Skip to content

Commit

Permalink
move debug_use_static_encryption_keys and debug_encryption_key_versio…
Browse files Browse the repository at this point in the history 
…n to a plugin
  • Loading branch information
@vuvova
vuvova committed Apr 8, 2015
1 parent b937574 commit c238e68
Show file tree
Hide file tree
Showing 12 changed files with 137 additions and 94 deletions.
19 changes: 19 additions & 0 deletions mysql-test/suite/innodb/r/innodb_encryption_debug.result
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
show variables like 'innodb_encrypt%';
Variable_name Value
innodb_encrypt_log OFF
innodb_encrypt_tables ON
innodb_encryption_rotate_key_age 2
innodb_encryption_rotation_iops 100
innodb_encryption_threads 4
select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption;
space name min_key_version current_key_version
1 mysql/innodb_table_stats 0 1
2 mysql/innodb_index_stats 0 1
0 NULL 0 1
set global debug_key_management_plugin_version=10;
select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption;
space name min_key_version current_key_version
1 mysql/innodb_table_stats 0 10
2 mysql/innodb_index_stats 0 10
0 NULL 0 10
set global debug_key_management_plugin_version=1;
5 changes: 5 additions & 0 deletions mysql-test/suite/innodb/t/innodb_encryption_debug.opt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
--innodb-encrypt-tables=ON
--innodb-encryption-rotate-key-age=2
--innodb-encryption-threads=4
--innodb-tablespaces-encryption
--plugin-load-add=$DEBUG_KEY_MANAGEMENT_PLUGIN_SO
13 changes: 13 additions & 0 deletions mysql-test/suite/innodb/t/innodb_encryption_debug.test
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
-- source include/have_innodb.inc
if (`select count(*) = 0 from information_schema.plugins
where plugin_name = 'debug_key_management_plugin' and plugin_status='active'`)
{
--skip Needs debug_key_management_plugin
}

show variables like 'innodb_encrypt%';
select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption;
set global debug_key_management_plugin_version=10;
select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption;
set global debug_key_management_plugin_version=1;

3 changes: 0 additions & 3 deletions mysql-test/suite/sys_vars/r/debug_use_static_encryption_keys_basic.result
View file

This file was deleted.

28 changes: 0 additions & 28 deletions mysql-test/suite/sys_vars/r/sysvars_debug.result
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,20 +57,6 @@ NUMERIC_BLOCK_SIZE NULL
ENUM_VALUE_LIST NULL
READ_ONLY NO
COMMAND_LINE_ARGUMENT OPTIONAL
VARIABLE_NAME DEBUG_ENCRYPTION_KEY_VERSION
SESSION_VALUE NULL
GLOBAL_VALUE 0
GLOBAL_VALUE_ORIGIN COMPILE-TIME
DEFAULT_VALUE 0
VARIABLE_SCOPE GLOBAL
VARIABLE_TYPE INT UNSIGNED
VARIABLE_COMMENT Encryption key version. Only to be used in internal testing.
NUMERIC_MIN_VALUE 0
NUMERIC_MAX_VALUE 4294967295
NUMERIC_BLOCK_SIZE 1
ENUM_VALUE_LIST NULL
READ_ONLY NO
COMMAND_LINE_ARGUMENT REQUIRED
VARIABLE_NAME DEBUG_MUTEX_DEADLOCK_DETECTOR
SESSION_VALUE NULL
GLOBAL_VALUE ON
Expand Down Expand Up @@ -113,17 +99,3 @@ NUMERIC_BLOCK_SIZE NULL
ENUM_VALUE_LIST NULL
READ_ONLY NO
COMMAND_LINE_ARGUMENT NULL
VARIABLE_NAME DEBUG_USE_STATIC_ENCRYPTION_KEYS
SESSION_VALUE NULL
GLOBAL_VALUE OFF
GLOBAL_VALUE_ORIGIN COMPILE-TIME
DEFAULT_VALUE OFF
VARIABLE_SCOPE GLOBAL
VARIABLE_TYPE BOOLEAN
VARIABLE_COMMENT Enable use of nonrandom encryption keys. Only to be used in internal testing
NUMERIC_MIN_VALUE NULL
NUMERIC_MAX_VALUE NULL
NUMERIC_BLOCK_SIZE NULL
ENUM_VALUE_LIST OFF,ON
READ_ONLY YES
COMMAND_LINE_ARGUMENT OPTIONAL
3 changes: 0 additions & 3 deletions mysql-test/suite/sys_vars/t/debug_encryption_key_version_basic.test
View file

This file was deleted.

3 changes: 0 additions & 3 deletions mysql-test/suite/sys_vars/t/debug_use_static_encryption_keys_basic.test
View file

This file was deleted.

