encryption plugin controls the encryption

* no --encryption-algorithm option anymore
* encrypt/decrypt methods in the encryption plugin
* ecnrypt/decrypt methods in the encryption_km service
* file_km plugin has --file-key-management-encryption-algorithm
* debug_km always uses aes_cbc
* example_km changes between aes_cbc and aes_ecb for different key versions

2 files changed, 39 insertions, 193 deletions

diff --git a/mysys_ssl/my_aes.cc b/mysys_ssl/my_aes.cc
index 97af3c39381..069d8d74ab2 100644
--- a/mysys_ssl/my_aes.cc
+++ b/mysys_ssl/my_aes.cc
@@ -19,163 +19,9 @@
 #include <my_crypt.h>
 
 /**
-   Encryption interface that doesn't do anything (for testing)
-
-   SYNOPSIS
-     my_aes_encrypt_none()
-     @param source         [in]  Pointer to data for encryption
-     @param source_length  [in]  Size of encryption data
-     @param dest           [out] Buffer to place encrypted data (must be large enough)
-     @param dest_length    [out] Pointer to size of encrypted data
-     @param key            [in]  Key to be used for encryption
-     @param key_length     [in]  Length of the key. 16, 24 or 32
-     @param iv             [in]  Iv to be used for encryption
-     @param iv_length      [in]  Length of the iv. should be 16.
-     @param noPadding	   [in]  unused
-  @return
-    != 0           error
-    0             no error
-*/
-
-static int my_aes_encrypt_none(const uchar* source, uint32 source_length,
-                               uchar* dest, uint32* dest_length,
-                               const unsigned char* key, uint8 key_length,
-                               const unsigned char* iv, uint8 iv_length,
-                               uint noPadding)
-{
-  memcpy(dest, source, source_length);
-  *dest_length= source_length;
-  return 0;
-}
-
-
-/**
-   Decryption interface that doesn't do anything (for testing)
-
-   SYNOPSIS
-     my_aes_decrypt_none()
-     @param source         [in]  Pointer to data to decrypt
-     @param source_length  [in]  Size of data
-     @param dest           [out] Buffer to place decrypted data (must be large enough)
-     @param dest_length    [out] Pointer to size of decrypted data
-     @param key            [in]  Key to be used for decryption
-     @param key_length     [in]  Length of the key. 16, 24 or 32
-     @param iv             [in]  Iv to be used for encryption
-     @param iv_length      [in]  Length of the iv. should be 16.
-     @param noPadding	   [in]  unused
-
-  @return
-    != 0           error
-    0             no error
-*/
-
-int my_aes_decrypt_none(const uchar* source, uint32 source_length,
-                        uchar* dest, uint32 *dest_length,
-                        const unsigned char* key, uint8 key_length,
-                        const unsigned char* iv, uint8 iv_length,
-                        uint noPadding)
-{
-  memcpy(dest, source, source_length);
-  *dest_length= source_length;
-  return 0;
-}
-
-/**
   Initialize encryption methods
 */
 
