||||
|
||||
if (!HasCryptoKey(options->page_encryption_key)) {
|
||||
if (!has_encryption_key(options->page_encryption_key)) {
|
||||
push_warning_printf(
|
||||
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||
HA_WRONG_CREATE_OPTION,
|
||||
|
@ -147,9 +147,9 @@ fil_page_encryption_status(
|
||||
if (page_type == FIL_PAGE_TYPE_FSP_HDR) {
|
||||
ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf);
|
||||
if (fsp_flags_is_page_encrypted(flags)) {
|
||||
if (!HasCryptoKey(fsp_flags_get_page_encryption_key(flags))) {
|
||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
||||
/* accessing table would surely fail, because no key or no key provider available */
|
||||
if (!HasCryptoKey(fsp_flags_get_page_encryption_key(flags))) {
|
||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
||||
return PAGE_ENCRYPTION_KEY_MISSING;
|
||||
}
|
||||
return PAGE_ENCRYPTION_ERROR;
|
||||
@ -159,7 +159,7 @@ fil_page_encryption_status(
|
||||
|
||||
if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) {
|
||||
ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION);
|
||||
if (!HasCryptoKey(key)) {
|
||||
if (!has_encryption_key(key)) {
|
||||
return PAGE_ENCRYPTION_KEY_MISSING;
|
||||
}
|
||||
return PAGE_ENCRYPTION_ERROR;
|
||||
|
@ -12,7 +12,7 @@ Created 11/25/2013 Minli Zhu
|
||||
#include "ut0lst.h"
|
||||
#include "ut0rnd.h"
|
||||
#include "my_aes.h"
|
||||
#include "my_crypt_key_management.h" // for key version and key
|
||||
#include <my_crypt_key_management.h>
|
||||
|
||||
#define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1
|
||||
#define PURPOSE_BYTE_OFFSET 0
|
||||
|
@ -37,7 +37,7 @@ Note:
|
||||
We should not use flags and conditions such as:
|
||||
(srv_encrypt_log &&
|
||||
debug_use_static_keys &&
|
||||
GetLatestCryptoKeyVersion() == UNENCRYPTED_KEY_VER)
|
||||
get_latest_encryption_key_version() == UNENCRYPTED_KEY_VER)
|
||||
because they haven't been read and set yet in the situation of resetting
|
||||
redo logs.
|
||||
*/
|
||||
@ -93,7 +93,7 @@ log_init_crypt_key(
|
||||
}
|
||||
|
||||
byte mysqld_key[MY_AES_BLOCK_SIZE] = {0};
|
||||
if (GetCryptoKey(crypt_ver, mysqld_key, MY_AES_BLOCK_SIZE))
|
||||
if (get_encryption_key(crypt_ver, mysqld_key, MY_AES_BLOCK_SIZE))
|
||||
{
|
||||
fprintf(stderr,
|
||||
"\nInnodb redo log crypto: getting mysqld crypto key "
|
||||
@ -234,7 +234,7 @@ log_crypt_set_ver_and_key(
|
||||
byte* crypt_key) /*!< out: crypto key */
|
||||
{
|
||||
if (!srv_encrypt_log ||
|
||||
(key_ver = GetLatestCryptoKeyVersion()) == UNENCRYPTED_KEY_VER)
|
||||
(key_ver = get_latest_encryption_key_version()) == UNENCRYPTED_KEY_VER)
|
||||
{
|
||||
key_ver = UNENCRYPTED_KEY_VER;
|
||||
memset(crypt_key, 0, MY_AES_BLOCK_SIZE);
|
||||
|
@ -210,7 +210,7 @@ fil_crypt_get_key(byte *dst, uint* key_length,
|
||||
{
|
||||
// load iv
|
||||
|
||||
int rc = GetCryptoIV(version, (unsigned char*)iv, iv_len);
|
||||
int rc = get_encryption_iv(version, (unsigned char*)iv, iv_len);
|
||||
|
||||
if (rc != CRYPT_KEY_OK) {
|
||||
ib_logf(IB_LOG_LEVEL_FATAL,
|
||||
@ -219,10 +219,10 @@ fil_crypt_get_key(byte *dst, uint* key_length,
|
||||
}
|
||||
}
|
||||
|
||||
if (HasCryptoKey(version)) {
|
||||
*key_length = GetCryptoKeySize(version);
|
||||
if (has_encryption_key(version)) {
|
||||
*key_length = get_encryption_key_size(version);
|
||||
|
||||
int rc = GetCryptoKey(version, (unsigned char*)keybuf, *key_length);
|
||||
int rc = get_encryption_key(version, (unsigned char*)keybuf, *key_length);
|
||||
|
||||
if (rc != CRYPT_KEY_OK) {
|
||||
ib_logf(IB_LOG_LEVEL_FATAL,
|
||||
@ -295,7 +295,7 @@ fil_crypt_get_latest_key(byte *dst, uint* key_length,
|
||||
{
|
||||
if (srv_encrypt_tables) {
|
||||
// used for key rotation - get the next key id from the key provider
|
||||
int rc = GetLatestCryptoKeyVersion();
|
||||
int rc = get_latest_encryption_key_version();
|
||||
|
||||
// if no new key was created use the last one
|
||||
if (rc >= 0)
|
||||
@ -326,7 +326,7 @@ fil_space_create_crypt_data()
|
||||
crypt_data->min_key_version = 0;
|
||||
} else {
|
||||
crypt_data->type = CRYPT_SCHEME_1;
|
||||
crypt_data->min_key_version = GetLatestCryptoKeyVersion();
|
||||
crypt_data->min_key_version = get_latest_encryption_key_version();
|
||||
}
|
||||
|
||||
mutex_create(fil_crypt_data_mutex_key,
|
||||
@ -653,7 +653,7 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn,
|
||||
{
|
||||
// take the iv from the key provider
|
||||
|
||||
int load_iv_rc = GetCryptoIV(key_version, (uchar *) iv, sizeof(iv));
|
||||
int load_iv_rc = get_encryption_iv(key_version, (uchar *) iv, sizeof(iv));
|
||||
|
||||
// if the iv can not be loaded the whole page can not be encrypted
|
||||
if (load_iv_rc != CRYPT_KEY_OK)
|
||||
@ -869,7 +869,7 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data,
|
||||
{
|
||||
// take the iv from the key provider
|
||||
|
||||
int load_iv_rc = GetCryptoIV(key_version, (uchar *) iv, sizeof(iv));
|
||||
int load_iv_rc = get_encryption_iv(key_version, (uchar *) iv, sizeof(iv));
|
||||
|
||||
// if the iv can not be loaded the whole page can not be decrypted
|
||||
if (load_iv_rc != CRYPT_KEY_OK)
|
||||
@ -1049,7 +1049,7 @@ fil_crypt_get_key_state(
|
||||
key_state_t *new_state)
|
||||
{
|
||||
if (srv_encrypt_tables == TRUE) {
|
||||
new_state->key_version = GetLatestCryptoKeyVersion();
|
||||
new_state->key_version = get_latest_encryption_key_version();
|
||||
new_state->rotate_key_age = srv_fil_crypt_rotate_key_age;
|
||||
ut_a(new_state->key_version > 0);
|
||||
} else {
|
||||
@ -2375,7 +2375,7 @@ fil_space_crypt_get_status(
|
||||
}
|
||||
|
||||
if (srv_encrypt_tables == TRUE) {
|
||||
status->current_key_version = GetLatestCryptoKeyVersion();
|
||||
status->current_key_version = get_latest_encryption_key_version();
|
||||
} else {
|
||||
status->current_key_version = 0;
|
||||
}
|
||||
|
@ -1188,7 +1188,7 @@ fil_space_create(
|
||||
ut_a(fil_system);
|
||||
|
||||
if (fsp_flags_is_page_encrypted(flags)) {
|
||||
if (!HasCryptoKey(fsp_flags_get_page_encryption_key(flags))) {
|
||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
||||
/* by returning here it should be avoided that
|
||||
* the server crashes, if someone tries to access an
|
||||
* encrypted table and the encryption key is not available.
