MySQL  8.0.19
Source Code Documentation
Encryption Struct Reference

Encryption algorithm. More...

#include <os0file.h>

Public Types

enum  Type { NONE = 0, AES = 1 }
 Algorithm types supported. More...
 
enum  Version { ENCRYPTION_VERSION_1 = 0, ENCRYPTION_VERSION_2 = 1, ENCRYPTION_VERSION_3 = 2 }
 Encryption information format version. More...
 

Public Member Functions

 Encryption ()
 Default constructor. More...
 
 Encryption (Type type)
 Specific constructor. More...
 
 Encryption (const Encryption &other)
 Copy constructor. More...
 
Encryptionoperator= (const Encryption &)=default
 
dberr_t set_algorithm (const char *option, Encryption *type)
 Check the encryption option and set it. More...
 
bool encrypt_log_block (const IORequest &type, byte *src_ptr, byte *dst_ptr)
 Encrypt the redo log block. More...
 
byteencrypt_log (const IORequest &type, byte *src, ulint src_len, byte *dst, ulint *dst_len)
 Encrypt the redo log data contents. More...
 
byteencrypt (const IORequest &type, byte *src, ulint src_len, byte *dst, ulint *dst_len)
 Encrypt the page data contents. More...
 
dberr_t decrypt_log_block (const IORequest &type, byte *src, byte *dst)
 Decrypt the log block. More...
 
dberr_t decrypt_log (const IORequest &type, byte *src, ulint src_len, byte *dst, ulint dst_len)
 Decrypt the log data contents. More...
 
dberr_t decrypt (const IORequest &type, byte *src, ulint src_len, byte *dst, ulint dst_len)
 Decrypt the page data contents. More...
 

Static Public Member Functions

static bool is_encrypted_page (const byte *page)
 Check if page is encrypted page or not. More...
 
static bool is_encrypted_log (const byte *block)
 Check if a log block is encrypted or not. More...
 
static dberr_t validate (const char *option)
 Validate the algorithm string. More...
 
static const char * to_string (Type type)
 Convert to a "string". More...
 
static bool is_none (const char *algorithm)
 Check if the string is "empty" or "none". More...
 
static void random_value (byte *value)
 Generate random encryption value for key and iv. More...
 
static void create_master_key (byte **master_key)
 Create new master key for key rotation. More...
 
static void get_master_key (ulint master_key_id, char *srv_uuid, byte **master_key)
 Get master key by key id. More...
 
static void get_master_key (ulint *master_key_id, byte **master_key)
 Get current master key and key id. More...
 
static bool fill_encryption_info (byte *key, byte *iv, byte *encrypt_info, bool is_boot, bool encrypt_key)
 Fill the encryption information. More...
 
static byteget_master_key_from_info (byte *encrypt_info, Version version, uint32_t *m_key_id, char *srv_uuid, byte **master_key)
 Get master key from encryption information. More...
 
static bool decode_encryption_info (byte *key, byte *iv, byte *encryption_info, bool decrypt_key)
 Decoding the encryption info from the first page of a tablespace. More...
 
static bool check_keyring ()
 Check if keyring plugin loaded. More...
 

Public Attributes

Type m_type
 Encrypt type. More...
 
bytem_key
 Encrypt key. More...
 
ulint m_klen
 Encrypt key length. More...
 
bytem_iv
 Encrypt initial vector. More...
 

Static Public Attributes

static ulint s_master_key_id = 0
 Current master key id. More...
 
static char s_uuid [ENCRYPTION_SERVER_UUID_LEN+1] = {0}
 Current uuid of server instance. More...
 

Detailed Description

Encryption algorithm.

Member Enumeration Documentation

◆ Type

Algorithm types supported.

Enumerator
NONE 

No encryption.

AES 

Use AES.

◆ Version

Encryption information format version.

Enumerator
ENCRYPTION_VERSION_1 

Version in 5.7.11.

ENCRYPTION_VERSION_2 

Version in > 5.7.11.

ENCRYPTION_VERSION_3 

Version in > 8.0.4.

Constructor & Destructor Documentation

◆ Encryption() [1/3]

Encryption::Encryption ( )
inline

Default constructor.

◆ Encryption() [2/3]

Encryption::Encryption ( Type  type)
inlineexplicit

Specific constructor.

Parameters
[in]typeAlgorithm type

◆ Encryption() [3/3]

Encryption::Encryption ( const Encryption other)
inline

Copy constructor.

Member Function Documentation

◆ check_keyring()

bool Encryption::check_keyring ( )
static

Check if keyring plugin loaded.

