just like tempfiles: use key id 2 for temp Aria tables

vuvova · vuvova · commit 432b78c90376 · 2015-06-02T18:53:37.000+02:00
introduce ENCRYPTION_KEY_SYSTEM_DATA and
ENCRYPTION_KEY_TEMPORARY_DATA constants; use them everywhere.
diff --git a/include/mysql/service_encryption.h b/include/mysql/service_encryption.h
@@ -32,6 +32,9 @@ extern "C" {
 #define ENCRYPTION_KEY_VERSION_INVALID        (~(unsigned int)0)
 #define ENCRYPTION_KEY_NOT_ENCRYPTED          (0)
 
+#define ENCRYPTION_KEY_SYSTEM_DATA             1
+#define ENCRYPTION_KEY_TEMPORARY_DATA          2
+
 /* returned from encryption_key_get()  */
 #define ENCRYPTION_KEY_BUFFER_TOO_SMALL    (100)
 
diff --git a/sql/mf_iocache_encr.cc b/sql/mf_iocache_encr.cc
@@ -232,9 +232,13 @@ void init_io_cache_encryption()
 {
   if (encrypt_tmp_files)
   {
-    keyver= encryption_key_get_latest_version(keyid= 2);
+    keyid= ENCRYPTION_KEY_TEMPORARY_DATA;
+    keyver= encryption_key_get_latest_version(keyid);
     if (keyver == ENCRYPTION_KEY_VERSION_INVALID)
-      keyver= encryption_key_get_latest_version(keyid= 1);
+    {
+      keyid= ENCRYPTION_KEY_SYSTEM_DATA;
+      keyver= encryption_key_get_latest_version(keyid);
+    }
   }
   else
     keyver= ENCRYPTION_KEY_VERSION_INVALID;
diff --git a/storage/innobase/include/fil0crypt.h b/storage/innobase/include/fil0crypt.h
@@ -27,7 +27,7 @@ Created 04/01/2015 Jan Lindström
 #define fil0crypt_h
 
 /* This key will be used if nothing else is given */
-#define FIL_DEFAULT_ENCRYPTION_KEY 1
+#define FIL_DEFAULT_ENCRYPTION_KEY ENCRYPTION_KEY_SYSTEM_DATA
 
 /** Enum values for encryption table option */
 typedef enum {
diff --git a/storage/maria/ma_crypt.c b/storage/maria/ma_crypt.c
@@ -20,8 +20,6 @@
 #include "ma_blockrec.h"
 #include <my_crypt.h>
 
-#define HARD_CODED_ENCRYPTION_KEY_ID 1
-
 #define CRYPT_SCHEME_1         1
 #define CRYPT_SCHEME_1_ID_LEN  4 /* 4 bytes for counter-block */
 #define CRYPT_SCHEME_1_IV_LEN           16
@@ -44,6 +42,24 @@ struct st_maria_crypt_data
   mysql_mutex_t lock;          /* protecting keys */
 };
 
+/**
+  determine what key id to use for Aria encryption
+
+  Same logic as for tempfiles: if key id 2 exists - use it,
+  otherwise use key id 1.
+
+  Key id 1 is system, it always exists. Key id 2 is optional,
+  it allows to specify fast low-grade encryption for temporary data.
+*/
+static uint get_encryption_key_id(MARIA_SHARE *share)
+{
+  if (share->options & HA_OPTION_TMP_TABLE &&
+      encryption_key_id_exists(ENCRYPTION_KEY_TEMPORARY_DATA))
+    return ENCRYPTION_KEY_TEMPORARY_DATA;
+  else
+    return ENCRYPTION_KEY_SYSTEM_DATA;
+}
+
 uint
 ma_crypt_get_data_page_header_space()
 {
@@ -90,7 +106,7 @@ ma_crypt_create(MARIA_SHARE* share)
   crypt_data->scheme.type= CRYPT_SCHEME_1;
   crypt_data->scheme.locker= crypt_data_scheme_locker;
   mysql_mutex_init(key_CRYPT_DATA_lock, &crypt_data->lock, MY_MUTEX_INIT_FAST);
-  crypt_data->scheme.key_id= HARD_CODED_ENCRYPTION_KEY_ID;
+  crypt_data->scheme.key_id= get_encryption_key_id(share);
   my_random_bytes(crypt_data->scheme.iv, sizeof(crypt_data->scheme.iv));
   my_random_bytes((uchar*)&crypt_data->space, sizeof(crypt_data->space));
   share->crypt_data= crypt_data;
@@ -156,7 +172,7 @@ ma_crypt_read(MARIA_SHARE* share, uchar *buff)
     mysql_mutex_init(key_CRYPT_DATA_lock, &crypt_data->lock,
                      MY_MUTEX_INIT_FAST);
     crypt_data->scheme.locker= crypt_data_scheme_locker;
-    crypt_data->scheme.key_id= HARD_CODED_ENCRYPTION_KEY_ID;
+    crypt_data->scheme.key_id= get_encryption_key_id(share);
     crypt_data->space= uint4korr(buff + 2);
     memcpy(crypt_data->scheme.iv, buff + 6, sizeof(crypt_data->scheme.iv));
     share->crypt_data= crypt_data;
@@ -314,7 +330,7 @@ void ma_crypt_set_data_pagecache_callbacks(PAGECACHE_FILE *file,
                                            __attribute__((unused)))
 {
   /* Only use encryption if we have defined it */
-  if (encryption_key_id_exists(HARD_CODED_ENCRYPTION_KEY_ID))
+  if (encryption_key_id_exists(get_encryption_key_id(share)))
   {
     file->pre_read_hook= ma_crypt_pre_read_hook;
     file->post_read_hook= ma_crypt_data_post_read_hook;
diff --git a/storage/xtradb/include/fil0crypt.h b/storage/xtradb/include/fil0crypt.h
@@ -27,7 +27,7 @@ Created 04/01/2015 Jan Lindström
 #define fil0crypt_h
 
 /* This key will be used if nothing else is given */
-#define FIL_DEFAULT_ENCRYPTION_KEY 1
+#define FIL_DEFAULT_ENCRYPTION_KEY ENCRYPTION_KEY_SYSTEM_DATA
 
 /** Enum values for encryption table option */
 typedef enum {

Original file line number	Diff line number	Diff line change
`@@ -232,9 +232,13 @@ void init_io_cache_encryption()`
`232`	`232`	`{`
`233`	`233`	`if (encrypt_tmp_files)`
`234`	`234`	`{`
`235`		`- keyver= encryption_key_get_latest_version(keyid= 2);`
	`235`	`+ keyid= ENCRYPTION_KEY_TEMPORARY_DATA;`
	`236`	`+ keyver= encryption_key_get_latest_version(keyid);`
`236`	`237`	`if (keyver == ENCRYPTION_KEY_VERSION_INVALID)`
`237`		`- keyver= encryption_key_get_latest_version(keyid= 1);`
	`238`	`+ {`
	`239`	`+ keyid= ENCRYPTION_KEY_SYSTEM_DATA;`
	`240`	`+ keyver= encryption_key_get_latest_version(keyid);`
	`241`	`+ }`
`238`	`242`	`}`
`239`	`243`	`else`
`240`	`244`	`keyver= ENCRYPTION_KEY_VERSION_INVALID;`