summaryrefslogtreecommitdiff
path: root/include/mysql/plugin_password_validation.h.pp
diff options
context:
space:
mode:
authorSergei Golubchik <serg@mariadb.org>2015-09-04 10:32:52 +0200
committerSergei Golubchik <serg@mariadb.org>2015-09-04 10:33:50 +0200
commit66b9a9409c73e298d6ceb668783a7cdd5ee85a69 (patch)
treebe04b2c42d1b858756c5a8ba5355abd961589ec8 /include/mysql/plugin_password_validation.h.pp
parentd94a982adbc21d74c0202f1ef64119baeb27c597 (diff)
downloadmariadb-git-66b9a9409c73e298d6ceb668783a7cdd5ee85a69.tar.gz
New encryption API. Piece-wise encryption.
Instead of encrypt(src, dst, key, iv) that encrypts all data in one go, now we have encrypt_init(key,iv), encrypt_update(src,dst), and encrypt_finish(dst). This also causes collateral changes in the internal my_crypt.cc encryption functions and in the encryption service. There are wrappers to provide the old all-at-once encryption functionality. But binlog events are often written piecewise, they'll need the new api.
Diffstat (limited to 'include/mysql/plugin_password_validation.h.pp')
-rw-r--r--include/mysql/plugin_password_validation.h.pp49
1 files changed, 37 insertions, 12 deletions
diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp
index 8d3a300f02c..0f14ac1eb53 100644
--- a/include/mysql/plugin_password_validation.h.pp
+++ b/include/mysql/plugin_password_validation.h.pp
@@ -181,21 +181,46 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
void thd_key_delete(MYSQL_THD_KEY_T *key);
void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
-typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
- unsigned char* dst, unsigned int* dlen,
- const unsigned char* key, unsigned int klen,
- const unsigned char* iv, unsigned int ivlen,
- int no_padding, unsigned int key_id,
- unsigned int key_version);
struct encryption_service_st {
- unsigned int (*encryption_key_get_latest_version_func)(unsigned int);
- unsigned int (*encryption_key_id_exists_func)(unsigned int);
- unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int);
- unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*);
- encrypt_decrypt_func encryption_encrypt_func;
- encrypt_decrypt_func encryption_decrypt_func;
+ unsigned int (*encryption_key_get_latest_version_func)(unsigned int key_id);
+ unsigned int (*encryption_key_get_func)(unsigned int key_id, unsigned int key_version,
+ unsigned char* buffer, unsigned int* length);
+ unsigned int (*encryption_ctx_size_func)(unsigned int key_id, unsigned int key_version);
+ int (*encryption_ctx_init_func)(void *ctx, const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int flags, unsigned int key_id,
+ unsigned int key_version);
+ int (*encryption_ctx_update_func)(void *ctx, const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen);
+ int (*encryption_ctx_finish_func)(void *ctx, unsigned char* dst, unsigned int* dlen);
+ unsigned int (*encryption_encrypted_length_func)(unsigned int slen, unsigned int key_id, unsigned int key_version);
};
extern struct encryption_service_st encryption_handler;
+static inline unsigned int encryption_key_id_exists(unsigned int id)
+{
+ return encryption_handler.encryption_key_get_latest_version_func(id) != (~(unsigned int)0);
+}
+static inline unsigned int encryption_key_version_exists(unsigned int id, unsigned int version)
+{
+ unsigned int unused;
+ return encryption_handler.encryption_key_get_func((id),(version),(NULL),(&unused)) != (~(unsigned int)0);
+}
+static inline int encryption_crypt(const unsigned char* src, unsigned int slen,
+ unsigned char* dst, unsigned int* dlen,
+ const unsigned char* key, unsigned int klen,
+ const unsigned char* iv, unsigned int ivlen,
+ int flags, unsigned int key_id, unsigned int key_version)
+{
+ void *ctx= alloca(encryption_handler.encryption_ctx_size_func((key_id),(key_version)));
+ int res1, res2;
+ unsigned int d1, d2;
+ if ((res1= encryption_handler.encryption_ctx_init_func((ctx),(key),(klen),(iv),(ivlen),(flags),(key_id),(key_version))))
+ return res1;
+ res1= encryption_handler.encryption_ctx_update_func((ctx),(src),(slen),(dst),(&d1));
+ res2= encryption_handler.encryption_ctx_finish_func((ctx),(dst + d1),(&d2));
+ *dlen= d1 + d2;
+ return res1 ? res1 : res2;
+}
struct st_encryption_scheme_key {
unsigned int version;
unsigned char key[16];
View Lorry Controller Status