MySQL 8.0.31
Source Code Documentation
os0enc.h
Go to the documentation of this file.
1/***********************************************************************
2
3Copyright (c) 2019, 2022, Oracle and/or its affiliates.
4
5This program is free software; you can redistribute it and/or modify
6it under the terms of the GNU General Public License, version 2.0,
7as published by the Free Software Foundation.
8
9This program is also distributed with certain software (including
10but not limited to OpenSSL) that is licensed under separate terms,
11as designated in a particular file or component or in included license
12documentation. The authors of MySQL hereby grant you an additional
13permission to link the program and your derivative works with the
14separately licensed software that they have included with MySQL.
15
16This program is distributed in the hope that it will be useful,
17but WITHOUT ANY WARRANTY; without even the implied warranty of
18MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19GNU General Public License, version 2.0, for more details.
20
21You should have received a copy of the GNU General Public License
22along with this program; if not, write to the Free Software
23Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24
25***********************************************************************/
26
27/** @file include/os0enc.h
28 Page encryption infrastructure. */
29
30#ifndef os0enc_h
31#define os0enc_h
32
34#include "univ.i"
35
36namespace innobase {
37namespace encryption {
38
40
42} // namespace encryption
43} // namespace innobase
44
45// Forward declaration.
46class IORequest;
47struct Encryption_key;
48
49// Forward declaration.
51
52/** Encryption algorithm. */
54 public:
55 /** Algorithm types supported */
56 enum Type {
57
58 /** No encryption */
59 NONE = 0,
60
61 /** Use AES */
62 AES = 1,
63 };
64
65 /** Encryption information format version */
66 enum Version {
67
68 /** Version in 5.7.11 */
70
71 /** Version in > 5.7.11 */
73
74 /** Version in > 8.0.4 */
76 };
77
78 /** Encryption progress type. */
79 enum class Progress {
80 /* Space encryption in progress */
82 /* Space decryption in progress */
84 /* Nothing in progress */
85 NONE
86 };
87
88 /** Encryption operation resume point after server restart. */
89 enum class Resume_point {
90 /* Resume from the beginning. */
91 INIT,
92 /* Resume processing. */
93 PROCESS,
94 /* Operation has ended. */
95 END,
96 /* All done. */
97 DONE
98 };
99
100 /** Encryption magic bytes for 5.7.11, it's for checking the encryption
101 information version. */
102 static constexpr char KEY_MAGIC_V1[] = "lCA";
103
104 /** Encryption magic bytes for 5.7.12+, it's for checking the encryption
105 information version. */
106 static constexpr char KEY_MAGIC_V2[] = "lCB";
107
108 /** Encryption magic bytes for 8.0.5+, it's for checking the encryption
109 information version. */
110 static constexpr char KEY_MAGIC_V3[] = "lCC";
111
112 /** Encryption master key prifix */
113 static constexpr char MASTER_KEY_PREFIX[] = "INNODBKey";
114
115 /** Encryption key length */
116 static constexpr size_t KEY_LEN = 32;
117
118 /** Default master key for bootstrap */
119 static constexpr char DEFAULT_MASTER_KEY[] = "DefaultMasterKey";
120
121 /** Encryption magic bytes size */
122 static constexpr size_t MAGIC_SIZE = 3;
123
124 /** Encryption master key prifix size */
125 static constexpr size_t MASTER_KEY_PRIFIX_LEN = 9;
126
127 /** Encryption master key prifix size */
128 static constexpr size_t MASTER_KEY_NAME_MAX_LEN = 100;
129
130 /** UUID of server instance, it's needed for composing master key name */
131 static constexpr size_t SERVER_UUID_LEN = 36;
132
133 /** Encryption information total size: magic number + master_key_id +
134 key + iv + server_uuid + checksum */
135 static constexpr size_t INFO_SIZE =