2 changes: 2 additions & 0 deletions plugin/debug_key_management_plugin/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
MYSQL_ADD_PLUGIN(DEBUG_KEY_MANAGEMENT_PLUGIN debug_key_management_plugin.cc
MODULE_ONLY)
98 changes: 98 additions & 0 deletions plugin/debug_key_management_plugin/debug_key_management_plugin.cc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
/*
Copyright (c) 2015 MariaDB Corporation
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */

/**
Debug key management plugin.
It's used to debug the encryption code with a fixed keys that change
only on user request.
THIS IS AN EXAMPLE ONLY! ENCRYPTION KEYS ARE HARD-CODED AND *NOT* SECRET!
DO NOT USE THIS PLUGIN IN PRODUCTION! EVER!
*/

#include <my_global.h>
#include <mysql/plugin_encryption_key_management.h>
#include <string.h>
#include <myisampack.h>

static uint key_version;

static MYSQL_SYSVAR_UINT(version, key_version, PLUGIN_VAR_RQCMDARG,
"Latest key version", NULL, NULL, 1, 0, UINT_MAX, 1);

static struct st_mysql_sys_var* sysvars[] = {
MYSQL_SYSVAR(version),
NULL
};

static unsigned int get_latest_key_version()
{
return key_version;
}

static int get_key(unsigned int version, unsigned char* dstbuf, unsigned buflen)
{
if (buflen < 4)
return 1;
memset(dstbuf, 0, buflen);
mi_int4store(dstbuf, version);
return 0;
}

static unsigned int has_key(unsigned int ver)
{
return 1;
}

static unsigned int get_key_size(unsigned int ver)
{
return 16;
}

static int get_iv(unsigned int ver, unsigned char* dstbuf, unsigned buflen)
{
return 0; // to be removed
}

struct st_mariadb_encryption_key_management debug_key_management_plugin= {
MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION,
get_latest_key_version,
has_key,
get_key_size,
get_key,
get_iv
};

/*
Plugin library descriptor
*/
maria_declare_plugin(debug_key_management_plugin)
{
MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN,
&debug_key_management_plugin,
"debug_key_management_plugin",
"Sergei Golubchik",
"Debug key management plugin",
PLUGIN_LICENSE_GPL,
NULL,
NULL,
0x0100,
NULL,
sysvars,
"1.0",
MariaDB_PLUGIN_MATURITY_EXPERIMENTAL
}
maria_declare_plugin_end;
29 changes: 0 additions & 29 deletions sql/encryption_keys.cc
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,14 @@
#include <my_global.h>
#include <mysql/plugin_encryption_key_management.h>
#include "encryption_keys.h"
#include "log.h"
#include "sql_plugin.h"

#ifndef DBUG_OFF
my_bool debug_use_static_encryption_keys = 0;
uint opt_debug_encryption_key_version = 0;
#endif

/* there can be only one encryption key management plugin enabled */
static plugin_ref encryption_key_manager= 0;
static struct st_mariadb_encryption_key_management *handle;

unsigned int get_latest_encryption_key_version()
{
#ifndef DBUG_OFF
if (debug_use_static_encryption_keys)
{
//mysql_mutex_lock(&LOCK_global_system_variables);
uint res = opt_debug_encryption_key_version;
//mysql_mutex_unlock(&LOCK_global_system_variables);
return res;
}
#endif

if (encryption_key_manager)
return handle->get_latest_key_version();

Expand All @@ -49,19 +33,6 @@ unsigned int get_encryption_key_size(uint version)

int get_encryption_key(uint version, uchar* key, uint size)
{
#ifndef DBUG_OFF
if (debug_use_static_encryption_keys)
{
memset(key, 0, size);
// Just don't support tiny keys, no point anyway.
if (size < 4)
return 1;

mi_int4store(key, version);
return 0;
}
#endif

if (encryption_key_manager)
return handle->get_key(version, key, size);

Expand Down
11 changes: 0 additions & 11 deletions sql/encryption_keys.h
View file

This file was deleted.

17 changes: 0 additions & 17 deletions sql/sys_vars.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@
#include "sql_repl.h"
#include "opt_range.h"
#include "rpl_parallel.h"
#include "encryption_keys.h"

/*
The rule for this file: everything should be 'static'. When a sys_var
Expand Down Expand Up @@ -1126,22 +1125,6 @@ static Sys_var_mybool Sys_log_bin(
READ_ONLY GLOBAL_VAR(opt_bin_log), NO_CMD_LINE, DEFAULT(FALSE));


#ifndef DBUG_OFF
static Sys_var_mybool Sys_debug_use_static_keys(
"debug_use_static_encryption_keys",
"Enable use of nonrandom encryption keys. Only to be used in "
"internal testing",
READ_ONLY GLOBAL_VAR(debug_use_static_encryption_keys),
CMD_LINE(OPT_ARG), DEFAULT(FALSE));

static Sys_var_uint Sys_debug_encryption_key_version(
"debug_encryption_key_version",
"Encryption key version. Only to be used in internal testing.",
GLOBAL_VAR(opt_debug_encryption_key_version),
CMD_LINE(REQUIRED_ARG), VALID_RANGE(0,UINT_MAX), DEFAULT(0),
BLOCK_SIZE(1));
#endif

static Sys_var_mybool Sys_trust_function_creators(
"log_bin_trust_function_creators",
"If set to FALSE (the default), then when --log-bin is used, creation "
Expand Down

0 comments on commit c238e68

Please sign in to comment.