MDEV-8264 encryption for binlog

* Start_encryption_log_event
* --encrypt-binlog command line option

based on google patches.

1 files changed, 31 insertions, 0 deletions

diff --git a/sql/rpl_constants.h b/sql/rpl_constants.h
index b1f1286184e..0a7fde439dd 100644
--- a/sql/rpl_constants.h
+++ b/sql/rpl_constants.h
@@ -17,6 +17,9 @@
 #ifndef RPL_CONSTANTS_H
 #define RPL_CONSTANTS_H
 
+#include <my_sys.h>
+#include <my_crypt.h>
+
 /**
    Enumeration of the incidents that can occur for the server.
  */
@@ -78,4 +81,32 @@ enum enum_binlog_checksum_alg {
                                  // or events from checksum-unaware servers
 };
 
+#define BINLOG_CRYPTO_SCHEME_LENGTH 1
+#define BINLOG_KEY_VERSION_LENGTH   4
+#define BINLOG_IV_LENGTH            MY_AES_BLOCK_SIZE
+#define BINLOG_IV_OFFS_LENGTH       4
+#define BINLOG_NONCE_LENGTH         (BINLOG_IV_LENGTH - BINLOG_IV_OFFS_LENGTH)
+
+struct Binlog_crypt_data {
+  uint  scheme;
+  uint  key_version, key_length, ctx_size;
+  uchar key[MY_AES_MAX_KEY_LENGTH];
+  uchar nonce[BINLOG_NONCE_LENGTH];
+
+  int init(uint sch, uint kv)
+  {
+    scheme= sch;
+    ctx_size= encryption_ctx_size(ENCRYPTION_KEY_SYSTEM_DATA, kv);
+    key_version= kv;
+    key_length= sizeof(key);
+    return encryption_key_get(ENCRYPTION_KEY_SYSTEM_DATA, kv, key, &key_length);
+  }
+
+  void set_iv(uchar* iv, uint32 offs) const
+  {
+    memcpy(iv, nonce, BINLOG_NONCE_LENGTH);
+    int4store(iv + BINLOG_NONCE_LENGTH, offs);
+  }
+};
+
 #endif /* RPL_CONSTANTS_H */