lib/wsrep-lib
1
0
Fork 0
mirror of https://github.com/codership/wsrep-lib.git synced 2025-06-30 18:01:53 +03:00
Code Activity

codership/mariadb-wsrep#27 Galera cache encryption

Browse Source 
* Implemented encryption callback and enc_set_key
* Added pure virtual functions for encryption functionality
* Set enc key if provider was not loaded on time
This commit is contained in:
mkaruza
2018-11-10 11:07:52 +01:00
parent ae734a33f8
commit 7e9419e811
11 changed files with 128 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
dbsim/db_server_service.cpp
View File

@ -150,3 +150,14 @@ void db::server_service::debug_sync(const char*)
{ {
} }
int db::server_service::do_crypt(void** ctx WSREP_UNUSED,
wsrep::const_buffer& key WSREP_UNUSED,
const char (*iv)[32] WSREP_UNUSED,
wsrep::const_buffer& input WSREP_UNUSED,
void* output WSREP_UNUSED,
bool encrypt WSREP_UNUSED,
bool last WSREP_UNUSED)
{
return -1;
}

9
dbsim/db_server_service.hpp
View File

@ -55,6 +55,15 @@ namespace db
enum wsrep::server_state::state) override; enum wsrep::server_state::state) override;
int wait_committing_transactions(int) override; int wait_committing_transactions(int) override;
void debug_sync(const char*) override; void debug_sync(const char*) override;
int do_crypt(void** ctx,
wsrep::const_buffer& key,
const char (*iv)[32],
wsrep::const_buffer& input,
void* output,
bool encrypt,
bool last) override;
private: private:
db::server& server_; db::server& server_;
wsrep::view logged_view_; wsrep::view logged_view_;

2
include/wsrep/provider.hpp
View File

@ -342,6 +342,8 @@ namespace wsrep
virtual int sst_sent(const wsrep::gtid&, int) = 0; virtual int sst_sent(const wsrep::gtid&, int) = 0;
virtual int sst_received(const wsrep::gtid&, int) = 0; virtual int sst_received(const wsrep::gtid&, int) = 0;
virtual int enc_set_key(const wsrep::const_buffer& key) = 0;
virtual std::vector<status_variable> status() const = 0; virtual std::vector<status_variable> status() const = 0;
virtual void reset_status() = 0; virtual void reset_status() = 0;

11
include/wsrep/server_service.hpp
View File

@ -197,7 +197,6 @@ namespace wsrep
const wsrep::gtid& gtid, const wsrep::gtid& gtid,
bool bypass) = 0; bool bypass) = 0;
/** /**
* Wait until committing transactions have completed. * Wait until committing transactions have completed.
* Prior calling this method the server should have been * Prior calling this method the server should have been
@ -211,6 +210,16 @@ namespace wsrep
*/ */
virtual void debug_sync(const char* sync_point) = 0; virtual void debug_sync(const char* sync_point) = 0;
/*
* Encrypt/decrypt data
*/
virtual int do_crypt(void** ctx,
wsrep::const_buffer& key,
const char (*iv)[32],
wsrep::const_buffer& input,
void* output,
bool encrypt,
bool last) = 0;
}; };
} }

17
include/wsrep/server_state.hpp
View File

@ -369,6 +369,21 @@ namespace wsrep
enum wsrep::provider::status enum wsrep::provider::status
wait_for_gtid(const wsrep::gtid&, int timeout) const; wait_for_gtid(const wsrep::gtid&, int timeout) const;
/**
* Set encryption key
*
* @param key Encryption key
*
* @return Zero on success, non-zero on failure.
*/
int set_encryption_key(std::vector<unsigned char>& key);
/**
* Return encryption key.
*/
const std::vector<unsigned char>& get_encryption_key() const
{ return encryption_key_; }
/** /**
* Perform a causal read in the cluster. After the call returns, * Perform a causal read in the cluster. After the call returns,
* all the causally preceding write sets have been committed * all the causally preceding write sets have been committed
@ -583,6 +598,7 @@ namespace wsrep
, incoming_address_(incoming_address) , incoming_address_(incoming_address)
, address_(address) , address_(address)
, working_dir_(working_dir) , working_dir_(working_dir)
, encryption_key_()
, max_protocol_version_(max_protocol_version) , max_protocol_version_(max_protocol_version)
, rollback_mode_(rollback_mode) , rollback_mode_(rollback_mode)
, connected_gtid_() , connected_gtid_()
@ -664,6 +680,7 @@ namespace wsrep
std::string incoming_address_; std::string incoming_address_;
std::string address_; std::string address_;
std::string working_dir_; std::string working_dir_;
std::vector<unsigned char> encryption_key_;
int max_protocol_version_; int max_protocol_version_;
enum rollback_mode rollback_mode_; enum rollback_mode rollback_mode_;
wsrep::gtid connected_gtid_; wsrep::gtid connected_gtid_;

12
src/server_state.cpp
View File

@ -626,6 +626,18 @@ wsrep::server_state::wait_for_gtid(const wsrep::gtid& gtid, int timeout)
return provider().wait_for_gtid(gtid, timeout); return provider().wait_for_gtid(gtid, timeout);
} }
int
wsrep::server_state::set_encryption_key(std::vector<unsigned char>& key)
{
encryption_key_ = key;
if (state_ != s_disconnected)
{
return provider_->enc_set_key(wsrep::const_buffer(encryption_key_.data(),
encryption_key_.size()));
}
return 0;
}
std::pair<wsrep::gtid, enum wsrep::provider::status> std::pair<wsrep::gtid, enum wsrep::provider::status>
wsrep::server_state::causal_read(int timeout) const wsrep::server_state::causal_read(int timeout) const
{ {

