mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-05-16 03:47:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

Encryption cleanup

Browse source 
Step 3:

-- Make encrytion_algorithm changeable by SUPER
-- Remove AES_ECB method from encryption_algorithms
-- Support AES method change by storing used method on InnoDB/XtraDB objects
-- Store used AES method to crypt_data as different crypt types
-- Store used AES method to redo/undo logs and checkpoint
-- Store used AES method on every encrypted page after key_version
-- Add test
This commit is contained in:
Jan Lindström 2015-04-01 20:33:50 +03:00 committed by Sergei Golubchik
commit 71ec0463af
30 changed files with 676 additions and 186 deletions
Download patch file Download diff file Expand all files Collapse all files

55
storage/innobase/fil/fil0crypt.cc
View file

@ -23,8 +23,6 @@ Created Jonas Oreland Google
Modified Jan Lindström jan.lindstrom@mariadb.com
*******************************************************/
#include "fil0fil.h"
#include "fil0crypt.h"
#include "srv0srv.h"
#include "srv0start.h"
#include "mach0data.h"
@ -37,6 +35,8 @@ Modified Jan Lindström jan.lindstrom@mariadb.com
#include "fsp0fsp.h"
#include "fil0pagecompress.h"
#include "ha_prototypes.h" // IB_LOG_
#include "fil0fil.h"
#include "fil0crypt.h"
#include <my_crypt.h>
@ -119,34 +119,6 @@ static const unsigned char CRYPT_MAGIC[MAGIC_SZ] = {
static const unsigned char EMPTY_PATTERN[MAGIC_SZ] = {
0x0, 0x0, 0x0, 0x0, 0x0, 0x0 };
/******************************************************************
Map used AES method to crypt scheme
@return used AES crypt scheme */
UNIV_INTERN
uint
fil_crypt_get_aes_method(
/*=====================*/
uint aes_method)
{
switch (aes_method) {
case MY_AES_ALGORITHM_NONE:
return (uint) CRYPT_SCHEME_1_UNENCRYPTED;
break;
case MY_AES_ALGORITHM_CTR:
return (uint) CRYPT_SCHEME_1_CTR;
break;
case MY_AES_ALGORITHM_CBC:
return (uint) CRYPT_SCHEME_1_CBC;
break;
default:
ib_logf(IB_LOG_LEVEL_FATAL,
"Current AES method %d not supported.\n", aes_method);
ut_error;
}
return (uint) CRYPT_SCHEME_1_UNENCRYPTED;
}
/*********************************************************************
Init space crypt */
UNIV_INTERN
@ -659,29 +631,6 @@ fil_space_check_encryption_write(
return true;
}
/******************************************************************
Map current aes method
@return AES method */
UNIV_INTERN
uint
fil_crypt_map_aes_method(
/*=====================*/
uint aes_method) /*!< in: AES method */
{
switch((fil_crypt_method_t)aes_method) {
case CRYPT_SCHEME_1_CTR:
return (uint)MY_AES_ALGORITHM_CTR;
break;
case CRYPT_SCHEME_1_CBC:
return (uint)MY_AES_ALGORITHM_CBC;
break;
default:
ib_logf(IB_LOG_LEVEL_FATAL,
"Current AES method %d not supported.\n", (int)aes_method);
ut_error;
}
}
/******************************************************************
Encrypt a page */
UNIV_INTERN