From 594a582dc43a2b34e1d579976a85b9234263d4c1 Mon Sep 17 00:00:00 2001 From: Andrew Pogrebnoy Date: Thu, 16 May 2024 18:39:59 +0300 Subject: [PATCH] Create and use global catalog key * Check and create an internal key for XLog during the server start. If the key is created (not the first start with the EncryptWAL), then upload it into the cache. We can't read the key from files while writing the XLog to the disk as it happens in the critical section and no palloc is allowed. * Create a custom cache for the global catalog external key as we can't use PG's hashmap during the (again, no pallocs in critical section). --- Makefile.in | 1 + meson.build | 1 + src/access/pg_tde_tdemap.c | 19 +- src/access/pg_tde_xlog.c | 133 +------------- src/catalog/tde_global_catalog.c | 225 +++++++++++++++++++++++ src/catalog/tde_master_key.c | 25 ++- src/include/access/pg_tde_tdemap.h | 10 - src/include/access/pg_tde_xlog.h | 14 +- src/include/catalog/tde_global_catalog.h | 37 ++++ src/include/catalog/tde_master_key.h | 6 +- src/keyring/.keyring_api.c.swp | Bin 12288 -> 0 bytes src/pg_tde.c | 14 +- 12 files changed, 321 insertions(+), 164 deletions(-) create mode 100644 src/catalog/tde_global_catalog.c create mode 100644 src/include/catalog/tde_global_catalog.h delete mode 100644 src/keyring/.keyring_api.c.swp diff --git a/Makefile.in b/Makefile.in index 8f530f2dc7f..7671467a504 100644 --- a/Makefile.in +++ b/Makefile.in @@ -40,6 +40,7 @@ src/keyring/keyring_curl.o \ src/keyring/keyring_file.o \ src/keyring/keyring_vault.o \ src/keyring/keyring_api.o \ +src/catalog/tde_global_catalog.o \ src/catalog/tde_keyring.o \ src/catalog/tde_master_key.o \ src/common/pg_tde_shmem.o \ diff --git a/meson.build b/meson.build index b9cb1e87184..01ba44b4fe5 100644 --- a/meson.build +++ b/meson.build @@ -40,6 +40,7 @@ pg_tde_sources = files( 'src/smgr/pg_tde_smgr.c', + 'src/catalog/tde_global_catalog.c', 'src/catalog/tde_keyring.c', 'src/catalog/tde_master_key.c', 'src/common/pg_tde_shmem.c', diff --git a/src/access/pg_tde_tdemap.c b/src/access/pg_tde_tdemap.c index 8c4e345f7b7..13ac03d7d50 100644 --- a/src/access/pg_tde_tdemap.c +++ b/src/access/pg_tde_tdemap.c @@ -292,14 +292,21 @@ tde_decrypt_rel_key(TDEMasterKey *master_key, RelKeyData *enc_rel_key_data, cons inline void pg_tde_set_db_file_paths(const RelFileLocator *rlocator, char *map_path, char *keydata_path) { + char *db_path; + + /* We use dbOid for the global space for key caches but for the backend + * it should be 0. + */ + if (rlocator->spcOid == GLOBALTABLESPACE_OID) + db_path = GetDatabasePath(0, rlocator->spcOid); + else + db_path = GetDatabasePath(rlocator->dbOid, rlocator->spcOid); + + if (map_path) - join_path_components(map_path, - GetDatabasePath(rlocator->dbOid, rlocator->spcOid), - PG_TDE_MAP_FILENAME); + join_path_components(map_path, db_path, PG_TDE_MAP_FILENAME); if (keydata_path) - join_path_components(keydata_path, - GetDatabasePath(rlocator->dbOid, rlocator->spcOid), - PG_TDE_KEYDATA_FILENAME); + join_path_components(keydata_path, db_path, PG_TDE_KEYDATA_FILENAME); } /* diff --git a/src/access/pg_tde_xlog.c b/src/access/pg_tde_xlog.c index bdbbb553c7f..c3c661b6be1 100644 --- a/src/access/pg_tde_xlog.c +++ b/src/access/pg_tde_xlog.c @@ -24,17 +24,14 @@ #include "access/pg_tde_tdemap.h" #include "access/pg_tde_xlog.h" -#include "catalog/tde_keyring.h" -#include "catalog/tde_master_key.h" +#include "catalog/tde_global_catalog.h" #include "encryption/enc_tde.h" static char *TDEXLogEncryptBuf = NULL; -bool EncryptXLog = false; /* GUC */ -static char *KRingProviderType = NULL; -static char *KRingProviderFilePath = NULL; +static bool EncryptXLog = false; static XLogPageHeaderData EncryptCurrentPageHrd; static XLogPageHeaderData DecryptCurrentPageHrd; @@ -52,15 +49,13 @@ typedef enum } GlobalCatalogKeyTypes; /* TODO: move TDEXLogEncryptBuf here*/ -typedef struct XLogEncryptionState +typedef struct EncryptionStateData { GenericKeyring *keyring; /* TODO: locking */ TDEMasterKey master_keys[TDE_GCAT_KEYS_COUNT]; -} XLogEncryptionState; - -static XLogEncryptionState *EncryptionState = NULL; +} EncryptionStateData; /* * TDE fork XLog @@ -153,52 +148,8 @@ pg_tde_rmgr_identify(uint8 info) * XLog Storage Manager */ -static GenericKeyring *xlog_keyring; - -static void -pg_tde_init_xlog_kring(void) -{ - EncryptionState->keyring->type = get_keyring_provider_from_typename(KRingProviderType); - switch (EncryptionState->keyring->type) - { - case FILE_KEY_PROVIDER: - FileKeyring *kring = (FileKeyring *) EncryptionState->keyring; - strncpy(kring->file_name, KRingProviderFilePath, sizeof(kring->file_name)); - break; - } -} - -static void -pg_tde_create_xlog_key(void) -{ - InternalKey int_key; - RelKeyData *rel_key_data; - RelKeyData *enc_rel_key_data; - RelFileLocator *rlocator = &GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID); - TDEMasterKey *master_key; - - master_key = set_master_key_with_keyring("xlog-master-key", xlog_keyring, - rlocator->dbOid, rlocator->spcOid, false); - - memset(&int_key, 0, sizeof(InternalKey)); - - if (!RAND_bytes(int_key.key, INTERNAL_KEY_LEN)) - { - ereport(FATAL, - (errcode(ERRCODE_INTERNAL_ERROR), - errmsg("could not generate internal key for \"WAL\": %s", - ERR_error_string(ERR_get_error(), NULL)))); - } - - rel_key_data = tde_create_rel_key(rlocator->relNumber, &int_key, &master_key->keyInfo); - enc_rel_key_data = tde_encrypt_rel_key(master_key, rel_key_data, rlocator); - - pg_tde_write_key_map_entry(rlocator, enc_rel_key_data, &master_key->keyInfo); - memcpy(EncryptionState->master_keys + TDE_GCAT_KEY_XLOG, master_key, sizeof(TDEMasterKey)); -} - void -xlogInitGUC(void) +XLogInitGUC(void) { DefineCustomBoolVariable("pg_tde.wal_encrypt", /* name */ "Enable/Disable encryption of WAL.", /* short_desc */ @@ -211,28 +162,6 @@ xlogInitGUC(void) NULL, /* assign_hook */ NULL /* show_hook */ ); - DefineCustomStringVariable("pg_tde.wal_keyring_type", - "Keyring type for XLog", - NULL, - &KRingProviderType, - NULL, - PGC_POSTMASTER, - 0, /* no flags required */ - NULL, - NULL, - NULL - ); - DefineCustomStringVariable("pg_tde.wal_keyring_file_path", - "Keyring file options for XLog", - NULL, - &KRingProviderFilePath, - NULL, - PGC_POSTMASTER, - 0, /* no flags required */ - NULL, - NULL, - NULL - ); } static int @@ -252,7 +181,7 @@ XLOGChooseNumBuffers(void) * Defines the size of the XLog encryption buffer */ Size -TDEXLogEncryptBuffSize() +TDEXLogEncryptBuffSize(void) { int xbuffers; @@ -260,17 +189,6 @@ TDEXLogEncryptBuffSize() return (Size) XLOG_BLCKSZ * xbuffers; } -Size -XLogEncStateSize() -{ - Size size; - - size = sizeof(XLogEncryptionState); - size = add_size(size, sizeof(KeyringProviders)); - - return MAXALIGN(size); -} - /* * Alloc memory for the encryption buffer. * @@ -285,7 +203,6 @@ void TDEXLogShmemInit(void) { bool foundBuf; - char *allocptr; if (EncryptXLog) { @@ -297,29 +214,14 @@ TDEXLogShmemInit(void) elog(DEBUG1, "pg_tde: initialized encryption buffer %lu bytes", XLOG_TDE_ENC_BUFF_ALIGNED_SIZE); } - - EncryptionState = (XLogEncryptionState *) - ShmemInitStruct("TDE XLog Encryption State", - XLogEncStateSize(), &foundBuf); - - allocptr = ((char *) EncryptionState) + MAXALIGN(sizeof(XLogEncryptionState)); - EncryptionState->keyring = allocptr; } void -TDEInitXLogSmgr(void) +TDEXLogSmgrInit(void) { SetXLogSmgr(&tde_xlog_smgr); - pg_tde_init_xlog_kring(); - pg_tde_create_xlog_key(); } -/* - * TODO: proper key management - * where to store refs to the master and internal keys? - */ -static InternalKey XLogInternalKey = {.key = {0xD,}}; - ssize_t pg_tde_xlog_seg_write(int fd, const void *buf, size_t count, off_t offset) { @@ -339,16 +241,11 @@ TDEXLogWriteEncryptedPages(int fd, const void *buf, size_t count, off_t offset) size_t data_size = 0; XLogPageHeader curr_page_hdr = &EncryptCurrentPageHrd; XLogPageHeader enc_buf_page; - // RelKeyData key = {.internal_key = XLogInternalKey}; - RelKeyData *key = NULL; + RelKeyData *key = GetGlCatInternalKey(XLOG_TDE_OID); off_t enc_off; size_t page_size = XLOG_BLCKSZ - offset % XLOG_BLCKSZ; uint32 iv_ctr = 0; - pg_tde_init_xlog_kring(); - key = GetInternalKey(GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID), xlog_keyring); - - #ifdef TDE_XLOG_DEBUG elog(DEBUG1, "write encrypted WAL, pages amount: %d, size: %lu offset: %ld", count / (Size) XLOG_BLCKSZ, count, offset); #endif @@ -431,8 +328,7 @@ pg_tde_xlog_seg_read(int fd, void *buf, size_t count, off_t offset) char iv_prefix[16] = {0,}; size_t data_size = 0; XLogPageHeader curr_page_hdr = &DecryptCurrentPageHrd; - // RelKeyData key = {.internal_key = XLogInternalKey}; - RelKeyData *key = NULL; + RelKeyData *key = GetGlCatInternalKey(XLOG_TDE_OID); size_t page_size = XLOG_BLCKSZ - offset % XLOG_BLCKSZ; off_t dec_off; uint32 iv_ctr = 0; @@ -441,17 +337,6 @@ pg_tde_xlog_seg_read(int