57
src/wsrep_provider_v26.cpp
View File

@ -20,6 +20,7 @@
#include "wsrep_provider_v26.hpp" #include "wsrep_provider_v26.hpp"
#include "wsrep/server_state.hpp" #include "wsrep/server_state.hpp"
#include "wsrep/server_service.hpp"
#include "wsrep/high_priority_service.hpp" #include "wsrep/high_priority_service.hpp"
#include "wsrep/view.hpp" #include "wsrep/view.hpp"
#include "wsrep/exception.hpp" #include "wsrep/exception.hpp"
@ -421,14 +422,36 @@ namespace
} }
} }
wsrep_cb_status_t encrypt_cb(void* /* app ctx */, int encrypt_cb(void* app_ctx,
wsrep_enc_ctx_t* /*ctx*/, wsrep_enc_ctx_t* enc_ctx,
const wsrep_buf_t* /*input*/, const wsrep_buf_t* input,
void* /*output*/, void* output,
wsrep_enc_direction_t /*direction*/, wsrep_enc_direction_t direction,
bool /*final*/) bool last)
{ {
return WSREP_CB_SUCCESS; assert(app_ctx);
wsrep::server_state& server_state(
*static_cast<wsrep::server_state*>(app_ctx));
wsrep::const_buffer key(enc_ctx->key->ptr, enc_ctx->key->len);
wsrep::const_buffer in(input->ptr, input->len);
try
{
return server_state.server_service().do_crypt(&enc_ctx->ctx,
key,
enc_ctx->iv,
in,
output,
direction == WSREP_ENC,
last);
}
catch (const wsrep::runtime_error& e)
{
free(enc_ctx->ctx);
// Return negative value in case of callback error
return -1;
}
} }
wsrep_cb_status_t apply_cb(void* ctx, wsrep_cb_status_t apply_cb(void* ctx,
@ -582,6 +605,16 @@ wsrep::wsrep_provider_v26::wsrep_provider_v26(
{ {
throw wsrep::runtime_error("Failed to initialize wsrep provider"); throw wsrep::runtime_error("Failed to initialize wsrep provider");
} }
const std::vector<unsigned char>& key = server_state.get_encryption_key();
if (key.size())
{
wsrep::const_buffer const_key(key.data(), key.size());
if(enc_set_key(const_key))
{
throw wsrep::runtime_error("Failed to set encryption key");
}
}
} }
wsrep::wsrep_provider_v26::~wsrep_provider_v26() wsrep::wsrep_provider_v26::~wsrep_provider_v26()
@ -856,6 +889,16 @@ int wsrep::wsrep_provider_v26::sst_received(const wsrep::gtid& gtid, int err)
return 0; return 0;
} }
int wsrep::wsrep_provider_v26::enc_set_key(const wsrep::const_buffer& key)
{
wsrep_enc_key_t enc_key = {key.data(), key.size()};
if (wsrep_->enc_set_key(wsrep_, &enc_key) != WSREP_OK)
{
return 1;
}
return 0;
}
std::vector<wsrep::provider::status_variable> std::vector<wsrep::provider::status_variable>
wsrep::wsrep_provider_v26::status() const wsrep::wsrep_provider_v26::status() const
{ {

2
src/wsrep_provider_v26.hpp
View File

@ -78,7 +78,7 @@ namespace wsrep
wsrep::gtid last_committed_gtid() const; wsrep::gtid last_committed_gtid() const;
int sst_sent(const wsrep::gtid&,int); int sst_sent(const wsrep::gtid&,int);
int sst_received(const wsrep::gtid& gtid, int); int sst_received(const wsrep::gtid& gtid, int);
int enc_set_key(const wsrep::const_buffer& key);
std::vector<status_variable> status() const; std::vector<status_variable> status() const;
void reset_status(); void reset_status();
std::string options() const; std::string options() const;

3
test/mock_provider.hpp
View File

@ -252,6 +252,9 @@ namespace wsrep
int sst_sent(const wsrep::gtid&, int) WSREP_OVERRIDE { return 0; } int sst_sent(const wsrep::gtid&, int) WSREP_OVERRIDE { return 0; }
int sst_received(const wsrep::gtid&, int) WSREP_OVERRIDE { return 0; } int sst_received(const wsrep::gtid&, int) WSREP_OVERRIDE { return 0; }
int enc_set_key(const wsrep::const_buffer&) WSREP_OVERRIDE
{ return 0; }
std::vector<status_variable> status() const WSREP_OVERRIDE std::vector<status_variable> status() const WSREP_OVERRIDE
{ {
return std::vector<status_variable>(); return std::vector<status_variable>();

12
test/mock_server_state.hpp
View File

@ -190,6 +190,18 @@ namespace wsrep
} }
} }
int do_crypt(void** ctx WSREP_UNUSED,
wsrep::const_buffer& key WSREP_UNUSED,
const char (*iv)[32] WSREP_UNUSED,
wsrep::const_buffer& input WSREP_UNUSED,
void* output WSREP_UNUSED,
bool encrypt WSREP_UNUSED,
bool last WSREP_UNUSED)
WSREP_OVERRIDE
{
return -1;
}
std::string sync_point_enabled_; std::string sync_point_enabled_;
enum sync_point_action enum sync_point_action
{ {

2
wsrep-API/v26

Submodule wsrep-API/v26 updated: f0239371ca...75a5f452f2