Commit 51d67633 authored by Sergei Golubchik's avatar Sergei Golubchik

AES-GCM support in file_key_management plugin

parent 0f009272
# #
# Various test cases for IO_CACHE tempfiles (file==-1) encryption # Various test cases for IO_CACHE tempfiles (file==-1) encryption
# #
source include/have_example_key_management_plugin.inc; source include/have_file_key_management_plugin.inc;
source include/have_sequence.inc; source include/have_sequence.inc;
# Row binlog format to fill binlog cache faster # Row binlog format to fill binlog cache faster
......
...@@ -120,6 +120,32 @@ struct st_mariadb_encryption file_key_management_plugin= { ...@@ -120,6 +120,32 @@ struct st_mariadb_encryption file_key_management_plugin= {
0,0 0,0
}; };
#ifdef HAVE_EncryptAes128Gcm
/*
use AES-CTR when cyphertext length must be the same as plaintext length,
and AES-GCM when cyphertext can be longer than plaintext.
*/
static int ctr_gcm_encrypt(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int keyid, unsigned int key_version)
{
return (no_padding ? my_aes_encrypt_ctr : my_aes_encrypt_gcm)
(src, slen, dst, dlen, key, klen, iv, ivlen);
}
static int ctr_gcm_decrypt(const unsigned char* src, unsigned int slen,
unsigned char* dst, unsigned int* dlen,
const unsigned char* key, unsigned int klen,
const unsigned char* iv, unsigned int ivlen,
int no_padding, unsigned int keyid, unsigned int key_version)
{
return (no_padding ? my_aes_decrypt_ctr : my_aes_decrypt_gcm)
(src, slen, dst, dlen, key, klen, iv, ivlen);
}
#endif
static int file_key_management_plugin_init(void *p) static int file_key_management_plugin_init(void *p)
{ {
Parser parser(filename, filekey); Parser parser(filename, filekey);
...@@ -132,10 +158,15 @@ static int file_key_management_plugin_init(void *p) ...@@ -132,10 +158,15 @@ static int file_key_management_plugin_init(void *p)
break; break;
#ifdef HAVE_EncryptAes128Ctr #ifdef HAVE_EncryptAes128Ctr
case 1: // AES_CTR case 1: // AES_CTR
#ifdef HAVE_EncryptAes128Gcm
file_key_management_plugin.encrypt= ctr_gcm_encrypt;
file_key_management_plugin.decrypt= ctr_gcm_decrypt;
#else
file_key_management_plugin.encrypt= file_key_management_plugin.encrypt=
(encrypt_decrypt_func)my_aes_encrypt_ctr; (encrypt_decrypt_func)my_aes_encrypt_ctr;
file_key_management_plugin.decrypt= file_key_management_plugin.decrypt=
(encrypt_decrypt_func)my_aes_decrypt_ctr; (encrypt_decrypt_func)my_aes_decrypt_ctr;
#endif
break; break;
#endif #endif
default: default:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment