24#ifndef KEYRING_ENCRYPTION_SERVICE_IMPL_TEMPLATE_INCLUDED
25#define KEYRING_ENCRYPTION_SERVICE_IMPL_TEMPLATE_INCLUDED
36#include <mysqld_error.h>
49using aes_encryption::Aes_operation_context;
54using operations::Keyring_operations;
56namespace service_implementation {
70 size_t block_size,
size_t *out_size) {
72 if (
mode ==
nullptr || block_size == 0) {
74 ER_NOTE_KEYRING_COMPONENT_AES_INVALID_MODE_BLOCK_SIZE);
80 if (context.valid() ==
false)
return true;
84 LogComponentErr(
ERROR_LEVEL, ER_KEYRING_COMPONENT_EXCEPTION,
"get_size",
113template <
typename Backend,
typename Data_extension = Data>
115 const char *data_id,
const char *auth_id,
const char *
mode,
116 size_t block_size,
const unsigned char *iv,
bool padding,
117 const unsigned char *data_buffer,
size_t data_buffer_length,
118 unsigned char *out_buffer,
size_t out_buffer_length,
size_t *out_length,
126 if (
mode ==
nullptr || block_size == 0) {
128 ER_NOTE_KEYRING_COMPONENT_AES_INVALID_MODE_BLOCK_SIZE);
132 if (data_id ==
nullptr) {
134 ER_NOTE_KEYRING_COMPONENT_AES_DATA_IDENTIFIER_EMPTY);
141 size_t required_out_buffer_size =
143 if (out_buffer ==
nullptr || required_out_buffer_size > out_buffer_length) {
148 size_t key_length = 0;
149 size_t key_type_length = 0;
150 std::unique_ptr<Iterator<Data_extension>> it;
151 int retval = init_reader_template<Backend, Data_extension>(
152 data_id, auth_id, it, keyring_operations, callbacks);
154 (void)deinit_reader_template<Backend, Data_extension>(
155 it, keyring_operations, callbacks);
161 if (fetch_length_template<Backend, Data_extension>(
162 it, &key_length, &key_type_length, keyring_operations, callbacks) ==
168 std::unique_ptr<unsigned char[]> key_buffer =
169 std::make_unique<unsigned char[]>(key_length);
170 if (key_buffer.get() ==
nullptr) {
171 LogComponentErr(
ERROR_LEVEL, ER_KEYRING_COMPONENT_MEMORY_ALLOCATION_ERROR,
172 "key buffer",
"encrypt",
"keyring_aes");
175 char key_type_buffer[32] = {0};
176 size_t dummy_key_buffer_size, dummy_key_type_buffer_size;
178 if (fetch_template<Backend, Data_extension>(
179 it, key_buffer.get(), key_length, &dummy_key_buffer_size,
180 key_type_buffer, 32, &dummy_key_type_buffer_size,
181 keyring_operations, callbacks) ==
true) {
186 std::string
key_type(key_type_buffer);
191 ER_NOTE_KEYRING_COMPONENT_AES_INVALID_KEY, data_id,
192 (auth_id ==
nullptr || !*auth_id) ?
"NULL" : auth_id);
197 aes_encrypt(data_buffer, (
unsigned int)data_buffer_length, out_buffer,
198 key_buffer.get(), (
unsigned int)key_length, opmode, iv,
199 padding, out_length);
202 std::stringstream ss;
205 ss <<
"'Output size buffer is NULL'";
208 ss <<
"'Key transformation error'";
211 ss <<
"'Failed to allocate memory for encryption context'";
214 ss <<
"'Invalid block mode'";
217 ss <<
"'IV is empty'";
220 ss <<
"'Could not complete operation'";
223 ss <<
"'Unknown error number: '" << ret;
226 std::string ss_str = ss.str();
228 ER_NOTE_KEYRING_COMPONENT_AES_OPERATION_ERROR,
229 ss_str.c_str(),
"encrypt", data_id,
230 (auth_id ==
nullptr || *auth_id) ?
"NULL" : auth_id);
237 LogComponentErr(
ERROR_LEVEL, ER_KEYRING_COMPONENT_EXCEPTION,
"encrypt",
266template <
typename Backend,
typename Data_extension = Data>
268 const char *data_id,
const char *auth_id,
const char *
mode,
269 size_t block_size,
const unsigned char *iv,
bool padding,
270 const unsigned char *data_buffer,
size_t data_buffer_length,
271 unsigned char *out_buffer,
size_t out_buffer_length,
size_t *out_length,
279 if (
mode ==
nullptr || block_size == 0) {
281 ER_NOTE_KEYRING_COMPONENT_AES_INVALID_MODE_BLOCK_SIZE);
285 if (data_id ==
nullptr) {
287 ER_NOTE_KEYRING_COMPONENT_AES_DATA_IDENTIFIER_EMPTY);
295 if (out_buffer ==
nullptr || data_buffer_length > out_buffer_length) {
300 size_t key_length = 0;
301 size_t key_type_length = 0;
302 std::unique_ptr<Iterator<Data_extension>> it;
303 int retval = init_reader_template<Backend, Data_extension>(
304 data_id, auth_id, it, keyring_operations, callbacks);
306 (void)deinit_reader_template<Backend, Data_extension>(
307 it, keyring_operations, callbacks);
313 if (fetch_length_template<Backend, Data_extension>(
314 it, &key_length, &key_type_length, keyring_operations, callbacks) ==
320 std::unique_ptr<unsigned char[]> key_buffer =
321 std::make_unique<unsigned char[]>(key_length);
322 if (key_buffer.get() ==
nullptr) {
323 LogComponentErr(
ERROR_LEVEL, ER_KEYRING_COMPONENT_MEMORY_ALLOCATION_ERROR,
324 "key buffer",
"decrypt",
"keyring_aes");
327 char key_type_buffer[32] = {0};
328 size_t dummy_key_buffer_size, dummy_key_type_buffer_size;
330 if (fetch_template<Backend, Data_extension>(
331 it, key_buffer.get(), key_length, &dummy_key_buffer_size,
332 key_type_buffer, 32, &dummy_key_type_buffer_size,
333 keyring_operations, callbacks) ==
true) {
338 std::string
key_type(key_type_buffer);
343 ER_NOTE_KEYRING_COMPONENT_AES_INVALID_KEY, data_id,
344 (auth_id ==
nullptr || !*auth_id) ?
