encryption key management plugin api

Author: vuvova

cmake/abi_check.cmake

@@ -44,6 +44,7 @@ IF(CMAKE_COMPILER_IS_GNUCC AND RUN_ABI_CHECK)
     ${CMAKE_SOURCE_DIR}/include/mysql/client_plugin.h
     ${CMAKE_SOURCE_DIR}/include/mysql/plugin_auth.h
     ${CMAKE_SOURCE_DIR}/include/mysql/plugin_password_validation.h
+    ${CMAKE_SOURCE_DIR}/include/mysql/plugin_encryption_key_management.h
   )
 
   ADD_CUSTOM_TARGET(abi_check ALL

include/my_crypt_key_management.h

@@ -1,6 +1,6 @@
 
-#ifndef MYSYS_MY_CRYPT_KEY_MANAGMENT_H_
-#define MYSYS_MY_CRYPT_KEY_MANAGMENT_H_
+#ifndef INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED
+#define INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED
 
 #include "my_global.h"
 #include "my_pthread.h"
@@ -18,63 +18,17 @@ extern uint opt_debug_encryption_key_version;
 #endif /* DBUG_OFF */
 
 C_MODE_START
-/**
- * function returning latest key version
- */
-typedef int (* GetLatestCryptoKeyVersionFunc_t)();
-
-/**
- * function returning if the key exists
- */
-typedef unsigned int (* HasKeyVersionFunc_t)(unsigned int version);
-
-/**
- * function returning the key size
- */
-typedef int (* GetKeySizeFunc_t)(unsigned int version);
-
-/**
- * function returning a key for a key version
- */
-typedef int (* GetCryptoKeyFunc_t)(unsigned int version,
-                                   unsigned char* key,
-                                   unsigned keybufsize);
-
-/**
- * function returning an iv for a key version
- */
-typedef int (* GetCryptoIVFunc_t)(unsigned int version,
-                                   unsigned char* iv,
-                                   unsigned ivbufsize);
-
-
-struct CryptoKeyFuncs_t
-{
-  GetLatestCryptoKeyVersionFunc_t getLatestCryptoKeyVersionFunc;
-  HasKeyVersionFunc_t hasCryptoKeyFunc;
-  GetKeySizeFunc_t getCryptoKeySize;
-  GetCryptoKeyFunc_t getCryptoKeyFunc;
-  GetCryptoIVFunc_t getCryptoIVFunc;
-};
-
-/**
- * Install functions to use for key management
- */
-void
-InstallCryptoKeyFunctions(const struct CryptoKeyFuncs_t* cryptoKeyFuncs);
 
 /**
  * Functions to interact with key management
  */
 
-int GetLatestCryptoKeyVersion();
-unsigned int HasCryptoKey(unsigned int version);
-int GetCryptoKeySize(unsigned int version);
-int GetCryptoKey(unsigned int version, unsigned char* key_buffer,
-                 unsigned int size);
-int GetCryptoIV(unsigned int version, unsigned char* key_buffer,
-                unsigned int size);
+uint get_latest_encryption_key_version();
+uint has_encryption_key(uint version);
+uint get_encryption_key_size(uint version);
+int get_encryption_key(uint version, uchar* key, uint size);
+int get_encryption_iv(uint version, uchar* iv, uint size);
 
 C_MODE_END
 
-#endif // MYSYS_MY_CRYPT_KEY_MANAGMENT_H_
+#endif // INCLUDE_MY_CRYPT_KEY_MANAGMENT_INCLUDED

include/mysql/plugin.h

@@ -88,11 +88,11 @@ typedef struct st_mysql_xid MYSQL_XID;
 #define MYSQL_AUDIT_PLUGIN           5
 #define MYSQL_REPLICATION_PLUGIN     6
 #define MYSQL_AUTHENTICATION_PLUGIN  7
-#define MYSQL_KEY_MANAGEMENT_PLUGIN  9
 #define MYSQL_MAX_PLUGIN_TYPE_NUM    10  /* The number of plugin types   */
 
 /* MariaDB plugin types */
-#define MariaDB_PASSWORD_VALIDATION_PLUGIN 8
+#define MariaDB_PASSWORD_VALIDATION_PLUGIN  8
+#define MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN 9
 
 /* We use the following strings to define licenses for plugins */
 #define PLUGIN_LICENSE_PROPRIETARY 0

include/mysql/plugin_encryption_key_management.h

@@ -0,0 +1,73 @@
+#ifndef MYSQL_PLUGIN_ENCRYPTION_KEY_MANAGEMENT_INCLUDED
+/* Copyright (C) 2014 Sergei Golubchik and MariaDB
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+/**
+  @file
+
+  Encryption key Management Plugin API.
+
+  This file defines the API for server plugins that manage encryption
+  keys for MariaDB on-disk data encryption.
+*/
+
+#define MYSQL_PLUGIN_ENCRYPTION_KEY_MANAGEMENT_INCLUDED
+
+#include <mysql/plugin.h>
+
+#define MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION 0x0100
+
+#define BAD_ENCRYPTION_KEY_VERSION (~0U)
+
+/**
+  Encryption key management plugin descriptor
+*/
+struct st_mariadb_encryption_key_management
+{
+  int interface_version;                        /**< version plugin uses */
+
+  /**
+    function returning latest key version.
+
+    @return a version or BAD_ENCRYPTION_KEY_VERSION to indicate an error.
+  */
+  unsigned int (*get_latest_key_version)();
+
+  /** function returning if a key of the given version exists */
+  unsigned int (*has_key_version)(unsigned int version);
+
+  /** function returning the key size in bytes */
+  unsigned int (*get_key_size)(unsigned int version);
+
+  /**
+    function returning a key for a key version
+
+    the key is put in 'key' buffer, that has size of 'keybufsize' bytes.
+
+    @return 0 on success, non-zero on failure
+  */
+  int (*get_key)(unsigned int version, unsigned char* key, unsigned int keybufsize);
+
+  /**
+    function returning an IV for a key version
+
+    the IV is put in 'iv' buffer, that has size of 'ivbufsize' bytes.
+
+    @return 0 on success, non-zero on failure
+  */
+  int (*get_iv)(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
+};
+#endif
+