1 /*****************************************************************************
2 
3 Copyright (C) 2013, 2015, Google Inc. All Rights Reserved.
4 Copyright (C) 2014, 2018, MariaDB Corporation.
5 
6 This program is free software; you can redistribute it and/or modify it under
7 the terms of the GNU General Public License as published by the Free Software
8 Foundation; version 2 of the License.
9 
10 This program is distributed in the hope that it will be useful, but WITHOUT
11 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
12 FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
13 
14 You should have received a copy of the GNU General Public License along with
15 this program; if not, write to the Free Software Foundation, Inc.,
16 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA
17 
18 *****************************************************************************/
19 /**************************************************//**
20 @file include/log0crypt.h
21 Innodb log encrypt/decrypt
22 
23 Created 11/25/2013 Minli Zhu
24 Modified           Jan Lindström jan.lindstrom@mariadb.com
25 MDEV-11782: Rewritten for MariaDB 10.2 by Marko Mäkelä, MariaDB Corporation.
26 *******************************************************/
27 #ifndef log0crypt_h
28 #define log0crypt_h
29 
30 #include "log0log.h"
31 
32 /** innodb_encrypt_log: whether to encrypt the redo log */
33 extern my_bool srv_encrypt_log;
34 
35 /** Initialize the redo log encryption key and random parameters
36 when creating a new redo log.
37 The random parameters will be persisted in the log checkpoint pages.
38 @see log_crypt_write_checkpoint_buf()
39 @see log_crypt_read_checkpoint_buf()
40 @return whether the operation succeeded */
41 UNIV_INTERN
42 bool
43 log_crypt_init();
44 
45 /*********************************************************************//**
46 Writes the crypto (version, msg and iv) info, which has been used for
47 log blocks with lsn <= this checkpoint's lsn, to a log header's
48 checkpoint buf. */
49 UNIV_INTERN
50 void
51 log_crypt_write_checkpoint_buf(
52 /*===========================*/
53 	byte*	buf);			/*!< in/out: checkpoint buffer */
54 
55 /** Read the MariaDB 10.1 checkpoint crypto (version, msg and iv) info.
56 @param[in]	buf	checkpoint buffer
57 @return	whether the operation was successful */
58 UNIV_INTERN
59 bool
60 log_crypt_101_read_checkpoint(const byte* buf);
61 
62 /** Decrypt a MariaDB 10.1 redo log block.
63 @param[in,out]	buf	log block
64 @return	whether the decryption was successful */
65 UNIV_INTERN
66 bool
67 log_crypt_101_read_block(byte* buf);
68 
69 /** Read the checkpoint crypto (version, msg and iv) info.
70 @param[in]	buf	checkpoint buffer
71 @return	whether the operation was successful */
72 UNIV_INTERN
73 bool
74 log_crypt_read_checkpoint_buf(const byte* buf);
75 
76 /** log_crypt() operation code */
77 enum log_crypt_t {
78 	/** encrypt a log block without rotating key */
79 	LOG_ENCRYPT,
80 	/** decrypt a log block */
81 	LOG_DECRYPT,
82 	/** attempt to rotate the key, and encrypt a log block */
83 	LOG_ENCRYPT_ROTATE_KEY
84 };
85 
86 /** Encrypt or decrypt log blocks.
87 @param[in,out]	buf	log blocks to encrypt or decrypt
88 @param[in]	lsn	log sequence number of the start of the buffer
89 @param[in]	size	size of the buffer, in bytes
90 @param[in]	op	whether to decrypt, encrypt, or rotate key and encrypt
91 @return	whether the operation succeeded (encrypt always does) */
92 bool log_crypt(byte* buf, lsn_t lsn, ulint size, log_crypt_t op = LOG_ENCRYPT);
93 
94 /** Encrypt or decrypt a temporary file block.
95 @param[in]	src		block to encrypt or decrypt
96 @param[in]	size		size of the block
97 @param[out]	dst		destination block
98 @param[in]	offs		offset to block
99 @param[in]	encrypt		true=encrypt; false=decrypt
100 @return whether the operation succeeded */
101 UNIV_INTERN
102 bool
103 log_tmp_block_encrypt(
104 	const byte*	src,
105 	ulint		size,
106 	byte*		dst,
107 	uint64_t	offs,
108 	bool		encrypt = true)
109 	MY_ATTRIBUTE((warn_unused_result, nonnull));
110 
111 /** Decrypt a temporary file block.
112 @param[in]	src		block to decrypt
113 @param[in]	size		size of the block
114 @param[out]	dst		destination block
115 @param[in]	offs		offset to block
116 @return whether the operation succeeded */
117 inline
118 bool
log_tmp_block_decrypt(const byte * src,ulint size,byte * dst,uint64_t offs)119 log_tmp_block_decrypt(
120 	const byte*	src,
121 	ulint		size,
122 	byte*		dst,
123 	uint64_t	offs)
124 {
125 	return(log_tmp_block_encrypt(src, size, dst, offs, false));
126 }
127 
128 /** @return whether temporary files are encrypted */
log_tmp_is_encrypted()129 inline bool log_tmp_is_encrypted() { return srv_encrypt_log; }
130 #endif  // log0crypt.h
131