MySQL 8.0.40
Source Code Documentation
os0enc.h
Go to the documentation of this file.
1/***********************************************************************
2
3Copyright (c) 2019, 2024, Oracle and/or its affiliates.
4
5This program is free software; you can redistribute it and/or modify
6it under the terms of the GNU General Public License, version 2.0,
7as published by the Free Software Foundation.
8
9This program is designed to work with certain software (including
10but not limited to OpenSSL) that is licensed under separate terms,
11as designated in a particular file or component or in included license
12documentation. The authors of MySQL hereby grant you an additional
13permission to link the program and your derivative works with the
14separately licensed software that they have either included with
15the program or referenced in the documentation.
16
17This program is distributed in the hope that it will be useful,
18but WITHOUT ANY WARRANTY; without even the implied warranty of
19MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20GNU General Public License, version 2.0, for more details.
21
22You should have received a copy of the GNU General Public License
23along with this program; if not, write to the Free Software
24Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
25
26***********************************************************************/
27
28/** @file include/os0enc.h
29 Page encryption infrastructure. */
30
31#ifndef os0enc_h
32#define os0enc_h
33
35#include "univ.i"
36
37namespace innobase {
38namespace encryption {
39
41
43} // namespace encryption
44} // namespace innobase
45
46// Forward declaration.
47class IORequest;
48struct Encryption_key;
49
50// Forward declaration.
52
53/** Encryption algorithm. */
55 public:
56 /** Algorithm types supported */
57 enum Type {
58
59 /** No encryption */
60 NONE = 0,
61
62 /** Use AES */
63 AES = 1,
64 };
65
66 /** Encryption information format version */
67 enum Version {
68
69 /** Version in 5.7.11 */
71
72 /** Version in > 5.7.11 */
74
75 /** Version in > 8.0.4 */
77 };
78
79 /** Encryption progress type. */
80 enum class Progress {
81 /* Space encryption in progress */
83 /* Space decryption in progress */
85 /* Nothing in progress */
86 NONE
87 };
88
89 /** Encryption operation resume point after server restart. */
90 enum class Resume_point {
91 /* Resume from the beginning. */
92 INIT,
93 /* Resume processing. */
94 PROCESS,
95 /* Operation has ended. */
96 END,
97 /* All done. */
98 DONE
99 };
100
101 /** Encryption magic bytes for 5.7.11, it's for checking the encryption
102 information version. */
103 static constexpr char KEY_MAGIC_V1[] = "lCA";
104
105 /** Encryption magic bytes for 5.7.12+, it's for checking the encryption
106 information version. */
107 static constexpr char KEY_MAGIC_V2[] = "lCB";
108
109 /** Encryption magic bytes for 8.0.5+, it's for checking the encryption
110 information version. */
111 static constexpr char KEY_MAGIC_V3[] = "lCC";
112
113 /** Encryption master key prifix */
114 static constexpr char MASTER_KEY_PREFIX[] = "INNODBKey";
115
116 /** Encryption key length */
117 static constexpr size_t KEY_LEN = 32;
118
119 /** Default master key for bootstrap */
120 static constexpr char DEFAULT_MASTER_KEY[] = "DefaultMasterKey";
121
122 /** Encryption magic bytes size */
123 static constexpr size_t MAGIC_SIZE = 3;
124
125 /** Encryption master key prifix size */
126 static constexpr size_t MASTER_KEY_PRIFIX_LEN = 9;
127
128 /** Encryption master key prifix size */
129 static constexpr size_t MASTER_KEY_NAME_MAX_LEN = 100;
130
131 /** UUID of server instance, it's needed for composing master key name */
132 static constexpr size_t SERVER_UUID_LEN = 36;
133
134 /** Encryption information total size: magic number + master_key_id +
135 key + iv + server_uuid + checksum */
