MDEV-8264 encryption for binlog

* Start_encryption_log_event * --encrypt-binlog command line option based on google patches.
2025-07-29 05:21:33 +03:00 · 2015-09-02 09:58:08 +02:00
parent 41d68cabee
commit b85a00161e
21 changed files with 753 additions and 198 deletions
--- a/sql/rpl_constants.h
+++ b/sql/rpl_constants.h
@ -17,6 +17,9 @@
 #ifndef RPL_CONSTANTS_H
 #define RPL_CONSTANTS_H

+#include <my_sys.h>
+#include <my_crypt.h>
+
 /**
   Enumeration of the incidents that can occur for the server.
 */
@ -78,4 +81,32 @@ enum enum_binlog_checksum_alg {
                                 // or events from checksum-unaware servers
 };

+#define BINLOG_CRYPTO_SCHEME_LENGTH 1
+#define BINLOG_KEY_VERSION_LENGTH   4
+#define BINLOG_IV_LENGTH            MY_AES_BLOCK_SIZE
+#define BINLOG_IV_OFFS_LENGTH       4
+#define BINLOG_NONCE_LENGTH         (BINLOG_IV_LENGTH - BINLOG_IV_OFFS_LENGTH)
+
+struct Binlog_crypt_data {
+  uint  scheme;
+  uint  key_version, key_length, ctx_size;
+  uchar key[MY_AES_MAX_KEY_LENGTH];
+  uchar nonce[BINLOG_NONCE_LENGTH];
+
+  int init(uint sch, uint kv)
+  {
+    scheme= sch;
+    ctx_size= encryption_ctx_size(ENCRYPTION_KEY_SYSTEM_DATA, kv);
+    key_version= kv;
+    key_length= sizeof(key);
+    return encryption_key_get(ENCRYPTION_KEY_SYSTEM_DATA, kv, key, &key_length);
+  }
+
+  void set_iv(uchar* iv, uint32 offs) const
+  {
+    memcpy(iv, nonce, BINLOG_NONCE_LENGTH);
+    int4store(iv + BINLOG_NONCE_LENGTH, offs);
+  }
+};
+
 #endif /* RPL_CONSTANTS_H */