MySQL 8.1.0
Source Code Documentation
os0enc.h
Go to the documentation of this file.
1/***********************************************************************
2
3Copyright (c) 2019, 2023, Oracle and/or its affiliates.
4
5This program is free software; you can redistribute it and/or modify
6it under the terms of the GNU General Public License, version 2.0,
7as published by the Free Software Foundation.
8
9This program is also distributed with certain software (including
10but not limited to OpenSSL) that is licensed under separate terms,
11as designated in a particular file or component or in included license
12documentation. The authors of MySQL hereby grant you an additional
13permission to link the program and your derivative works with the
14separately licensed software that they have included with MySQL.
15
16This program is distributed in the hope that it will be useful,
17but WITHOUT ANY WARRANTY; without even the implied warranty of
18MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19GNU General Public License, version 2.0, for more details.
20
21You should have received a copy of the GNU General Public License
22along with this program; if not, write to the Free Software
23Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24
25***********************************************************************/
26
27/** @file include/os0enc.h
28 Page encryption infrastructure. */
29
30#ifndef os0enc_h
31#define os0enc_h
32
34#include "univ.i"
35
36namespace innobase {
37namespace encryption {
38
40
42} // namespace encryption
43} // namespace innobase
44
45// Forward declaration.
46class IORequest;
47struct Encryption_key;
48
49// Forward declaration.
51
52/** Encryption algorithm. */
54 public:
55 /** Algorithm types supported */
56 enum Type {
57
58 /** No encryption */
59 NONE = 0,
60
61 /** Use AES */
62 AES = 1,
63 };
64
65 /** Encryption information format version */
66 enum Version {
67
68 /** Version in 5.7.11 */
70
71 /** Version in > 5.7.11 */
73
74 /** Version in > 8.0.4 */
76 };
77
78 /** Encryption progress type. */
79 enum class Progress {
80 /* Space encryption in progress */
82 /* Space decryption in progress */
84 /* Nothing in progress */
85 NONE
86 };
87
88 /** Encryption operation resume point after server restart. */
89 enum class Resume_point {
90 /* Resume from the beginning. */
91 INIT,
92 /* Resume processing. */
93 PROCESS,
94 /* Operation has ended. */
95 END,
96 /* All done. */
97 DONE
98 };
99
100 /** Encryption magic bytes for 5.7.11, it's for checking the encryption
101 information version. */
102 static constexpr char KEY_MAGIC_V1[] = "lCA";
103
104 /** Encryption magic bytes for 5.7.12+, it's for checking the encryption
105 information version. */
106 static constexpr char KEY_MAGIC_V2[] = "lCB";
107
108 /** Encryption magic bytes for 8.0.5+, it's for checking the encryption
109 information version. */
110 static constexpr char KEY_MAGIC_V3[] = "lCC";
111
112 /** Encryption master key prifix */
113 static constexpr char MASTER_KEY_PREFIX[] = "INNODBKey";
114
115 /** Encryption key length */
116 static constexpr size_t KEY_LEN = 32;
117
118 /** Default master key for bootstrap */
119 static constexpr char DEFAULT_MASTER_KEY[] = "DefaultMasterKey";
120
121 /** Encryption magic bytes size */
122 static constexpr size_t MAGIC_SIZE = 3;
123
124 /** Encryption master key prifix size */
125 static constexpr size_t MASTER_KEY_PRIFIX_LEN = 9;
126
127 /** Encryption master key prifix size */
128 static constexpr size_t MASTER_KEY_NAME_MAX_LEN = 100;
129
130 /** UUID of server instance, it's needed for composing master key name */
131 static constexpr size_t SERVER_UUID_LEN = 36;
132
133 /** Encryption information total size: magic number + master_key_id +
134 key + iv + server_uuid + checksum */
135 static constexpr size_t INFO_SIZE =
136 (MAGIC_SIZE + sizeof(uint32) + (KEY_LEN * 2) + SERVER_UUID_LEN +
137 sizeof(uint32));
138
139 /** Maximum size of Encryption information considering all
140 formats v1, v2 & v3. */
141 static constexpr size_t INFO_MAX_SIZE = INFO_SIZE + sizeof(uint32);
142
143 /** Default master key id for bootstrap */
144 static constexpr uint32_t DEFAULT_MASTER_KEY_ID = 0;
145
146 /** (De)Encryption Operation information size */
147 static constexpr size_t OPERATION_INFO_SIZE = 1;
148
149 /** Encryption Progress information size */
150 static constexpr size_t PROGRESS_INFO_SIZE = sizeof(uint);
151
152 /** Flag bit to indicate if Encryption/Decryption is in progress */
153 static constexpr size_t ENCRYPT_IN_PROGRESS = 1 << 0;
154
155 /** Decryption in progress. */
156 static constexpr size_t DECRYPT_IN_PROGRESS = 1 << 1;
157
158 /** Tablespaces whose key needs to be reencrypted */
159 static std::vector<space_id_t> s_tablespaces_to_reencrypt;
160
161 /** Default constructor */
162 Encryption() noexcept : m_type(NONE) {}
163
164 /** Specific constructor
165 @param[in] type Algorithm type */
166 explicit Encryption(Type type) noexcept : m_type(type) {
167#ifdef UNIV_DEBUG
168 switch (m_type) {
169 case NONE:
170 case AES:
171
172 default:
173 ut_error;
174 }
175#endif /* UNIV_DEBUG */
176 }
177
178 /** Copy constructor */
179 Encryption(const Encryption &other) noexcept = default;
180
181 Encryption &operator=(const Encryption &) = default;
182
183 /** Check if page is encrypted page or not
184 @param[in] page page to check
185 @return true if it is an encrypted page */
186 [[nodiscard]] static bool is_encrypted_page(const byte *page) noexcept;
187
188 /** Check if a log block is encrypted or not
189 @param[in] block block to check
190 @return true if it is an encrypted block */
191 [[nodiscard]] static bool is_encrypted_log(const byte *block) noexcept;
192
193 /** Validate the algorithm string.
194 @param[in] option Encryption option
195 @return DB_SUCCESS or error code */
196 [[nodiscard]] static dberr_t validate(const char *option) noexcept;
197
198 /** Convert to a "string".
199 @param[in] type The encryption type
200 @return the string representation */
201 [[nodiscard]] static const char *to_string(Type type) noexcept;
202
203 /** Check if the string is "empty" or "none".
204 @param[in] algorithm Encryption algorithm to check
205 @return true if no algorithm requested */
206 [[nodiscard]] static bool is_none(const char *algorithm) noexcept;
207
208 /** Generate random encryption value for key and iv.
209 @param[in,out] value Encryption value */
210 static void random_value(byte *value) noexcept;
211
212 /** Copy the given encryption metadata to the given Encryption_metadata
213 object, if both key != nullptr and iv != nullptr. Generate randomly the
214 new metadata, if both key == nullptr and iv == nullptr, and store it to
215 the given Encryption_metadata object. Cannot be called with key, iv such
216 that: (key == nullptr) != (iv == nullptr).
217 @param[in] type encryption algorithm type to store
218 @param[in] key encryption key to copy or nullptr to generate
219 @param[in] iv encryption iv to copy or nullptr to generate
220 @param[out] metadata filled Encryption_metadata object */
221 static void set_or_generate(Type type, byte *key, byte *iv,
222 Encryption_metadata &metadata);
223
224 /** Create new master key for key rotation.
225 @param[in,out] master_key master key */
226 static void create_master_key(byte **master_key) noexcept;
227
228 /** Get master key by key id.
229 @param[in] master_key_id master key id
230 @param[in] srv_uuid uuid of server instance
231 @param[in,out] master_key master key */
232 static void get_master_key(uint32_t master_key_id, char *srv_uuid,
233 byte **master_key) noexcept;
234
235 /** Get current master key and key id.
236 @param[in,out] master_key_id master key id
237 @param[in,out] master_key master key */
238 static void get_master_key(uint32_t *master_key_id,
239 byte **master_key) noexcept;
240
241 /** Fill the encryption information.
242 @param[in] encryption_metadata encryption metadata (key,iv)
243 @param[in] encrypt_key encrypt with master key
244 @param[out] encrypt_info encryption information
245 @return true if success. */
246 static bool fill_encryption_info(
247 const Encryption_metadata &encryption_metadata, bool encrypt_key,
248 byte *encrypt_info) noexcept;
249
250 /** Get master key from encryption information
251 @param[in] encrypt_info encryption information
252 @param[in] version version of encryption information
253 @param[in,out] m_key_id master key id
254 @param[in,out] srv_uuid server uuid
255 @param[in,out] master_key master key
256 @return position after master key id or uuid, or the old position
257 if can't get the master key. */
258 static const byte *get_master_key_from_info(const byte *encrypt_info,
260 uint32_t *m_key_id,
261 char *srv_uuid,
262 byte **master_key) noexcept;
263
264 /** Checks if encryption info bytes represent data encrypted by the given
265 version of the encryption mechanism.
266 @param[in] encryption_info encryption info bytes
267 @param[in] version_magic_bytes magic bytes which represent version
268 of the encryption mechanism, for example:
269 Encryption::KEY_MAGIC_V3
270 @return result of the check */
271 static bool is_encrypted_with_version(
272 const byte *encryption_info, const char *version_magic_bytes) noexcept;
273
274 /** Checks if encryption info bytes represent data encrypted by version V3
275 of the encryption mechanism.
276 @param[in] encryption_info encryption info bytes
277 @return result of the check */
278 static bool is_encrypted_with_v3(const byte *encryption_info) noexcept;
279
280 /** Checks if encryption info bytes represent data encrypted by any of known
281 versions of the encryption mechanism. Note, that if the encryption_info is
282 read from file created by a newer MySQL version, it could be considered to be
283 unknown for this MySQL version, and this function would return false.
284 @param[in] encryption_info encryption info bytes
285 @return result of the check */
286 static bool is_encrypted(const byte *encryption_info) noexcept;
287
288 /** Decoding the encryption info from the given array of bytes,
289 which are assumed not to be related to any particular tablespace.
290 @param[out] encryption_metadata decoded encryption metadata
291 @param[in] encryption_info encryption info to decode
292 @param[in] decrypt_key decrypt key using master key
293 @return true if success */
294 static bool decode_encryption_info(Encryption_metadata &encryption_metadata,
295 const byte *encryption_info,
296 bool decrypt_key) noexcept;
297
298 /** Decoding the encryption info from the given array of bytes,
299 which are assumed to be related to a given tablespace (unless
300 space_id == dict_sys_t::s_invalid_space_id). The given tablespace
301 is noted down in s_tablespaces_to_reencrypt if the encryption info
302 became successfully decrypted using the master key and the space_id
303 is not dict_sys_t::s_invalid_space_id. For such tablespaces the
304 encryption info is later re-encrypted using the rotated master key
305 in innobase_dict_recover().
306 @param[in] space_id Tablespace id
307 @param[in,out] e_key key, iv
308 @param[in] encryption_info encryption info to decode
309 @param[in] decrypt_key decrypt key using master key
310 @return true if success */
311 static bool decode_encryption_info(space_id_t space_id, Encryption_key &e_key,
312 const byte *encryption_info,
313 bool decrypt_key) noexcept;
314
315 /** Encrypt the redo log block (OS_FILE_LOG_BLOCK_SIZE bytes).
316 @param[in,out] src_ptr redo log block to encrypt
317 @param[in,out] dst_ptr destination area, must not overlap with src_ptr
318 @return true if success. */
319 bool encrypt_log_block(byte *src_ptr, byte *dst_ptr) const noexcept;
320
321 /** Encrypt the redo log data blocks.
322 On success the buffer provided by caller as dst will contain src_len bytes
323 of encrypted redo log.
324 @param[in,out] src pointer to the first block to encrypt
325 @param[in] src_len size of the source in bytes, must be a multiple of
326 OS_FILE_LOG_BLOCK_SIZE
327 @param[in,out] dst destination area.
328 Must be at least src_len bytes long.
329 Must not overlap with src.
330 @return true on success */
331 bool encrypt_log(byte *src, size_t src_len, byte *dst) const noexcept;
332
333 /** Encrypt the page data contents. Page type can't be
334 FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED,
335 FIL_PAGE_ENCRYPTED_RTREE.
336 @param[in] type IORequest
337 @param[in,out] src page data to encrypt
338 @param[in] src_len size of the source in bytes
339 @param[in,out] dst destination area
340 @param[in,out] dst_len size of the destination in bytes
341 @return buffer data, dst_len will have the length of the data */
342 [[nodiscard]] byte *encrypt(const IORequest &type, byte *src, ulint src_len,
343 byte *dst, ulint *dst_len) const noexcept;
344
345 /** Decrypt the log block (OS_FILE_LOG_BLOCK_SIZE bytes) in place.
346 @param[in,out] buf a buffer which contains a single redo log block to be
347 decrypted in place
348 @return DB_SUCCESS or error code */
349 dberr_t decrypt_log_block(byte *buf) const noexcept;
350
351 /** Decrypt the redo log data blocks in place.
352 @param[in,out] buf pointer to the first block to decrypt in place
353 @param[in] buf_len lenght of the buffer in bytes, must be a multiple of
354 OS_FILE_LOG_BLOCK_SIZE
355 @return DB_SUCCESS or error code */
356 dberr_t decrypt_log(byte *buf, size_t buf_len) const noexcept;
357
358 /** Decrypt the page data contents in place. Page type must be
359 FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED,
360 FIL_PAGE_ENCRYPTED_RTREE, if not then the source contents are
361 left unchanged and DB_SUCCESS is returned.
362 @param[in] type IORequest
363 @param[in,out] src data read from disk, decrypt
364 data will be copied to this page
365 @param[in] src_len source data length
366 @param[in,out] tmp scratch area to use for decrypt
367 @param[in] tmp_len size of the scratch area in bytes
368 @return DB_SUCCESS or error code */
369 [[nodiscard]] dberr_t decrypt(const IORequest &type, byte *src, ulint src_len,
370 byte *tmp, ulint tmp_len) const noexcept;
371
372 /** Check if keyring plugin loaded. */
373 static bool check_keyring() noexcept;
374
375 /** Get encryption type
376 @return encryption type **/
377 Type get_type() const;
378
379 /** Check if the encryption algorithm is NONE.
380 @return true if no algorithm is set, false otherwise. */
381 [[nodiscard]] bool is_none() const noexcept { return m_type == NONE; }
382
383 /** Set encryption type
384 @param[in] type encryption type **/
385 void set_type(Type type);
386
387 /** Set encryption key
388 @param[in] key encryption key **/
389 void set_key(const byte *key);
390
391 /** Get key length
392 @return key length **/
393 ulint get_key_length() const;
394
395 /** Set key length
396 @param[in] klen key length **/
397 void set_key_length(ulint klen);
398
399 /** Set initial vector
400 @param[in] iv initial_vector **/
401 void set_initial_vector(const byte *iv);
402
403 /** Uses metadata to configure this instance. Caller must ensure that the
404 metadata is not freed before this instance, because iv and key will reference
405 those inside metadata object. The key_len and type are copied by value. */
406 void set(const struct Encryption_metadata &metadata) noexcept;
407
408 /** Get master key id
409 @return master key id **/
410 static uint32_t get_master_key_id();
411
412 private:
413 /** Encrypt the page data contents. Page type can't be
414 FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED,
415 FIL_PAGE_ENCRYPTED_RTREE.
416 @param[in] src page data to encrypt
417 @param[in] src_len size of the source in bytes
418 @param[in,out] dst destination area
419 @param[in,out] dst_len size of the destination in bytes
420 @return true if operation successful, false otherwise. */
421 [[nodiscard]] bool encrypt_low(byte *src, ulint src_len, byte *dst,
422 ulint *dst_len) const noexcept;
423
424 /** Encrypt type */
426
427 /** Encrypt key */
428 const byte *m_key;
429
430 /** Encrypt key length*/
432
433 /** Encrypt initial vector */
434 const byte *m_iv;
435
436 /** Current master key id */
437 static uint32_t s_master_key_id;
438
439 /** Current uuid of server instance */
440 static char s_uuid[SERVER_UUID_LEN + 1];
441};
442
443/** Encryption metadata. */
445 /** Encrypt type */
447
448 /** Encrypt key */
450
451 /** Encrypt key length */
452 size_t m_key_len{0};
453
454 /** Encrypt initial vector */
456
457 bool can_encrypt() const { return m_type != Encryption::NONE; }
458};
459
461 /** Encrypt key */
462 byte *m_key;
463
464 /** Encrypt initial vector */
465 byte *m_iv;
466
467 /** Master key id */
469};
470#endif /* os0enc_h */
uint32_t space_id_t
Tablespace identifier.
Definition: api0api.h:50
Encryption algorithm.
Definition: os0enc.h:53
const byte * m_iv
Encrypt initial vector.
Definition: os0enc.h:434
void set_initial_vector(const byte *iv)
Set initial vector.
Definition: os0enc.cc:1496
dberr_t decrypt_log_block(byte *buf) const noexcept
Decrypt the log block (OS_FILE_LOG_BLOCK_SIZE bytes) in place.
Definition: os0enc.cc:1109
bool encrypt_low(byte *src, ulint src_len, byte *dst, ulint *dst_len) const noexcept
Encrypt the page data contents.
Definition: os0enc.cc:935
Type
Algorithm types supported.
Definition: os0enc.h:56
@ AES
Use AES.
Definition: os0enc.h:62
@ NONE
No encryption.
Definition: os0enc.h:59
static bool is_encrypted_page(const byte *page) noexcept
Check if page is encrypted page or not.
Definition: os0enc.cc:759
Encryption & operator=(const Encryption &)=default
static uint32_t get_master_key_id()
Get master key id.
Definition: os0enc.cc:1498
void set_key(const byte *key)
Set encryption key.
Definition: os0enc.cc:1490
static constexpr size_t MAGIC_SIZE
Encryption magic bytes size.
Definition: os0enc.h:122
static constexpr char KEY_MAGIC_V1[]
Encryption magic bytes for 5.7.11, it's for checking the encryption information version.
Definition: os0enc.h:102
static constexpr char MASTER_KEY_PREFIX[]
Encryption master key prifix.
Definition: os0enc.h:113
dberr_t decrypt_log(byte *buf, size_t buf_len) const noexcept
Decrypt the redo log data blocks in place.
Definition: os0enc.cc:1196
static dberr_t validate(const char *option) noexcept
Validate the algorithm string.
Definition: ha_innodb.cc:2659
Encryption(Type type) noexcept
Specific constructor.
Definition: os0enc.h:166
static constexpr size_t DECRYPT_IN_PROGRESS
Decryption in progress.
Definition: os0enc.h:156
const byte * m_key
Encrypt key.
Definition: os0enc.h:428
static constexpr char DEFAULT_MASTER_KEY[]
Default master key for bootstrap.
Definition: os0enc.h:119
Resume_point
Encryption operation resume point after server restart.
Definition: os0enc.h:89
static bool is_encrypted_with_v3(const byte *encryption_info) noexcept
Checks if encryption info bytes represent data encrypted by version V3 of the encryption mechanism.
Definition: os0enc.cc:617
static std::vector< space_id_t > s_tablespaces_to_reencrypt
Tablespaces whose key needs to be reencrypted.
Definition: os0enc.h:159
void set_key_length(ulint klen)
Set key length.
Definition: os0enc.cc:1494
Progress
Encryption progress type.
Definition: os0enc.h:79
bool encrypt_log(byte *src, size_t src_len, byte *dst) const noexcept
Encrypt the redo log data blocks.
Definition: os0enc.cc:890
static bool check_keyring() noexcept
Check if keyring plugin loaded.
Definition: os0enc.cc:1420
static const char * to_string(Type type) noexcept
Convert to a "string".
Definition: os0enc.cc:216
static bool is_encrypted_with_version(const byte *encryption_info, const char *version_magic_bytes) noexcept
Checks if encryption info bytes represent data encrypted by the given version of the encryption mecha...
Definition: os0enc.cc:611
Type m_type
Encrypt type.
Definition: os0enc.h:425
Encryption(const Encryption &other) noexcept=default
Copy constructor.
static uint32_t s_master_key_id
Current master key id.
Definition: os0enc.h:437
void set_type(Type type)
Set encryption type.
Definition: os0enc.cc:1488
static char s_uuid[SERVER_UUID_LEN+1]
Current uuid of server instance.
Definition: os0enc.h:440
static bool is_encrypted_log(const byte *block) noexcept
Check if a log block is encrypted or not.
Definition: os0enc.cc:767
static bool fill_encryption_info(const Encryption_metadata &encryption_metadata, bool encrypt_key, byte *encrypt_info) noexcept
Fill the encryption information.
Definition: os0enc.cc:449
ulint m_klen
Encrypt key length.
Definition: os0enc.h:431
static bool decode_encryption_info(Encryption_metadata &encryption_metadata, const byte *encryption_info, bool decrypt_key) noexcept
Decoding the encryption info from the given array of bytes, which are assumed not to be related to an...
Definition: os0enc.cc:627
static constexpr size_t PROGRESS_INFO_SIZE
Encryption Progress information size.
Definition: os0enc.h:150
static constexpr size_t INFO_SIZE
Encryption information total size: magic number + master_key_id + key + iv + server_uuid + checksum.
Definition: os0enc.h:135
static const byte * get_master_key_from_info(const byte *encrypt_info, Version version, uint32_t *m_key_id, char *srv_uuid, byte **master_key) noexcept
Get master key from encryption information.
Definition: os0enc.cc:530
void set(const struct Encryption_metadata &metadata) noexcept
Uses metadata to configure this instance.
Definition: os0enc.cc:209
static bool is_encrypted(const byte *encryption_info) noexcept
Checks if encryption info bytes represent data encrypted by any of known versions of the encryption m...
Definition: os0enc.cc:621
static constexpr size_t MASTER_KEY_NAME_MAX_LEN
Encryption master key prifix size.
Definition: os0enc.h:128
static constexpr char KEY_MAGIC_V2[]
Encryption magic bytes for 5.7.12+, it's for checking the encryption information version.
Definition: os0enc.h:106
@ VERSION_3
Version in > 8.0.4.
Definition: os0enc.h:75
@ VERSION_1
Version in 5.7.11.
Definition: os0enc.h:69
@ VERSION_2
Version in > 5.7.11.
Definition: os0enc.h:72
byte * encrypt(const IORequest &type, byte *src, ulint src_len, byte *dst, ulint *dst_len) const noexcept
Encrypt the page data contents.
Definition: os0enc.cc:1058
static constexpr size_t INFO_MAX_SIZE
Maximum size of Encryption information considering all formats v1, v2 & v3.
Definition: os0enc.h:141
static constexpr size_t ENCRYPT_IN_PROGRESS
Flag bit to indicate if Encryption/Decryption is in progress.
Definition: os0enc.h:153
Encryption() noexcept
Default constructor.
Definition: os0enc.h:162
static constexpr size_t KEY_LEN
Encryption key length.
Definition: os0enc.h:116
static constexpr uint32_t DEFAULT_MASTER_KEY_ID
Default master key id for bootstrap.
Definition: os0enc.h:144
static void set_or_generate(Type type, byte *key, byte *iv, Encryption_metadata &metadata)
Copy the given encryption metadata to the given Encryption_metadata object, if both key !...
Definition: os0enc.cc:1500
bool encrypt_log_block(byte *src_ptr, byte *dst_ptr) const noexcept
Encrypt the redo log block (OS_FILE_LOG_BLOCK_SIZE bytes).
Definition: os0enc.cc:771
static constexpr size_t MASTER_KEY_PRIFIX_LEN
Encryption master key prifix size.
Definition: os0enc.h:125
ulint get_key_length() const
Get key length.
Definition: os0enc.cc:1492
static void get_master_key(uint32_t master_key_id, char *srv_uuid, byte **master_key) noexcept
Get master key by key id.
Definition: os0enc.cc:276
bool is_none() const noexcept
Check if the encryption algorithm is NONE.
Definition: os0enc.h:381
Type get_type() const
Get encryption type.
Definition: os0enc.cc:1486
static constexpr char KEY_MAGIC_V3[]
Encryption magic bytes for 8.0.5+, it's for checking the encryption information version.
Definition: os0enc.h:110
static constexpr size_t SERVER_UUID_LEN
UUID of server instance, it's needed for composing master key name.
Definition: os0enc.h:131
dberr_t decrypt(const IORequest &type, byte *src, ulint src_len, byte *tmp, ulint tmp_len) const noexcept
Decrypt the page data contents in place.
Definition: os0enc.cc:1229
static void random_value(byte *value) noexcept
Generate random encryption value for key and iv.
Definition: os0enc.cc:229
static constexpr size_t OPERATION_INFO_SIZE
(De)Encryption Operation information size
Definition: os0enc.h:147
static void create_master_key(byte **master_key) noexcept
Create new master key for key rotation.
Definition: os0enc.cc:235
The IO Context that is passed down to the low level IO code.
Definition: os0file.h:274
Class representing a version.
Definition: designator.h:44
int page
Definition: ctype-mb.cc:1233
dberr_t
Definition: db0err.h:38
uint32_t uint32
Definition: my_inttypes.h:66
Definition: buf0block_hint.cc:29
bool init_keyring_services(const mysql_service_registry_t *reg_srv)
Initialize keyring component service handles.
Definition: os0enc.cc:68
void deinit_keyring_services(const mysql_service_registry_t *reg_srv)
Deinitialize keyring component service handles.
Definition: os0enc.cc:122
Definition: ha_innodb.cc:219
required string key
Definition: replication_asynchronous_connection_failover.proto:59
required uint64 version
Definition: replication_group_member_actions.proto:40
required string type
Definition: replication_group_member_actions.proto:33
#define SERVICE_TYPE(name)
Generates the standard Service type name.
Definition: service.h:75
Definition: os0enc.h:460
byte * m_key
Encrypt key.
Definition: os0enc.h:462
uint32_t m_master_key_id
Master key id.
Definition: os0enc.h:468
byte * m_iv
Encrypt initial vector.
Definition: os0enc.h:465
Encryption metadata.
Definition: os0enc.h:444
byte m_key[Encryption::KEY_LEN]
Encrypt key.
Definition: os0enc.h:449
byte m_iv[Encryption::KEY_LEN]
Encrypt initial vector.
Definition: os0enc.h:455
size_t m_key_len
Encrypt key length.
Definition: os0enc.h:452
Encryption::Type m_type
Encrypt type.
Definition: os0enc.h:446
bool can_encrypt() const
Definition: os0enc.h:457
static const mysql_service_registry_t * reg_srv
Initialize parameters required for error logging.
Definition: test_plugin.cc:61
Version control for database, common definitions, and include files.
unsigned long int ulint
Definition: univ.i:405
#define ut_error
Abort execution.
Definition: ut0dbg.h:64