diff --git a/mysql-test/suite/innodb/r/innodb_encryption_debug.result b/mysql-test/suite/innodb/r/innodb_encryption_debug.result new file mode 100644 index 00000000000..808ebbf3f74 --- /dev/null +++ b/mysql-test/suite/innodb/r/innodb_encryption_debug.result @@ -0,0 +1,19 @@ +show variables like 'innodb_encrypt%'; +Variable_name Value +innodb_encrypt_log OFF +innodb_encrypt_tables ON +innodb_encryption_rotate_key_age 2 +innodb_encryption_rotation_iops 100 +innodb_encryption_threads 4 +select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; +space name min_key_version current_key_version +1 mysql/innodb_table_stats 0 1 +2 mysql/innodb_index_stats 0 1 +0 NULL 0 1 +set global debug_key_management_plugin_version=10; +select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; +space name min_key_version current_key_version +1 mysql/innodb_table_stats 0 10 +2 mysql/innodb_index_stats 0 10 +0 NULL 0 10 +set global debug_key_management_plugin_version=1; diff --git a/mysql-test/suite/innodb/t/innodb_encryption_debug.opt b/mysql-test/suite/innodb/t/innodb_encryption_debug.opt new file mode 100644 index 00000000000..d7c0b5bcd6a --- /dev/null +++ b/mysql-test/suite/innodb/t/innodb_encryption_debug.opt @@ -0,0 +1,5 @@ +--innodb-encrypt-tables=ON +--innodb-encryption-rotate-key-age=2 +--innodb-encryption-threads=4 +--innodb-tablespaces-encryption +--plugin-load-add=$DEBUG_KEY_MANAGEMENT_PLUGIN_SO diff --git a/mysql-test/suite/innodb/t/innodb_encryption_debug.test b/mysql-test/suite/innodb/t/innodb_encryption_debug.test new file mode 100644 index 00000000000..cc455d87945 --- /dev/null +++ b/mysql-test/suite/innodb/t/innodb_encryption_debug.test @@ -0,0 +1,13 @@ +-- source include/have_innodb.inc +if (`select count(*) = 0 from information_schema.plugins + where plugin_name = 'debug_key_management_plugin' and plugin_status='active'`) +{ + --skip Needs debug_key_management_plugin +} + +show variables like 'innodb_encrypt%'; +select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; +set global debug_key_management_plugin_version=10; +select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; +set global debug_key_management_plugin_version=1; + diff --git a/mysql-test/suite/sys_vars/r/debug_use_static_encryption_keys_basic.result b/mysql-test/suite/sys_vars/r/debug_use_static_encryption_keys_basic.result deleted file mode 100644 index a0d4f45cdbf..00000000000 --- a/mysql-test/suite/sys_vars/r/debug_use_static_encryption_keys_basic.result +++ /dev/null @@ -1,3 +0,0 @@ -show global variables like "debug_use_static_encryption_keys"; -Variable_name Value -debug_use_static_encryption_keys OFF diff --git a/mysql-test/suite/sys_vars/r/sysvars_debug.result b/mysql-test/suite/sys_vars/r/sysvars_debug.result index b7f169dc22e..a46e135af0a 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_debug.result +++ b/mysql-test/suite/sys_vars/r/sysvars_debug.result @@ -57,20 +57,6 @@ NUMERIC_BLOCK_SIZE NULL ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT OPTIONAL -VARIABLE_NAME DEBUG_ENCRYPTION_KEY_VERSION -SESSION_VALUE NULL -GLOBAL_VALUE 0 -GLOBAL_VALUE_ORIGIN COMPILE-TIME -DEFAULT_VALUE 0 -VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE INT UNSIGNED -VARIABLE_COMMENT Encryption key version. Only to be used in internal testing. -NUMERIC_MIN_VALUE 0 -NUMERIC_MAX_VALUE 4294967295 -NUMERIC_BLOCK_SIZE 1 -ENUM_VALUE_LIST NULL -READ_ONLY NO -COMMAND_LINE_ARGUMENT REQUIRED VARIABLE_NAME DEBUG_MUTEX_DEADLOCK_DETECTOR SESSION_VALUE NULL