136 (MAGIC_SIZE + sizeof(uint32) + (KEY_LEN * 2) + SERVER_UUID_LEN +
137 sizeof(uint32));
138
139 /** Maximum size of Encryption information considering all
140 formats v1, v2 & v3. */
141 static constexpr size_t INFO_MAX_SIZE = INFO_SIZE + sizeof(uint32);
142
143 /** Default master key id for bootstrap */
144 static constexpr uint32_t DEFAULT_MASTER_KEY_ID = 0;
145
146 /** (De)Encryption Operation information size */
147 static constexpr size_t OPERATION_INFO_SIZE = 1;
148
149 /** Encryption Progress information size */
150 static constexpr size_t PROGRESS_INFO_SIZE = sizeof(uint);
151
152 /** Flag bit to indicate if Encryption/Decryption is in progress */
153 static constexpr size_t ENCRYPT_IN_PROGRESS = 1 << 0;
154
155 /** Decryption in progress. */
156 static constexpr size_t DECRYPT_IN_PROGRESS = 1 << 1;
157
158 /** Tablespaces whose key needs to be reencrypted */
159 static std::vector<space_id_t> s_tablespaces_to_reencrypt;
160
161 /** Default constructor */
162 Encryption() noexcept : m_type(NONE) {}
163
164 /** Specific constructor
165 @param[in] type Algorithm type */
166 explicit Encryption(Type type) noexcept : m_type(type) {
167#ifdef UNIV_DEBUG
168 switch (m_type) {
169 case NONE:
170 case AES:
171
172 default:
173 ut_error;
174 }
175#endif /* UNIV_DEBUG */
176 }
177
178 /** Copy constructor */
179 Encryption(const Encryption &other) noexcept = default;
180
181 Encryption &operator=(const Encryption &) = default;
182
183 /** Check if page is encrypted page or not
184 @param[in] page page which need to check
185 @return true if it is an encrypted page */
186 [[nodiscard]] static bool is_encrypted_page(const byte *page) noexcept;
187
188 /** Check if a log block is encrypted or not
189 @param[in] block block which need to check
190 @return true if it is an encrypted block */
191 [[nodiscard]] static bool is_encrypted_log(const byte *block) noexcept;
192
193 /** Check the encryption option and set it
194 @param[in] option encryption option
195 @param[in,out] type The encryption type
196 @return DB_SUCCESS or DB_UNSUPPORTED */
197 [[nodiscard]] dberr_t set_algorithm(const char *option,
198 Encryption *type) noexcept;
199
200 /** Validate the algorithm string.
201 @param[in] option Encryption option
202 @return DB_SUCCESS or error code */
203 [[nodiscard]] static dberr_t validate(const char *option) noexcept;
204
205 /** Convert to a "string".
206 @param[in] type The encryption type
207 @return the string representation */
208 [[nodiscard]] static const char *to_string(Type type) noexcept;
209
210 /** Check if the string is "empty" or "none".
211 @param[in] algorithm Encryption algorithm to check
212 @return true if no algorithm requested */
213 [[nodiscard]] static bool is_none(const char *algorithm) noexcept;
214
215 /** Generate random encryption value for key and iv.
216 @param[in,out] value Encryption value */
217 static void random_value(byte *value) noexcept;
218
219 /** Copy the given encryption metadata to the given Encryption_metadata
220 object, if both key != nullptr and iv != nullptr. Generate randomly the
221 new metadata, if both key == nullptr and iv == nullptr, and store it to
222 the given Encryption_metadata object. Cannot be called with key, iv such
223 that: (key == nullptr) != (iv == nullptr).
224 @param[in] type encryption algorithm type to store
225 @param[in] key encryption key to copy or nullptr to generate
226 @param[in] iv encryption iv to copy or nullptr to generate
227 @param[out] metadata filled Encryption_metadata object */
228 static void set_or_generate(Type type, byte *key, byte *iv,
229 Encryption_metadata &metadata);
230
231 /** Create new master key for key rotation.
232 @param[in,out] master_key master key */
233 static void create_master_key(byte **master_key) noexcept;
234
235 /** Get master key by key id.
236 @param[in] master_key_id master key id
237 @param[in] srv_uuid uuid of server instance
238 @param[in,out] master_key master key */
239 static void get_master_key(uint32_t master_key_id, char *srv_uuid,
240 byte **master_key) noexcept;
241
242 /** Get current master key and key id.
243 @param[in,out] master_key_id master key id
244 @param[in,out] master_key master key */
245 static void get_master_key(uint32_t *master_key_id,
246 byte **master_key) noexcept;
247
248 /** Fill the encryption information.
249 @param[in] encryption_metadata encryption metadata (key,iv)
250 @param[in] encrypt_key encrypt with master key
251 @param[out] encrypt_info encryption information
252 @return true if success. */
253 static bool fill_encryption_info(
254 const Encryption_metadata &encryption_metadata, bool encrypt_key,
255 byte *encrypt_info) noexcept;
256
257 /** Get master key from encryption information
258 @param[in] encrypt_info encryption information
259 @param[in] version version of encryption information
260 @param[in,out] m_key_id master key id
261 @param[in,out] srv_uuid server uuid
262 @param[in,out] master_key master key
263 @return position after master key id or uuid, or the old position
264 if can't get the master key. */
265 static const byte *get_master_key_from_info(const byte *encrypt_info,
267 uint32_t *m_key_id,
268 char *srv_uuid,
269 byte **master_key) noexcept;
270
271 /** Checks if encryption info bytes represent data encrypted by the given
272 version of the encryption mechanism.
273 @param[in] encryption_info encryption info bytes
274 @param[in] version_magic_bytes magic bytes which represent version
275 of the encryption mechanism, for example:
276 Encryption::KEY_MAGIC_V3
277 @return result of the check */
278 static bool is_encrypted_with_version(
279 const byte *encryption_info, const char *version_magic_bytes) noexcept;
280
281 /** Checks if encryption info bytes represent data encrypted by version V3
282 of the encryption mechanism.
283 @param[in] encryption_info encryption info bytes
284 @return result of the check */
285 static bool is_encrypted_with_v3(const byte *encryption_info) noexcept;
286
287 /** Checks if encryption info bytes represent data encrypted by any of known
288 versions of the encryption mechanism. Note, that if the encryption_info is
289 read from file created by a newer MySQL version, it could be considered to be
290 unknown for this MySQL version, and this function would return false.
291 @param[in] encryption_info encryption info bytes
292 @return result of the check */
293 static bool is_encrypted(const byte *encryption_info) noexcept;
294
295 /** Decoding the encryption info from the given array of bytes,
296 which are assumed not to be related to any particular tablespace.
297 @param[out] encryption_metadata decoded encryption metadata
298 @param[in] encryption_info encryption info to decode
299 @param[in] decrypt_key decrypt key using master key
300 @return true if success */
301 static bool decode_encryption_info(Encryption_metadata &encryption_metadata,
302 const byte *encryption_info,
303 bool decrypt_key) noexcept;
304
305 /** Decoding the encryption info from the given array of bytes,
306 which are assumed to be related to a given tablespace (unless
307 space_id == dict_sys_t::s_invalid_space_id). The given tablespace
308 is noted down in s_tablespaces_to_reencrypt if the encryption info
309 became successfully decrypted using the master key and the space_id
310 is not dict_sys_t::s_invalid_space_id. For such tablespaces the
311 encryption info is later re-encrypted using the rotated master key
312 in innobase_dict_recover().
313 @param[in] space_id Tablespace id
314 @param[in,out] e_key key, iv
315 @param[in] encryption_info encryption info to decode
316 @param[in] decrypt_key decrypt key using master key
317 @return true if success */
318 static bool decode_encryption_info(space_id_t space_id, Encryption_key &e_key,
319 const byte *encryption_info,
320 bool decrypt_key) noexcept;
321
322 /** Encrypt the redo log block.
323 @param[in] type IORequest
324 @param[in,out] src_ptr log block which need to encrypt
325 @param[in,out] dst_ptr destination area
326 @return true if success. */
327 bool encrypt_log_block(const IORequest &type, byte *src_ptr,
328 byte *dst_ptr) noexcept;
329
330 /** Encrypt the redo log data contents.
331 @param[in] type IORequest
332 @param[in,out] src page data which need to encrypt
333 @param[in] src_len size of the source in bytes
334 @param[in,out] dst destination area
335 @param[in,out] dst_len size of the destination in bytes
336 @return buffer data, dst_len will have the length of the data */
337 byte *encrypt_log(const IORequest &type, byte *src, ulint src_len, byte *dst,
338 ulint *dst_len) noexcept;
339
340 /** Encrypt the page data contents. Page type can't be
341 FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED,
342 FIL_PAGE_ENCRYPTED_RTREE.
343 @param[in] type IORequest
344 @param[in,out] src page data which need to encrypt
345 @param[in] src_len size of the source in bytes
346 @param[in,out] dst destination area
347 @param[in,out] dst_len size of the destination in bytes
348 @return buffer data, dst_len will have the length of the data */
349 [[nodiscard]] byte *encrypt(const IORequest &type, byte *src, ulint src_len,
350 byte *dst, ulint *dst_len) noexcept;
351
352 /** Decrypt the log block.
353 @param[in] type IORequest
354 @param[in,out] src data read from disk, decrypted data
355 will be copied to this page
356 @param[in,out] dst scratch area to use for decryption
357 @return DB_SUCCESS or error code */
358 dberr_t decrypt_log_block(const IORequest &type, byte *src,
359 byte *dst) noexcept;
360
361 /** Decrypt the log data contents.
362 @param[in] type IORequest
363 @param[in,out] src data read from disk, decrypted data
364 will be copied to this page
365 @param[in] src_len source data length
366 @param[in,out] dst scratch area to use for decryption
367 @return DB_SUCCESS or error code */
368 dberr_t decrypt_log(const IORequest &type, byte *src, ulint src_len,
369 byte *dst) noexcept;
370
371 /** Decrypt the page data contents. Page type must be
372 FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED,
373 FIL_PAGE_ENCRYPTED_RTREE, if not then the source contents are
374 left unchanged and DB_SUCCESS is returned.
375 @param[in] type IORequest
376 @param[in,out] src data read from disk, decrypt
377 data will be copied to this page
378 @param[in] src_len source data length
379 @param[in,out] dst scratch area to use for decrypt
380 @param[in] dst_len size of the scratch area in bytes
381 @return DB_SUCCESS or error code */
382 [[nodiscard]] dberr_t decrypt(const IORequest &type, byte *src, ulint src_len,
383 byte *dst, ulint dst_len) noexcept;
384
385 /** Check if keyring plugin loaded. */
386 static bool check_keyring() noexcept;
387
388 /** Get encryption type
389 @return encryption type **/
390 Type get_type() const;
391
392 /** Check if the encryption algorithm is NONE.
393 @return true if no algorithm is set, false otherwise. */
394 [[nodiscard]] bool is_none() const noexcept { return m_type == NONE; }
395
396 /** Set encryption type
397 @param[in] type encryption type **/
398 void set_type(Type type);
399
400 /** Set encryption key
401 @param[in] key encryption key **/
402 void set_key(const byte *key);
403
404 /** Get key length
405 @return key length **/
406 ulint get_key_length() const;
407
408 /** Set key length
409 @param[in] klen key length **/
410 void set_key_length(ulint klen);
411
412 /** Set initial vector
413 @param[in] iv initial_vector **/
414 void set_initial_vector(const byte *iv);
415
416 /** Get master key id
417 @return master key id **/
418 static uint32_t get_master_key_id();
419
420 private:
421 /** Encrypt the page data contents. Page type can't be
422 FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED,
423 FIL_PAGE_ENCRYPTED_RTREE.
424 @param[in] src page data which need to encrypt
425 @param[in] src_len size of the source in bytes
426 @param[in,out] dst destination area
427 @param[in,out] dst_len size of the destination in bytes
428 @return true if operation successful, false otherwise. */
429 [[nodiscard]] bool encrypt_low(byte *src, ulint src_len, byte *dst,
430 ulint *dst_len) noexcept;
431
432 /** Encrypt type */
434
435 /** Encrypt key */
436 const byte *m_key;
437
438 /** Encrypt key length*/
440
441 /** Encrypt initial vector */
442 const byte *m_iv;
443
444 /** Current master key id */
445 static uint32_t s_master_key_id;
446
447 /** Current uuid of server instance */
448 static char s_uuid[SERVER_UUID_LEN + 1];
449};
450
451/** Encryption metadata. */
453 /** Encrypt type */
455
456 /** Encrypt key */
458
459 /** Encrypt key length */
460 size_t m_key_len{0};
461
462 /** Encrypt initial vector */
464
465 bool can_encrypt() const { return m_type != Encryption::NONE; }
466};
467
469 /** Encrypt key */
470 byte *m_key;
471
472 /** Encrypt initial vector */
473 byte *m_iv;
474
475 /** Master key id */
477};
478#endif /* os0enc_h */
uint32_t space_id_t
Tablespace identifier.
Definition: api0api.h:50
Encryption algorithm.
Definition: os0enc.h:53
const byte * m_iv
Encrypt initial vector.
Definition: os0enc.h:442
void set_initial_vector(const byte *iv)
Set initial vector.
Definition: os0enc.cc:1522
Type
Algorithm types supported.
Definition: os0enc.h:56
@ AES
Use AES.
Definition: os0enc.h:62
@ NONE
No encryption.
Definition: os0enc.h:59
static constexpr char MASTER_KEY_PREFIX[]
Encryption master key prifix.
Definition: os0enc.h:113
dberr_t decrypt(const IORequest &type, byte *src, ulint src_len, byte *dst, ulint dst_len) noexcept
Decrypt the page data contents.
Definition: os0enc.cc:1256
bool encrypt_log_block(const IORequest &type, byte *src_ptr, byte *dst_ptr) noexcept
Encrypt the redo log block.
Definition: os0enc.cc:770
static constexpr char KEY_MAGIC_V3[]
Encryption magic bytes for 8.0.5+, it's for checking the encryption information version.
Definition: os0enc.h:110
static bool is_encrypted_page(const byte *page) noexcept
Check if page is encrypted page or not.
Definition: os0enc.cc:758
Encryption & operator=(const Encryption &)=default
static constexpr char KEY_MAGIC_V2[]
Encryption magic bytes for 5.7.12+, it's for checking the encryption information version.
Definition: os0enc.h:106
byte * encrypt(const IORequest &type, byte *src, ulint src_len, byte *dst, ulint *dst_len) noexcept
Encrypt the page data contents.
Definition: os0enc.cc:1064
static uint32_t get_master_key_id()
Get master key id.
Definition: os0enc.cc:1524
void set_key(const byte *key)
Set encryption key.
Definition: os0enc.cc:1516
static constexpr size_t MAGIC_SIZE
Encryption magic bytes size.
Definition: os0enc.h:122
static dberr_t validate(const char *option) noexcept
Validate the algorithm string.
Definition: ha_innodb.cc:2668
static constexpr char DEFAULT_MASTER_KEY[]
Default master key for bootstrap.
Definition: os0enc.h:119
Encryption(Type type) noexcept
Specific constructor.
Definition: os0enc.h:166
static constexpr size_t DECRYPT_IN_PROGRESS
Decryption in progress.
Definition: os0enc.h:156
const byte * m_key
Encrypt key.
Definition: os0enc.h:436
Resume_point
Encryption operation resume point after server restart.
Definition: os0enc.h:89
static bool is_encrypted_with_v3(const byte *encryption_info) noexcept
Checks if encryption info bytes represent data encrypted by version V3 of the encryption mechanism.
