PS-3822: InnoDB system tablespace encryption

Encryption will be done using Master Key encryption. The decision to make system
tablespace encrypted can be done only at bootstrap.

A new variable “innodb_sys_tablespace_encrypt” will be introduced to encrypt
system tablespace. Default is OFF. This variables has to be turned ON and
passed as bootstrap parameter to encrypt system tablespace

Variables introduced:
innodb_sys_tablespace_encrypt
innodb_parallel_dblwr_encrypt

A new option innodb_parallel_dblwr_encrypt is introduced to encrypt parallel
doublewrite file. Default is OFF and the option is dynamic.

When turned on, the pages in parallel doublewrite buffer are encrypted using
the respective tablespace key.

mysql-test/mysql-test-run.pl

@@ -2541,17 +2541,20 @@ ($)
       if ($plug_names) {
 	my $lib_name= basename($plugin);
 	my $load_var= "--plugin_load=";
+	my $early_load_var="--early-plugin_load=";
 	my $load_add_var= "--plugin_load_add=";
 	my $load_var_with_path = "--plugin_load=";
 	my $load_add_var_with_path = "--plugin_load_add=";
 	my $semi= '';
 	foreach my $plug_name (split (',', $plug_names)) {
 	  $load_var .= $semi . "$plug_name=$lib_name";
+	  $early_load_var .= $semi . "$plug_name=$lib_name";
 	  $load_add_var .= $semi . "$plug_name=$lib_name";
 	  $load_var_with_path .= $semi . "$plug_name=$plug_dir/$lib_name";
 	  $load_add_var_with_path .= $semi . "$plug_name=$plug_dir/$lib_name";
 	  $semi= ';';
 	}
+	$ENV{$plug_var.'_EARLY_LOAD'}=$early_load_var;
 	$ENV{$plug_var.'_LOAD'}= $load_var;
 	$ENV{$plug_var.'_LOAD_ADD'}= $load_add_var;
 	$ENV{$plug_var.'_LOAD_PATH'}= $load_var_with_path;

mysql-test/suite/innodb/include/corrupt_page.inc

@@ -0,0 +1,23 @@
+# Requires three parameters
+# 1. IBD_FILE :- the file to corrupt a page in it
+# 2. INNODB_PAGE_SIZE :- page_size of IBD
+# 3. PAGE_NUM :- the page to corrupt
+# 4. ALL_ZEROES :- write the entire page as all-zeros (optional parameter)
+#		  (innodb doesn't treat all-zero as corrupted page)
+perl;
+use IO::Handle;
+my $file = $ENV{'IBD_FILE'} or die;
+my $page_size = $ENV{'INNODB_PAGE_SIZE'} or die;
+my $page_num = $ENV{'PAGE_NUM'} or die;
+my $all_zeroes = $ENV{'ALL_ZEROES'};
+open(FILE, "+<", $file) or die;
+FILE->autoflush(1);
+binmode FILE;
+seek(FILE, $page_size * $page_num, SEEK_SET);
+if ($all_zeroes) {
+ print FILE chr(0) x $page_size;
+} else {
+ print FILE chr(0) x ($page_size/2);
+}
+close FILE;
+EOF

mysql-test/suite/innodb/include/doublewrite.inc

@@ -63,15 +63,10 @@ set global innodb_buf_flush_list_now = 1;
 
 --echo # Make the first page (page_no=0) of the user tablespace
 --echo # full of zeroes.
-perl;
-use IO::Handle;
-my $fname= "$ENV{'MYSQLD_DATADIR'}test/t1.ibd";
-open(FILE, "+<", $fname) or die;
-FILE->autoflush(1);
-binmode FILE;
-print FILE chr(0) x ($ENV{'INNODB_PAGE_SIZE'});
-close FILE;
-EOF
+--let IBD_FILE=$MYSQLD_DATADIR/test/t1.ibd
+--let PAGE_NUM="0"
+--let ALL_ZEROES=1
+--source corrupt_page.inc
 
 --source include/start_mysqld.inc
 
@@ -105,15 +100,9 @@ set global innodb_buf_flush_list_now = 1;
 --source include/no_checkpoint_end.inc
 
 --echo # Corrupt the first page (page_no=0) of the user tablespace.
-perl;
-use IO::Handle;
-my $fname= "$ENV{'MYSQLD_DATADIR'}test/t1.ibd";
-open(FILE, "+<", $fname) or die;
-FILE->autoflush(1);
-binmode FILE;
-print FILE chr(0) x ($ENV{'INNODB_PAGE_SIZE'}/2);
-close FILE;
-EOF
+--let IBD_FILE=$MYSQLD_DATADIR/test/t1.ibd
+--let PAGE_NUM="0"
+--source corrupt_page.inc
 
 --source include/start_mysqld.inc
 
@@ -147,16 +136,10 @@ set global innodb_buf_flush_list_now = 1;
 --source include/no_checkpoint_end.inc
 
 --echo # Make the 2nd page (page_no=1) of the tablespace all zeroes.
-perl;
-use IO::Handle;
-my $fname= "$ENV{'MYSQLD_DATADIR'}test/t1.ibd";
-open(FILE, "+<", $fname) or die;
-FILE->autoflush(1);
-binmode FILE;
-seek(FILE, $ENV{'INNODB_PAGE_SIZE'}, SEEK_SET);
-print FILE chr(0) x ($ENV{'INNODB_PAGE_SIZE'});
-close FILE;
-EOF
+--let IBD_FILE=$MYSQLD_DATADIR/test/t1.ibd
+--let PAGE_NUM=1
+--let ALL_ZEROES=1
+--source corrupt_page.inc
 
 --source include/start_mysqld.inc
 
@@ -190,16 +173,9 @@ set global innodb_buf_flush_list_now = 1;
 --source include/no_checkpoint_end.inc
 
 --echo # Corrupt the 2nd page (page_no=1) of the user tablespace.
-perl;
-use IO::Handle;
-my $fname= "$ENV{'MYSQLD_DATADIR'}test/t1.ibd";
-open(FILE, "+<", $fname) or die;
-FILE->autoflush(1);
-binmode FILE;
-seek(FILE, $ENV{'INNODB_PAGE_SIZE'}, SEEK_SET);
-print FILE chr(0) x ($ENV{'INNODB_PAGE_SIZE'}/2);
-close FILE;
-EOF
+--let IBD_FILE=$MYSQLD_DATADIR/test/t1.ibd
+--let PAGE_NUM=1
+--source corrupt_page.inc
 
 --source include/start_mysqld.inc
 
@@ -233,15 +209,10 @@ set global innodb_buf_flush_list_now = 1;
 
 --echo # Make the first page (page_no=0) of the system tablespace
 --echo # all zeroes.
-perl;
-use IO::Handle;
-my $fname= "$ENV{'MYSQLD_DATADIR'}ibdata1";
-open(FILE, "+<", $fname) or die;
-FILE->autoflush(1);
-binmode FILE;
-print FILE chr(0) x ($ENV{'INNODB_PAGE_SIZE'});
-close FILE;
-EOF
+--let IBD_FILE=$MYSQLD_DATADIR/ibdata1
+--let PAGE_NUM="0"
+--let ALL_ZEROES=1
+--source corrupt_page.inc
 
 --source include/start_mysqld.inc
 
@@ -269,15 +240,9 @@ set global innodb_buf_flush_list_now = 1;
 --source include/kill_mysqld.inc
 
 --echo # Corrupt the first page (page_no=0) of the system tablespace.
-perl;
-use IO::Handle;
-my $fname= "$ENV{'MYSQLD_DATADIR'}ibdata1";
-open(FILE, "+<", $fname) or die;
-FILE->autoflush(1);
-binmode FILE;
-print FILE chr(0) x ($ENV{'INNODB_PAGE_SIZE'}/2);
-close FILE;
-EOF
+--let IBD_FILE=$MYSQLD_DATADIR/ibdata1
+--let PAGE_NUM="0"
+--source corrupt_page.inc
 
 --source include/start_mysqld.inc
 
@@ -306,16 +271,10 @@ set global innodb_buf_flush_list_now = 1;
 
 --echo # Make the 2nd page (page_no=1) of the system tablespace
 --echo # all zeroes.
-perl;
-use IO::Handle;
-my $fname= "$ENV{'MYSQLD_DATADIR'}ibdata1";
-open(FILE, "+<", $fname) or die;
-FILE->autoflush(1);
-binmode FILE;
-seek(FILE, $ENV{'INNODB_PAGE_SIZE'}, SEEK_SET);
-print FILE chr(0) x ($ENV{'INNODB_PAGE_SIZE'});
-close FILE;
-EOF
+--let IBD_FILE=$MYSQLD_DATADIR/ibdata1
+--let PAGE_NUM=1
+--let ALL_ZEROES=1
+--source corrupt_page.inc
 
 --source include/start_mysqld.inc
 
@@ -344,16 +303,9 @@ set global innodb_buf_flush_list_now = 1;
 
 --echo # Make the 2nd page (page_no=1) of the system tablespace
 --echo # all zeroes.
-perl;
-use IO::Handle;
-my $fname= "$ENV{'MYSQLD_DATADIR'}ibdata1";
-open(FILE, "+<", $fname) or die;
-FILE->autoflush(1);
-binmode FILE;
-seek(FILE, $ENV{'INNODB_PAGE_SIZE'}, SEEK_SET);
-print FILE chr(0) x ($ENV{'INNODB_PAGE_SIZE'}/2);
-close FILE;
-EOF
+--let IBD_FILE=$MYSQLD_DATADIR/ibdata1
+--let PAGE_NUM=1
+--source corrupt_page.inc
 
 --source include/start_mysqld.inc
 

mysql-test/suite/innodb/r/percona_parallel_dblwr_encrypt.result

@@ -0,0 +1,53 @@
+CREATE TABLE t1(a TEXT) ENCRYPTION='Y';
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+CREATE TABLE t2(a TEXT) ENCRYPTION='Y';
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+CREATE TABLE t3(a TEXT) ENCRYPTION='Y';
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+# Kill the server
+# Writes to Parallel dblwr are not encrypted, so it should be "Pattern found"
+Pattern found.
+# restart
+DROP TABLE t1, t2, t3;
+CREATE TABLE t1(a TEXT) ENCRYPTION='Y';
+SET GLOBAL innodb_parallel_dblwr_encrypt=ON;
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t1 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+CREATE TABLE t2(a TEXT) ENCRYPTION='Y';
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t2 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+CREATE TABLE t3(a TEXT) ENCRYPTION='Y';
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+INSERT INTO t3 (a) VALUES ('Abracadabra is of unknown origin, and its first occurrence is');
+# Kill the server
+# Writes to Parallel dblwr are encrypted, so it should be "Pattern not found"
+Pattern not found.
+# restart
+DROP TABLE t1, t2, t3;