2015-08-07 15:21:20 +03:00
|
|
|
/*****************************************************************************
|
|
|
|
|
|
|
|
|
|
Copyright (C) 2013, 2015, Google Inc. All Rights Reserved.
|
2017-09-14 09:23:20 +03:00
|
|
|
Copyright (C) 2014, 2017, MariaDB Corporation. All Rights Reserved.
|
2015-08-07 15:21:20 +03:00
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify it under
|
|
|
|
|
the terms of the GNU General Public License as published by the Free Software
|
|
|
|
|
Foundation; version 2 of the License.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
|
|
|
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License along with
|
|
|
|
|
this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
|
|
|
|
|
|
*****************************************************************************/
|
2014-12-22 16:53:17 +02:00
|
|
|
/**************************************************//**
|
|
|
|
|
@file include/log0crypt.h
|
|
|
|
|
Innodb log encrypt/decrypt
|
|
|
|
|
|
|
|
|
|
Created 11/25/2013 Minli Zhu
|
2015-08-07 15:21:20 +03:00
|
|
|
Modified Jan Lindström jan.lindstrom@mariadb.com
|
2014-12-22 16:53:17 +02:00
|
|
|
*******************************************************/
|
|
|
|
|
#ifndef log0crypt_h
|
|
|
|
|
#define log0crypt_h
|
|
|
|
|
|
|
|
|
|
#include "univ.i"
|
|
|
|
|
#include "ut0byte.h"
|
2015-04-01 22:15:11 +02:00
|
|
|
#include "my_crypt.h"
|
2017-09-14 09:23:20 +03:00
|
|
|
#include "os0file.h"
|
2014-12-22 16:53:17 +02:00
|
|
|
|
2015-03-31 19:32:35 +02:00
|
|
|
typedef int Crypt_result;
|
|
|
|
|
|
2014-12-22 16:53:17 +02:00
|
|
|
/* If true, enable redo log encryption. */
|
|
|
|
|
extern my_bool srv_encrypt_log;
|
|
|
|
|
|
2015-05-07 19:13:22 +03:00
|
|
|
/***********************************************************************
|
|
|
|
|
Set next checkpoint's key version to latest one, and generate new key */
|
2014-12-22 16:53:17 +02:00
|
|
|
UNIV_INTERN
|
|
|
|
|
void
|
|
|
|
|
log_crypt_set_ver_and_key(
|
|
|
|
|
/*======================*/
|
2015-08-07 15:21:20 +03:00
|
|
|
ib_uint64_t next_checkpoint_no);/*!< in: next checkpoint no */
|
2015-05-07 19:13:22 +03:00
|
|
|
|
2014-12-22 16:53:17 +02:00
|
|
|
|
|
|
|
|
/*********************************************************************//**
|
|
|
|
|
Writes the crypto (version, msg and iv) info, which has been used for
|
|
|
|
|
log blocks with lsn <= this checkpoint's lsn, to a log header's
|
|
|
|
|
checkpoint buf. */
|
|
|
|
|
UNIV_INTERN
|
|
|
|
|
void
|
|
|
|
|
log_crypt_write_checkpoint_buf(
|
|
|
|
|
/*===========================*/
|
|
|
|
|
byte* buf); /*!< in/out: checkpoint buffer */
|
|
|
|
|
|
2015-05-07 19:13:22 +03:00
|
|
|
/*********************************************************************//**
|
|
|
|
|
Read the crypto (version, msg and iv) info, which has been used for
|
|
|
|
|
log blocks with lsn <= this checkpoint's lsn, from a log header's
|
|
|
|
|
checkpoint buf. */
|
|
|
|
|
UNIV_INTERN
|
2015-06-18 19:58:57 +03:00
|
|
|
bool
|
2015-05-07 19:13:22 +03:00
|
|
|
log_crypt_read_checkpoint_buf(
|
|
|
|
|
/*===========================*/
|
2015-08-07 15:21:20 +03:00
|
|
|
const byte* buf); /*!< in: checkpoint buffer */
|
2015-05-07 19:13:22 +03:00
|
|
|
|
|
|
|
|
/********************************************************
|
|
|
|
|
Encrypt one or more log block before it is flushed to disk */
|
|
|
|
|
UNIV_INTERN
|
|
|
|
|
void
|
|
|
|
|
log_encrypt_before_write(
|
2015-08-07 15:21:20 +03:00
|
|
|
/*=====================*/
|
|
|
|
|
ib_uint64_t next_checkpoint_no, /*!< in: log group to be flushed */
|
|
|
|
|
byte* block, /*!< in/out: pointer to a log block */
|
|
|
|
|
const ulint size); /*!< in: size of log blocks */
|
2015-05-07 19:13:22 +03:00
|
|
|
|
|
|
|
|
/********************************************************
|
|
|
|
|
Decrypt a specified log segment after they are read from a log file to a buffer.
