23#ifndef RPL_LOG_ENCRYPTION_INCLUDED
24#define RPL_LOG_ENCRYPTION_INCLUDED
26#include <openssl/evp.h>
209 static std::pair<Keyring_status, Key_string>
get_key(
210 const std::string &key_id,
const std::string &
key_type);
223 static std::pair<Keyring_status, Key_string>
get_key(
224 const std::string &key_id,
const std::string &
key_type,
size_t key_size);
274 uint32_t new_master_key_seqno = 0);
330 const std::string &key_id,
const std::string &
key_type);
384 std::pair<Rpl_encryption::Keyring_status, uint32_t>
427 std::pair<Rpl_encryption::Keyring_status, uint32_t>
435 std::pair<Rpl_encryption::Keyring_status, uint32_t>
443 std::pair<Rpl_encryption::Keyring_status, uint32_t>
584 static std::unique_ptr<Rpl_encryption_header>
get_header(
The abstract class for basic byte input streams which provides read operations.
Definition: basic_istream.h:32
The abstract class for basic output streams which provides write operation.
Definition: basic_ostream.h:34
The Rpl_encryption class is the container for the binlog encryption feature generic and server instan...
Definition: rpl_log_encryption.h:96
Rpl_encryption_key m_master_key
Definition: rpl_log_encryption.h:310
static const char * SEQNO_KEY_TYPE
Definition: rpl_log_encryption.h:278
Rpl_encryption & operator=(const Rpl_encryption &)=delete
static std::tuple< Keyring_status, void *, size_t > fetch_key_from_keyring(const std::string &key_id, const std::string &key_type)
Fetch a key from keyring.
Definition: rpl_log_encryption.cc:467
bool remove_old_master_key_seqno_from_keyring()
Remove the "old" master key sequence number key from the keyring.
Definition: rpl_log_encryption.cc:904
uint32_t m_master_key_seqno
Definition: rpl_log_encryption.h:308
Rpl_encryption(Rpl_encryption &&)=delete
bool enable(THD *thd)
Enable binlog encryption option.
Definition: rpl_log_encryption.cc:404
std::string get_master_key_seqno_key_id()
Returns the key ID of the keyring key that stores the master key sequence number.
Definition: rpl_log_encryption.cc:815
bool remove_new_master_key_seqno_from_keyring()
Remove the "new" master key sequence number key from the keyring.
Definition: rpl_log_encryption.cc:892
void disable(THD *thd)
Disable binlog encryption option.
Definition: rpl_log_encryption.cc:436
bool purge_unused_keys()
Purge unused master keys from Keyring.
Definition: rpl_log_encryption.cc:505
bool m_initialized
Definition: rpl_log_encryption.h:297
std::pair< Rpl_encryption::Keyring_status, uint32_t > get_last_purged_master_key_seqno_from_keyring()
Get the "last_purged" master key sequence number from keyring.
Definition: rpl_log_encryption.cc:868
static void report_keyring_error(Keyring_status error)
A wrapper function to throw a binlog encryption keyring error.
Definition: rpl_log_encryption.cc:48
bool recover_master_key()
Recover the replication encryption master key from keyring.
Definition: rpl_log_encryption.cc:192
std::string get_new_master_key_seqno_key_id()
Returns the key ID of the keyring key that stores the "new" master key sequence number.
Definition: rpl_log_encryption.cc:838
Rpl_encryption & operator=(Rpl_encryption &&)=delete
std::pair< Rpl_encryption::Keyring_status, uint32_t > get_master_key_seqno_from_keyring()
Get the master key sequence number from keyring.
Definition: rpl_log_encryption.cc:820
Keyring_status
Definition: rpl_log_encryption.h:109
@ KEYRING_ERROR_GENERATING
std::pair< Rpl_encryption::Keyring_status, uint32_t > get_seqno_from_keyring(std::string key_id)
Get a sequence number from the keyring.
Definition: rpl_log_encryption.cc:740
bool set_last_purged_master_key_seqno_on_keyring(uint32 seqno)
Set the "last_purged" master key sequence number into a key and store it into keyring.
Definition: rpl_log_encryption.cc:880
Key_rotation_step
Replication encryption master key rotation process is recoverable.
Definition: rpl_log_encryption.h:144
@ GENERATE_NEW_MASTER_KEY
@ REMOVE_KEY_ROTATION_TAG
@ PURGE_UNUSED_ENCRYPTION_KEYS
@ REMOVE_MASTER_KEY_INDEX
bool remove_key_from_keyring(std::string key_id)
Remove a key from the keyring.
Definition: rpl_log_encryption.cc:786
bool m_master_key_recovered
Definition: rpl_log_encryption.h:306
bool set_master_key_seqno_on_keyring(uint32 seqno)
Set the master key sequence number into a key and store it into keyring.
Definition: rpl_log_encryption.cc:826
bool m_rotate_at_startup
Definition: rpl_log_encryption.h:291
bool generate_master_key_on_keyring(uint32 seqno)
Generate a new replication master key on keyring and retrieve it.
Definition: rpl_log_encryption.cc:910
std::pair< Rpl_encryption::Keyring_status, uint32_t > get_new_master_key_seqno_from_keyring()
Get the "new" master key sequence number from keyring.
Definition: rpl_log_encryption.cc:854
bool remove_last_purged_master_key_seqno_from_keyring()
Remove the "last_purged" master key sequence number key from the keyring.
Definition: rpl_log_encryption.cc:898
bool rotate_master_key(Key_rotation_step step=Key_rotation_step::START, uint32_t new_master_key_seqno=0)
Rotate the master key.
Definition: rpl_log_encryption.cc:568
bool set_new_master_key_seqno_on_keyring(uint32 seqno)
Set the "new" master key sequence number into a key and store it into keyring.
Definition: rpl_log_encryption.cc:874
void rotate_logs(THD *thd)
Rotate replication logs excluding relay logs of group replication channels.
Definition: rpl_log_encryption.cc:731
static std::pair< Keyring_status, Key_string > get_key(const std::string &key_id, const std::string &key_type)
Get the key with given key ID.
Definition: rpl_log_encryption.cc:370
Rpl_encryption(const Rpl_encryption &)=delete
std::string get_last_purged_master_key_seqno_key_id()
Returns the key ID of the keyring key that stores the "last_purged" master key sequence number.
Definition: rpl_log_encryption.cc:843
bool is_enabled()
Return is the replication logs encryption feature is enabled.
Definition: rpl_log_encryption.cc:449
bool set_old_master_key_seqno_on_keyring(uint32 seqno)
Set the "old" master key sequence number into a key and store it into keyring.
Definition: rpl_log_encryption.cc:886
const bool & get_enabled_var()
Definition: rpl_log_encryption.cc:458
const bool & get_master_key_rotation_at_startup_var()
Definition: rpl_log_encryption.cc:460
bool initialize()
Initialize the rpl_encryption instance.
Definition: rpl_log_encryption.cc:105
bool remove_master_key_seqno_from_keyring()
Remove the master key sequence number key from the keyring.
Definition: rpl_log_encryption.cc:832
static const int SEQNO_KEY_LENGTH
Definition: rpl_log_encryption.h:280
bool remove_remaining_seqnos_from_keyring()
Remove remaining old/new master key index in order to cleanup any previous master key rotation.
Definition: rpl_log_encryption.cc:130
const Rpl_encryption_key get_master_key()
Return the current replication encryption master key.
Definition: rpl_log_encryption.cc:361
bool set_seqno_on_keyring(std::string key_id, uint32_t seqno)
Set a sequence number into a key and store it into keyring.
Definition: rpl_log_encryption.cc:752
bool m_enabled
Definition: rpl_log_encryption.h:285
std::pair< Rpl_encryption::Keyring_status, uint32_t > get_old_master_key_seqno_from_keyring()
Get the "old" master key sequence number from keyring.
Definition: rpl_log_encryption.cc:861
std::string get_old_master_key_seqno_key_id()
Returns the key ID of the keyring key that stores the "old" master key sequence number.
Definition: rpl_log_encryption.cc:848
bool m_skip_logs_rotation
Definition: rpl_log_encryption.h:315
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:33
Some integer typedefs for easier portability.
uint32_t uint32
Definition: my_inttypes.h:66
int key_type
Definition: http_request.h:49
Rpl_encryption rpl_encryption
Definition: rpl_log_encryption.cc:46
This file includes core components for encrypting/decrypting binary log files.
std::basic_string< unsigned char > Key_string
Definition: stream_cipher.h:37
Definition: sql_resultset.h:33
Definition: rpl_log_encryption.h:98
Key_string m_value
Definition: rpl_log_encryption.h:100
std::string m_id
Definition: rpl_log_encryption.h:99