encryption keys service

include/my_crypt_key_management.h

-
-#ifndef INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED
-#define INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED
-
-#include "my_global.h"
-#include "my_pthread.h"
-#include "mysql/psi/psi.h"
-
-#ifndef DBUG_OFF
-extern my_bool debug_use_static_encryption_keys;
-
-#ifdef HAVE_PSI_INTERFACE
-extern PSI_rwlock_key key_LOCK_dbug_encryption_key_version;
-#endif
-
-extern mysql_rwlock_t LOCK_dbug_encryption_key_version;
-extern uint opt_debug_encryption_key_version;
-#endif /* DBUG_OFF */
-
-C_MODE_START
-
-/**
- * Functions to interact with key management
- */
-
-uint get_latest_encryption_key_version();
-uint has_encryption_key(uint version);
-uint get_encryption_key_size(uint version);
-int get_encryption_key(uint version, uchar* key, uint size);
-int get_encryption_iv(uint version, uchar* iv, uint size);
-
-C_MODE_END
-
-#endif // INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED

include/mysql/plugin_audit.h.pp

@@ -197,6 +197,19 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
 void thd_key_delete(MYSQL_THD_KEY_T *key);
 void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
 int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
+#include <mysql/service_encryption_keys.h>
+extern struct encryption_keys_service_st {
+  unsigned int (*get_latest_encryption_key_version_func)();
+  unsigned int (*has_encryption_key_func)(unsigned int);
+  unsigned int (*get_encryption_key_size_func)(unsigned int);
+  int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
+  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
+} *encryption_keys_service;
+unsigned int get_latest_encryption_key_version();
+unsigned int has_encryption_key(unsigned int version);
+unsigned int get_encryption_key_size(unsigned int version);
+int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
+int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;

include/mysql/plugin_auth.h.pp

@@ -197,6 +197,19 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
 void thd_key_delete(MYSQL_THD_KEY_T *key);
 void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
 int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
+#include <mysql/service_encryption_keys.h>
+extern struct encryption_keys_service_st {
+  unsigned int (*get_latest_encryption_key_version_func)();
+  unsigned int (*has_encryption_key_func)(unsigned int);
+  unsigned int (*get_encryption_key_size_func)(unsigned int);
+  int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
+  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
+} *encryption_keys_service;
+unsigned int get_latest_encryption_key_version();
+unsigned int has_encryption_key(unsigned int version);
+unsigned int get_encryption_key_size(unsigned int version);
+int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
+int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;

include/mysql/plugin_encryption_key_management.h.pp

@@ -197,6 +197,19 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
 void thd_key_delete(MYSQL_THD_KEY_T *key);
 void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
 int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
+#include <mysql/service_encryption_keys.h>
+extern struct encryption_keys_service_st {
+  unsigned int (*get_latest_encryption_key_version_func)();
+  unsigned int (*has_encryption_key_func)(unsigned int);
+  unsigned int (*get_encryption_key_size_func)(unsigned int);
+  int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
+  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
+} *encryption_keys_service;
+unsigned int get_latest_encryption_key_version();
+unsigned int has_encryption_key(unsigned int version);
+unsigned int get_encryption_key_size(unsigned int version);
+int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
+int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;

include/mysql/plugin_ftparser.h.pp

@@ -197,6 +197,19 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
 void thd_key_delete(MYSQL_THD_KEY_T *key);
 void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
 int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
+#include <mysql/service_encryption_keys.h>
+extern struct encryption_keys_service_st {
+  unsigned int (*get_latest_encryption_key_version_func)();
+  unsigned int (*has_encryption_key_func)(unsigned int);
+  unsigned int (*get_encryption_key_size_func)(unsigned int);
+  int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
+  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
+} *encryption_keys_service;
+unsigned int get_latest_encryption_key_version();
+unsigned int has_encryption_key(unsigned int version);
+unsigned int get_encryption_key_size(unsigned int version);
+int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
+int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;

include/mysql/plugin_password_validation.h.pp

@@ -197,6 +197,19 @@ int thd_key_create(MYSQL_THD_KEY_T *key);
 void thd_key_delete(MYSQL_THD_KEY_T *key);
 void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key);
 int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value);
+#include <mysql/service_encryption_keys.h>
+extern struct encryption_keys_service_st {
+  unsigned int (*get_latest_encryption_key_version_func)();
+  unsigned int (*has_encryption_key_func)(unsigned int);
+  unsigned int (*get_encryption_key_size_func)(unsigned int);
+  int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
+  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
+} *encryption_keys_service;
+unsigned int get_latest_encryption_key_version();
+unsigned int has_encryption_key(unsigned int version);
+unsigned int get_encryption_key_size(unsigned int version);
+int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
+int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;

