lib/wsrep-lib
1
0
Fork 0
mirror of https://github.com/codership/wsrep-lib.git synced 2025-07-24 10:42:31 +03:00
Code Activity

codership/mariadb-wsrep#27 Galera cache encryption

Browse Source 
* Created interface class for encryption support
* Implemented function for setting enc key to provider, callback function for encryption/decryption
This commit is contained in:
mkaruza
2018-11-10 11:07:52 +01:00
parent e7f2dfdf93
commit e7d72ae7f6
9 changed files with 178 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
src/wsrep_provider_v26.cpp
View File

@ -19,6 +19,7 @@
#include "wsrep_provider_v26.hpp"
#include "wsrep/encryption_service.hpp"
#include "wsrep/server_state.hpp"
#include "wsrep/high_priority_service.hpp"
#include "wsrep/view.hpp"
@ -421,14 +422,42 @@ namespace
}
}
int encrypt_cb(void* /* app ctx */,
wsrep_enc_ctx_t* /*ctx*/,
const wsrep_buf_t* /*input*/,
void* /*output*/,
wsrep_enc_direction_t /*direction*/,
bool /*final*/)
int encrypt_cb(void* app_ctx,
wsrep_enc_ctx_t* enc_ctx,
const wsrep_buf_t* input,
void* output,
wsrep_enc_direction_t direction,
bool last)
{
return 0;
assert(app_ctx);
wsrep::server_state& server_state(
*static_cast<wsrep::server_state*>(app_ctx));
assert(server_state.encryption_service());
if (server_state.encryption_service() == 0)
{
wsrep::log_error() << "Encryption service not defined in encrypt_cb()";
return -1;
}
wsrep::const_buffer key(enc_ctx->key->ptr, enc_ctx->key->len);
wsrep::const_buffer in(input->ptr, input->len);
try
{
return server_state.encryption_service()->do_crypt(&enc_ctx->ctx,
key,
enc_ctx->iv,
in,
output,
direction == WSREP_ENC,
last);
}
catch (const wsrep::runtime_error& e)
{
free(enc_ctx->ctx);
// Return negative value in case of callback error
return -1;
}
}
wsrep_cb_status_t apply_cb(void* ctx,
@ -549,6 +578,8 @@ wsrep::wsrep_provider_v26::wsrep_provider_v26(
, wsrep_()
{
wsrep_gtid_t state_id;
bool encryption_enabled = server_state.encryption_service() &&
server_state.encryption_service()->encryption_enabled();
std::memcpy(state_id.uuid.data,
server_state.initial_position().id().data(),
sizeof(state_id.uuid.data));
@ -568,7 +599,7 @@ wsrep::wsrep_provider_v26::wsrep_provider_v26(
init_args.connected_cb = &connected_cb;
init_args.view_cb = &view_cb;
init_args.sst_request_cb = &sst_request_cb;
init_args.encrypt_cb = &encrypt_cb;
init_args.encrypt_cb = encryption_enabled ? encrypt_cb : NULL;
init_args.apply_cb = &apply_cb;
init_args.unordered_cb = 0;
init_args.sst_donate_cb = &sst_donate_cb;
@ -582,6 +613,19 @@ wsrep::wsrep_provider_v26::wsrep_provider_v26(
{
throw wsrep::runtime_error("Failed to initialize wsrep provider");
}
if (encryption_enabled)
{
const std::vector<unsigned char>& key = server_state.get_encryption_key();
if (key.size())
{
wsrep::const_buffer const_key(key.data(), key.size());
if(enc_set_key(const_key))
{
throw wsrep::runtime_error("Failed to set encryption key");
}
}
}
}
wsrep::wsrep_provider_v26::~wsrep_provider_v26()
@ -856,6 +900,16 @@ int wsrep::wsrep_provider_v26::sst_received(const wsrep::gtid& gtid, int err)
return 0;
}
int wsrep::wsrep_provider_v26::enc_set_key(const wsrep::const_buffer& key)
{
wsrep_enc_key_t enc_key = {key.data(), key.size()};
if (wsrep_->enc_set_key(wsrep_, &enc_key) != WSREP_OK)
{
return 1;
}
return 0;
}
std::vector<wsrep::provider::status_variable>
wsrep::wsrep_provider_v26::status() const
{