From bb1b61b312088ba9f5f2cb606594b6f33c284402 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Tue, 31 Mar 2015 19:32:35 +0200
Subject: encryption plugin controls the encryption

* no --encryption-algorithm option anymore
* encrypt/decrypt methods in the encryption plugin
* ecnrypt/decrypt methods in the encryption_km service
* file_km plugin has --file-key-management-encryption-algorithm
* debug_km always uses aes_cbc
* example_km changes between aes_cbc and aes_ecb for different key versions
---
 include/mysql/plugin_encryption.h.pp | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'include/mysql/plugin_encryption.h.pp')

diff --git a/include/mysql/plugin_encryption.h.pp b/include/mysql/plugin_encryption.h.pp
index a09e0e0543b..100928f0b19 100644
--- a/include/mysql/plugin_encryption.h.pp
+++ b/include/mysql/plugin_encryption.h.pp
@@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key);
 void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
 int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
 #include <mysql/service_encryption_keys.h>
+typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen,
+                                    unsigned char* dst, unsigned int* dlen,
+                                    const unsigned char* key, unsigned int klen,
+                                    const unsigned char* iv, unsigned int ivlen,
+                                    int no_padding, unsigned int key_version);
 extern struct encryption_keys_service_st {
   unsigned int (*get_latest_encryption_key_version_func)();
   unsigned int (*has_encryption_key_func)(unsigned int);
   unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*);
+  encrypt_decrypt_func encrypt_data_func;
+  encrypt_decrypt_func decrypt_data_func;
 } *encryption_keys_service;
 unsigned int get_latest_encryption_key_version();
 unsigned int has_encryption_key(unsigned int version);
 unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize);
+int encrypt_data(const unsigned char* src, unsigned int slen,
+                 unsigned char* dst, unsigned int* dlen,
+                 const unsigned char* key, unsigned int klen,
+                 const unsigned char* iv, unsigned int ivlen,
+                 int no_padding, unsigned int key_version);
+int decrypt_data(const unsigned char* src, unsigned int slen,
+                 unsigned char* dst, unsigned int* dlen,
+                 const unsigned char* key, unsigned int klen,
+                 const unsigned char* iv, unsigned int ivlen,
+                 int no_padding, unsigned int key_version);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;
@@ -368,4 +385,6 @@ struct st_mariadb_encryption
   unsigned int (*get_latest_key_version)();
   unsigned int (*get_key)(unsigned int version, unsigned char *key,
                           unsigned int *key_length);
+  encrypt_decrypt_func encrypt;
+  encrypt_decrypt_func decrypt;
 };
-- 
cgit v1.2.1