|
|
|
|
|
*/
|
|
|
|
|
UNIV_INTERN
|
|
|
|
|
void
|
|
|
|
|
log_decrypt_after_read(
|
2015-08-07 15:21:20 +03:00
|
|
|
/*===================*/
|
|
|
|
|
byte* frame, /*!< in/out: log segment */
|
|
|
|
|
const ulint size); /*!< in: log segment size */
|
|
|
|
|
|
|
|
|
|
/* Error codes for crypt info */
|
|
|
|
|
typedef enum {
|
|
|
|
|
LOG_UNENCRYPTED = 0,
|
|
|
|
|
LOG_CRYPT_KEY_NOT_FOUND = 1,
|
|
|
|
|
LOG_DECRYPT_MAYBE_FAILED = 2
|
|
|
|
|
} log_crypt_err_t;
|
|
|
|
|
|
|
|
|
|
/********************************************************
|
|
|
|
|
Check is the checkpoint information encrypted. This check
|
|
|
|
|
is based on fact has log group crypt info and based
|
|
|
|
|
on this crypt info was the key version different from
|
|
|
|
|
unencrypted key version. There is no realible way to
|
|
|
|
|
distinguish encrypted log block from corrupted log block,
|
|
|
|
|
but if log block corruption is found this function is
|
|
|
|
|
used to find out if log block is maybe encrypted but
|
|
|
|
|
encryption key, key management plugin or encryption
|
|
|
|
|
algorithm does not match.
|
|
|
|
|
@return TRUE, if log block may be encrypted */
|
|
|
|
|
UNIV_INTERN
|
|
|
|
|
ibool
|
|
|
|
|
log_crypt_block_maybe_encrypted(
|
|
|
|
|
/*============================*/
|
|
|
|
|
const byte* log_block, /*!< in: log block */
|
|
|
|
|
log_crypt_err_t* err_info); /*!< out: error info */
|
|
|
|
|
|
|
|
|
|
/********************************************************
|
|
|
|
|
Print crypt error message to error log */
|
|
|
|
|
UNIV_INTERN
|
|
|
|
|
void
|
|
|
|
|
log_crypt_print_error(
|
|
|
|
|
/*==================*/
|
|
|
|
|
log_crypt_err_t err_info); /*!< out: error info */
|
2015-05-07 19:13:22 +03:00
|
|
|
|
2016-03-30 16:08:05 +03:00
|
|
|
/*********************************************************************//**
|
|
|
|
|
Print checkpoint no from log block and all encryption keys from
|
|
|
|
|
checkpoints if they are present. Used for problem analysis. */
|
|
|
|
|
void
|
|
|
|
|
log_crypt_print_checkpoint_keys(
|
|
|
|
|
/*============================*/
|
|
|
|
|
const byte* log_block);
|
|
|
|
|
|
2017-09-14 09:23:20 +03:00
|
|
|
/** Encrypt temporary log block.
|
|
|
|
|
@param[in] src_block block to encrypt or decrypt
|
|
|
|
|
@param[in] size size of the block
|
|
|
|
|
@param[out] dst_block destination block
|
|
|
|
|
@param[in] offs offset to block
|
|
|
|
|
@param[in] space_id tablespace id
|
|
|
|
|
@return true if successfull, false in case of failure
|
|
|
|
|
*/
|
|
|
|
|
UNIV_INTERN
|
|
|
|
|
bool
|
|
|
|
|
log_tmp_block_encrypt(
|
|
|
|
|
const byte* src_block,
|
|
|
|
|
ulint size,
|
|
|
|
|
byte* dst_block,
|
|
|
|
|
os_offset_t offs,
|
|
|
|
|
ulint space_id)
|
|
|
|
|
MY_ATTRIBUTE((warn_unused_result));
|
|
|
|
|
|
|
|
|
|
/** Decrypt temporary log block.
|
|
|
|
|
@param[in] src_block block to encrypt or decrypt
|
|
|
|
|
@param[in] size size of the block
|
|
|
|
|
@param[out] dst_block destination block
|
|
|
|
|
@param[in] offs offset to block
|
|
|
|
|
@param[in] space_id tablespace id
|
|
|
|
|
@return true if successfull, false in case of failure
|
|
|
|
|
*/
|
|
|
|
|
UNIV_INTERN
|
|
|
|
|
bool
|
|
|
|
|
log_tmp_block_decrypt(
|
|
|
|
|
const byte* src_block,
|
|
|
|
|
ulint size,
|
|
|
|
|
byte* dst_block,
|
|
|
|
|
os_offset_t offs,
|
|
|
|
|
ulint space_id)
|
|
|
|
|
MY_ATTRIBUTE((warn_unused_result));
|
|
|
|
|
|
|
|
|
|
/** Find out is temporary log files encrypted.
|
|
|
|
|
@return true if temporary log file should be encrypted, false if not */
|
|
|
|
|
UNIV_INTERN
|
|
|
|
|
bool
|
|
|
|
|
log_tmp_is_encrypted() MY_ATTRIBUTE((warn_unused_result));
|
2014-12-22 16:53:17 +02:00
|
|
|
#endif // log0crypt.h
|