-my_aes_decrypt_dynamic_type my_aes_decrypt_dynamic= my_aes_decrypt_none;
-my_aes_encrypt_dynamic_type my_aes_encrypt_dynamic= my_aes_encrypt_none;
-enum_my_aes_encryption_algorithm current_aes_dynamic_method= MY_AES_ALGORITHM_NONE;
-
-my_bool my_aes_init_dynamic_encrypt(enum_my_aes_encryption_algorithm method)
-{
-  switch (method)
-  {
-    /* used for encrypting tables */
-  case MY_AES_ALGORITHM_ECB:
-    my_aes_encrypt_dynamic= my_aes_encrypt_ecb;
-    my_aes_decrypt_dynamic= my_aes_decrypt_ecb;
-    break;
-  case MY_AES_ALGORITHM_CBC:
-    my_aes_encrypt_dynamic= my_aes_encrypt_cbc;
-    my_aes_decrypt_dynamic= my_aes_decrypt_cbc;
-    break;
-#ifdef HAVE_EncryptAes128Ctr
-    /* encrypt everything, with a set of keys */
-  case MY_AES_ALGORITHM_CTR:
-    my_aes_encrypt_dynamic= my_aes_encrypt_ctr;
-    my_aes_decrypt_dynamic= my_aes_decrypt_ctr;
-    break;
-#endif
-    /* Simulate encrypting interface */
-  case MY_AES_ALGORITHM_NONE:
-    my_aes_encrypt_dynamic= my_aes_encrypt_none;
-    my_aes_decrypt_dynamic= my_aes_decrypt_none;
-    break;
-  default:
-    return 1;
-  }
-  current_aes_dynamic_method= method;
-  return 0;
-}
-
-my_aes_decrypt_dynamic_type
-get_aes_decrypt_func(enum_my_aes_encryption_algorithm method)
-{
-  switch (method)
-  {
-    /* used for encrypting tables */
-  case MY_AES_ALGORITHM_ECB:
-    return my_aes_decrypt_ecb;
-    break;
-  case MY_AES_ALGORITHM_CBC:
-    return my_aes_decrypt_cbc;
-    break;
-#ifdef HAVE_EncryptAes128Ctr
-    /* encrypt everything, with a set of keys */
-  case MY_AES_ALGORITHM_CTR:
-    return my_aes_decrypt_ctr;
-    break;
-#endif
-    /* Simulate encrypting interface */
-  case MY_AES_ALGORITHM_NONE:
-    return my_aes_decrypt_none;
-    break;
-  default:
-    return NULL;
-  }
-  return NULL;
-}
-
-my_aes_encrypt_dynamic_type
-get_aes_encrypt_func(enum_my_aes_encryption_algorithm method)
-{
-  switch (method)
-  {
-    /* used for encrypting tables */
-  case MY_AES_ALGORITHM_ECB:
-    return my_aes_encrypt_ecb;
-    break;
-  case MY_AES_ALGORITHM_CBC:
-    return my_aes_encrypt_cbc;
-    break;
-#ifdef HAVE_EncryptAes128Ctr
-    /* encrypt everything, with a set of keys */
-  case MY_AES_ALGORITHM_CTR:
-    return my_aes_encrypt_ctr;
-    break;
-#endif
-    /* Simulate encrypting interface */
-  case MY_AES_ALGORITHM_NONE:
-    return my_aes_encrypt_none;
-    break;
-  default:
-    return NULL;
-  }
-  return NULL;
-}
-
 /**
   Get size of buffer which will be large enough for encrypted data
 
diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc
index 60072a5bbaf..1709ae5e5eb 100644
--- a/mysys_ssl/my_crypt.cc
+++ b/mysys_ssl/my_crypt.cc
@@ -26,8 +26,8 @@ static const Dir CRYPT_ENCRYPT = TaoCrypt::ENCRYPTION;
 static const Dir CRYPT_DECRYPT = TaoCrypt::DECRYPTION;
 
 typedef TaoCrypt::Mode CipherMode;
-static inline CipherMode aes_ecb(uint8) { return TaoCrypt::ECB; }
-static inline CipherMode aes_cbc(uint8) { return TaoCrypt::CBC; }
+static inline CipherMode aes_ecb(uint) { return TaoCrypt::ECB; }
+static inline CipherMode aes_cbc(uint) { return TaoCrypt::CBC; }
 
 typedef TaoCrypt::byte KeyByte;
 
@@ -42,7 +42,7 @@ static const Dir CRYPT_DECRYPT = 0;
 typedef const EVP_CIPHER *CipherMode;
 
 #define make_aes_dispatcher(mode)                               \
-  static inline CipherMode aes_ ## mode(uint8 key_length)       \
+  static inline CipherMode aes_ ## mode(uint key_length)       \
   {                                                             \
     switch (key_length) {                                       \
     case 16: return EVP_aes_128_ ## mode();                     \
@@ -67,10 +67,10 @@ struct MyCTX : EVP_CIPHER_CTX {
 #endif
 
 static int do_crypt(CipherMode cipher, Dir dir,
-                    const uchar* source, uint32 source_length,
-                    uchar* dest, uint32* dest_length,
-                    const KeyByte *key, uint8 key_length,
-                    const KeyByte *iv, uint8 iv_length, int no_padding)
+                    const uchar* source, uint source_length,
+                    uchar* dest, uint* dest_length,
+                    const KeyByte *key, uint key_length,
+                    const KeyByte *iv, uint iv_length, int no_padding)
 {
   int tail= source_length % MY_AES_BLOCK_SIZE;
 
@@ -123,8 +123,8 @@ static int do_crypt(CipherMode cipher, Dir dir,
 
   EVP_CIPHER_CTX_set_padding(&ctx, !no_padding);
 
-  DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == key_length);
-  DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length);
+  DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == (int)key_length);
+  DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == (int)iv_length);
   DBUG_ASSERT(EVP_CIPHER_CTX_block_size(&ctx) == MY_AES_BLOCK_SIZE || !no_padding);
 
   /* use built-in OpenSSL padding, if possible */
@@ -164,11 +164,11 @@ C_MODE_START
 
 #ifdef HAVE_EncryptAes128Ctr
 
-int my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
-                       uchar* dest, uint32* dest_length,
-                       const uchar* key, uint8 key_length,
-                       const uchar* iv, uint8 iv_length,
-                       uint no_padding)
+int my_aes_encrypt_ctr(const uchar* source, uint source_length,
+                       uchar* dest, uint* dest_length,
+                       const uchar* key, uint key_length,
+                       const uchar* iv, uint iv_length,
+                       int no_padding)
 {
   /* CTR is a stream cipher mode, it needs no special padding code */
   return do_crypt(aes_ctr(key_length), CRYPT_ENCRYPT, source, source_length,
@@ -176,11 +176,11 @@ int my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
 }
 
 
-int my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
-                       uchar* dest, uint32* dest_length,
-                       const uchar* key, uint8 key_length,
-                       const uchar* iv, uint8 iv_length,
-                       uint no_padding)
+int my_aes_decrypt_ctr(const uchar* source, uint source_length,
+                       uchar* dest, uint* dest_length,
+                       const uchar* key, uint key_length,
+                       const uchar* iv, uint iv_length,
+                       int no_padding)
 {
   return do_crypt(aes_ctr(key_length), CRYPT_DECRYPT, source, source_length,
                   dest, dest_length, key, key_length, iv, iv_length, 0);
@@ -188,41 +188,41 @@ int my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
 
 #endif /* HAVE_EncryptAes128Ctr */
 
-int my_aes_encrypt_ecb(const uchar* source, uint32 source_length,
-                       uchar* dest, uint32* dest_length,
-                       const uchar* key, uint8 key_length,
-                       const uchar* iv, uint8 iv_length,
-                       uint no_padding)
+int my_aes_encrypt_ecb(const uchar* source, uint source_length,
+                       uchar* dest, uint* dest_length,
+                       const uchar* key, uint key_length,
+                       const uchar* iv, uint iv_length,
+                       int no_padding)
 {
   return do_crypt(aes_ecb(key_length), CRYPT_ENCRYPT, source, source_length,
                         dest, dest_length, key, key_length, 0, 0, no_padding);
 }
 
-int my_aes_decrypt_ecb(const uchar* source, uint32 source_length,
-                       uchar* dest, uint32* dest_length,
-                       const uchar* key, uint8 key_length,
-                       const uchar* iv, uint8 iv_length,
-                       uint no_padding)
+int my_aes_decrypt_ecb(const uchar* source, uint source_length,
+                       uchar* dest, uint* dest_length,
+                       const uchar* key, uint key_length,
+                       const uchar* iv, uint iv_length,
+                       int no_padding)
 {
   return do_crypt(aes_ecb(key_length), CRYPT_DECRYPT, source, source_length,
                         dest, dest_length, key, key_length, 0, 0, no_padding);
 }
 
-int my_aes_encrypt_cbc(const uchar* source, uint32 source_length,
-                       uchar* dest, uint32* dest_length,
-                       const uchar* key, uint8 key_length,
-                       const uchar* iv, uint8 iv_length,
-                       uint no_padding)
+int my_aes_encrypt_cbc(const uchar* source, uint source_length,
+                       uchar* dest, uint* dest_length,
+                       const uchar* key, uint key_length,
+                       const uchar* iv, uint iv_length,
+                       int no_padding)
 {
   return do_crypt(aes_cbc(key_length), CRYPT_ENCRYPT, source, source_length,
                         dest, dest_length, key, key_length, iv, iv_length, no_padding);
 }
 
-int my_aes_decrypt_cbc(const uchar* source, uint32 source_length,
-                       uchar* dest, uint32* dest_length,
-                       const uchar* key, uint8 key_length,
-                       const uchar* iv, uint8 iv_length,
-                       uint no_padding)
+int my_aes_decrypt_cbc(const uchar* source, uint source_length,
+                       uchar* dest, uint* dest_length,
+                       const uchar* key, uint key_length,
+                       const uchar* iv, uint iv_length,
+                       int no_padding)
 {
   return do_crypt(aes_cbc(key_length), CRYPT_DECRYPT, source, source_length,
                         dest, dest_length, key, key_length, iv, iv_length, no_padding);