|
||||
|
@ -11887,7 +11887,7 @@ ha_innobase::check_table_options(
|
||||
return "PAGE_ENCRYPTION_KEY";
|
||||
}
|
||||
|
||||
if (!HasCryptoKey(options->page_encryption_key)) {
|
||||
if (!has_encryption_key(options->page_encryption_key)) {
|
||||
push_warning_printf(
|
||||
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||
HA_WRONG_CREATE_OPTION,
|
||||
|
@ -27,9 +27,6 @@ Created 08/28/2014
|
||||
#include "fil0pageencryption.h"
|
||||
#include <my_crypt_key_management.h>
|
||||
|
||||
|
||||
|
||||
|
||||
/********************************************************************//**
|
||||
Determine if the tablespace is page encrypted from dict_table_t::flags.
|
||||
@return TRUE if page encrypted, FALSE if not page encrypted */
|
||||
@ -151,9 +148,9 @@ fil_page_encryption_status(
|
||||
if (page_type == FIL_PAGE_TYPE_FSP_HDR) {
|
||||
ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf);
|
||||
if (fsp_flags_is_page_encrypted(flags)) {
|
||||
if (!HasCryptoKey(fsp_flags_get_page_encryption_key(flags))) {
|
||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
||||
/* accessing table would surely fail, because no key or no key provider available */
|
||||
if (!HasCryptoKey(fsp_flags_get_page_encryption_key(flags))) {
|
||||
if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) {
|
||||
return PAGE_ENCRYPTION_KEY_MISSING;
|
||||
}
|
||||
return PAGE_ENCRYPTION_ERROR;
|
||||
@ -163,7 +160,7 @@ fil_page_encryption_status(
|
||||
|
||||
if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) {
|
||||
ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION);
|
||||
if (!HasCryptoKey(key)) {
|
||||
if (!has_encryption_key(key)) {
|
||||
return PAGE_ENCRYPTION_KEY_MISSING;
|
||||
}
|
||||
return PAGE_ENCRYPTION_ERROR;
|
||||
|
@ -12,7 +12,7 @@ Created 11/25/2013 Minli Zhu
|
||||
#include "ut0lst.h"
|
||||
#include "ut0rnd.h"
|
||||
#include "my_aes.h"
|
||||
#include "my_crypt_key_management.h" // for key version and key
|
||||
#include <my_crypt_key_management.h>
|
||||
|
||||
#define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1
|
||||
#define PURPOSE_BYTE_OFFSET 0
|
||||
|
@ -37,7 +37,7 @@ Note:
|
||||
We should not use flags and conditions such as:
|
||||
(srv_encrypt_log &&
|
||||
debug_use_static_keys &&
|
||||
GetLatestCryptoKeyVersion() == UNENCRYPTED_KEY_VER)
|
||||
get_latest_encryption_key_version() == UNENCRYPTED_KEY_VER)
|
||||
because they haven't been read and set yet in the situation of resetting
|
||||
redo logs.
|
||||
*/
|
||||
@ -93,7 +93,7 @@ log_init_crypt_key(
|
||||
}
|
||||
|
||||
byte mysqld_key[MY_AES_BLOCK_SIZE] = {0};
|
||||
if (GetCryptoKey(crypt_ver, mysqld_key, MY_AES_BLOCK_SIZE))
|
||||
if (get_encryption_key(crypt_ver, mysqld_key, MY_AES_BLOCK_SIZE))
|
||||
{
|
||||
fprintf(stderr,
|
||||
"\nInnodb redo log crypto: getting mysqld crypto key "
|
||||
@ -234,7 +234,7 @@ log_crypt_set_ver_and_key(
|
||||
byte* crypt_key) /*!< out: crypto key */
|
||||
{
|
||||
if (!srv_encrypt_log ||
|
||||
(key_ver = GetLatestCryptoKeyVersion()) == UNENCRYPTED_KEY_VER)
|
||||
(key_ver = get_latest_encryption_key_version()) == UNENCRYPTED_KEY_VER)
|
||||
{
|
||||
key_ver = UNENCRYPTED_KEY_VER;
|
||||
memset(crypt_key, 0, MY_AES_BLOCK_SIZE);
|
||||
|
Loading…
x
Reference in New Issue
Block a user