codership/mariadb-wsrep#27 Galera cache encryption

* Implemented encryption callback and enc_set_key * Added pure virtual functions for encryption functionality * Set enc key if provider was not loaded on time
2025-07-28 20:02:00 +03:00 · 2018-11-10 11:07:52 +01:00
parent ae734a33f8
commit 7e9419e811
11 changed files with 128 additions and 10 deletions
--- a/include/wsrep/provider.hpp
+++ b/include/wsrep/provider.hpp
@ -342,6 +342,8 @@ namespace wsrep
        virtual int sst_sent(const wsrep::gtid&, int) = 0;
        virtual int sst_received(const wsrep::gtid&, int) = 0;

+        virtual int enc_set_key(const wsrep::const_buffer& key) = 0;
+
        virtual std::vector<status_variable> status() const = 0;
        virtual void reset_status() = 0;

--- a/include/wsrep/server_service.hpp
+++ b/include/wsrep/server_service.hpp
@ -197,7 +197,6 @@ namespace wsrep
                              const wsrep::gtid& gtid,
                              bool bypass) = 0;

-
        /**
         * Wait until committing transactions have completed.
         * Prior calling this method the server should have been
@ -211,6 +210,16 @@ namespace wsrep
         */
        virtual void debug_sync(const char* sync_point) = 0;

+        /*
+         * Encrypt/decrypt data
+         */
+        virtual int do_crypt(void**                ctx,
+                             wsrep::const_buffer&  key,
+                             const char            (*iv)[32],
+                             wsrep::const_buffer&  input,
+                             void*                 output,
+                             bool                  encrypt,
+                             bool                  last) = 0;
    };
 }

--- a/include/wsrep/server_state.hpp
+++ b/include/wsrep/server_state.hpp
@ -369,6 +369,21 @@ namespace wsrep
        enum wsrep::provider::status
        wait_for_gtid(const wsrep::gtid&, int timeout) const;

+        /**
+         * Set encryption key
+         * 
+         * @param key Encryption key
+         * 
+         * @return Zero on success, non-zero on failure.
+         */
+        int set_encryption_key(std::vector<unsigned char>& key);
+
+        /**
+         * Return encryption key.
+         */
+        const std::vector<unsigned char>& get_encryption_key() const
+        { return encryption_key_; }
+
        /**
         * Perform a causal read in the cluster. After the call returns,
         * all the causally preceding write sets have been committed
@ -583,6 +598,7 @@ namespace wsrep
            , incoming_address_(incoming_address)
            , address_(address)
            , working_dir_(working_dir)
+            , encryption_key_()
            , max_protocol_version_(max_protocol_version)
            , rollback_mode_(rollback_mode)
            , connected_gtid_()
@ -664,6 +680,7 @@ namespace wsrep
        std::string incoming_address_;
        std::string address_;
        std::string working_dir_;
+        std::vector<unsigned char> encryption_key_;
        int max_protocol_version_;
        enum rollback_mode rollback_mode_;
        wsrep::gtid connected_gtid_;