136 static constexpr size_t INFO_SIZE =
137 (MAGIC_SIZE + sizeof(uint32) + (KEY_LEN * 2) + SERVER_UUID_LEN +
138 sizeof(uint32));
139
140 /** Maximum size of Encryption information considering all
141 formats v1, v2 & v3. */
142 static constexpr size_t INFO_MAX_SIZE = INFO_SIZE + sizeof(uint32);
143
144 /** Default master key id for bootstrap */
145 static constexpr uint32_t DEFAULT_MASTER_KEY_ID = 0;
146
147 /** (De)Encryption Operation information size */
148 static constexpr size_t OPERATION_INFO_SIZE = 1;
149
150 /** Encryption Progress information size */
151 static constexpr size_t PROGRESS_INFO_SIZE = sizeof(uint);
152
153 /** Flag bit to indicate if Encryption/Decryption is in progress */
154 static constexpr size_t ENCRYPT_IN_PROGRESS = 1 << 0;
155
156 /** Decryption in progress. */
157 static constexpr size_t DECRYPT_IN_PROGRESS = 1 << 1;
158
159 /** Tablespaces whose key needs to be reencrypted */
160 static std::vector<space_id_t> s_tablespaces_to_reencrypt;
161
162 /** Default constructor */
163 Encryption() noexcept : m_type(NONE) {}
164
165 /** Specific constructor
166 @param[in] type Algorithm type */
167 explicit Encryption(Type type) noexcept : m_type(type) {
168#ifdef UNIV_DEBUG
169 switch (m_type) {
170 case NONE:
171 case AES:
172
173 default:
174 ut_error;
175 }
176#endif /* UNIV_DEBUG */
177 }
178
179 /** Copy constructor */
180 Encryption(const Encryption &other) noexcept = default;
181
182 Encryption &operator=(const Encryption &) = default;
183
184 /** Check if page is encrypted page or not
185 @param[in] page page to check
186 @return true if it is an encrypted page */
187 [[nodiscard]] static bool is_encrypted_page(const byte *page) noexcept;
188
189 /** Check if a log block is encrypted or not
190 @param[in] block block to check
191 @return true if it is an encrypted block */
192 [[nodiscard]] static bool is_encrypted_log(const byte *block) noexcept;
193
194 /** Validate the algorithm string.
195 @param[in] option Encryption option
196 @return DB_SUCCESS or error code */
197 [[nodiscard]] static dberr_t validate(const char *option) noexcept;
198
199 /** Convert to a "string".
200 @param[in] type The encryption type
201 @return the string representation */
202 [[nodiscard]] static const char *to_string(Type type) noexcept;
203
204 /** Check if the string is "empty" or "none".
205 @param[in] algorithm Encryption algorithm to check
206 @return true if no algorithm requested */
207 [[nodiscard]] static bool is_none(const char *algorithm) noexcept;
208
209 /** Generate random encryption value for key and iv.
210 @param[in,out] value Encryption value */
211 static void random_value(byte *value) noexcept;
212
213 /** Copy the given encryption metadata to the given Encryption_metadata
214 object, if both key != nullptr and iv != nullptr. Generate randomly the
215 new metadata, if both key == nullptr and iv == nullptr, and store it to
216 the given Encryption_metadata object. Cannot be called with key, iv such
217 that: (key == nullptr) != (iv == nullptr).
218 @param[in] type encryption algorithm type to store
219 @param[in] key encryption key to copy or nullptr to generate
220 @param[in] iv encryption iv to copy or nullptr to generate
221 @param[out] metadata filled Encryption_metadata object */
222 static void set_or_generate(Type type, byte *key, byte *iv,
223 Encryption_metadata &metadata);
224
225 /** Create new master key for key rotation.
226 @param[in,out] master_key master key */
227 static void create_master_key(byte **master_key) noexcept;
228
229 /** Get master key by key id.
230 @param[in] master_key_id master key id
231 @param[in] srv_uuid uuid of server instance
232 @param[in,out] master_key master key */
233 static void get_master_key(uint32_t master_key_id, char *srv_uuid,
234 byte **master_key) noexcept;
235
236 /** Get current master key and key id.