Definition: os0enc.cc:616
static std::vector< space_id_t > s_tablespaces_to_reencrypt
Tablespaces whose key needs to be reencrypted.
Definition: os0enc.h:159
dberr_t decrypt_log(const IORequest &type, byte *src, ulint src_len, byte *dst) noexcept
Decrypt the log data contents.
Definition: os0enc.cc:1198
void set_key_length(ulint klen)
Set key length.
Definition: os0enc.cc:1520
Progress
Encryption progress type.
Definition: os0enc.h:79
static constexpr char KEY_MAGIC_V1[]
Encryption magic bytes for 5.7.11, it's for checking the encryption information version.
Definition: os0enc.h:102
static bool check_keyring() noexcept
Check if keyring plugin loaded.
Definition: os0enc.cc:1446
dberr_t set_algorithm(const char *option, Encryption *type) noexcept
Check the encryption option and set it.
Definition: ha_innodb.cc:2653
static const char * to_string(Type type) noexcept
Convert to a "string".
Definition: os0enc.cc:215
static bool is_encrypted_with_version(const byte *encryption_info, const char *version_magic_bytes) noexcept
Checks if encryption info bytes represent data encrypted by the given version of the encryption mecha...
Definition: os0enc.cc:610
Type m_type
Encrypt type.
Definition: os0enc.h:433
Encryption(const Encryption &other) noexcept=default
Copy constructor.
static uint32_t s_master_key_id
Current master key id.
Definition: os0enc.h:445
void set_type(Type type)
Set encryption type.
Definition: os0enc.cc:1514
static char s_uuid[SERVER_UUID_LEN+1]
Current uuid of server instance.
Definition: os0enc.h:448
dberr_t decrypt_log_block(const IORequest &type, byte *src, byte *dst) noexcept
Decrypt the log block.
Definition: os0enc.cc:1113
static bool is_encrypted_log(const byte *block) noexcept
Check if a log block is encrypted or not.
Definition: os0enc.cc:766
static bool fill_encryption_info(const Encryption_metadata &encryption_metadata, bool encrypt_key, byte *encrypt_info) noexcept
Fill the encryption information.
Definition: os0enc.cc:448
ulint m_klen
Encrypt key length.
Definition: os0enc.h:439
static bool decode_encryption_info(Encryption_metadata &encryption_metadata, const byte *encryption_info, bool decrypt_key) noexcept
Decoding the encryption info from the given array of bytes, which are assumed not to be related to an...
Definition: os0enc.cc:626
static constexpr size_t PROGRESS_INFO_SIZE
Encryption Progress information size.
Definition: os0enc.h:150
static constexpr size_t INFO_SIZE
Encryption information total size: magic number + master_key_id + key + iv + server_uuid + checksum.
Definition: os0enc.h:135
static const byte * get_master_key_from_info(const byte *encrypt_info, Version version, uint32_t *m_key_id, char *srv_uuid, byte **master_key) noexcept
Get master key from encryption information.
Definition: os0enc.cc:529
static bool is_encrypted(const byte *encryption_info) noexcept
Checks if encryption info bytes represent data encrypted by any of known versions of the encryption m...
Definition: os0enc.cc:620
static constexpr size_t MASTER_KEY_NAME_MAX_LEN
Encryption master key prifix size.
Definition: os0enc.h:128
@ VERSION_3
Version in > 8.0.4.
Definition: os0enc.h:75
@ VERSION_1
Version in 5.7.11.
Definition: os0enc.h:69
@ VERSION_2
Version in > 5.7.11.
Definition: os0enc.h:72
static constexpr size_t INFO_MAX_SIZE
Maximum size of Encryption information considering all formats v1, v2 & v3.
Definition: os0enc.h:141
static constexpr size_t ENCRYPT_IN_PROGRESS
Flag bit to indicate if Encryption/Decryption is in progress.