◆ create_master_key()

void Encryption::create_master_key ( byte **  master_key)
static

Create new master key for key rotation.

Parameters
[in,out]master_keymaster key

◆ decode_encryption_info()

bool Encryption::decode_encryption_info ( byte key,
byte iv,
byte encryption_info,
bool  decrypt_key 
)
static

Decoding the encryption info from the first page of a tablespace.

Parameters
[in,out]keykey
[in,out]iviv
[in]encryption_infoencryption info
[in]decrypt_keydecrypt key using master key
Returns
true if success

◆ decrypt()

dberr_t Encryption::decrypt ( const IORequest type,
byte src,
ulint  src_len,
byte dst,
ulint  dst_len 
)

Decrypt the page data contents.

Page type must be FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED, FIL_PAGE_ENCRYPTED_RTREE, if not then the source contents are left unchanged and DB_SUCCESS is returned.

Parameters
[in]typeIORequest
[in,out]srcdata read from disk, decrypt data will be copied to this page
[in]src_lensource data length
[in,out]dstscratch area to use for decrypt
[in]dst_lensize of the scratch area in bytes
Returns
DB_SUCCESS or error code

Page type must be FIL_PAGE_ENCRYPTED, if not then the source contents are left unchanged and DB_SUCCESS is returned.

Parameters
[in]typeIORequest
[in,out]srcData read from disk, decrypted data will be copied to this page
[in]src_lensource data length
[in,out]dstScratch area to use for decryption
[in]dst_lenSize of the scratch area in bytes
Returns
DB_SUCCESS or error code

◆ decrypt_log()

dberr_t Encryption::decrypt_log ( const IORequest type,
byte src,
ulint  src_len,
byte dst,
ulint  dst_len 
)

Decrypt the log data contents.

Parameters
[in]typeIORequest
[in,out]srcdata read from disk, decrypted data will be copied to this page
[in]src_lensource data length
[in,out]dstscratch area to use for decryption
[in]dst_lensize of the scratch area in bytes
Returns
DB_SUCCESS or error code
Parameters
[in]typeIORequest
[in,out]srcData read from disk, decrypted data will be copied to this page
[in]src_lensource data length
[in,out]dstScratch area to use for decryption
[in]dst_lenSize of the scratch area in bytes
Returns
DB_SUCCESS or error code

◆ decrypt_log_block()

dberr_t Encryption::decrypt_log_block ( const IORequest type,
byte src,
byte dst 
)

Decrypt the log block.

Parameters
[in]typeIORequest
[in,out]srcdata read from disk, decrypted data will be copied to this page
[in,out]dstscratch area to use for decryption
Returns
DB_SUCCESS or error code
Parameters
[in]typeIORequest
[in,out]srcData read from disk, decrypted data will be copied to this page
[in,out]dstScratch area to use for decryption
Returns
DB_SUCCESS or error code

◆ encrypt()

byte * Encryption::encrypt ( const IORequest type,
byte src,
ulint  src_len,
byte dst,
ulint *  dst_len 
)

Encrypt the page data contents.

Page type can't be FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED, FIL_PAGE_ENCRYPTED_RTREE.

Parameters
[in]typeIORequest
[in,out]srcpage data which need to encrypt
[in]src_lensize of the source in bytes
[in,out]dstdestination area
[in,out]dst_lensize of the destination in bytes
Returns
buffer data, dst_len will have the length of the data

Page type can't be FIL_PAGE_ENCRYPTED, FIL_PAGE_COMPRESSED_AND_ENCRYPTED, FIL_PAGE_ENCRYPTED_RTREE.

Parameters
[in]typeIORequest
[in]srcpage data which need to encrypt
[in]src_lenSize of the source in bytes
[in,out]dstdestination area
[in,out]dst_lenSize of the destination in bytes
Returns
buffer data, dst_len will have the length of the data

◆ encrypt_log()

byte * Encryption::encrypt_log ( const IORequest type,
byte src,
ulint  src_len,
byte dst,
ulint *  dst_len 
)

Encrypt the redo log data contents.

Parameters
[in]typeIORequest
[in,out]srcpage data which need to encrypt
[in]src_lensize of the source in bytes
[in,out]dstdestination area
[in,out]dst_lensize of the destination in bytes
Returns
buffer data, dst_len will have the length of the data
Parameters
[in]typeIORequest
[in]srcpage data which need to encrypt
[in]src_lenSize of the source in bytes
[in,out]dstdestination area
[in,out]dst_lenSize of the destination in bytes
Returns
buffer data, dst_len will have the length of the data

◆ encrypt_log_block()

bool Encryption::encrypt_log_block ( const IORequest type,
byte src_ptr,
byte dst_ptr 
)

Encrypt the redo log block.

