207 [[nodiscard]]
static bool is_none(
const char *algorithm)
noexcept;
233 static void get_master_key(uint32_t master_key_id,
char *srv_uuid,
234 byte **master_key)
noexcept;
240 byte **master_key)
noexcept;
249 byte *encrypt_info)
noexcept;
263 byte **master_key)
noexcept;
273 const byte *encryption_info,
const char *version_magic_bytes)
noexcept;
287 static bool is_encrypted(
const byte *encryption_info)
noexcept;
296 const byte *encryption_info,
297 bool decrypt_key)
noexcept;
313 const byte *encryption_info,
314 bool decrypt_key)
noexcept;
332 bool encrypt_log(
byte *src,
size_t src_len,
byte *dst)
const noexcept;
344 byte *dst,
ulint *dst_len)
const noexcept;
371 byte *tmp,
ulint tmp_len)
const noexcept;
423 ulint *dst_len)
const noexcept;
uint32_t space_id_t
Tablespace identifier.
Definition: api0api.h:52
Encryption algorithm.
Definition: os0enc.h:54
const byte * m_iv
Encrypt initial vector.
Definition: os0enc.h:435
void set_initial_vector(const byte *iv)
Set initial vector.
Definition: os0enc.cc:1510
dberr_t decrypt_log_block(byte *buf) const noexcept
Decrypt the log block (OS_FILE_LOG_BLOCK_SIZE bytes) in place.
Definition: os0enc.cc:1125
bool encrypt_low(byte *src, ulint src_len, byte *dst, ulint *dst_len) const noexcept
Encrypt the page data contents.
Definition: os0enc.cc:951
Type
Algorithm types supported.
Definition: os0enc.h:57
@ AES
Use AES.
Definition: os0enc.h:63
@ NONE
No encryption.
Definition: os0enc.h:60
static bool is_encrypted_page(const byte *page) noexcept
Check if page is encrypted page or not.
Definition: os0enc.cc:761
Encryption & operator=(const Encryption &)=default
static uint32_t get_master_key_id()
Get master key id.
Definition: os0enc.cc:1512
void set_key(const byte *key)
Set encryption key.
Definition: os0enc.cc:1504
static constexpr size_t MAGIC_SIZE
Encryption magic bytes size.
Definition: os0enc.h:123
static constexpr char KEY_MAGIC_V1[]
Encryption magic bytes for 5.7.11, it's for checking the encryption information version.
Definition: os0enc.h:103
static constexpr char MASTER_KEY_PREFIX[]
Encryption master key prifix.
Definition: os0enc.h:114
dberr_t decrypt_log(byte *buf, size_t buf_len) const noexcept
Decrypt the redo log data blocks in place.
Definition: os0enc.cc:1210
static dberr_t validate(const char *option) noexcept
Validate the algorithm string.
Definition: ha_innodb.cc:2663
Encryption(Type type) noexcept
Specific constructor.
Definition: os0enc.h:167
static constexpr size_t DECRYPT_IN_PROGRESS
Decryption in progress.
Definition: os0enc.h:157
const byte * m_key
Encrypt key.
Definition: os0enc.h:429
static constexpr char DEFAULT_MASTER_KEY[]
Default master key for bootstrap.
Definition: os0enc.h:120
Resume_point
Encryption operation resume point after server restart.
Definition: os0enc.h:90
static bool is_encrypted_with_v3(const byte *encryption_info) noexcept
Checks if encryption info bytes represent data encrypted by version V3 of the encryption mechanism.
Definition: os0enc.cc:619
static std::vector< space_id_t > s_tablespaces_to_reencrypt
Tablespaces whose key needs to be reencrypted.
Definition: os0enc.h:160
void set_key_length(ulint klen)
Set key length.
Definition: os0enc.cc:1508
Progress
Encryption progress type.
Definition: os0enc.h:80
bool encrypt_log(byte *src, size_t src_len, byte *dst) const noexcept
Encrypt the redo log data blocks.
Definition: os0enc.cc:906
static bool check_keyring() noexcept
Check if keyring plugin loaded.
Definition: os0enc.cc:1434
static const char * to_string(Type type) noexcept
Convert to a "string".
Definition: os0enc.cc:218
static bool is_encrypted_with_version(const byte *encryption_info, const char *version_magic_bytes) noexcept
Checks if encryption info bytes represent data encrypted by the given version of the encryption mecha...
Definition: os0enc.cc:613
Type m_type
Encrypt type.
Definition: os0enc.h:426
Encryption(const Encryption &other) noexcept=default
Copy constructor.
static uint32_t s_master_key_id
Current master key id.
Definition: os0enc.h:438
void set_type(Type type)
Set encryption type.
Definition: os0enc.cc:1502
static char s_uuid[SERVER_UUID_LEN+1]
Current uuid of server instance.
Definition: os0enc.h:441
static bool is_encrypted_log(const byte *block) noexcept
Check if a log block is encrypted or not.
Definition: os0enc.cc:769
static bool fill_encryption_info(const Encryption_metadata &encryption_metadata, bool encrypt_key, byte *encrypt_info) noexcept
Fill the encryption information.
Definition: os0enc.cc:451
ulint m_klen
Encrypt key length.
Definition: os0enc.h:432
static bool decode_encryption_info(Encryption_metadata &encryption_metadata, const byte *encryption_info, bool decrypt_key) noexcept
Decoding the encryption info from the given array of bytes, which are assumed not to be related to an...
Definition: os0enc.cc:629
static constexpr size_t PROGRESS_INFO_SIZE
Encryption Progress information size.
Definition: os0enc.h:151
static constexpr size_t INFO_SIZE
Encryption information total size: magic number + master_key_id + key + iv + server_uuid + checksum.
Definition: os0enc.h:136
static const byte * get_master_key_from_info(const byte *encrypt_info, Version version, uint32_t *m_key_id, char *srv_uuid, byte **master_key) noexcept
Get master key from encryption information.
Definition: os0enc.cc:532
void set(const struct Encryption_metadata &metadata) noexcept
Uses metadata to configure this instance.
Definition: os0enc.cc:211
static bool is_encrypted(const byte *encryption_info) noexcept
Checks if encryption info bytes represent data encrypted by any of known versions of the encryption m...
Definition: os0enc.cc:623
static constexpr size_t MASTER_KEY_NAME_MAX_LEN
Encryption master key prifix size.
Definition: os0enc.h:129
static constexpr char KEY_MAGIC_V2[]
Encryption magic bytes for 5.7.12+, it's for checking the encryption information version.
Definition: os0enc.h:107
@ VERSION_3
Version in > 8.0.4.
Definition: os0enc.h:76
@ VERSION_1
Version in 5.7.11.
Definition: os0enc.h:70
@ VERSION_2
Version in > 5.7.11.
Definition: os0enc.h:73
byte * encrypt(const IORequest &type, byte *src, ulint src_len, byte *dst, ulint *dst_len) const noexcept
Encrypt the page data contents.
Definition: os0enc.cc:1074
static constexpr size_t INFO_MAX_SIZE
Maximum size of Encryption information considering all formats v1, v2 & v3.
Definition: os0enc.h:142
static constexpr size_t ENCRYPT_IN_PROGRESS
Flag bit to indicate if Encryption/Decryption is in progress.
Definition: os0enc.h:154
Encryption() noexcept
Default constructor.
Definition: os0enc.h:163
static constexpr size_t KEY_LEN
Encryption key length.
Definition: os0enc.h:117
static constexpr uint32_t DEFAULT_MASTER_KEY_ID
Default master key id for bootstrap.
Definition: os0enc.h:145
static void set_or_generate(Type type, byte *key, byte *iv, Encryption_metadata &metadata)
Copy the given encryption metadata to the given Encryption_metadata object, if both key !...
Definition: os0enc.cc:1514
bool encrypt_log_block(byte *src_ptr, byte *dst_ptr) const noexcept
Encrypt the redo log block (OS_FILE_LOG_BLOCK_SIZE bytes).
Definition: os0enc.cc:773
static constexpr size_t MASTER_KEY_PRIFIX_LEN
Encryption master key prifix size.
Definition: os0enc.h:126
ulint get_key_length() const
Get key length.
Definition: os0enc.cc:1506
static void get_master_key(uint32_t master_key_id, char *srv_uuid, byte **master_key) noexcept
Get master key by key id.
Definition: os0enc.cc:278
bool is_none() const noexcept
Check if the encryption algorithm is NONE.
Definition: os0enc.h:382
Type get_type() const
Get encryption type.
Definition: os0enc.cc:1500
static constexpr char KEY_MAGIC_V3[]
Encryption magic bytes for 8.0.5+, it's for checking the encryption information version.
Definition: os0enc.h:111
static constexpr size_t SERVER_UUID_LEN
UUID of server instance, it's needed for composing master key name.
Definition: os0enc.h:132
dberr_t decrypt(const IORequest &type, byte *src, ulint src_len, byte *tmp, ulint tmp_len) const noexcept
Decrypt the page data contents in place.
Definition: os0enc.cc:1243
static void random_value(byte *value) noexcept
Generate random encryption value for key and iv.
Definition: os0enc.cc:231
static constexpr size_t OPERATION_INFO_SIZE
(De)Encryption Operation information size
Definition: os0enc.h:148
static void create_master_key(byte **master_key) noexcept
Create new master key for key rotation.
Definition: os0enc.cc:237
The IO Context that is passed down to the low level IO code.
Definition: os0file.h:262
Class representing a version.
Definition: designator.h:45
int page
Definition: ctype-mb.cc:1236
dberr_t
Definition: db0err.h:39
uint32_t uint32
Definition: my_inttypes.h:67
Definition: buf0block_hint.cc:30
bool init_keyring_services(const mysql_service_registry_t *reg_srv)
Initialize keyring component service handles.
Definition: os0enc.cc:70
void deinit_keyring_services(const mysql_service_registry_t *reg_srv)
Deinitialize keyring component service handles.
Definition: os0enc.cc:124
Definition: ha_innodb.cc:217
required string key
Definition: replication_asynchronous_connection_failover.proto:60
required uint64 version
Definition: replication_group_member_actions.proto:41
required string type
Definition: replication_group_member_actions.proto:34
#define SERVICE_TYPE(name)
Generates the standard Service type name.
Definition: service.h:76
byte * m_key
Encrypt key.
Definition: os0enc.h:463
uint32_t m_master_key_id
Master key id.
Definition: os0enc.h:469
byte * m_iv
Encrypt initial vector.
Definition: os0enc.h:466
static const mysql_service_registry_t * reg_srv
Initialize parameters required for error logging.
Definition: test_plugin.cc:62
unsigned int uint
Definition: uca9-dump.cc:75
Version control for database, common definitions, and include files.
unsigned long int ulint
Definition: univ.i:406
#define ut_error
Abort execution.
Definition: ut0dbg.h:65