"NULL" : auth_id);
349 aes_decrypt(data_buffer, (
unsigned int)data_buffer_length, out_buffer,
350 key_buffer.get(), (
unsigned int)key_length, opmode, iv,
351 padding, out_length);
354 std::stringstream ss;
357 ss <<
"'Output size buffer is NULL'";
360 ss <<
"'Key transformation error'";
363 ss <<
"'Failed to allocate memory for encryption context'";
366 ss <<
"'Invalid block mode'";
369 ss <<
"'IV is empty'";
372 ss <<
"'Could not complete operation'";
375 ss <<
"'Unknown error number: '" << ret;
378 std::string ss_str = ss.str();
380 ER_NOTE_KEYRING_COMPONENT_AES_OPERATION_ERROR,
381 ss_str.c_str(),
"decrypt", data_id,
382 (auth_id ==
nullptr || *auth_id) ?
"NULL" : auth_id);
389 LogComponentErr(
ERROR_LEVEL, ER_KEYRING_COMPONENT_EXCEPTION,
"decrypt",
Keyring_aes_opmode opmode() const
Definition: aes.h:70
Keyring operations A class to perform operations on keyring.
Definition: operations.h:483
Definition: service_requirements.h:36
bool keyring_initialized()
Keyring component status.
Definition: component_callbacks.cc:29
@ ERROR_LEVEL
Definition: my_loglevel.h:43
@ INFORMATION_LEVEL
Definition: my_loglevel.h:45
bool transform(const dd::Spatial_reference_system *source_srs, const Geometry &in, const dd::Spatial_reference_system *target_srs, const char *func_name, std::unique_ptr< Geometry > *out) noexcept
Transforms a geometry from one SRS to another.
Definition: transform.cc:216
int key_type
Definition: method.h:38
aes_return_status
Definition: aes.h:49
@ AES_OP_OK
Definition: aes.h:50
@ AES_DECRYPTION_ERROR
Definition: aes.h:57
@ AES_IV_EMPTY
Definition: aes.h:55
@ AES_CTX_ALLOCATION_ERROR
Definition: aes.h:53
@ AES_INVALID_BLOCK_MODE
Definition: aes.h:54
@ AES_KEY_TRANSFORMATION_ERROR
Definition: aes.h:52
@ AES_OUTPUT_SIZE_NULL
Definition: aes.h:51
@ AES_ENCRYPTION_ERROR
Definition: aes.h:56
aes_return_status aes_decrypt(const unsigned char *source, unsigned int source_length, unsigned char *dest, const unsigned char *key, unsigned int key_length, enum Keyring_aes_opmode mode, const unsigned char *iv, bool padding, size_t *decrypted_length)
Definition: aes.cc:191
aes_return_status aes_encrypt(const unsigned char *source, unsigned int source_length, unsigned char *dest, const unsigned char *key, unsigned int key_length, Keyring_aes_opmode mode, const unsigned char *iv, bool padding, size_t *encrypted_length)
Definition: aes.cc:141
Keyring_aes_opmode
Supported AES cipher/block mode combos.
Definition: aes.h:38
size_t get_ciphertext_size(size_t input_size, const Keyring_aes_opmode mode)
Definition: aes.cc:131
bool aes_decrypt_template(const char *data_id, const char *auth_id, const char *mode, size_t block_size, const unsigned char *iv, bool padding, const unsigned char *data_buffer, size_t data_buffer_length, unsigned char *out_buffer, size_t out_buffer_length, size_t *out_length, Keyring_operations< Backend, Data_extension > &keyring_operations, Component_callbacks &callbacks)
Decrypt given piece ciphertext.
Definition: keyring_encryption_service_impl_template.h:267
bool aes_get_encrypted_size_template(size_t input_length, const char *mode, size_t block_size, size_t *out_size)
Retrieve required out buffer length information.
Definition: keyring_encryption_service_impl_template.h:69
bool aes_encrypt_template(const char *data_id, const char *auth_id, const char *mode, size_t block_size, const unsigned char *iv, bool padding, const unsigned char *data_buffer, size_t data_buffer_length, unsigned char *out_buffer, size_t out_buffer_length, size_t *out_length, Keyring_operations< Backend, Data_extension > &keyring_operations, Component_callbacks &callbacks)
Encrypt given piece of plaintext.
Definition: keyring_encryption_service_impl_template.h:114
Definition: keyring_encryption_service_definition.h:32
char tolower(const char &ch)
Definition: parsing_helpers.h:41
mode
Definition: file_handle.h:61
Scope_guard< TLambda > create_scope_guard(const TLambda rollback_lambda)
Create a scope guard object.
Definition: scope_guard.h:113