GLOBAL_VALUE ON @@ -113,17 +99,3 @@ NUMERIC_BLOCK_SIZE NULL ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT NULL -VARIABLE_NAME DEBUG_USE_STATIC_ENCRYPTION_KEYS -SESSION_VALUE NULL -GLOBAL_VALUE OFF -GLOBAL_VALUE_ORIGIN COMPILE-TIME -DEFAULT_VALUE OFF -VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE BOOLEAN -VARIABLE_COMMENT Enable use of nonrandom encryption keys. Only to be used in internal testing -NUMERIC_MIN_VALUE NULL -NUMERIC_MAX_VALUE NULL -NUMERIC_BLOCK_SIZE NULL -ENUM_VALUE_LIST OFF,ON -READ_ONLY YES -COMMAND_LINE_ARGUMENT OPTIONAL diff --git a/mysql-test/suite/sys_vars/t/debug_encryption_key_version_basic.test b/mysql-test/suite/sys_vars/t/debug_encryption_key_version_basic.test deleted file mode 100644 index 007724b0966..00000000000 --- a/mysql-test/suite/sys_vars/t/debug_encryption_key_version_basic.test +++ /dev/null @@ -1,3 +0,0 @@ ---source include/have_debug.inc -# This is just to satisfy all_vars -select 1; diff --git a/mysql-test/suite/sys_vars/t/debug_use_static_encryption_keys_basic.test b/mysql-test/suite/sys_vars/t/debug_use_static_encryption_keys_basic.test deleted file mode 100644 index 2e0d51e89b7..00000000000 --- a/mysql-test/suite/sys_vars/t/debug_use_static_encryption_keys_basic.test +++ /dev/null @@ -1,3 +0,0 @@ -# This is just to satisfy all_vars ---source include/have_debug.inc -show global variables like "debug_use_static_encryption_keys"; diff --git a/plugin/debug_key_management_plugin/CMakeLists.txt b/plugin/debug_key_management_plugin/CMakeLists.txt new file mode 100644 index 00000000000..d61adf00537 --- /dev/null +++ b/plugin/debug_key_management_plugin/CMakeLists.txt @@ -0,0 +1,2 @@ +MYSQL_ADD_PLUGIN(DEBUG_KEY_MANAGEMENT_PLUGIN debug_key_management_plugin.cc + MODULE_ONLY) diff --git a/plugin/debug_key_management_plugin/debug_key_management_plugin.cc b/plugin/debug_key_management_plugin/debug_key_management_plugin.cc new file mode 100644 index 00000000000..98873687556 --- /dev/null +++ b/plugin/debug_key_management_plugin/debug_key_management_plugin.cc @@ -0,0 +1,98 @@ +/* + Copyright (c) 2015 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +/** + Debug key management plugin. + It's used to debug the encryption code with a fixed keys that change + only on user request. + + THIS IS AN EXAMPLE ONLY! ENCRYPTION KEYS ARE HARD-CODED AND *NOT* SECRET! + DO NOT USE THIS PLUGIN IN PRODUCTION! EVER! +*/ + +#include <my_global.h> +#include <mysql/plugin_encryption_key_management.h> +#include <string.h> +#include <myisampack.h> + +static uint key_version; + +static MYSQL_SYSVAR_UINT(version, key_version, PLUGIN_VAR_RQCMDARG, + "Latest key version", NULL, NULL, 1, 0, UINT_MAX, 1); + +static struct st_mysql_sys_var* sysvars[] = { + MYSQL_SYSVAR(version), + NULL +}; + +static unsigned int get_latest_key_version() +{ + return key_version; +} + +static int get_key(unsigned int version, unsigned char* dstbuf, unsigned buflen) +{ + if (buflen < 4) + return 1; + memset(dstbuf, 0, buflen); + mi_int4store(dstbuf, version); + return 0; +} + +static unsigned int has_key(unsigned int ver) +{ + return 1; +} + +static unsigned int get_key_size(unsigned int ver) +{ + return 16; +} + +static int get_iv(unsigned int ver, unsigned char* dstbuf, unsigned buflen) +{ + return 0; // to be removed +} + +struct st_mariadb_encryption_key_management debug_key_management_plugin= { + MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION, + get_latest_key_version, + has_key, + get_key_size, + get_key, + get_iv +}; + +/* + Plugin library descriptor +*/ +maria_declare_plugin(debug_key_management_plugin) +{ + MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN, + &debug_key_management_plugin, + "debug_key_management_plugin", + "Sergei Golubchik", + "Debug key management plugin", + PLUGIN_LICENSE_GPL, + NULL, + NULL, + 0x0100, + NULL, + sysvars, + "1.0", + MariaDB_PLUGIN_MATURITY_EXPERIMENTAL +} +maria_declare_plugin_end; diff --git a/sql/encryption_keys.cc b/sql/encryption_keys.cc index 07a5d346a05..631fee7623b 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption_keys.cc @@ -1,30 +1,14 @@ #include <my_global.h> #include <mysql/plugin_encryption_key_management.h> -#include "encryption_keys.h" #include "log.h" #include "sql_plugin.h" -#ifndef DBUG_OFF -my_bool debug_use_static_encryption_keys = 0; -uint opt_debug_encryption_key_version = 0; -#endif - /* there can be only one encryption key management plugin enabled */ static plugin_ref encryption_key_manager= 0; static struct st_mariadb_encryption_key_management *handle; unsigned int get_latest_encryption_key_version() { -#ifndef DBUG_OFF - if (debug_use_static_encryption_keys) - { - //mysql_mutex_lock(&LOCK_global_system_variables); - uint res = opt_debug_encryption_key_version; - //mysql_mutex_unlock(&LOCK_global_system_variables); - return res; - } -#endif - if (encryption_key_manager) return handle->get_latest_key_version(); @@ -49,19 +33,6 @@ unsigned int get_encryption_key_size(uint version) int get_encryption_key(uint version, uchar* key, uint size) { -#ifndef DBUG_OFF - if (debug_use_static_encryption_keys) - { - memset(key, 0, size); - // Just don't support tiny keys, no point anyway. - if (size < 4) - return 1; - - mi_int4store(key, version); - return 0; - } -#endif - if (encryption_key_manager) return handle->get_key(version, key, size); diff --git a/sql/encryption_keys.h b/sql/encryption_keys.h deleted file mode 100644 index 10907c1332a..00000000000 --- a/sql/encryption_keys.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef SQL_CRYPTOKEY_INCLUDED -#define SQL_CRYPTOKEY_INCLUDED - -#include "my_global.h" - -#ifndef DBUG_OFF - extern my_bool debug_use_static_encryption_keys; -extern uint opt_debug_encryption_key_version; -#endif /* DBUG_OFF */ - -#endif // SQL_CRYPTOKEY_INCLUDED diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 734b6ed9171..9cba8739eee 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -62,7 +62,6 @@ #include "sql_repl.h" #include "opt_range.h" #include "rpl_parallel.h" -#include "encryption_keys.h" /* The rule for this file: everything should be 'static'. When a sys_var @@ -1126,22 +1125,6 @@ static Sys_var_mybool Sys_log_bin( READ_ONLY GLOBAL_VAR(opt_bin_log), NO_CMD_LINE, DEFAULT(FALSE)); -#ifndef DBUG_OFF -static Sys_var_mybool Sys_debug_use_static_keys( - "debug_use_static_encryption_keys", - "Enable use of nonrandom encryption keys. Only to be used in " - "internal testing", - READ_ONLY GLOBAL_VAR(debug_use_static_encryption_keys), - CMD_LINE(OPT_ARG), DEFAULT(FALSE)); - -static Sys_var_uint Sys_debug_encryption_key_version( - "debug_encryption_key_version", - "Encryption key version. Only to be used in internal testing.", - GLOBAL_VAR(opt_debug_encryption_key_version), - CMD_LINE(REQUIRED_ARG), VALID_RANGE(0,UINT_MAX), DEFAULT(0), - BLOCK_SIZE(1)); -#endif - static Sys_var_mybool Sys_trust_function_creators( "log_bin_trust_function_creators", "If set to FALSE (the default), then when --log-bin is used, creation "