include/mysql/service_cryptokeys.h

+#ifndef MYSQL_SERVICE_CRYPTOKEYS_INCLUDED
+/* Copyright (c) 2015, MariaDB
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+/**
+  @file
+  cryptokeys service
+
+  Functions get cryptographical keys and IV from the cryptokey management plugin
+*/
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern struct cryptokeys_service_st {
+  unsigned int (*get_latest_crypto_key_version_func)();
+  unsigned int (*has_crypto_key_func)(unsigned int);
+  unsigned int (*get_crypto_key_size_func)(unsigned int);
+  int (*get_crypto_key_func)(unsigned int, unsigned char*, unsigned int);
+  int (*get_crypto_iv_func)(unsigned int, unsigned char*, unsigned int);
+} *cryptokeys_service;
+
+#ifdef MYSQL_DYNAMIC_PLUGIN
+
+#define get_latest_crypto_key_version() cryptokeys_service->get_latest_crypto_key_version_func()
+#define has_crypto_key(V) cryptokeys_service->has_crypto_key_func(V)
+#define get_crypto_key_size(V) cryptokeys_service->get_crypto_key_size_func(V)
+#define get_crypto_key(V,K,S) cryptokeys_service->get_crypto_key_func((V), (K), (S))
+#define get_crypto_iv(V, I, S) cryptokeys_service->get_crypto_iv_func((V), (I), (S))
+
+#else
+
+unsigned int get_latest_crypto_key_version();
+unsigned int has_crypto_key(unsigned int version);
+unsigned int get_crypto_key_size(unsigned int version);
+int get_crypto_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
+int get_crypto_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#define MYSQL_SERVICE_CRYPTOKEYS_INCLUDED
+#endif
+

include/mysql/service_encryption_keys.h

+#ifndef MYSQL_SERVICE_ENCRYPTION_KEYS_INCLUDED
+/* Copyright (c) 2015, MariaDB
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+/**
+  @file
+  encryption keys service
+
+  Functions to get encryption keys and IV from the encryption key management plugin
+*/
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern struct encryption_keys_service_st {
+  unsigned int (*get_latest_encryption_key_version_func)();
+  unsigned int (*has_encryption_key_func)(unsigned int);
+  unsigned int (*get_encryption_key_size_func)(unsigned int);
+  int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
+  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
+} *encryption_keys_service;
+
+#ifdef MYSQL_DYNAMIC_PLUGIN
+
+#define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func()
+#define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V)
+#define get_encryption_key_size(V) encryption_keys_service->get_encryption_key_size_func(V)
+#define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S))
+#define get_encryption_iv(V, I, S) encryption_keys_service->get_encryption_iv_func((V), (I), (S))
+
+#else
+
+unsigned int get_latest_encryption_key_version();
+unsigned int has_encryption_key(unsigned int version);
+unsigned int get_encryption_key_size(unsigned int version);
+int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
+int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#define MYSQL_SERVICE_ENCRYPTION_KEYS_INCLUDED
+#endif
+

include/mysql/services.h

@@ -32,6 +32,7 @@ extern "C" {
 #include <mysql/service_thd_autoinc.h>
 #include <mysql/service_thd_error_context.h>
 #include <mysql/service_thd_specifics.h>
+#include <mysql/service_encryption_keys.h>
 /*#include <mysql/service_wsrep.h>*/
 
 #ifdef __cplusplus

include/service_versions.h

@@ -35,4 +35,5 @@
 #define VERSION_thd_autoinc             0x0100
 #define VERSION_thd_error_context       0x0100
 #define VERSION_thd_specifics           0x0100
+#define VERSION_encryption_keys         0x0100
 

libservices/CMakeLists.txt

@@ -28,6 +28,7 @@ SET(MYSQLSERVICES_SOURCES
   my_sha1_service.c
   my_md5_service.c
   wsrep_service.c
+  encryption_keys_service.c
   kill_statement_service.c
   logger_service.c)
 

libservices/cryptokeys_service.c

+/* Copyright (c) 2015 MariaDB
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#include <service_versions.h>
+SERVICE_VERSION cryptokeys_service= (void*)VERSION_cryptokeys;

libservices/encryption_keys_service.c

+/* Copyright (c) 2015 MariaDB
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#include <service_versions.h>
+SERVICE_VERSION encryption_keys_service= (void*)VERSION_encryption_keys;

mysys/my_thr_init.c

@@ -22,7 +22,6 @@
 #include "mysys_priv.h"
 #include <m_string.h>
 #include <signal.h>
-#include <my_crypt_key_management.h>
 