fd, void *buf, size_t count, off_t offset) elog(DEBUG1, "read from a WAL segment, pages amount: %d, size: %lu offset: %ld", count / (Size) XLOG_BLCKSZ, count, offset); #endif - pg_tde_init_xlog_kring(); - { - char db_map_path[MAXPGPATH] = {0}; - - pg_tde_set_db_file_paths(&GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID), - db_map_path, NULL); - if (access(db_map_path, F_OK) == -1) - pg_tde_create_xlog_key(); - } - key = GetInternalKey(GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID), xlog_keyring); - readsz = pg_pread(fd, buf, count, offset); /* diff --git a/src/catalog/tde_global_catalog.c b/src/catalog/tde_global_catalog.c new file mode 100644 index 00000000000..a6c694181fc --- /dev/null +++ b/src/catalog/tde_global_catalog.c @@ -0,0 +1,225 @@ +/*------------------------------------------------------------------------- + * + * tde_global_catalog.c + * Global catalog key management + * + * + * IDENTIFICATION + * src/catalog/tde_global_catalog.c + * + *------------------------------------------------------------------------- + */ + +#include "postgres.h" + +#include "storage/shmem.h" +#include "utils/guc.h" + +#include "access/pg_tde_tdemap.h" +#include "catalog/tde_global_catalog.h" +#include "catalog/tde_keyring.h" +#include "catalog/tde_master_key.h" + +#include +#include +#include + +typedef enum +{ + TDE_GCAT_KEY_XLOG, + + /* must be last */ + TDE_GCAT_KEYS_COUNT +} GlobalCatalogKeyTypes; + +typedef struct EncryptionStateData +{ + GenericKeyring *keyring; + TDEMasterKey master_keys[TDE_GCAT_KEYS_COUNT]; +} EncryptionStateData; + +static EncryptionStateData *EncryptionState = NULL; + +/* GUC */ +static char *KRingProviderType = NULL; +static char *KRingProviderFilePath = NULL; + +static void init_gl_catalog_keys(void); +static void init_keyring(void); +static TDEMasterKey *create_master_key(const char *key_name, + GenericKeyring *keyring, Oid dbOid, Oid spcOid, + bool ensure_new_key); + +void +TDEGlCatInitGUC(void) +{ + DefineCustomStringVariable("pg_tde.global_keyring_type", + "Keyring type for global catalog", + NULL, + &KRingProviderType, + NULL, + PGC_POSTMASTER, + 0, /* no flags required */ + NULL, + NULL, + NULL + ); + DefineCustomStringVariable("pg_tde.global_keyring_file_path", + "Keyring file options for global catalog", + NULL, + &KRingProviderFilePath, + NULL, + PGC_POSTMASTER, + 0, /* no flags required */ + NULL, + NULL, + NULL + ); +} + + +Size +TDEGlCatEncStateSize(void) +{ + Size size; + + size = sizeof(EncryptionStateData); + size = add_size(size, sizeof(KeyringProviders)); + + return MAXALIGN(size); +} + +void +TDEGlCatShmemInit(void) +{ + bool foundBuf; + char *allocptr; + + EncryptionState = (EncryptionStateData *) + ShmemInitStruct("TDE XLog Encryption State", + TDEGlCatEncStateSize(), &foundBuf); + + allocptr = ((char *) EncryptionState) + MAXALIGN(sizeof(EncryptionStateData)); + EncryptionState->keyring = (GenericKeyring *) allocptr; + memset(EncryptionState->keyring, 0, sizeof(KeyringProviders)); + memset(EncryptionState->master_keys, 0, sizeof(TDEMasterKey) * TDE_GCAT_KEYS_COUNT); +} + +void +TDEGlCatKeyInit(void) +{ + char db_map_path[MAXPGPATH] = {0}; + + init_keyring(); + + pg_tde_set_db_file_paths(&GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID), + db_map_path, NULL); + if (access(db_map_path, F_OK) == -1) + { + init_gl_catalog_keys(); + } +} + +TDEMasterKey * +TDEGetGlCatKeyFromCache(void) +{ + TDEMasterKey *mkey; + + mkey = &EncryptionState->master_keys[TDE_GCAT_KEY_XLOG]; + if (mkey->keyLength == 0) + return NULL; + + return mkey; +} + +void +TDEPutGlCatKeyInCache(TDEMasterKey *mkey) +{ + memcpy(EncryptionState->master_keys + TDE_GCAT_KEY_XLOG, mkey, sizeof(TDEMasterKey)); +} + +RelKeyData * +GetGlCatInternalKey(Oid obj_id) +{ + return GetInternalKey(GLOBAL_SPACE_RLOCATOR(obj_id), EncryptionState->keyring); +} + +static void +init_keyring(void) +{ + EncryptionState->keyring->type = get_keyring_provider_from_typename(KRingProviderType); + switch (EncryptionState->keyring->type) + { + case FILE_KEY_PROVIDER: + FileKeyring *kring = (FileKeyring *) EncryptionState->keyring; + strncpy(kring->file_name, KRingProviderFilePath, sizeof(kring->file_name)); + break; + } +} + +/* + * Keys are created during the cluster start only, so no locks needed here. + */ +static void +init_gl_catalog_keys(void) +{ + InternalKey int_key; + RelKeyData *rel_key_data; + RelKeyData *enc_rel_key_data; + RelFileLocator *rlocator; + TDEMasterKey *mkey; + + mkey = create_master_key("global-catalog-master-key", + EncryptionState->keyring, + GLOBAL_DATA_TDE_OID, GLOBALTABLESPACE_OID, false); + + memset(&int_key, 0, sizeof(InternalKey)); + + /* Create and store an internal key for XLog */ + if (!RAND_bytes(int_key.key, INTERNAL_KEY_LEN)) + { + ereport(FATAL, + (errcode(ERRCODE_INTERNAL_ERROR), + errmsg("could not generate internal key for \"WAL\": %s", + ERR_error_string(ERR_get_error(), NULL)))); + } + + rlocator = &GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID); + rel_key_data = tde_create_rel_key(rlocator->relNumber, &int_key, &mkey->keyInfo); + enc_rel_key_data = tde_encrypt_rel_key(mkey, rel_key_data, rlocator); + pg_tde_write_key_map_entry(rlocator, enc_rel_key_data, &mkey->keyInfo); + + TDEPutGlCatKeyInCache(mkey); +} + +static TDEMasterKey * +create_master_key(const char *key_name, GenericKeyring *keyring, + Oid dbOid, Oid spcOid, bool ensure_new_key) +{ + TDEMasterKey *masterKey; + keyInfo *keyInfo = NULL; + + masterKey = palloc(sizeof(TDEMasterKey)); + masterKey->keyInfo.databaseId = dbOid; + masterKey->keyInfo.tablespaceId = spcOid; + masterKey->keyInfo.keyId.version = DEFAULT_MASTER_KEY_VERSION; + masterKey->keyInfo.keyringId = keyring->key_id; + strncpy(masterKey->keyInfo.keyId.name, key_name, TDE_KEY_NAME_LEN); + gettimeofday(&masterKey->keyInfo.creationTime, NULL); + + keyInfo = load_latest_versioned_key_name(&masterKey->keyInfo, keyring, ensure_new_key); + + if (keyInfo == NULL) + keyInfo = KeyringGenerateNewKeyAndStore(keyring, masterKey->keyInfo.keyId.versioned_name, INTERNAL_KEY_LEN, false); + + if (keyInfo == NULL) + { + ereport(ERROR, + (errmsg("failed to retrieve master key"))); + } + + masterKey->keyLength = keyInfo->data.len; + memcpy(masterKey->keyData, keyInfo->data.data, keyInfo->data.len); + + return masterKey; +} \ No newline at end of file diff --git a/src/catalog/tde_master_key.c b/src/catalog/tde_master_key.c index e1b5d913b20..2b97ee0500f 100644 --- a/src/catalog/tde_master_key.c +++ b/src/catalog/tde_master_key.c @@ -29,8 +29,7 @@ #include #include "access/pg_tde_tdemap.h" - -#define DEFAULT_MASTER_KEY_VERSION 1 +#include "catalog/tde_global_catalog.h" typedef struct TdeMasterKeySharedState { @@ -67,7 +66,6 @@ static Size required_shared_mem_size(void); static int required_locks_count(void); static void shared_memory_shutdown(int code, Datum arg); static void master_key_startup_cleanup(int tde_tbl_count, void *arg); -static keyInfo *load_latest_versioned_key_name(TDEMasterKeyInfo *mastere_key_info, GenericKeyring *keyring, bool ensure_new_key); static void clear_master_key_cache(Oid databaseId, Oid tablespaceId) ; static inline dshash_table *get_master_key_Hash(void); static TDEMasterKey *get_master_key_from_cache(Oid dbOid); @@ -250,7 +248,11 @@ GetMasterKey(Oid dbOid, Oid spcOid, GenericKeyring *keyring) LWLockAcquire(lock_files, LW_SHARED); LWLockAcquire(lock_cache, LW_EXCLUSIVE); - masterKey = get_master_key_from_cache(dbOid); + /* Global catalog has its own cache */ + if (spcOid == GLOBALTABLESPACE_OID) + masterKey = TDEGetGlCatKeyFromCache(); + else + masterKey = get_master_key_from_cache(dbOid); if (masterKey) { @@ -299,7 +301,10 @@ GetMasterKey(Oid dbOid, Oid spcOid, GenericKeyring *keyring) masterKey->keyLength = keyInfo->data.len; Assert(MyDatabaseId == masterKey->keyInfo.databaseId); - push_master_key_to_cache(masterKey); + if (spcOid == GLOBALTABLESPACE_OID) + TDEPutGlCatKeyInCache(masterKey); + else + push_master_key_to_cache(masterKey); /* Release the exclusive locks here */ LWLockRelease(lock_cache); @@ -376,10 +381,10 @@ set_master_key_with_keyring(const char *key_name, GenericKeyring *keyring, save_master_key_info(&masterKey->keyInfo); /* XLog the new key*/ - // XLogBeginInsert(); - // XLogRegisterData((char *) &masterKey->keyInfo, sizeof(TDEMasterKeyInfo)); - // XLogInsert(RM_TDERMGR_ID, XLOG_TDE_ADD_MASTER_KEY); - + XLogBeginInsert(); + XLogRegisterData((char *) &masterKey->keyInfo, sizeof(TDEMasterKeyInfo)); + XLogInsert(RM_TDERMGR_ID, XLOG_TDE_ADD_MASTER_KEY); + push_master_key_to_cache(masterKey); } @@ -481,7 +486,7 @@ xl_tde_perform_rotate_key(XLogMasterKeyRotate *xlrec) * If ensure_new_key is true, then we will keep on incrementing the version number * till we get a key name that is not present in the keyring */ -static keyInfo * +keyInfo * load_latest_versioned_key_name(TDEMasterKeyInfo *mastere_key_info, GenericKeyring *keyring, bool ensure_new_key) { KeyringReturnCodes kr_ret; diff --git a/src/include/access/pg_tde_tdemap.h b/src/include/access/pg_tde_tdemap.h index 4b72bf5efb1..471deb64194 100644 --- a/src/include/access/pg_tde_tdemap.h +++ b/src/include/access/pg_tde_tdemap.h @@ -15,16 +15,6 @@ #include "storage/fd.h" #include "storage/relfilelocator.h" -/* - * Neeed for glogbal data (WAL etc) keys identification in caches and storage. - * We take IDs the oid type operators, so there is no overlap with the "real" - * catalog object possible. - */ -#define GLOBAL_DATA_TDE_OID 607 /* Global objects fake "db" */ -#define XLOG_TDE_OID 608 - -#define GLOBAL_SPACE_RLOCATOR(_obj_oid) (RelFileLocator) {GLOBALTABLESPACE_OID, 0, _obj_oid} - typedef struct InternalKey { uint8 key[INTERNAL_KEY_LEN]; diff --git a/src/include/access/pg_tde_xlog.h b/src/include/access/pg_tde_xlog.h index c380b8b207f..740eda8de3d 100644 --- a/src/include/access/pg_tde_xlog.h +++ b/src/include/access/pg_tde_xlog.h @@ -37,15 +37,15 @@ static const RmgrData pg_tde_rmgr = { .rm_identify = pg_tde_rmgr_identify }; +<<<<<<< HEAD #ifdef PERCONA_FORK /* XLog encryption staff */ +======= +/* XLog encryption stuff */ +>>>>>>> e9805ad (Create and use global catalog key) -/* GUC */ -extern bool EncryptXLog; - -extern Size TDEXLogEncryptBuffSize(); -extern Size XLogEncStateSize(); +extern Size TDEXLogEncryptBuffSize(void); #define XLOG_TDE_ENC_BUFF_ALIGNED_SIZE add_size(TDEXLogEncryptBuffSize(), PG_IO_ALIGN_SIZE) @@ -59,9 +59,9 @@ static const XLogSmgr tde_xlog_smgr = { .seg_write = pg_tde_xlog_seg_write, }; -extern void TDEInitXLogSmgr(void); +extern void TDEXLogSmgrInit(void); -extern void xlogInitGUC(void); +extern void XLogInitGUC(void); #endif diff --git a/src/include/catalog/tde_global_catalog.h b/src/include/catalog/tde_global_catalog.h new file mode 100644 index 00000000000..1e32e40875a --- /dev/null +++ b/src/include/catalog/tde_global_catalog.h @@ -0,0 +1,37 @@ +/*------------------------------------------------------------------------- + * + * tde_global_catalog.h + * Global catalog key management + * + * src/include/catalog/tde_global_catalog.h + * + *------------------------------------------------------------------------- + */ + +#ifndef TDE_GLOBAL_CATALOG_H +#define TDE_GLOBAL_CATALOG_H + +#include "postgres.h" + +#include "catalog/tde_master_key.h" + +/* + * Needed for glogbal data (WAL etc) keys identification in caches and storage. + * We take IDs the oid type operators, so there is no overlap with the "real" + * catalog object possible. + */ +#define GLOBAL_DATA_TDE_OID 607 /* Global objects fake "db" */ +#define XLOG_TDE_OID 608 + +#define GLOBAL_SPACE_RLOCATOR(_obj_oid) (RelFileLocator) {GLOBALTABLESPACE_OID, 0, _obj_oid} + +extern void TDEGlCatInitGUC(void); +extern Size TDEGlCatEncStateSize(void); +extern void TDEGlCatShmemInit(void); +extern