Definition: os0enc.h:153
byte * encrypt_log(const IORequest &type, byte *src, ulint src_len, byte *dst, ulint *dst_len) noexcept
Encrypt the redo log data contents.
Definition: os0enc.cc:892
Encryption() noexcept
Default constructor.
Definition: os0enc.h:162
static constexpr size_t KEY_LEN
Encryption key length.
Definition: os0enc.h:116
static constexpr uint32_t DEFAULT_MASTER_KEY_ID
Default master key id for bootstrap.
Definition: os0enc.h:144
static void set_or_generate(Type type, byte *key, byte *iv, Encryption_metadata &metadata)
Copy the given encryption metadata to the given Encryption_metadata object, if both key !...
Definition: os0enc.cc:1526
static constexpr size_t MASTER_KEY_PRIFIX_LEN
Encryption master key prifix size.
Definition: os0enc.h:125
ulint get_key_length() const
Get key length.
Definition: os0enc.cc:1518
static void get_master_key(uint32_t master_key_id, char *srv_uuid, byte **master_key) noexcept
Get master key by key id.
Definition: os0enc.cc:275
bool is_none() const noexcept
Check if the encryption algorithm is NONE.
Definition: os0enc.h:394
Type get_type() const
Get encryption type.
Definition: os0enc.cc:1512
static constexpr size_t SERVER_UUID_LEN
UUID of server instance, it's needed for composing master key name.
Definition: os0enc.h:131
static void random_value(byte *value) noexcept
Generate random encryption value for key and iv.
Definition: os0enc.cc:228
static constexpr size_t OPERATION_INFO_SIZE
(De)Encryption Operation information size
Definition: os0enc.h:147
bool encrypt_low(byte *src, ulint src_len, byte *dst, ulint *dst_len) noexcept
Encrypt the page data contents.
Definition: os0enc.cc:941
static void create_master_key(byte **master_key) noexcept
Create new master key for key rotation.
Definition: os0enc.cc:234
The IO Context that is passed down to the low level IO code.
Definition: os0file.h:276
Class representing a version.
Definition: designator.h:44
int page
Definition: ctype-mb.cc:1235
dberr_t
Definition: db0err.h:38
uint32_t uint32
Definition: my_inttypes.h:66
bool init_keyring_services(const mysql_service_registry_t *reg_srv)
Initialize keyring component service handles.
Definition: os0enc.cc:68
void deinit_keyring_services(const mysql_service_registry_t *reg_srv)
Deinitialize keyring component service handles.
Definition: os0enc.cc:122
Definition: ha_innodb.cc:212
required string key
Definition: replication_asynchronous_connection_failover.proto:59
required uint64 version
Definition: replication_group_member_actions.proto:40
required string type
Definition: replication_group_member_actions.proto:33
#define SERVICE_TYPE(name)
Generates the standard Service type name.
Definition: service.h:75
Definition: os0enc.h:468
byte * m_key
Encrypt key.
Definition: os0enc.h:470
uint32_t m_master_key_id
Master key id.
Definition: os0enc.h:476
byte * m_iv
Encrypt initial vector.
Definition: os0enc.h:473
Encryption metadata.
Definition: os0enc.h:452
byte m_key[Encryption::KEY_LEN]
Encrypt key.
Definition: os0enc.h:457
byte m_iv[Encryption::KEY_LEN]
Encrypt initial vector.
Definition: os0enc.h:463
size_t m_key_len
Encrypt key length.
Definition: os0enc.h:460
Encryption::Type m_type
Encrypt type.
Definition: os0enc.h:454
bool can_encrypt() const
Definition: os0enc.h:465
static const mysql_service_registry_t * reg_srv
Initialize parameters required for error logging.
Definition: test_plugin.cc:61
unsigned int uint
Definition: uca-dump.cc:29
Version control for database, common definitions, and include files.
unsigned long int ulint
Definition: univ.i:407
#define ut_error
Abort execution.
Definition: ut0dbg.h:64