diff --git a/contrib/pg_tde/src/access/pg_tde_tdemap.c b/contrib/pg_tde/src/access/pg_tde_tdemap.c index fa8d01d54ad..096d3a6fa2b 100644 --- a/contrib/pg_tde/src/access/pg_tde_tdemap.c +++ b/contrib/pg_tde/src/access/pg_tde_tdemap.c @@ -39,6 +39,7 @@ #endif #define PG_TDE_FILEMAGIC 0x03454454 /* version ID value = TDE 03 */ +#define PG_TDE_MAP_FILENAME "%d_keys" #define MAP_ENTRY_SIZE sizeof(TDEMapEntry) #define TDE_FILE_HEADER_SIZE sizeof(TDEFileHeader) @@ -49,6 +50,19 @@ typedef struct TDEFileHeader TDESignedPrincipalKeyInfo signed_key_info; } TDEFileHeader; +/* We do not need the dbOid since the entries are stored in a file per db */ +typedef struct TDEMapEntry +{ + Oid spcOid; + RelFileNumber relNumber; + uint32 type; + InternalKey enc_key; + /* IV and tag used when encrypting the key itself */ + unsigned char entry_iv[MAP_ENTRY_IV_SIZE]; + unsigned char aead_tag[MAP_ENTRY_AEAD_TAG_SIZE]; +} TDEMapEntry; + +static void pg_tde_set_db_file_path(Oid dbOid, char *path); static bool pg_tde_find_map_entry(const RelFileLocator *rlocator, TDEMapEntryType key_type, char *db_map_path, TDEMapEntry *map_entry); static InternalKey *tde_decrypt_rel_key(TDEPrincipalKey *principal_key, TDEMapEntry *map_entry); static int pg_tde_open_file_basic(const char *tde_filename, int fileFlags, bool ignore_missing); @@ -360,6 +374,15 @@ pg_tde_delete_principal_key(Oid dbOid) #endif /* !FRONTEND */ +static void +pg_tde_set_db_file_path(Oid dbOid, char *path) +{ + char *fname = psprintf(PG_TDE_MAP_FILENAME, dbOid); + + join_path_components(path, pg_tde_get_data_dir(), fname); + pfree(fname); +} + void pg_tde_sign_principal_key_info(TDESignedPrincipalKeyInfo *signed_key_info, const TDEPrincipalKey *principal_key) { diff --git a/contrib/pg_tde/src/access/pg_tde_xlog_keys.c b/contrib/pg_tde/src/access/pg_tde_xlog_keys.c index b32e8161714..25c8473a201 100644 --- a/contrib/pg_tde/src/access/pg_tde_xlog_keys.c +++ b/contrib/pg_tde/src/access/pg_tde_xlog_keys.c @@ -26,6 +26,21 @@ #define MaxXLogRecPtr (~(XLogRecPtr)0) +typedef struct WalKeyFileHeader +{ + int32 file_version; + TDESignedPrincipalKeyInfo signed_key_info; +} WalKeyFileHeader; + +typedef struct WalKeyFileEntry +{ + uint32 type; + WalEncryptionKey enc_key; + /* IV and tag used when encrypting the key itself */ + unsigned char entry_iv[MAP_ENTRY_IV_SIZE]; + unsigned char aead_tag[MAP_ENTRY_AEAD_TAG_SIZE]; +} WalKeyFileEntry; + static WALKeyCacheRec *tde_wal_key_cache = NULL; static WALKeyCacheRec *tde_wal_key_last_rec = NULL; diff --git a/contrib/pg_tde/src/include/access/pg_tde_tdemap.h b/contrib/pg_tde/src/include/access/pg_tde_tdemap.h index 88a6249bff8..ed39c5af846 100644 --- a/contrib/pg_tde/src/include/access/pg_tde_tdemap.h +++ b/contrib/pg_tde/src/include/access/pg_tde_tdemap.h @@ -37,34 +37,6 @@ typedef struct unsigned char aead_tag[MAP_ENTRY_AEAD_TAG_SIZE]; } TDESignedPrincipalKeyInfo; -/* We do not need the dbOid since the entries are stored in a file per db */ -typedef struct TDEMapEntry -{ - Oid spcOid; - RelFileNumber relNumber; - uint32 type; - InternalKey enc_key; - /* IV and tag used when encrypting the key itself */ - unsigned char entry_iv[MAP_ENTRY_IV_SIZE]; - unsigned char aead_tag[MAP_ENTRY_AEAD_TAG_SIZE]; -} TDEMapEntry; - -typedef struct XLogRelKey -{ - RelFileLocator rlocator; -} XLogRelKey; - -#define PG_TDE_MAP_FILENAME "%d_keys" - -static inline void -pg_tde_set_db_file_path(Oid dbOid, char *path) -{ - char *fname = psprintf(PG_TDE_MAP_FILENAME, dbOid); - - join_path_components(path, pg_tde_get_data_dir(), fname); - pfree(fname); -} - extern void pg_tde_save_smgr_key(RelFileLocator rel, const InternalKey *key); extern bool pg_tde_has_smgr_key(RelFileLocator rel); extern InternalKey *pg_tde_get_smgr_key(RelFileLocator rel); diff --git a/contrib/pg_tde/src/include/access/pg_tde_xlog.h b/contrib/pg_tde/src/include/access/pg_tde_xlog.h index 8c93a7a1807..03f8421ff96 100644 --- a/contrib/pg_tde/src/include/access/pg_tde_xlog.h +++ b/contrib/pg_tde/src/include/access/pg_tde_xlog.h @@ -19,6 +19,11 @@ /* ID 140 is registered for Percona TDE extension: https://wiki.postgresql.org/wiki/CustomWALResourceManagers */ #define RM_TDERMGR_ID 140 +typedef struct XLogRelKey +{ + RelFileLocator rlocator; +} XLogRelKey; + extern void RegisterTdeRmgr(void); #endif /* !FRONTEND */ diff --git a/contrib/pg_tde/src/include/access/pg_tde_xlog_keys.h b/contrib/pg_tde/src/include/access/pg_tde_xlog_keys.h index 1b5fccdb927..e1c6efc665b 100644 --- a/contrib/pg_tde/src/include/access/pg_tde_xlog_keys.h +++ b/contrib/pg_tde/src/include/access/pg_tde_xlog_keys.h @@ -5,7 +5,6 @@ #include "access/pg_tde_tdemap.h" #include "catalog/tde_principal_key.h" -#include "common/pg_tde_utils.h" typedef struct WalEncryptionKey { @@ -16,21 +15,6 @@ typedef struct WalEncryptionKey XLogRecPtr start_lsn; } WalEncryptionKey; -typedef struct WalKeyFileEntry -{ - uint32 type; - WalEncryptionKey enc_key; - /* IV and tag used when encrypting the key itself */ - unsigned char entry_iv[MAP_ENTRY_IV_SIZE]; - unsigned char aead_tag[MAP_ENTRY_AEAD_TAG_SIZE]; -} WalKeyFileEntry; - -typedef struct WalKeyFileHeader -{ - int32 file_version; - TDESignedPrincipalKeyInfo signed_key_info; -} WalKeyFileHeader; - /* * TODO: For now it's a simple linked list which is no good. So consider having * dedicated WAL keys cache inside some proper data structure.