MySQL 8.0.39
Source Code Documentation
s_mysql_keyring_aes Struct Reference

Keyring aes encryption service provides APIs to perform AES encryption/decryption operation on given data. More...

#include <keyring_aes.h>

Public Attributes

mysql_service_status_t(* get_size )(size_t input_length, const char *mode, size_t block_size, size_t *out_size)
 Retrieve required out buffer length information. More...
 
mysql_service_status_t(* encrypt )(const char *data_id, const char *auth_id, const char *mode, size_t block_size, const unsigned char *iv, int padding, const unsigned char *data_buffer, size_t data_buffer_length, unsigned char *out_buffer, size_t out_buffer_length, size_t *out_length)
 Encrypt given piece of plaintext. More...
 
mysql_service_status_t(* decrypt )(const char *data_id, const char *auth_id, const char *mode, size_t block_size, const unsigned char *iv, int padding, const unsigned char *data_buffer, size_t data_buffer_length, unsigned char *out_buffer, size_t out_buffer_length, size_t *out_length)
 Decrypt given piece ciphertext. More...
 

Detailed Description

Keyring aes encryption service provides APIs to perform AES encryption/decryption operation on given data.

These methods make sure that key never leaves keyring component.

my_service<SERVICE_TYPE(keyring_aes)> aes_encryption(
"keyring_aes", m_reg_srv);
if (!aes_encryption.is_valid()) {
return true;
}
std::string mode("cbc");
size_t block_size = 256;
const unsigned char plaintext[] = "Quick brown fox jumped over the lazy dog.";
size_t plaintext_length = strlen(static_cast<const char *>(plaintext));
size_t ciphertext_length = 0;
if (aes_encryption->get_size(plaintext_length, block_size, mode.c_str,
&ciphertext_length) == true) {
return true;
}
std::unique_ptr<unsigned char[]> ciphertext(
new unsigned char[ciphertext_length]);
if (ciphertext.get() == nullptr) {
return true;
}
const unsigned char iv[] = "abcefgh12345678";
size_t out_length = 0;
if (aes_encryption->encrypt(
"my_aes_key_1", "testuser@localhost", mode.c_str(), block_size,
iv, true, plaintext, plaintext_length, ciphertext.get(),
ciphertext_length, &out_length) == true) {
return true;
}
std::unique_ptr<unsigned char[]> retrieved_plaintext(
new unsigned char[plaintext_length]);
if (retrieved_plaintext.get() == nullptr) {
return true;
}
if (aes_encryption->decrypt(
"my_aes_key_1", "testuser@localhost", mode.c_str(), block_size,
iv, true, ciphertext.get(), out_length, retrieved_plaintext.get(),
plaintext_length, &out_length) == true) {
return true;
}
if (plaintext_length != out_length ||
memcmp(plaintext, retrieved_plaintext.get(), plaintext_length) != 0) {
return true;
}
return false;
Wraps my_h_service struct conforming ABI into RAII C++ object with ability to cast to desired service...
Definition: my_service.h:35
mode
Definition: file_handle.h:60
#define SERVICE_TYPE(name)
Generates the standard Service type name.
Definition: service.h:76

Member Data Documentation

◆ decrypt

mysql_service_status_t(* s_mysql_keyring_aes::decrypt) (const char *data_id, const char *auth_id, const char *mode, size_t block_size, const unsigned char *iv, int padding, const unsigned char *data_buffer, size_t data_buffer_length, unsigned char *out_buffer, size_t out_buffer_length, size_t *out_length)

Decrypt given piece ciphertext.

Block mode for operation (e.g. "ecb", "cbc", cfb1",...) Block size (e.g. 256)

Length of out buffer should be sufficient to hold ciphertext data. See get_size() API.

If block mode requires IV, same should be provided by caller. This should same IV that was used for encryption operation.

Parameters
[in]data_idName of the key. Byte string.
[in]auth_idOwner of the key. Byte string.
[in]modeAES mode. ASCII string.
[in]block_sizeAES block size information
[in]ivInitialization vector
[in]paddingpadding preference (0 implies no padding)
[in]data_bufferInput buffer. Byte string.
[in]data_buffer_lengthInput buffer length
[out]out_bufferOutput buffer. Byte string.
[in]out_buffer_lengthOutput buffer length
[out]out_lengthLength of decrypted data
Returns
status of the operation
Return values
falseSuccess
trueFailure

◆ encrypt

mysql_service_status_t(* s_mysql_keyring_aes::encrypt) (const char *data_id, const char *auth_id, const char *mode, size_t block_size, const unsigned char *iv, int padding, const unsigned char *data_buffer, size_t data_buffer_length, unsigned char *out_buffer, size_t out_buffer_length, size_t *out_length)

Encrypt given piece of plaintext.

Block mode for operation (e.g. "ecb", "cbc", cfb1",...) Block size (e.g. 256)

Length of out buffer should be sufficient to hold ciphertext data. See get_size() API.

Encrypted data should be stored in out_buffer with out_length set to actual length of data.

IV must be provided if block mode of operation requires it.

It is caller's responsibility to supply same IV for encryption/decryption.

Parameters
[in]data_idName of the key. Byte string.
[in]auth_idOwner of the key. Byte string.
[in]modeAES mode. ASCII string.
[in]block_sizeAES block size information
[in]ivInitialization vector
[in]paddingpadding preference (0 implies no padding)
[in]data_bufferInput buffer. Byte string.
[in]data_buffer_lengthInput buffer length
[out]out_bufferOutput buffer. Byte string.
[in]out_buffer_lengthOutput buffer length
[out]out_lengthLength of encrypted data
Returns
status of the operation
Return values
falseSuccess
trueFailure

◆ get_size

mysql_service_status_t(* s_mysql_keyring_aes::get_size) (size_t input_length, const char *mode, size_t block_size, size_t *out_size)

Retrieve required out buffer length information.

Assumption: mode string is in lower case.

Parameters
[in]input_lengthLength of input text
[in]modeAES mode. ASCII string.
[in]block_sizeAES block size information
[out]out_sizeSize of out buffer
Returns
Output buffer length or error
Return values
falseSuccess
trueError processing given mode and/or block size

The documentation for this struct was generated from the following file: