206 [[nodiscard]]
static bool is_none(
const char *algorithm)
noexcept;
232 static void get_master_key(uint32_t master_key_id,
char *srv_uuid,
233 byte **master_key)
noexcept;
239 byte **master_key)
noexcept;
248 byte *encrypt_info)
noexcept;
262 byte **master_key)
noexcept;
272 const byte *encryption_info,
const char *version_magic_bytes)
noexcept;
286 static bool is_encrypted(
const byte *encryption_info)
noexcept;
295 const byte *encryption_info,
296 bool decrypt_key)
noexcept;
312 const byte *encryption_info,
313 bool decrypt_key)
noexcept;
331 bool encrypt_log(
byte *src,
size_t src_len,
byte *dst)
const noexcept;
343 byte *dst,
ulint *dst_len)
const noexcept;
370 byte *tmp,
ulint tmp_len)
const noexcept;
422 ulint *dst_len)
const noexcept;
uint32_t space_id_t
Tablespace identifier.
Definition: api0api.h:50
Encryption algorithm.
Definition: os0enc.h:53
const byte * m_iv
Encrypt initial vector.
Definition: os0enc.h:434
void set_initial_vector(const byte *iv)
Set initial vector.
Definition: os0enc.cc:1496
dberr_t decrypt_log_block(byte *buf) const noexcept
Decrypt the log block (OS_FILE_LOG_BLOCK_SIZE bytes) in place.
Definition: os0enc.cc:1109
bool encrypt_low(byte *src, ulint src_len, byte *dst, ulint *dst_len) const noexcept
Encrypt the page data contents.
Definition: os0enc.cc:935
Type
Algorithm types supported.
Definition: os0enc.h:56
@ AES
Use AES.
Definition: os0enc.h:62
@ NONE
No encryption.
Definition: os0enc.h:59
static bool is_encrypted_page(const byte *page) noexcept
Check if page is encrypted page or not.
Definition: os0enc.cc:759
Encryption & operator=(const Encryption &)=default
static uint32_t get_master_key_id()
Get master key id.
Definition: os0enc.cc:1498
void set_key(const byte *key)
Set encryption key.
Definition: os0enc.cc:1490
static constexpr size_t MAGIC_SIZE
Encryption magic bytes size.
Definition: os0enc.h:122
static constexpr char KEY_MAGIC_V1[]
Encryption magic bytes for 5.7.11, it's for checking the encryption information version.
Definition: os0enc.h:102
static constexpr char MASTER_KEY_PREFIX[]
Encryption master key prifix.
Definition: os0enc.h:113
dberr_t decrypt_log(byte *buf, size_t buf_len) const noexcept
Decrypt the redo log data blocks in place.
Definition: os0enc.cc:1196
static dberr_t validate(const char *option) noexcept
Validate the algorithm string.
Definition: ha_innodb.cc:2659
Encryption(Type type) noexcept
Specific constructor.
Definition: os0enc.h:166
static constexpr size_t DECRYPT_IN_PROGRESS
Decryption in progress.
Definition: os0enc.h:156
const byte * m_key
Encrypt key.
Definition: os0enc.h:428
static constexpr char DEFAULT_MASTER_KEY[]
Default master key for bootstrap.
Definition: os0enc.h:119
Resume_point
Encryption operation resume point after server restart.
Definition: os0enc.h:89
static bool is_encrypted_with_v3(const byte *encryption_info) noexcept
Checks if encryption info bytes represent data encrypted by version V3 of the encryption mechanism.
Definition: os0enc.cc:617
static std::vector< space_id_t > s_tablespaces_to_reencrypt
Tablespaces whose key needs to be reencrypted.
Definition: os0enc.h:159
void set_key_length(ulint klen)
Set key length.
Definition: os0enc.cc:1494
Progress
Encryption progress type.
Definition: os0enc.h:79
bool encrypt_log(byte *src, size_t src_len, byte *dst) const noexcept
Encrypt the redo log data blocks.
Definition: os0enc.cc:890
static bool check_keyring() noexcept
Check if keyring plugin loaded.
Definition: os0enc.cc:1420
static const char * to_string(Type type) noexcept
Convert to a "string".
Definition: os0enc.cc:216
static bool is_encrypted_with_version(const byte *encryption_info, const char *version_magic_bytes) noexcept
Checks if encryption info bytes represent data encrypted by the given version of the encryption mecha...
Definition: os0enc.cc:611
Type m_type
Encrypt type.
Definition: os0enc.h:425
Encryption(const Encryption &other) noexcept=default
Copy constructor.
static uint32_t s_master_key_id
Current master key id.
Definition: os0enc.h:437
void set_type(Type type)
Set encryption type.
Definition: os0enc.cc:1488
static char s_uuid[SERVER_UUID_LEN+1]
Current uuid of server instance.
Definition: os0enc.h:440
static bool is_encrypted_log(const byte *block) noexcept
Check if a log block is encrypted or not.
Definition: os0enc.cc:767
static bool fill_encryption_info(const Encryption_metadata &encryption_metadata, bool encrypt_key, byte *encrypt_info) noexcept
Fill the encryption information.
Definition: os0enc.cc:449
ulint m_klen
Encrypt key length.
Definition: os0enc.h:431
static bool decode_encryption_info(Encryption_metadata &encryption_metadata, const byte *encryption_info, bool decrypt_key) noexcept
Decoding the encryption info from the given array of bytes, which are assumed not to be related to an...
Definition: os0enc.cc:627
static constexpr size_t PROGRESS_INFO_SIZE
Encryption Progress information size.
Definition: os0enc.h:150
static constexpr size_t INFO_SIZE
Encryption information total size: magic number + master_key_id + key + iv + server_uuid + checksum.
Definition: os0enc.h:135
static const byte * get_master_key_from_info(const byte *encrypt_info, Version version, uint32_t *m_key_id, char *srv_uuid, byte **master_key) noexcept
Get master key from encryption information.
Definition: os0enc.cc:530
void set(const struct Encryption_metadata &metadata) noexcept
Uses metadata to configure this instance.
Definition: os0enc.cc:209
static bool is_encrypted(const byte *encryption_info) noexcept
Checks if encryption info bytes represent data encrypted by any of known versions of the encryption m...
Definition: os0enc.cc:621
static constexpr size_t MASTER_KEY_NAME_MAX_LEN
Encryption master key prifix size.
Definition: os0enc.h:128
static constexpr char KEY_MAGIC_V2[]
Encryption magic bytes for 5.7.12+, it's for checking the encryption information version.
Definition: os0enc.h:106
@ VERSION_3
Version in > 8.0.4.
Definition: os0enc.h:75
@ VERSION_1
Version in 5.7.11.
Definition: os0enc.h:69
@ VERSION_2
Version in > 5.7.11.
Definition: os0enc.h:72
byte * encrypt(const IORequest &type, byte *src, ulint src_len, byte *dst, ulint *dst_len) const noexcept
Encrypt the page data contents.
Definition: os0enc.cc:1058
static constexpr size_t INFO_MAX_SIZE
Maximum size of Encryption information considering all formats v1, v2 & v3.
Definition: os0enc.h:141
static constexpr size_t ENCRYPT_IN_PROGRESS
Flag bit to indicate if Encryption/Decryption is in progress.
Definition: os0enc.h:153
Encryption() noexcept
Default constructor.
Definition: os0enc.h:162
static constexpr size_t KEY_LEN
Encryption key length.
Definition: os0enc.h:116
static constexpr uint32_t DEFAULT_MASTER_KEY_ID
Default master key id for bootstrap.
Definition: os0enc.h:144
static void set_or_generate(Type type, byte *key, byte *iv, Encryption_metadata &metadata)
Copy the given encryption metadata to the given Encryption_metadata object, if both key !...
Definition: os0enc.cc:1500
bool encrypt_log_block(byte *src_ptr, byte *dst_ptr) const noexcept
Encrypt the redo log block (OS_FILE_LOG_BLOCK_SIZE bytes).
Definition: os0enc.cc:771
static constexpr size_t MASTER_KEY_PRIFIX_LEN
Encryption master key prifix size.
Definition: os0enc.h:125
ulint get_key_length() const
Get key length.
Definition: os0enc.cc:1492
static void get_master_key(uint32_t master_key_id, char *srv_uuid, byte **master_key) noexcept
Get master key by key id.
Definition: os0enc.cc:276
bool is_none() const noexcept
Check if the encryption algorithm is NONE.
Definition: os0enc.h:381
Type get_type() const
Get encryption type.
Definition: os0enc.cc:1486
static constexpr char KEY_MAGIC_V3[]
Encryption magic bytes for 8.0.5+, it's for checking the encryption information version.
Definition: os0enc.h:110
static constexpr size_t SERVER_UUID_LEN
UUID of server instance, it's needed for composing master key name.
Definition: os0enc.h:131
dberr_t decrypt(const IORequest &type, byte *src, ulint src_len, byte *tmp, ulint tmp_len) const noexcept
Decrypt the page data contents in place.
Definition: os0enc.cc:1229
static void random_value(byte *value) noexcept
Generate random encryption value for key and iv.
Definition: os0enc.cc:229
static constexpr size_t OPERATION_INFO_SIZE
(De)Encryption Operation information size
Definition: os0enc.h:147
static void create_master_key(byte **master_key) noexcept
Create new master key for key rotation.
Definition: os0enc.cc:235
The IO Context that is passed down to the low level IO code.
Definition: os0file.h:274
Class representing a version.
Definition: designator.h:44
int page
Definition: ctype-mb.cc:1233
dberr_t
Definition: db0err.h:38
uint32_t uint32
Definition: my_inttypes.h:66
Definition: buf0block_hint.cc:29
bool init_keyring_services(const mysql_service_registry_t *reg_srv)
Initialize keyring component service handles.
Definition: os0enc.cc:68
void deinit_keyring_services(const mysql_service_registry_t *reg_srv)
Deinitialize keyring component service handles.
Definition: os0enc.cc:122
Definition: ha_innodb.cc:219
required string key
Definition: replication_asynchronous_connection_failover.proto:59
required uint64 version
Definition: replication_group_member_actions.proto:40
required string type
Definition: replication_group_member_actions.proto:33
#define SERVICE_TYPE(name)
Generates the standard Service type name.
Definition: service.h:75
byte * m_key
Encrypt key.
Definition: os0enc.h:462
uint32_t m_master_key_id
Master key id.
Definition: os0enc.h:468
byte * m_iv
Encrypt initial vector.
Definition: os0enc.h:465
static const mysql_service_registry_t * reg_srv
Initialize parameters required for error logging.
Definition: test_plugin.cc:61
Version control for database, common definitions, and include files.
unsigned long int ulint
Definition: univ.i:405
#define ut_error
Abort execution.
Definition: ut0dbg.h:64