Parameters
[in]typeIORequest
[in,out]src_ptrlog block which need to encrypt
[in,out]dst_ptrdestination area
Returns
true if success.
Parameters
[in]typeIORequest
[in]src_ptrlog block which need to encrypt
[in,out]dst_ptrdestination area
Returns
true if success.

◆ fill_encryption_info()

bool Encryption::fill_encryption_info ( byte key,
byte iv,
byte encrypt_info,
bool  is_boot,
bool  encrypt_key 
)
static

Fill the encryption information.

Parameters
[in]keyencryption key
[in]ivencryption iv
[in,out]encrypt_infoencryption information
[in]is_bootif it's for bootstrap
[in]encrypt_keyencrypt with master key
Returns
true if success.

◆ get_master_key() [1/2]

void Encryption::get_master_key ( ulint *  master_key_id,
byte **  master_key 
)
static

Get current master key and key id.

Get current master key and master key id.

Parameters
[in,out]master_key_idmaster key id
[in,out]master_keymaster key

◆ get_master_key() [2/2]

void Encryption::get_master_key ( ulint  master_key_id,
char *  srv_uuid,
byte **  master_key 
)
static

Get master key by key id.

Parameters
[in]master_key_idmaster key id
[in]srv_uuiduuid of server instance
[in,out]master_keymaster key

◆ get_master_key_from_info()

byte * Encryption::get_master_key_from_info ( byte encrypt_info,
Version  version,
uint32_t *  m_key_id,
char *  srv_uuid,
byte **  master_key 
)
static

Get master key from encryption information.

Parameters
[in]encrypt_infoencryption information
[in]versionversion of encryption information
[in,out]m_key_idmaster key id
[in,out]srv_uuidserver uuid
[in,out]master_keymaster key
Returns
position after master key id or uuid, or the old position if can't get the master key.

◆ is_encrypted_log()

bool Encryption::is_encrypted_log ( const byte block)
static

Check if a log block is encrypted or not.

Check if redo log block is encrypted block or not.

Parameters
[in]blockblock which need to check
Returns
true if it is an encrypted block
Parameters
[in]blocklog block to check
Returns
true if it is an encrypted block

◆ is_encrypted_page()

bool Encryption::is_encrypted_page ( const byte page)
static

Check if page is encrypted page or not.

Parameters
[in]pagepage which need to check
Returns
true if it is an encrypted page
Parameters
[in]pagepage which need to check
Returns
true if it is a encrypted page

◆ is_none()

bool Encryption::is_none ( const char *  algorithm)
static

Check if the string is "empty" or "none".

Check if the string is "" or "n".

Parameters
[in]algorithmEncryption algorithm to check
Returns
true if no algorithm requested

◆ operator=()

Encryption& Encryption::operator= ( const Encryption )
default

◆ random_value()

void Encryption::random_value ( byte value)
static

Generate random encryption value for key and iv.

Parameters
[in,out]valueEncryption value

◆ set_algorithm()

dberr_t Encryption::set_algorithm ( const char *  option,
Encryption encryption 
)

Check the encryption option and set it.

Parameters
[in]optionencryption option
[in,out]encryptionThe encryption type
Returns
DB_SUCCESS or DB_UNSUPPORTED
Parameters
[in]optionencryption option
[in,out]encryptionThe encryption algorithm
Returns
DB_SUCCESS or DB_UNSUPPORTED

◆ to_string()

const char * Encryption::to_string ( Type  type)
static

Convert to a "string".

Parameters
[in]typeThe encryption type
Returns
the string representation

◆ validate()

dberr_t Encryption::validate ( const char *  option)
static

Validate the algorithm string.

Check for supported ENCRYPT := (Y | N) supported values.

Parameters
[in]optionEncryption option
Returns
DB_SUCCESS or error code
Parameters
[in]optionEncryption option
Returns
DB_SUCCESS or DB_UNSUPPORTED

Member Data Documentation

◆ m_iv

byte* Encryption::m_iv

Encrypt initial vector.

◆ m_key

byte* Encryption::m_key

Encrypt key.

◆ m_klen

ulint Encryption::m_klen

Encrypt key length.

◆ m_type

Type Encryption::m_type

Encrypt type.

◆ s_master_key_id

ulint Encryption::s_master_key_id = 0
static

Current master key id.

◆ s_uuid

char Encryption::s_uuid = {0}
static

Current uuid of server instance.


The documentation for this struct was generated from the following files: