/src/server/include/mysql/service_encryption.h
Line | Count | Source (jump to first uncovered line) |
1 | | #ifndef MYSQL_SERVICE_ENCRYPTION_INCLUDED |
2 | | /* Copyright (c) 2015, MariaDB |
3 | | |
4 | | This program is free software; you can redistribute it and/or modify |
5 | | it under the terms of the GNU General Public License as published by |
6 | | the Free Software Foundation; version 2 of the License. |
7 | | |
8 | | This program is distributed in the hope that it will be useful, |
9 | | but WITHOUT ANY WARRANTY; without even the implied warranty of |
10 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
11 | | GNU General Public License for more details. |
12 | | |
13 | | You should have received a copy of the GNU General Public License |
14 | | along with this program; if not, write to the Free Software |
15 | | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */ |
16 | | |
17 | | /** |
18 | | @file |
19 | | encryption service |
20 | | |
21 | | Functions to support data encryption and encryption key management. |
22 | | They are normally implemented in an encryption plugin, so this service |
23 | | connects encryption *consumers* (e.g. storage engines) to the encryption |
24 | | *provider* (encryption plugin). |
25 | | */ |
26 | | |
27 | | #ifndef MYSQL_ABI_CHECK |
28 | | #include <my_alloca.h> |
29 | | #ifdef _WIN32 |
30 | | #ifndef __cplusplus |
31 | | #define inline __inline |
32 | | #endif |
33 | | #endif |
34 | | #endif |
35 | | |
36 | | #ifdef __cplusplus |
37 | | extern "C" { |
38 | | #endif |
39 | | #ifndef MYSQL_ABI_CHECK |
40 | | #include <assert.h> |
41 | | #endif |
42 | | |
43 | | /* returned from encryption_key_get_latest_version() */ |
44 | | #define ENCRYPTION_KEY_VERSION_INVALID (~(unsigned int)0) |
45 | | #define ENCRYPTION_KEY_NOT_ENCRYPTED (0) |
46 | | |
47 | | #define ENCRYPTION_KEY_SYSTEM_DATA 1 |
48 | | #define ENCRYPTION_KEY_TEMPORARY_DATA 2 |
49 | | |
50 | | /* returned from encryption_key_get() */ |
51 | | #define ENCRYPTION_KEY_BUFFER_TOO_SMALL (100) |
52 | | |
53 | | #define ENCRYPTION_FLAG_DECRYPT 0 |
54 | | #define ENCRYPTION_FLAG_ENCRYPT 1 |
55 | | #define ENCRYPTION_FLAG_NOPAD 2 |
56 | | |
57 | | struct encryption_service_st { |
58 | | unsigned int (*encryption_key_get_latest_version_func)(unsigned int key_id); |
59 | | unsigned int (*encryption_key_get_func)(unsigned int key_id, unsigned int key_version, |
60 | | unsigned char* buffer, unsigned int* length); |
61 | | unsigned int (*encryption_ctx_size_func)(unsigned int key_id, unsigned int key_version); |
62 | | int (*encryption_ctx_init_func)(void *ctx, const unsigned char* key, unsigned int klen, |
63 | | const unsigned char* iv, unsigned int ivlen, |
64 | | int flags, unsigned int key_id, |
65 | | unsigned int key_version); |
66 | | int (*encryption_ctx_update_func)(void *ctx, const unsigned char* src, unsigned int slen, |
67 | | unsigned char* dst, unsigned int* dlen); |
68 | | int (*encryption_ctx_finish_func)(void *ctx, unsigned char* dst, unsigned int* dlen); |
69 | | unsigned int (*encryption_encrypted_length_func)(unsigned int slen, unsigned int key_id, unsigned int key_version); |
70 | | }; |
71 | | |
72 | | #ifdef MYSQL_DYNAMIC_PLUGIN |
73 | | |
74 | | extern struct encryption_service_st *encryption_service; |
75 | | |
76 | | #define encryption_key_get_latest_version(KI) encryption_service->encryption_key_get_latest_version_func(KI) |
77 | | #define encryption_key_get(KI,KV,K,S) encryption_service->encryption_key_get_func((KI),(KV),(K),(S)) |
78 | | #define encryption_ctx_size(KI,KV) encryption_service->encryption_ctx_size_func((KI),(KV)) |
79 | | #define encryption_ctx_init(CTX,K,KL,IV,IVL,F,KI,KV) encryption_service->encryption_ctx_init_func((CTX),(K),(KL),(IV),(IVL),(F),(KI),(KV)) |
80 | | #define encryption_ctx_update(CTX,S,SL,D,DL) encryption_service->encryption_ctx_update_func((CTX),(S),(SL),(D),(DL)) |
81 | | #define encryption_ctx_finish(CTX,D,DL) encryption_service->encryption_ctx_finish_func((CTX),(D),(DL)) |
82 | | #define encryption_encrypted_length(SL,KI,KV) encryption_service->encryption_encrypted_length_func((SL),(KI),(KV)) |
83 | | #else |
84 | | |
85 | | extern struct encryption_service_st encryption_handler; |
86 | | |
87 | | #define encryption_key_get_latest_version(KI) encryption_handler.encryption_key_get_latest_version_func(KI) |
88 | | #define encryption_key_get(KI,KV,K,S) encryption_handler.encryption_key_get_func((KI),(KV),(K),(S)) |
89 | | #define encryption_ctx_size(KI,KV) encryption_handler.encryption_ctx_size_func((KI),(KV)) |
90 | | #define encryption_ctx_init(CTX,K,KL,IV,IVL,F,KI,KV) encryption_handler.encryption_ctx_init_func((CTX),(K),(KL),(IV),(IVL),(F),(KI),(KV)) |
91 | | #define encryption_ctx_update(CTX,S,SL,D,DL) encryption_handler.encryption_ctx_update_func((CTX),(S),(SL),(D),(DL)) |
92 | | #define encryption_ctx_finish(CTX,D,DL) encryption_handler.encryption_ctx_finish_func((CTX),(D),(DL)) |
93 | | #define encryption_encrypted_length(SL,KI,KV) encryption_handler.encryption_encrypted_length_func((SL),(KI),(KV)) |
94 | | #endif |
95 | | |
96 | | static inline unsigned int encryption_key_id_exists(unsigned int id) |
97 | 0 | { |
98 | 0 | return encryption_key_get_latest_version(id) != ENCRYPTION_KEY_VERSION_INVALID; |
99 | 0 | } Unexecuted instantiation: fuzz_json.c:encryption_key_id_exists Unexecuted instantiation: json_lib.c:encryption_key_id_exists Unexecuted instantiation: ctype-ucs2.c:encryption_key_id_exists Unexecuted instantiation: ctype-utf8.c:encryption_key_id_exists Unexecuted instantiation: ctype.c:encryption_key_id_exists Unexecuted instantiation: dtoa.c:encryption_key_id_exists Unexecuted instantiation: int2str.c:encryption_key_id_exists Unexecuted instantiation: ctype-unidata.c:encryption_key_id_exists Unexecuted instantiation: xml.c:encryption_key_id_exists Unexecuted instantiation: ctype-mb.c:encryption_key_id_exists Unexecuted instantiation: ctype-simple.c:encryption_key_id_exists Unexecuted instantiation: ctype-uca.c:encryption_key_id_exists Unexecuted instantiation: my_strtoll10.c:encryption_key_id_exists Unexecuted instantiation: my_vsnprintf.c:encryption_key_id_exists Unexecuted instantiation: strfill.c:encryption_key_id_exists Unexecuted instantiation: strmake.c:encryption_key_id_exists Unexecuted instantiation: strnmov.c:encryption_key_id_exists Unexecuted instantiation: ctype-bin.c:encryption_key_id_exists Unexecuted instantiation: ctype-latin1.c:encryption_key_id_exists Unexecuted instantiation: my_malloc.c:encryption_key_id_exists Unexecuted instantiation: my_static.c:encryption_key_id_exists Unexecuted instantiation: my_thr_init.c:encryption_key_id_exists Unexecuted instantiation: thr_mutex.c:encryption_key_id_exists Unexecuted instantiation: thr_rwlock.c:encryption_key_id_exists Unexecuted instantiation: psi_noop.c:encryption_key_id_exists Unexecuted instantiation: my_error.c:encryption_key_id_exists Unexecuted instantiation: my_getsystime.c:encryption_key_id_exists Unexecuted instantiation: my_init.c:encryption_key_id_exists Unexecuted instantiation: my_mess.c:encryption_key_id_exists Unexecuted instantiation: my_once.c:encryption_key_id_exists Unexecuted instantiation: my_symlink.c:encryption_key_id_exists Unexecuted instantiation: my_sync.c:encryption_key_id_exists Unexecuted instantiation: charset.c:encryption_key_id_exists Unexecuted instantiation: errors.c:encryption_key_id_exists Unexecuted instantiation: hash.c:encryption_key_id_exists Unexecuted instantiation: mf_dirname.c:encryption_key_id_exists Unexecuted instantiation: mf_loadpath.c:encryption_key_id_exists Unexecuted instantiation: mf_pack.c:encryption_key_id_exists Unexecuted instantiation: my_div.c:encryption_key_id_exists Unexecuted instantiation: my_getwd.c:encryption_key_id_exists Unexecuted instantiation: my_lib.c:encryption_key_id_exists Unexecuted instantiation: my_open.c:encryption_key_id_exists Unexecuted instantiation: my_read.c:encryption_key_id_exists Unexecuted instantiation: array.c:encryption_key_id_exists Unexecuted instantiation: charset-def.c:encryption_key_id_exists Unexecuted instantiation: mf_qsort.c:encryption_key_id_exists Unexecuted instantiation: my_alloc.c:encryption_key_id_exists Unexecuted instantiation: bchange.c:encryption_key_id_exists Unexecuted instantiation: bmove_upp.c:encryption_key_id_exists Unexecuted instantiation: ctype-big5.c:encryption_key_id_exists Unexecuted instantiation: ctype-cp932.c:encryption_key_id_exists Unexecuted instantiation: ctype-czech.c:encryption_key_id_exists Unexecuted instantiation: ctype-euc_kr.c:encryption_key_id_exists Unexecuted instantiation: ctype-eucjpms.c:encryption_key_id_exists Unexecuted instantiation: ctype-extra.c:encryption_key_id_exists Unexecuted instantiation: ctype-gb2312.c:encryption_key_id_exists Unexecuted instantiation: ctype-gbk.c:encryption_key_id_exists Unexecuted instantiation: ctype-sjis.c:encryption_key_id_exists Unexecuted instantiation: ctype-tis620.c:encryption_key_id_exists Unexecuted instantiation: ctype-ujis.c:encryption_key_id_exists Unexecuted instantiation: ctype-win1250ch.c:encryption_key_id_exists Unexecuted instantiation: is_prefix.c:encryption_key_id_exists Unexecuted instantiation: str2int.c:encryption_key_id_exists Unexecuted instantiation: strend.c:encryption_key_id_exists Unexecuted instantiation: strxmov.c:encryption_key_id_exists Unexecuted instantiation: strxnmov.c:encryption_key_id_exists Unexecuted instantiation: strmov_overlapp.c:encryption_key_id_exists |
100 | | |
101 | | static inline unsigned int encryption_key_version_exists(unsigned int id, unsigned int version) |
102 | 0 | { |
103 | 0 | unsigned int unused; |
104 | 0 | return encryption_key_get(id, version, NULL, &unused) != ENCRYPTION_KEY_VERSION_INVALID; |
105 | 0 | } Unexecuted instantiation: fuzz_json.c:encryption_key_version_exists Unexecuted instantiation: json_lib.c:encryption_key_version_exists Unexecuted instantiation: ctype-ucs2.c:encryption_key_version_exists Unexecuted instantiation: ctype-utf8.c:encryption_key_version_exists Unexecuted instantiation: ctype.c:encryption_key_version_exists Unexecuted instantiation: dtoa.c:encryption_key_version_exists Unexecuted instantiation: int2str.c:encryption_key_version_exists Unexecuted instantiation: ctype-unidata.c:encryption_key_version_exists Unexecuted instantiation: xml.c:encryption_key_version_exists Unexecuted instantiation: ctype-mb.c:encryption_key_version_exists Unexecuted instantiation: ctype-simple.c:encryption_key_version_exists Unexecuted instantiation: ctype-uca.c:encryption_key_version_exists Unexecuted instantiation: my_strtoll10.c:encryption_key_version_exists Unexecuted instantiation: my_vsnprintf.c:encryption_key_version_exists Unexecuted instantiation: strfill.c:encryption_key_version_exists Unexecuted instantiation: strmake.c:encryption_key_version_exists Unexecuted instantiation: strnmov.c:encryption_key_version_exists Unexecuted instantiation: ctype-bin.c:encryption_key_version_exists Unexecuted instantiation: ctype-latin1.c:encryption_key_version_exists Unexecuted instantiation: my_malloc.c:encryption_key_version_exists Unexecuted instantiation: my_static.c:encryption_key_version_exists Unexecuted instantiation: my_thr_init.c:encryption_key_version_exists Unexecuted instantiation: thr_mutex.c:encryption_key_version_exists Unexecuted instantiation: thr_rwlock.c:encryption_key_version_exists Unexecuted instantiation: psi_noop.c:encryption_key_version_exists Unexecuted instantiation: my_error.c:encryption_key_version_exists Unexecuted instantiation: my_getsystime.c:encryption_key_version_exists Unexecuted instantiation: my_init.c:encryption_key_version_exists Unexecuted instantiation: my_mess.c:encryption_key_version_exists Unexecuted instantiation: my_once.c:encryption_key_version_exists Unexecuted instantiation: my_symlink.c:encryption_key_version_exists Unexecuted instantiation: my_sync.c:encryption_key_version_exists Unexecuted instantiation: charset.c:encryption_key_version_exists Unexecuted instantiation: errors.c:encryption_key_version_exists Unexecuted instantiation: hash.c:encryption_key_version_exists Unexecuted instantiation: mf_dirname.c:encryption_key_version_exists Unexecuted instantiation: mf_loadpath.c:encryption_key_version_exists Unexecuted instantiation: mf_pack.c:encryption_key_version_exists Unexecuted instantiation: my_div.c:encryption_key_version_exists Unexecuted instantiation: my_getwd.c:encryption_key_version_exists Unexecuted instantiation: my_lib.c:encryption_key_version_exists Unexecuted instantiation: my_open.c:encryption_key_version_exists Unexecuted instantiation: my_read.c:encryption_key_version_exists Unexecuted instantiation: array.c:encryption_key_version_exists Unexecuted instantiation: charset-def.c:encryption_key_version_exists Unexecuted instantiation: mf_qsort.c:encryption_key_version_exists Unexecuted instantiation: my_alloc.c:encryption_key_version_exists Unexecuted instantiation: bchange.c:encryption_key_version_exists Unexecuted instantiation: bmove_upp.c:encryption_key_version_exists Unexecuted instantiation: ctype-big5.c:encryption_key_version_exists Unexecuted instantiation: ctype-cp932.c:encryption_key_version_exists Unexecuted instantiation: ctype-czech.c:encryption_key_version_exists Unexecuted instantiation: ctype-euc_kr.c:encryption_key_version_exists Unexecuted instantiation: ctype-eucjpms.c:encryption_key_version_exists Unexecuted instantiation: ctype-extra.c:encryption_key_version_exists Unexecuted instantiation: ctype-gb2312.c:encryption_key_version_exists Unexecuted instantiation: ctype-gbk.c:encryption_key_version_exists Unexecuted instantiation: ctype-sjis.c:encryption_key_version_exists Unexecuted instantiation: ctype-tis620.c:encryption_key_version_exists Unexecuted instantiation: ctype-ujis.c:encryption_key_version_exists Unexecuted instantiation: ctype-win1250ch.c:encryption_key_version_exists Unexecuted instantiation: is_prefix.c:encryption_key_version_exists Unexecuted instantiation: str2int.c:encryption_key_version_exists Unexecuted instantiation: strend.c:encryption_key_version_exists Unexecuted instantiation: strxmov.c:encryption_key_version_exists Unexecuted instantiation: strxnmov.c:encryption_key_version_exists Unexecuted instantiation: strmov_overlapp.c:encryption_key_version_exists |
106 | | |
107 | | /** main entrypoint to perform encryption or decryption |
108 | | * @invariant `src` is valid for `slen` |
109 | | * @invariant `dst` is valid for `*dlen`, `*dlen` is initialized |
110 | | * @invariant `src` and `dst` do not overlap |
111 | | */ |
112 | | static inline int encryption_crypt(const unsigned char* src, unsigned int slen, |
113 | | unsigned char* dst, unsigned int* dlen, |
114 | | const unsigned char* key, unsigned int klen, |
115 | | const unsigned char* iv, unsigned int ivlen, |
116 | | int flags, unsigned int key_id, unsigned int key_version) |
117 | 0 | { |
118 | 0 | void *ctx= alloca(encryption_ctx_size(key_id, key_version)); |
119 | 0 | int res1, res2; |
120 | 0 | unsigned int d1, d2= *dlen; |
121 | 0 |
|
122 | 0 | // Verify dlen is initialized properly. See MDEV-30389 |
123 | 0 | assert(*dlen >= slen); |
124 | 0 | assert((dst[*dlen - 1]= 1)); |
125 | 0 | // Verify buffers do not overlap |
126 | 0 | if (src < dst) |
127 | 0 | assert(src + slen <= dst); |
128 | 0 | else |
129 | 0 | assert(dst + *dlen <= src); |
130 | 0 |
|
131 | 0 | if ((res1= encryption_ctx_init(ctx, key, klen, iv, ivlen, flags, key_id, key_version))) |
132 | 0 | return res1; |
133 | 0 | res1= encryption_ctx_update(ctx, src, slen, dst, &d1); |
134 | 0 | d2-= d1; |
135 | 0 | res2= encryption_ctx_finish(ctx, dst + d1, &d2); |
136 | 0 |
|
137 | 0 | *dlen= d1 + d2; |
138 | 0 | return res1 ? res1 : res2; |
139 | 0 | } Unexecuted instantiation: fuzz_json.c:encryption_crypt Unexecuted instantiation: json_lib.c:encryption_crypt Unexecuted instantiation: ctype-ucs2.c:encryption_crypt Unexecuted instantiation: ctype-utf8.c:encryption_crypt Unexecuted instantiation: ctype.c:encryption_crypt Unexecuted instantiation: dtoa.c:encryption_crypt Unexecuted instantiation: int2str.c:encryption_crypt Unexecuted instantiation: ctype-unidata.c:encryption_crypt Unexecuted instantiation: xml.c:encryption_crypt Unexecuted instantiation: ctype-mb.c:encryption_crypt Unexecuted instantiation: ctype-simple.c:encryption_crypt Unexecuted instantiation: ctype-uca.c:encryption_crypt Unexecuted instantiation: my_strtoll10.c:encryption_crypt Unexecuted instantiation: my_vsnprintf.c:encryption_crypt Unexecuted instantiation: strfill.c:encryption_crypt Unexecuted instantiation: strmake.c:encryption_crypt Unexecuted instantiation: strnmov.c:encryption_crypt Unexecuted instantiation: ctype-bin.c:encryption_crypt Unexecuted instantiation: ctype-latin1.c:encryption_crypt Unexecuted instantiation: my_malloc.c:encryption_crypt Unexecuted instantiation: my_static.c:encryption_crypt Unexecuted instantiation: my_thr_init.c:encryption_crypt Unexecuted instantiation: thr_mutex.c:encryption_crypt Unexecuted instantiation: thr_rwlock.c:encryption_crypt Unexecuted instantiation: psi_noop.c:encryption_crypt Unexecuted instantiation: my_error.c:encryption_crypt Unexecuted instantiation: my_getsystime.c:encryption_crypt Unexecuted instantiation: my_init.c:encryption_crypt Unexecuted instantiation: my_mess.c:encryption_crypt Unexecuted instantiation: my_once.c:encryption_crypt Unexecuted instantiation: my_symlink.c:encryption_crypt Unexecuted instantiation: my_sync.c:encryption_crypt Unexecuted instantiation: charset.c:encryption_crypt Unexecuted instantiation: errors.c:encryption_crypt Unexecuted instantiation: hash.c:encryption_crypt Unexecuted instantiation: mf_dirname.c:encryption_crypt Unexecuted instantiation: mf_loadpath.c:encryption_crypt Unexecuted instantiation: mf_pack.c:encryption_crypt Unexecuted instantiation: my_div.c:encryption_crypt Unexecuted instantiation: my_getwd.c:encryption_crypt Unexecuted instantiation: my_lib.c:encryption_crypt Unexecuted instantiation: my_open.c:encryption_crypt Unexecuted instantiation: my_read.c:encryption_crypt Unexecuted instantiation: array.c:encryption_crypt Unexecuted instantiation: charset-def.c:encryption_crypt Unexecuted instantiation: mf_qsort.c:encryption_crypt Unexecuted instantiation: my_alloc.c:encryption_crypt Unexecuted instantiation: bchange.c:encryption_crypt Unexecuted instantiation: bmove_upp.c:encryption_crypt Unexecuted instantiation: ctype-big5.c:encryption_crypt Unexecuted instantiation: ctype-cp932.c:encryption_crypt Unexecuted instantiation: ctype-czech.c:encryption_crypt Unexecuted instantiation: ctype-euc_kr.c:encryption_crypt Unexecuted instantiation: ctype-eucjpms.c:encryption_crypt Unexecuted instantiation: ctype-extra.c:encryption_crypt Unexecuted instantiation: ctype-gb2312.c:encryption_crypt Unexecuted instantiation: ctype-gbk.c:encryption_crypt Unexecuted instantiation: ctype-sjis.c:encryption_crypt Unexecuted instantiation: ctype-tis620.c:encryption_crypt Unexecuted instantiation: ctype-ujis.c:encryption_crypt Unexecuted instantiation: ctype-win1250ch.c:encryption_crypt Unexecuted instantiation: is_prefix.c:encryption_crypt Unexecuted instantiation: str2int.c:encryption_crypt Unexecuted instantiation: strend.c:encryption_crypt Unexecuted instantiation: strxmov.c:encryption_crypt Unexecuted instantiation: strxnmov.c:encryption_crypt Unexecuted instantiation: strmov_overlapp.c:encryption_crypt |
140 | | |
141 | | #ifdef __cplusplus |
142 | | } |
143 | | #endif |
144 | | |
145 | | #define MYSQL_SERVICE_ENCRYPTION_INCLUDED |
146 | | #endif |