1#ifndef MYSQL_SERVICE_ENCRYPTION_INCLUDED
2/* Copyright (c) 2015, MariaDB
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 of the License.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program; if not, write to the Free Software
15 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
16
17/**
18 @file
19 encryption service
20
21 Functions to support data encryption and encryption key management.
22 They are normally implemented in an encryption plugin, so this service
23 connects encryption *consumers* (e.g. storage engines) to the encryption
24 *provider* (encryption plugin).
25*/
26
27#ifdef __cplusplus
28extern "C" {
29#endif
30
31#ifndef MYSQL_ABI_CHECK
32#ifdef _WIN32
33#include <malloc.h>
34#ifndef __cplusplus
35#define inline __inline
36#endif
37#elif defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
38#include <stdlib.h>
39#else
40#include <alloca.h>
41#endif
42#endif
43
44/* returned from encryption_key_get_latest_version() */
45#define ENCRYPTION_KEY_VERSION_INVALID (~(unsigned int)0)
46#define ENCRYPTION_KEY_NOT_ENCRYPTED (0)
47
48#define ENCRYPTION_KEY_SYSTEM_DATA 1
49#define ENCRYPTION_KEY_TEMPORARY_DATA 2
50
51/* returned from encryption_key_get() */
52#define ENCRYPTION_KEY_BUFFER_TOO_SMALL (100)
53
54#define ENCRYPTION_FLAG_DECRYPT 0
55#define ENCRYPTION_FLAG_ENCRYPT 1
56#define ENCRYPTION_FLAG_NOPAD 2
57
58struct encryption_service_st {
59 unsigned int (*encryption_key_get_latest_version_func)(unsigned int key_id);
60 unsigned int (*encryption_key_get_func)(unsigned int key_id, unsigned int key_version,
61 unsigned char* buffer, unsigned int* length);
62 unsigned int (*encryption_ctx_size_func)(unsigned int key_id, unsigned int key_version);
63 int (*encryption_ctx_init_func)(void *ctx, const unsigned char* key, unsigned int klen,
64 const unsigned char* iv, unsigned int ivlen,
65 int flags, unsigned int key_id,
66 unsigned int key_version);
67 int (*encryption_ctx_update_func)(void *ctx, const unsigned char* src, unsigned int slen,
68 unsigned char* dst, unsigned int* dlen);
69 int (*encryption_ctx_finish_func)(void *ctx, unsigned char* dst, unsigned int* dlen);
70 unsigned int (*encryption_encrypted_length_func)(unsigned int slen, unsigned int key_id, unsigned int key_version);
71};
72
73#ifdef MYSQL_DYNAMIC_PLUGIN
74
75extern struct encryption_service_st *encryption_service;
76
77#define encryption_key_get_latest_version(KI) encryption_service->encryption_key_get_latest_version_func(KI)
78#define encryption_key_get(KI,KV,K,S) encryption_service->encryption_key_get_func((KI),(KV),(K),(S))
79#define encryption_ctx_size(KI,KV) encryption_service->encryption_ctx_size_func((KI),(KV))
80#define encryption_ctx_init(CTX,K,KL,IV,IVL,F,KI,KV) encryption_service->encryption_ctx_init_func((CTX),(K),(KL),(IV),(IVL),(F),(KI),(KV))
81#define encryption_ctx_update(CTX,S,SL,D,DL) encryption_service->encryption_ctx_update_func((CTX),(S),(SL),(D),(DL))
82#define encryption_ctx_finish(CTX,D,DL) encryption_service->encryption_ctx_finish_func((CTX),(D),(DL))
83#define encryption_encrypted_length(SL,KI,KV) encryption_service->encryption_encrypted_length_func((SL),(KI),(KV))
84#else
85
86extern struct encryption_service_st encryption_handler;
87
88#define encryption_key_get_latest_version(KI) encryption_handler.encryption_key_get_latest_version_func(KI)
89#define encryption_key_get(KI,KV,K,S) encryption_handler.encryption_key_get_func((KI),(KV),(K),(S))
90#define encryption_ctx_size(KI,KV) encryption_handler.encryption_ctx_size_func((KI),(KV))
91#define encryption_ctx_init(CTX,K,KL,IV,IVL,F,KI,KV) encryption_handler.encryption_ctx_init_func((CTX),(K),(KL),(IV),(IVL),(F),(KI),(KV))
92#define encryption_ctx_update(CTX,S,SL,D,DL) encryption_handler.encryption_ctx_update_func((CTX),(S),(SL),(D),(DL))
93#define encryption_ctx_finish(CTX,D,DL) encryption_handler.encryption_ctx_finish_func((CTX),(D),(DL))
94#define encryption_encrypted_length(SL,KI,KV) encryption_handler.encryption_encrypted_length_func((SL),(KI),(KV))
95#endif
96
97static inline unsigned int encryption_key_id_exists(unsigned int id)
98{
99 return encryption_key_get_latest_version(id) != ENCRYPTION_KEY_VERSION_INVALID;
100}
101
102static inline unsigned int encryption_key_version_exists(unsigned int id, unsigned int version)
103{
104 unsigned int unused;
105 return encryption_key_get(id, version, NULL, &unused) != ENCRYPTION_KEY_VERSION_INVALID;
106}
107
108static inline int encryption_crypt(const unsigned char* src, unsigned int slen,
109 unsigned char* dst, unsigned int* dlen,
110 const unsigned char* key, unsigned int klen,
111 const unsigned char* iv, unsigned int ivlen,
112 int flags, unsigned int key_id, unsigned int key_version)
113{
114 void *ctx= alloca(encryption_ctx_size(key_id, key_version));
115 int res1, res2;
116 unsigned int d1, d2;
117 if ((res1= encryption_ctx_init(ctx, key, klen, iv, ivlen, flags, key_id, key_version)))
118 return res1;
119 res1= encryption_ctx_update(ctx, src, slen, dst, &d1);
120 res2= encryption_ctx_finish(ctx, dst + d1, &d2);
121 *dlen= d1 + d2;
122 return res1 ? res1 : res2;
123}
124
125#ifdef __cplusplus
126}
127#endif
128
129#define MYSQL_SERVICE_ENCRYPTION_INCLUDED
130#endif
131
132