237 @param[in,out] master_key_id master key id
238 @param[in,out] master_key master key */
239 static void get_master_key(uint32_t *master_key_id,
240 byte **master_key) noexcept;
241
242 /** Fill the encryption information.
243 @param[in] encryption_metadata encryption metadata (key,iv)
244 @param[in] encrypt_key encrypt with master key
245 @param[out] encrypt_info encryption information
246 @return true if success. */
247 static bool fill_encryption_info(
248 const Encryption_metadata &encryption_metadata, bool encrypt_key,
249 byte *encrypt_info) noexcept;
250
251 /** Get master key from encryption information
252 @param[in] encrypt_info encryption information
253 @param[in] version version of encryption information
254 @param[in,out] m_key_id master key id
255 @param[in,out] srv_uuid server uuid
256 @param[in,out] master_key master key
257 @return position after master key id or uuid, or the old position
258 if can't get the master key. */
259 static const byte *get_master_key_from_info(const byte *encrypt_info,
261 uint32_t *m_key_id,
262 char *srv_uuid,
263 byte **master_key) noexcept;
264
265 /** Checks if encryption info bytes represent data encrypted by the given
266 version of the encryption mechanism.
267 @param[in] encryption_info encryption info bytes
268 @param[in] version_magic_bytes magic bytes which represent version
269 of the encryption mechanism, for example:
270 Encryption::KEY_MAGIC_V3
271 @return result of the check */
272 static bool is_encrypted_with_version(
273 const byte *encryption_info, const char *version_magic_bytes) noexcept;
274
275 /** Checks if encryption info bytes represent data encrypted by version V3
276 of the encryption mechanism.
277 @param[in] encryption_info encryption info bytes
278 @return result of the check */
279 static bool is_encrypted_with_v3(const byte *encryption_info) noexcept;
280
281 /** Checks if encryption info bytes represent data encrypted by any of known
282 versions of the encryption mechanism. Note, that if the encryption_info is
283 read from file created by a newer MySQL version, it could be considered to be
284 unknown for this MySQL version, and this function would return false.
285 @param[in] encryption_info encryption info bytes
286 @return result of the check */
287 static bool is_encrypted(const byte *encryption_info) noexcept;
288
289 /** Decoding the encryption info from the given array of bytes,
290 which are assumed not to be related to any particular tablespace.
291 @param[out] encryption_metadata decoded encryption metadata
292 @param[in] encryption_info encryption info to decode
293 @param[in] decrypt_key decrypt key using master key
294 @return true if success */
295 static bool decode_encryption_info(Encryption_metadata &encryption_metadata,
296 const byte *encryption_info,
297 bool decrypt_key) noexcept;
298
299 /** Decoding the encryption info from the given array of bytes,
300 which are assumed to be related to a given tablespace (unless
301 space_id == dict_sys_t::s_invalid_space_id). The given tablespace
302 is noted down in s_tablespaces_to_reencrypt if the encryption info
303 became successfully decrypted using the master key and the space_id
304 is not dict_sys_t::s_invalid_space_id. For such tablespaces the
305 encryption info is later re-encrypted using the rotated master key
306 in innobase_dict_recover().
307 @param[in] space_id Tablespace id
308 @param[in,out] e_key key, iv
309 @param[in] encryption_info encryption info to decode
310 @param[in] decrypt_key decrypt key using master key
311 @return true if success */
312 static bool decode_encryption_info(space_id_t space_id, Encryption_key &e_key,
313 const byte *encryption_info,
314 bool decrypt_key) noexcept;
315
316 /** Encrypt the redo log block (OS_FILE_LOG_BLOCK_SIZE bytes).
317 @param[in,out] src_ptr redo log block to encrypt
318 @param[in,out] dst_ptr destination area, must not overlap with src_ptr
319 @return true if success. */
320 bool encrypt_log_block(byte *src_ptr, byte *dst_ptr) const noexcept;
321
322 /** Encrypt the redo log data blocks.