 pthread_key(struct st_my_thread_var*, THR_KEY_mysys);
 mysql_mutex_t THR_LOCK_malloc, THR_LOCK_open,

plugin/file_key_management_plugin/file_key_management_plugin.cc

@@ -18,7 +18,6 @@
 #include <mysql_version.h>
 #include <mysql/plugin_encryption_key_management.h>
 #include <my_aes.h>
-#include <my_crypt_key_management.h>
 #include "sql_class.h"
 #include "KeySingleton.h"
 #include "EncKeys.h"

sql/encryption_keys.cc

 #include <my_global.h>
 #include <mysql/plugin_encryption_key_management.h>
-#include <my_crypt_key_management.h>
+#include "encryption_keys.h"
 #include "log.h"
 #include "sql_plugin.h"
 

sql/encryption_keys.h

+#ifndef SQL_CRYPTOKEY_INCLUDED
+#define SQL_CRYPTOKEY_INCLUDED
+
+#include "my_global.h"
+
+#ifndef DBUG_OFF
+  extern my_bool debug_use_static_encryption_keys;
+extern uint opt_debug_encryption_key_version;
+#endif /* DBUG_OFF */
+
+#endif // SQL_CRYPTOKEY_INCLUDED

sql/sql_plugin_services.h

@@ -139,6 +139,15 @@ static struct wsrep_service_st wsrep_handler = {
   wsrep_unlock_rollback
 };
 
+static struct encryption_keys_service_st encryption_keys_handler=
+{
+  get_latest_encryption_key_version,
+  has_encryption_key,
+  get_encryption_key_size,
+  get_encryption_key,
+  get_encryption_iv
+};
+
 static struct thd_specifics_service_st thd_specifics_handler=
 {
   thd_key_create,
@@ -161,6 +170,7 @@ static struct st_service_ref list_of_services[]=
   { "logger_service",              VERSION_logger,              &logger_service_handler },
   { "thd_autoinc_service",         VERSION_thd_autoinc,         &thd_autoinc_handler },
   { "wsrep_service",               VERSION_wsrep,               &wsrep_handler },
+  { "encryption_keys_service",     VERSION_encryption_keys,     &encryption_keys_handler },
   { "thd_specifics_service",       VERSION_thd_specifics,       &thd_specifics_handler },
   { "thd_error_context_service",   VERSION_thd_error_context,   &thd_error_conext_handler },
 };

sql/sys_vars.cc

@@ -62,7 +62,7 @@
 #include "sql_repl.h"
 #include "opt_range.h"
 #include "rpl_parallel.h"
-#include <my_crypt_key_management.h>
+#include "encryption_keys.h"
 
 /*
   The rule for this file: everything should be 'static'. When a sys_var

storage/innobase/fil/fil0crypt.cc

@@ -13,7 +13,6 @@
 #include "fil0pageencryption.h"
 
 #include <my_crypt.h>
-#include <my_crypt_key_management.h>
 
 #include <my_aes.h>
 #include <math.h>

storage/innobase/include/fsp0pageencryption.ic

@@ -25,7 +25,6 @@ Created 08/28/2014
 
 #include "fsp0fsp.h"
 #include "fil0pageencryption.h"
-#include <my_crypt_key_management.h>
 
 
 /********************************************************************//**

storage/innobase/include/log0crypt.h

@@ -12,7 +12,6 @@ Created 11/25/2013 Minli Zhu
 #include "ut0lst.h"
 #include "ut0rnd.h"
 #include "my_aes.h"
-#include <my_crypt_key_management.h>
 
 #define PURPOSE_BYTE_LEN	MY_AES_BLOCK_SIZE - 1
 #define PURPOSE_BYTE_OFFSET	0

storage/xtradb/fil/fil0crypt.cc

@@ -13,7 +13,6 @@
 #include "fil0pageencryption.h"
 
 #include <my_crypt.h>
-#include <my_crypt_key_management.h>
 
 #include <my_aes.h>
 #include <math.h>

storage/xtradb/include/fsp0pageencryption.ic

@@ -25,7 +25,6 @@ Created 08/28/2014
 
 #include "fsp0fsp.h"
 #include "fil0pageencryption.h"
-#include <my_crypt_key_management.h>
 
 /********************************************************************//**
 Determine if the tablespace is page encrypted from dict_table_t::flags.

storage/xtradb/include/log0crypt.h

@@ -12,7 +12,6 @@ Created 11/25/2013 Minli Zhu
 #include "ut0lst.h"
 #include "ut0rnd.h"
 #include "my_aes.h"
-#include <my_crypt_key_management.h>
 
 #define PURPOSE_BYTE_LEN	MY_AES_BLOCK_SIZE - 1
 #define PURPOSE_BYTE_OFFSET	0