Na}{

File Content: `service_encryption_scheme.h`

#ifndef MYSQL_SERVICE_ENCRYPTION_SCHEME_INCLUDED
/* Copyright (c) 2015, MariaDB

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; version 2 of the License.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335  USA */

/**
  @file
  encryption scheme service

  A higher-level access to encryption service.

  This is a helper service that storage engines use to encrypt tables on disk.
  It requests keys from the plugin, generates temporary or local keys
  from the global (as returned by the plugin) keys, etc.

  To use the service:

  * st_encryption_scheme object is created per space. A "space" can be
    a table space in XtraDB/InnoDB, a file in Aria, etc.  The whole
    space is encrypted with the one key id.

  * The service does not take the key and the IV as parameters for
    encryption or decryption. Instead it takes two 32-bit integers and
    one 64-bit integer (and requests the key from an encryption
    plugin, if needed).

  * The service requests the global key from the encryption plugin
    automatically as needed. Three last keys are cached in the
    st_encryption_scheme. Number of key requests (number of cache
    misses) are counted in st_encryption_scheme::keyserver_requests

  * If an st_encryption_scheme can be used concurrently by different
    threads, it needs to be able to lock itself when accessing the key
    cache.  Set the st_encryption_scheme::locker appropriately. If
    non-zero, it will be invoked by encrypt/decrypt functions to lock
    and unlock the scheme when needed.

  * Implementation details (in particular, key derivation) are defined
    by the scheme type. Currently only schema type 1 is supported.

  In the schema type 1, every "space" (table space in XtraDB/InnoDB,
  file in Aria) is encrypted with a different space-local key:

  * Every space has a 16-byte unique identifier (typically it's
    generated randomly and stored in the space). The caller should
    put it into st_encryption_scheme::iv.

  * Space-local key is generated by encrypting this identifier with
    the global encryption key (of the given id and version) using AES_ECB.

  * Encryption/decryption parameters for a page are typically the
    4-byte space id, 4-byte page position (offset, page number, etc),
    and the 8-byte LSN. This guarantees that they'll be different for
    any two pages (of the same or different tablespaces) and also that
    they'll change for the same page when it's modified. They don't need
    to be secret (they create the IV, not the encryption key).
*/

#ifdef __cplusplus
extern "C" {
#endif

#define ENCRYPTION_SCHEME_KEY_INVALID    -1
#define ENCRYPTION_SCHEME_BLOCK_LENGTH   16

struct st_encryption_scheme_key {
  unsigned int version;
  unsigned char key[ENCRYPTION_SCHEME_BLOCK_LENGTH];
};

struct st_encryption_scheme {
  unsigned char iv[ENCRYPTION_SCHEME_BLOCK_LENGTH];
  struct st_encryption_scheme_key key[3];
  unsigned int keyserver_requests;
  unsigned int key_id;
  unsigned int type;

  void (*locker)(struct st_encryption_scheme *self, int release);
};

extern struct encryption_scheme_service_st {
  int (*encryption_scheme_encrypt_func)
                               (const unsigned char* src, unsigned int slen,
                                unsigned char* dst, unsigned int* dlen,
                                struct st_encryption_scheme *scheme,
                                unsigned int key_version, unsigned int i32_1,
                                unsigned int i32_2, unsigned long long i64);
  int (*encryption_scheme_decrypt_func)
                               (const unsigned char* src, unsigned int slen,
                                unsigned char* dst, unsigned int* dlen,
                                struct st_encryption_scheme *scheme,
                                unsigned int key_version, unsigned int i32_1,
                                unsigned int i32_2, unsigned long long i64);
} *encryption_scheme_service;

#ifdef MYSQL_DYNAMIC_PLUGIN

#define encryption_scheme_encrypt(S,SL,D,DL,SCH,KV,I32,J32,I64) encryption_scheme_service->encryption_scheme_encrypt_func(S,SL,D,DL,SCH,KV,I32,J32,I64)
#define encryption_scheme_decrypt(S,SL,D,DL,SCH,KV,I32,J32,I64) encryption_scheme_service->encryption_scheme_decrypt_func(S,SL,D,DL,SCH,KV,I32,J32,I64)

#else

int encryption_scheme_encrypt(const unsigned char* src, unsigned int slen,
                              unsigned char* dst, unsigned int* dlen,
                              struct st_encryption_scheme *scheme,
                              unsigned int key_version, unsigned int i32_1,
                              unsigned int i32_2, unsigned long long i64);
int encryption_scheme_decrypt(const unsigned char* src, unsigned int slen,
                              unsigned char* dst, unsigned int* dlen,
                              struct st_encryption_scheme *scheme,
                              unsigned int key_version, unsigned int i32_1,
                              unsigned int i32_2, unsigned long long i64);

#endif


#ifdef __cplusplus
}
#endif

#define MYSQL_SERVICE_ENCRYPTION_SCHEME_INCLUDED
#endif

Name	Size	Permission
psi	---	0755
auth_dialog_client.h	2061 bytes	0644
client_plugin.h	6421 bytes	0644
plugin.h	29894 bytes	0644
plugin_audit.h	5575 bytes	0644
plugin_auth.h	5400 bytes	0644
plugin_auth_common.h	4557 bytes	0644
plugin_data_type.h	1300 bytes	0644
plugin_encryption.h	4561 bytes	0644
plugin_ftparser.h	7832 bytes	0644
plugin_function.h	1437 bytes	0644
plugin_password_validation.h	1620 bytes	0644
service_base64.h	2932 bytes	0644
service_debug_sync.h	13580 bytes	0644
service_encryption.h	6173 bytes	0644
service_encryption_scheme.h	5646 bytes	0644
service_json.h	4551 bytes	0644
service_kill_statement.h	2070 bytes	0644
service_log_warnings.h	1377 bytes	0644
service_logger.h	3551 bytes	0644
service_md5.h	2119 bytes	0644
service_my_crypt.h	4167 bytes	0644
service_my_print_error.h	2328 bytes	0644
service_my_snprintf.h	3722 bytes	0644
service_print_check_msg.h	1552 bytes	0644
service_progress_report.h	3356 bytes	0644
service_sha1.h	2162 bytes	0644
service_sha2.h	5299 bytes	0644
service_sql.h	5134 bytes	0644
service_thd_alloc.h	4739 bytes	0644
service_thd_autoinc.h	1692 bytes	0644
service_thd_error_context.h	3424 bytes	0644
service_thd_mdl.h	1282 bytes	0644
service_thd_rnd.h	1902 bytes	0644
service_thd_specifics.h	3686 bytes	0644
service_thd_timezone.h	2291 bytes	0644
service_thd_wait.h	3695 bytes	0644
service_wsrep.h	14158 bytes	0644
services.h	1762 bytes	0644

File Content: service_encryption_scheme.h

File Content: `service_encryption_scheme.h`