323 On success the buffer provided by caller as dst will contain src_len bytes
324 of encrypted redo log.
325 @param[in,out] src pointer to the first block to encrypt
326 @param[in] src_len size of the source in bytes, must be a multiple of
327 OS_FILE_LOG_BLOCK_SIZE
328 @param[in,out] dst destination area.
329 Must be at least src_len bytes long.
330 Must not overlap with src.
331 @return true on success */
332 bool encrypt_log(byte *src, size_t src_len, byte *dst) const noexcept;
333
334 /** Encrypt the page data contents. Page type can't be
335 FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED,
336 FIL_PAGE_ENCRYPTED_RTREE.
337 @param[in] type IORequest
338 @param[in,out] src page data to encrypt
339 @param[in] src_len size of the source in bytes
340 @param[in,out] dst destination area
341 @param[in,out] dst_len size of the destination in bytes
342 @return buffer data, dst_len will have the length of the data */
343 [[nodiscard]] byte *encrypt(const IORequest &type, byte *src, ulint src_len,
344 byte *dst, ulint *dst_len) const noexcept;
345
346 /** Decrypt the log block (OS_FILE_LOG_BLOCK_SIZE bytes) in place.
347 @param[in,out] buf a buffer which contains a single redo log block to be
348 decrypted in place
349 @return DB_SUCCESS or error code */
350 dberr_t decrypt_log_block(byte *buf) const noexcept;
351
352 /** Decrypt the redo log data blocks in place.
353 @param[in,out] buf pointer to the first block to decrypt in place
354 @param[in] buf_len lenght of the buffer in bytes, must be a multiple of
355 OS_FILE_LOG_BLOCK_SIZE
356 @return DB_SUCCESS or error code */
357 dberr_t decrypt_log(byte *buf, size_t buf_len) const noexcept;
358
359 /** Decrypt the page data contents in place. Page type must be
360 FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED,
361 FIL_PAGE_ENCRYPTED_RTREE, if not then the source contents are
362 left unchanged and DB_SUCCESS is returned.
363 @param[in] type IORequest
364 @param[in,out] src data read from disk, decrypt
365 data will be copied to this page
366 @param[in] src_len source data length
367 @param[in,out] tmp scratch area to use for decrypt
368 @param[in] tmp_len size of the scratch area in bytes
369 @return DB_SUCCESS or error code */
370 [[nodiscard]] dberr_t decrypt(const IORequest &type, byte *src, ulint src_len,
371 byte *tmp, ulint tmp_len) const noexcept;
372
373 /** Check if keyring plugin loaded. */
374 static bool check_keyring() noexcept;
375
376 /** Get encryption type
377 @return encryption type **/
378 Type get_type() const;
379
380 /** Check if the encryption algorithm is NONE.
381 @return true if no algorithm is set, false otherwise. */
382 [[nodiscard]] bool is_none() const noexcept { return m_type == NONE; }
383
384 /** Set encryption type
385 @param[in] type encryption type **/
386 void set_type(Type type);
387
388 /** Set encryption key
389 @param[in] key encryption key **/
390 void set_key(const byte *key);
391
392 /** Get key length
393 @return key length **/
394 ulint get_key_length() const;
395
396 /** Set key length
397 @param[in] klen key length **/
398 void set_key_length(ulint klen);
399
400 /** Set initial vector
401 @param[in] iv initial_vector **/
402 void set_initial_vector(const byte *iv);
403
404 /** Uses metadata to configure this instance. Caller must ensure that the
405 metadata is not freed before this instance, because iv and key will reference
406 those inside metadata object. The key_len and type are copied by value. */
407 void set(const struct Encryption_metadata &metadata) noexcept;
408
409 /** Get master key id
410 @return master key id **/
411 static uint32_t get_master_key_id();
412
413 private:
414 /** Encrypt the page data contents. Page type can't be
415 FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED,
416 FIL_PAGE_ENCRYPTED_RTREE.
417 @param[in] src page data to encrypt
418 @param[in] src_len size of the source in bytes
419 @param[in,out] dst destination area
420 @param[in,out] dst_len size of the destination in bytes
421 @return true if operation successful, false otherwise. */
422 [[nodiscard]] bool encrypt_low(byte *src, ulint src_len, byte *dst,
423 ulint *dst_len) const noexcept;
424
425 /** Encrypt type */
427
428 /** Encrypt key */
429 const byte *m_key;
430
431 /** Encrypt key length*/
433
434 /** Encrypt initial vector */
435 const byte *m_iv;
436
437 /** Current master key id */
438 static uint32_t s_master_key_id;
439
440 /** Current uuid of server instance */
441 static char s_uuid[SERVER_UUID_LEN + 1];
442};
443
444/** Encryption metadata. */
446 /** Encrypt type */
448
449 /** Encrypt key */
451
452 /** Encrypt key length */
453 size_t m_key_len{0};
454
455 /** Encrypt initial vector */
457
458 bool can_encrypt() const { return m_type != Encryption::NONE; }
459};
460
462 /** Encrypt key */
463 byte *m_key;
464
465 /** Encrypt initial vector */
466 byte *m_iv;
467
468 /** Master key id */
470};
471#endif /* os0enc_h */
uint32_t space_id_t
Tablespace identifier.
Definition: api0api.h:52
Encryption algorithm.
Definition: os0enc.h:54
const byte * m_iv
Encrypt initial vector.
Definition: os0enc.h:435
void set_initial_vector(const byte *iv)
Set initial vector.
Definition: os0enc.cc:1510
dberr_t decrypt_log_block(byte *buf) const noexcept
Decrypt the log block (OS_FILE_LOG_BLOCK_SIZE bytes) in place.
Definition: os0enc.cc:1125
bool encrypt_low(byte *src, ulint src_len, byte *dst, ulint *dst_len) const noexcept
Encrypt the page data contents.
Definition: os0enc.cc:951
Type
Algorithm types supported.
Definition: os0enc.h:57
@ AES
Use AES.
Definition: os0enc.h:63
@ NONE
No encryption.
Definition: os0enc.h:60
static bool is_encrypted_page(const byte *page) noexcept
Check if page is encrypted page or not.
Definition: os0enc.cc:761
Encryption & operator=(const Encryption &)=default
static uint32_t get_master_key_id()
Get master key id.
Definition: os0enc.cc:1512
void set_key(const byte *key)
Set encryption key.
Definition: os0enc.cc:1504
static constexpr size_t MAGIC_SIZE
Encryption magic bytes size.
Definition: os0enc.h:123
static constexpr char KEY_MAGIC_V1[]
Encryption magic bytes for 5.7.11, it's for checking the encryption information version.
Definition: os0enc.h:103
static constexpr char MASTER_KEY_PREFIX[]
Encryption master key prifix.
Definition: os0enc.h:114
dberr_t decrypt_log(byte *buf, size_t buf_len) const noexcept
Decrypt the redo log data blocks in place.
Definition: os0enc.cc:1210
static dberr_t validate(const char *option) noexcept
Validate the algorithm string.
Definition: ha_innodb.cc:2663
Encryption(Type type) noexcept
Specific constructor.
Definition: os0enc.h:167
static constexpr size_t DECRYPT_IN_PROGRESS
Decryption in progress.
Definition: os0enc.h:157
const byte * m_key
Encrypt key.
Definition: os0enc.h:429
static constexpr char DEFAULT_MASTER_KEY[]
Default master key for bootstrap.
Definition: os0enc.h:120
Resume_point
Encryption operation resume point after server restart.
Definition: os0enc.h:90
static bool is_encrypted_with_v3(const byte *encryption_info) noexcept
Checks if encryption info bytes represent data encrypted by version V3 of the encryption mechanism.
Definition: os0enc.cc:619
static std::vector< space_id_t > s_tablespaces_to_reencrypt
Tablespaces whose key needs to be reencrypted.
Definition: os0enc.h:160
void set_key_length(ulint klen)
Set key length.
Definition: os0enc.cc:1508
Progress
Encryption progress type.
Definition: os0enc.h:80
bool encrypt_log(byte *src, size_t src_len, byte *dst) const noexcept
Encrypt the redo log data blocks.
Definition: os0enc.cc:906
static bool check_keyring() noexcept
Check if keyring plugin loaded.
Definition: os0enc.cc:1434
static const char * to_string(Type type) noexcept
Convert to a "string".
Definition: os0enc.cc:218
static bool is_encrypted_with_version(const byte *encryption_info, const char *version_magic_bytes) noexcept
Checks if encryption info bytes represent data encrypted by the given version of the encryption mecha...
Definition: os0enc.cc:613
Type m_type
Encrypt type.
Definition: os0enc.h:426
Encryption(const Encryption &other) noexcept=default
Copy constructor.
static uint32_t s_master_key_id
Current master key id.
Definition: os0enc.h:438
void set_type(Type type)
Set encryption type.
Definition: os0enc.cc:1502
static char s_uuid[SERVER_UUID_LEN+1]
Current uuid of server instance.
Definition: os0enc.h:441
static bool is_encrypted_log(const byte *block) noexcept
Check if a log block is encrypted or not.
Definition: os0enc.cc:769
static bool fill_encryption_info(const Encryption_metadata &encryption_metadata, bool encrypt_key, byte *encrypt_info) noexcept
Fill the encryption information.
Definition: os0enc.cc:451
ulint m_klen
Encrypt key length.
Definition: os0enc.h:432
static bool decode_encryption_info(Encryption_metadata &encryption_metadata, const byte *encryption_info, bool decrypt_key) noexcept
Decoding the encryption info from the given array of bytes, which are assumed not to be related to an...
Definition: os0enc.cc:629
static constexpr size_t PROGRESS_INFO_SIZE
Encryption Progress information size.
Definition: os0enc.h:151
static constexpr size_t INFO_SIZE
Encryption information total size: magic number + master_key_id + key + iv + server_uuid + checksum.
Definition: os0enc.h:136
static const byte * get_master_key_from_info(const byte *encrypt_info, Version version, uint32_t *m_key_id, char *srv_uuid, byte **master_key) noexcept
Get master key from encryption information.
Definition: os0enc.cc:532
void set(const struct Encryption_metadata &metadata) noexcept
Uses metadata to configure this instance.
Definition: os0enc.cc:211
static bool is_encrypted(const byte *encryption_info) noexcept
Checks if encryption info bytes represent data encrypted by any of known versions of the encryption m...
Definition: os0enc.cc:623
static constexpr size_t MASTER_KEY_NAME_MAX_LEN
Encryption master key prifix size.
Definition: os0enc.h:129
static constexpr char KEY_MAGIC_V2[]
Encryption magic bytes for 5.7.12+, it's for checking the encryption information version.
Definition: os0enc.h:107
@ VERSION_3
Version in > 8.0.4.
Definition: os0enc.h:76
@ VERSION_1
Version in 5.7.11.
Definition: os0enc.h:70
@ VERSION_2
Version in > 5.7.11.
Definition: os0enc.h:73
byte * encrypt(const IORequest &type, byte *src, ulint src_len, byte *dst, ulint *dst_len) const noexcept
Encrypt the page data contents.
Definition: os0enc.cc:1074
static constexpr size_t INFO_MAX_SIZE
Maximum size of Encryption information considering all formats v1, v2 & v3.
Definition: os0enc.h:142
static constexpr size_t ENCRYPT_IN_PROGRESS
Flag bit to indicate if Encryption/Decryption is in progress.
Definition: os0enc.h:154
Encryption() noexcept
Default constructor.
Definition: os0enc.h:163
static constexpr size_t KEY_LEN
Encryption key length.
Definition: os0enc.h:117
static constexpr uint32_t DEFAULT_MASTER_KEY_ID
Default master key id for bootstrap.
Definition: os0enc.h:145
static void set_or_generate(Type type, byte *key, byte *iv, Encryption_metadata &metadata)
Copy the given encryption metadata to the given Encryption_metadata object, if both key !...
Definition: os0enc.cc:1514
bool encrypt_log_block(byte *src_ptr, byte *dst_ptr) const noexcept
Encrypt the redo log block (OS_FILE_LOG_BLOCK_SIZE bytes).
Definition: os0enc.cc:773
static constexpr size_t MASTER_KEY_PRIFIX_LEN
Encryption master key prifix size.
Definition: os0enc.h:126
ulint get_key_length() const
Get key length.
Definition: os0enc.cc:1506
static void get_master_key(uint32_t master_key_id, char *srv_uuid, byte **master_key) noexcept
Get master key by key id.
Definition: os0enc.cc:278
bool is_none() const noexcept
Check if the encryption algorithm is NONE.
Definition: os0enc.h:382
Type get_type() const
Get encryption type.
Definition: os0enc.cc:1500
static constexpr char KEY_MAGIC_V3[]
Encryption magic bytes for 8.0.5+, it's for checking the encryption information version.
Definition: os0enc.h:111
static constexpr size_t SERVER_UUID_LEN
UUID of server instance, it's needed for composing master key name.
Definition: os0enc.h:132
dberr_t decrypt(const IORequest &type, byte *src, ulint src_len, byte *tmp, ulint tmp_len) const noexcept
Decrypt the page data contents in place.
Definition: os0enc.cc:1243
static void random_value(byte *value) noexcept
Generate random encryption value for key and iv.
Definition: os0enc.cc:231
static constexpr size_t OPERATION_INFO_SIZE
(De)Encryption Operation information size
Definition: os0enc.h:148
static void create_master_key(byte **master_key) noexcept
Create new master key for key rotation.
Definition: os0enc.cc:237
The IO Context that is passed down to the low level IO code.
Definition: os0file.h:262
Class representing a version.
Definition: designator.h:45
int page
Definition: ctype-mb.cc:1236
dberr_t
Definition: db0err.h:39
uint32_t uint32
Definition: my_inttypes.h:67
Definition: buf0block_hint.cc:30
bool init_keyring_services(const mysql_service_registry_t *reg_srv)
Initialize keyring component service handles.
Definition: os0enc.cc:70
void deinit_keyring_services(const mysql_service_registry_t *reg_srv)
Deinitialize keyring component service handles.
Definition: os0enc.cc:124
Definition: ha_innodb.cc:217
required string key
Definition: replication_asynchronous_connection_failover.proto:60
required uint64 version
Definition: replication_group_member_actions.proto:41
required string type
Definition: replication_group_member_actions.proto:34
#define SERVICE_TYPE(name)
Generates the standard Service type name.
Definition: service.h:76
Definition: os0enc.h:461
byte * m_key
Encrypt key.
Definition: os0enc.h:463
uint32_t m_master_key_id
Master key id.
Definition: os0enc.h:469
byte * m_iv
Encrypt initial vector.
Definition: os0enc.h:466
Encryption metadata.
Definition: os0enc.h:445
byte m_key[Encryption::KEY_LEN]
Encrypt key.
Definition: os0enc.h:450
byte m_iv[Encryption::KEY_LEN]
Encrypt initial vector.
Definition: os0enc.h:456
size_t m_key_len
Encrypt key length.
Definition: os0enc.h:453
Encryption::Type m_type
Encrypt type.
Definition: os0enc.h:447
bool can_encrypt() const
Definition: os0enc.h:458
static const mysql_service_registry_t * reg_srv
Initialize parameters required for error logging.
Definition: test_plugin.cc:62
unsigned int uint
Definition: uca9-dump.cc:75
Version control for database, common definitions, and include files.
unsigned long int ulint
Definition: univ.i:406
#define ut_error
Abort execution.
Definition: ut0dbg.h:65