void TDEGlCatKeyInit(void); + +extern TDEMasterKey *TDEGetGlCatKeyFromCache(void); +extern void TDEPutGlCatKeyInCache(TDEMasterKey *mkey); +extern RelKeyData *GetGlCatInternalKey(Oid obj_id); + +#endif /*TDE_GLOBAL_CATALOG_H*/ diff --git a/src/include/catalog/tde_master_key.h b/src/include/catalog/tde_master_key.h index a6f82123ead..2f70c9c9b9f 100644 --- a/src/include/catalog/tde_master_key.h +++ b/src/include/catalog/tde_master_key.h @@ -17,6 +17,7 @@ #include "nodes/pg_list.h" #include "storage/lwlock.h" +#define DEFAULT_MASTER_KEY_VERSION 1 #define MASTER_KEY_NAME_LEN TDE_KEY_NAME_LEN #define MAX_MASTER_KEY_VERSION_NUM 100000 @@ -76,5 +77,8 @@ extern TDEMasterKey *set_master_key_with_keyring(const char *key_name, GenericKeyring *keyring, Oid dbOid, Oid spcOid, bool ensure_new_key); - +extern keyInfo *load_latest_versioned_key_name(TDEMasterKeyInfo *mastere_key_info, + GenericKeyring *keyring, + bool ensure_new_key); + #endif /*PG_TDE_MASTER_KEY_H*/ diff --git a/src/keyring/.keyring_api.c.swp b/src/keyring/.keyring_api.c.swp deleted file mode 100644 index e730fc72a57d6acba563fe1e2dd8fd54b82c05d1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeI2O>7%Q6vro}e3(+&Qd9|n&@`yXHg?>mEg)K_vSL$(q)z3eEeKI}vpcp|+3c=% z$4%3!fW(Clfy50|;DQi`3JFeJ5EUvQ4u}Js5K#4q5aj@O%KwdbFHiDbL zwatuu1-=9ygV(`p;2BT>C9oG1Kn~mw?gQW4!PwW}Bk&G*8@vFX1P_5M*aS9!>zf$+ z4O|2lz#G5-MX(k8c{^j5zyc$ElnH zEQRa1p?Yj)1}!PS5eSh+cLrDISjukj^mOMa&z$rEf#1|iM|*NKOODG{;4Rlh5O_g` z?=14^%2Tze>f!q2Y`IdOJ2p94nVZWDTq~7I>G7s;MPNullaFRH zWJXE^!uJB1PAtU_@k*^WTjP)M6Qx=e3+7hs#htuZVjXq7<-7&!5CcohU0i zGTjF(^u0@X4V}oLkqeT;{uWtOI8IO5Z_t>Dk z#`@$>O%&k|uzf)9#BQ^+-Oh;~w<4CJ626*QWY@+J|OxT0mdBjEP`AY6xqgx-I* zJoOi&TwEy=LE{N6hwLgDv<2dDL@as1$|Mem;ymcwvMtTlyqESIi_VOqiDK2wc$nKw z&mwmWAJxf94<3Ns;j0pXtWg`NsP+*iTpcWUQ?KoW~l1a zwHIRtyEO0lJso{X*f5-s^jJ?7Fq}Xb)=FPAYEcnP+#4170l|!%$?-UM=Bb=2 zmlIFVs0>hHAmaBOWe>gJs5czS9J-N8W@m!b8v7}w5_X}EW}Jo{gfi`z6m`tiz{A5Z zTO2J^nBsz-ybH0KL7krzj>EH#NuIB*!~+}(r6FyT_GH`%0~j0Fyq*aUFfxNS^dKwY zYjq0mgY10IitsXCeN}6;4UY}EM|xVK!SMpqHf7IzILm6grqi|rKN!7`6avGw##$4J z9z(q&P+PZg6whrZEG&s7^<%6xn&@-s0fS@ebq6l?cG2_QXo^DE!mYhshG~j0ESzz? xW^YG)yq#JTt1Nb&X{!g^QP~=H->v;)P8)5f&!YYz4ZH~VuHQd`PSTSpe*ybIVLbo< diff --git a/src/pg_tde.c b/src/pg_tde.c index 563b60ac523..bac49ea6fcd 100644 --- a/src/pg_tde.c +++ b/src/pg_tde.c @@ -32,6 +32,7 @@ #include "utils/builtins.h" #include "pg_tde_defs.h" #include "smgr/pg_tde_smgr.h" +#include "catalog/tde_global_catalog.h" #define MAX_ON_INSTALLS 5 @@ -80,10 +81,12 @@ tde_shmem_startup(void) TdeShmemInit(); AesInit(); -#ifdef PERCONA_FORK + + TDEGlCatShmemInit(); + TDEGlCatKeyInit(); + TDEXLogShmemInit(); - TDEInitXLogSmgr(); -#endif + TDEXLogSmgrInit(); } void @@ -96,9 +99,8 @@ _PG_init(void) keyringRegisterVariables(); InitializeMasterKeyInfo(); -#ifdef PERCONA_FORK - xlogInitGUC(); -#endif + XLogInitGUC(); + TDEGlCatInitGUC(); prev_shmem_request_hook = shmem_request_hook; shmem_request_hook = tde_shmem_request;