Mirrors
/
mariadb
mirror of https://github.com/MariaDB/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
177644 Commits
3235 Branches
1092 Tags
1.3 GiB
Tree: cf4a6abea1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cf4a6abea1'
${ noResults }
mariadb/extra/mariabackup/ds_decrypt.c

665 lines
15 KiB
Raw Normal View History

Xtrabackup 2.3.8
9 years ago
  1. /******************************************************
  2. Copyright (c) 2017 Percona LLC and/or its affiliates.
  4. Encryption datasink implementation for XtraBackup.
  6. This program is free software; you can redistribute it and/or modify
  7. it under the terms of the GNU General Public License as published by
  8. the Free Software Foundation; version 2 of the License.
  10. This program is distributed in the hope that it will be useful,
  11. but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. GNU General Public License for more details.
  15. You should have received a copy of the GNU General Public License
  16. along with this program; if not, write to the Free Software
  17. Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19. *******************************************************/
  22. #include <my_base.h>
  23. #include "common.h"
  24. #include "datasink.h"
  25. #include "xbcrypt.h"
  26. #include "xbcrypt_common.h"
  27. #include "crc_glue.h"
  29. typedef struct {
  30. pthread_t id;
  31. uint num;
  32. pthread_mutex_t ctrl_mutex;
  33. pthread_cond_t ctrl_cond;
  34. pthread_mutex_t data_mutex;
  35. pthread_cond_t data_cond;
  36. my_bool started;
  37. my_bool data_avail;
  38. my_bool cancelled;
  39. my_bool failed;
  40. const uchar *from;
  41. size_t from_len;
  42. uchar *to;
  43. size_t to_len;
  44. size_t to_size;
  45. const uchar *iv;
  46. size_t iv_len;
  47. unsigned long long offset;
  48. my_bool hash_appended;
  49. gcry_cipher_hd_t cipher_handle;
  50. xb_rcrypt_result_t parse_result;
  51. } crypt_thread_ctxt_t;
  53. typedef struct {
  54. crypt_thread_ctxt_t *threads;
  55. uint nthreads;
  56. int encrypt_algo;
  57. size_t chunk_size;
  58. char *encrypt_key;
  59. char *encrypt_key_file;
  60. } ds_decrypt_ctxt_t;
  62. typedef struct {
  63. ds_decrypt_ctxt_t *crypt_ctxt;
  64. size_t bytes_processed;
  65. ds_file_t *dest_file;
  66. uchar *buf;
  67. size_t buf_len;
  68. size_t buf_size;
  69. } ds_decrypt_file_t;
  71. int ds_decrypt_encrypt_threads = 1;
  73. static ds_ctxt_t *decrypt_init(const char *root);
  74. static ds_file_t *decrypt_open(ds_ctxt_t *ctxt, const char *path,
  75. MY_STAT *mystat);
  76. static int decrypt_write(ds_file_t *file, const void *buf, size_t len);
  77. static int decrypt_close(ds_file_t *file);
  78. static void decrypt_deinit(ds_ctxt_t *ctxt);
  80. datasink_t datasink_decrypt = {
  81. &decrypt_init,
  82. &decrypt_open,
  83. &decrypt_write,
  84. &decrypt_close,
  85. &decrypt_deinit
  86. };
  88. static crypt_thread_ctxt_t *create_worker_threads(uint n);
  89. static void destroy_worker_threads(crypt_thread_ctxt_t *threads, uint n);
  90. static void *decrypt_worker_thread_func(void *arg);
  92. static
  93. ds_ctxt_t *
  94. decrypt_init(const char *root)
  95. {
  96. ds_ctxt_t *ctxt;
  97. ds_decrypt_ctxt_t *decrypt_ctxt;
  98. crypt_thread_ctxt_t *threads;
  100. if (xb_crypt_init(NULL)) {
  101. return NULL;
  102. }
  104. /* Create and initialize the worker threads */
  105. threads = create_worker_threads(ds_decrypt_encrypt_threads);
  106. if (threads == NULL) {
  107. msg("decrypt: failed to create worker threads.\n");
  108. return NULL;
  109. }
  111. ctxt = (ds_ctxt_t *) my_malloc(sizeof(ds_ctxt_t) +
  112. sizeof(ds_decrypt_ctxt_t),
  113. MYF(MY_FAE));
  115. decrypt_ctxt = (ds_decrypt_ctxt_t *) (ctxt + 1);
  116. decrypt_ctxt->threads = threads;
  117. decrypt_ctxt->nthreads = ds_decrypt_encrypt_threads;
  119. ctxt->ptr = decrypt_ctxt;
  120. ctxt->root = my_strdup(root, MYF(MY_FAE));
  122. return ctxt;
  123. }
  125. static
  126. ds_file_t *
  127. decrypt_open(ds_ctxt_t *ctxt, const char *path, MY_STAT *mystat)
  128. {
  129. ds_ctxt_t *dest_ctxt;
  131. ds_decrypt_ctxt_t *crypt_ctxt;
  132. ds_decrypt_file_t *crypt_file;
  134. char new_name[FN_REFLEN];
  135. ds_file_t *file;
  137. xb_ad(ctxt->pipe_ctxt != NULL);
  138. dest_ctxt = ctxt->pipe_ctxt;
  140. crypt_ctxt = (ds_decrypt_ctxt_t *) ctxt->ptr;
  143. file = (ds_file_t *) my_malloc(sizeof(ds_file_t) +
  144. sizeof(ds_decrypt_file_t),
  145. MYF(MY_FAE|MY_ZEROFILL));
  147. crypt_file = (ds_decrypt_file_t *) (file + 1);
  149. /* Remove the .xbcrypt extension from the filename */
  150. strncpy(new_name, path, FN_REFLEN);
  151. new_name[strlen(new_name) - 8] = 0;
  152. crypt_file->dest_file = ds_open(dest_ctxt, new_name, mystat);
  153. if (crypt_file->dest_file == NULL) {
  154. msg("decrypt: ds_open(\"%s\") failed.\n", new_name);
  155. goto err;
  156. }
  158. crypt_file->crypt_ctxt = crypt_ctxt;
  159. crypt_file->buf = NULL;
  160. crypt_file->buf_size = 0;
  161. crypt_file->buf_len = 0;
  163. file->ptr = crypt_file;
  164. file->path = crypt_file->dest_file->path;
  166. return file;
  168. err:
  169. if (crypt_file->dest_file) {
  170. ds_close(crypt_file->dest_file);
  171. }
  172. my_free(file);
  173. return NULL;
  174. }
  176. #define CHECK_BUF_SIZE(ptr, size, buf, len) \
  177. if (ptr + size - buf > (ssize_t) len) { \
  178. result = XB_CRYPT_READ_INCOMPLETE; \
  179. goto exit; \
  180. }
  182. static
  183. xb_rcrypt_result_t
  184. parse_xbcrypt_chunk(crypt_thread_ctxt_t *thd, const uchar *buf, size_t len,
  185. size_t *bytes_processed)
  186. {
  187. const uchar *ptr;
  188. uint version;
  189. ulong checksum, checksum_exp;
  190. ulonglong tmp;
  191. xb_rcrypt_result_t result = XB_CRYPT_READ_CHUNK;
  193. *bytes_processed = 0;
  194. ptr = buf;
  196. CHECK_BUF_SIZE(ptr, XB_CRYPT_CHUNK_MAGIC_SIZE, buf, len);
  197. if (memcmp(ptr, XB_CRYPT_CHUNK_MAGIC3,
  198. XB_CRYPT_CHUNK_MAGIC_SIZE) == 0) {
  199. version = 3;
  200. } else if (memcmp(ptr, XB_CRYPT_CHUNK_MAGIC2,
  201. XB_CRYPT_CHUNK_MAGIC_SIZE) == 0) {
  202. version = 2;
  203. } else if (memcmp(ptr, XB_CRYPT_CHUNK_MAGIC1,
  204. XB_CRYPT_CHUNK_MAGIC_SIZE) == 0) {
  205. version = 1;
  206. } else {
  207. msg("%s:%s: wrong chunk magic at offset 0x%llx.\n",
  208. my_progname, __FUNCTION__, thd->offset);
  209. result = XB_CRYPT_READ_ERROR;
  210. goto exit;
  211. }
  213. ptr += XB_CRYPT_CHUNK_MAGIC_SIZE;
  214. thd->offset += XB_CRYPT_CHUNK_MAGIC_SIZE;
  216. CHECK_BUF_SIZE(ptr, 8, buf, len);
  217. tmp = uint8korr(ptr); /* reserved */
  218. ptr += 8;
  219. thd->offset += 8;
  221. CHECK_BUF_SIZE(ptr, 8, buf, len);
  222. tmp = uint8korr(ptr); /* original size */
  223. ptr += 8;
  224. if (tmp > INT_MAX) {
  225. msg("%s:%s: invalid original size at offset 0x%llx.\n",
  226. my_progname, __FUNCTION__, thd->offset);
  227. result = XB_CRYPT_READ_ERROR;
  228. goto exit;
  229. }
  230. thd->offset += 8;
  231. thd->to_len = (size_t)tmp;
  233. if (thd->to_size < thd->to_len + XB_CRYPT_HASH_LEN) {
  234. thd->to = (uchar *) my_realloc(
  235. thd->to,
  236. thd->to_len + XB_CRYPT_HASH_LEN,
  237. MYF(MY_FAE | MY_ALLOW_ZERO_PTR));
  238. thd->to_size = thd->to_len;
  239. }
  241. CHECK_BUF_SIZE(ptr, 8, buf, len);
  242. tmp = uint8korr(ptr); /* encrypted size */
  243. ptr += 8;
  244. if (tmp > INT_MAX) {
  245. msg("%s:%s: invalid encrypted size at offset 0x%llx.\n",
  246. my_progname, __FUNCTION__, thd->offset);
  247. result = XB_CRYPT_READ_ERROR;
  248. goto exit;
  249. }
  250. thd->offset += 8;
  251. thd->from_len = (size_t)tmp;
  253. xb_a(thd->from_len <= thd->to_len + XB_CRYPT_HASH_LEN);
  255. CHECK_BUF_SIZE(ptr, 4, buf, len);
  256. checksum_exp = uint4korr(ptr); /* checksum */
  257. ptr += 4;
  258. thd->offset += 4;
  260. /* iv size */
  261. if (version == 1) {
  262. thd->iv_len = 0;
  263. thd->iv = NULL;
  264. } else {
  265. CHECK_BUF_SIZE(ptr, 8, buf, len);
  267. tmp = uint8korr(ptr);
  268. if (tmp > INT_MAX) {
  269. msg("%s:%s: invalid iv size at offset 0x%llx.\n",
  270. my_progname, __FUNCTION__, thd->offset);
  271. result = XB_CRYPT_READ_ERROR;
  272. goto exit;
  273. }
  274. ptr += 8;
  275. thd->offset += 8;
  276. thd->iv_len = (size_t)tmp;
  277. }
  279. if (thd->iv_len > 0) {
  280. CHECK_BUF_SIZE(ptr, thd->iv_len, buf, len);
  281. thd->iv = ptr;
  282. ptr += thd->iv_len;
  283. }
  285. /* for version euqals 2 we need to read in the iv data but do not init
  286. CTR with it */
  287. if (version == 2) {
  288. thd->iv_len = 0;
  289. thd->iv = 0;
  290. }
  292. if (thd->from_len > 0) {
  293. CHECK_BUF_SIZE(ptr, thd->from_len, buf, len);
  294. thd->from = ptr;
  295. ptr += thd->from_len;
  296. }
  298. xb_ad(thd->from_len <= thd->to_len);
  300. checksum = crc32_iso3309(0, thd->from, thd->from_len);
  301. if (checksum != checksum_exp) {
  302. msg("%s:%s invalid checksum at offset 0x%llx, "
  303. "expected 0x%lx, actual 0x%lx.\n", my_progname,
  304. __FUNCTION__, thd->offset, checksum_exp, checksum);
  305. result = XB_CRYPT_READ_ERROR;
  306. goto exit;
  307. }
  309. thd->offset += thd->from_len;
  311. thd->hash_appended = version > 2;
  313. exit:
  315. *bytes_processed = (size_t) (ptr - buf);
  317. return result;
  318. }
  320. static
  321. int
  322. decrypt_write(ds_file_t *file, const void *buf, size_t len)
  323. {
  324. ds_decrypt_file_t *crypt_file;
  325. ds_decrypt_ctxt_t *crypt_ctxt;
  326. crypt_thread_ctxt_t *threads;
  327. crypt_thread_ctxt_t *thd;
  328. uint nthreads;
  329. uint i;
  330. size_t bytes_processed;
  331. xb_rcrypt_result_t parse_result = XB_CRYPT_READ_CHUNK;
  332. my_bool err = FALSE;
  334. crypt_file = (ds_decrypt_file_t *) file->ptr;
  335. crypt_ctxt = crypt_file->crypt_ctxt;
  337. threads = crypt_ctxt->threads;
  338. nthreads = crypt_ctxt->nthreads;
  340. if (crypt_file->buf_len > 0) {
  341. thd = threads;
  343. pthread_mutex_lock(&thd->ctrl_mutex);
  345. do {
  346. if (parse_result == XB_CRYPT_READ_INCOMPLETE) {
  347. crypt_file->buf_size = crypt_file->buf_size * 2;
  348. crypt_file->buf = (uchar *) my_realloc(
  349. crypt_file->buf,
  350. crypt_file->buf_size,
  351. MYF(MY_FAE|MY_ALLOW_ZERO_PTR));
  352. }
  354. memcpy(crypt_file->buf + crypt_file->buf_len,
  355. buf, MY_MIN(crypt_file->buf_size -
  356. crypt_file->buf_len, len));
  358. parse_result = parse_xbcrypt_chunk(
  359. thd, crypt_file->buf,
  360. crypt_file->buf_size, &bytes_processed);
  362. if (parse_result == XB_CRYPT_READ_ERROR) {
  363. pthread_mutex_unlock(&thd->ctrl_mutex);
  364. return 1;
  365. }
  367. } while (parse_result == XB_CRYPT_READ_INCOMPLETE &&
  368. crypt_file->buf_size < len);
  370. if (parse_result != XB_CRYPT_READ_CHUNK) {
  371. msg("decrypt: incomplete data.\n");
  372. pthread_mutex_unlock(&thd->ctrl_mutex);
  373. return 1;
  374. }
  376. pthread_mutex_lock(&thd->data_mutex);
  377. thd->data_avail = TRUE;
  378. pthread_cond_signal(&thd->data_cond);
  379. pthread_mutex_unlock(&thd->data_mutex);
  381. len -= bytes_processed - crypt_file->buf_len;
  382. buf += bytes_processed - crypt_file->buf_len;
  384. /* reap */
  386. pthread_mutex_lock(&thd->data_mutex);
  387. while (thd->data_avail == TRUE) {
  388. pthread_cond_wait(&thd->data_cond,
  389. &thd->data_mutex);
  390. }
  392. if (thd->failed) {
  393. msg("decrypt: failed to decrypt chunk.\n");
  394. err = TRUE;
  395. }
  397. xb_a(thd->to_len > 0);
  399. if (!err &&
  400. ds_write(crypt_file->dest_file, thd->to, thd->to_len)) {
  401. msg("decrypt: write to destination failed.\n");
  402. err = TRUE;
  403. }
  405. crypt_file->bytes_processed += thd->from_len;
  407. pthread_mutex_unlock(&thd->data_mutex);
  408. pthread_mutex_unlock(&thd->ctrl_mutex);
  410. crypt_file->buf_len = 0;
  412. if (err) {
  413. return 1;
  414. }
  415. }
  417. while (parse_result == XB_CRYPT_READ_CHUNK && len > 0) {
  418. uint max_thread;
  420. for (i = 0; i < nthreads; i++) {
  421. thd = threads + i;
  423. pthread_mutex_lock(&thd->ctrl_mutex);
  425. parse_result = parse_xbcrypt_chunk(
  426. thd, buf, len, &bytes_processed);
  428. if (parse_result == XB_CRYPT_READ_ERROR) {
  429. pthread_mutex_unlock(&thd->ctrl_mutex);
  430. err = TRUE;
  431. break;
  432. }
  434. thd->parse_result = parse_result;
  436. if (parse_result != XB_CRYPT_READ_CHUNK) {
  437. pthread_mutex_unlock(&thd->ctrl_mutex);
  438. break;
  439. }
  441. pthread_mutex_lock(&thd->data_mutex);
  442. thd->data_avail = TRUE;
  443. pthread_cond_signal(&thd->data_cond);
  444. pthread_mutex_unlock(&thd->data_mutex);
  446. len -= bytes_processed;
  447. buf += bytes_processed;
  448. }
  450. max_thread = (i < nthreads) ? i : nthreads - 1;
  452. /* Reap and write decrypted data */
  453. for (i = 0; i <= max_thread; i++) {
  454. thd = threads + i;
  456. if (thd->parse_result != XB_CRYPT_READ_CHUNK) {
  457. break;
  458. }
  460. pthread_mutex_lock(&thd->data_mutex);
  461. while (thd->data_avail == TRUE) {
  462. pthread_cond_wait(&thd->data_cond,
  463. &thd->data_mutex);
  464. }
  466. if (thd->failed) {
  467. msg("decrypt: failed to decrypt chunk.\n");
  468. err = TRUE;
  469. }
  471. xb_a(thd->to_len > 0);
  473. if (!err && ds_write(crypt_file->dest_file, thd->to,
  474. thd->to_len)) {
  475. msg("decrypt: write to destination failed.\n");
  476. err = TRUE;
  477. }
  479. crypt_file->bytes_processed += thd->from_len;
  481. pthread_mutex_unlock(&thd->data_mutex);
  482. pthread_mutex_unlock(&thd->ctrl_mutex);
  483. }
  485. if (err) {
  486. return 1;
  487. }
  488. }
  490. if (parse_result == XB_CRYPT_READ_INCOMPLETE && len > 0) {
  491. crypt_file->buf_len = len;
  492. if (crypt_file->buf_size < len) {
  493. crypt_file->buf = (uchar *) my_realloc(
  494. crypt_file->buf,
  495. crypt_file->buf_len,
  496. MYF(MY_FAE | MY_ALLOW_ZERO_PTR));
  497. crypt_file->buf_size = len;
  498. }
  499. memcpy(crypt_file->buf, buf, len);
  500. }
  502. return 0;
  503. }
  505. static
  506. int
  507. decrypt_close(ds_file_t *file)
  508. {
  509. ds_decrypt_file_t *crypt_file;
  510. ds_file_t *dest_file;
  511. int rc = 0;
  513. crypt_file = (ds_decrypt_file_t *) file->ptr;
  514. dest_file = crypt_file->dest_file;
  516. if (ds_close(dest_file)) {
  517. rc = 1;
  518. }
  520. my_free(crypt_file->buf);
  521. my_free(file);
  523. return rc;
  524. }
  526. static
  527. void
  528. decrypt_deinit(ds_ctxt_t *ctxt)
  529. {
  530. ds_decrypt_ctxt_t *crypt_ctxt;
  532. xb_ad(ctxt->pipe_ctxt != NULL);
  534. crypt_ctxt = (ds_decrypt_ctxt_t *) ctxt->ptr;
  536. destroy_worker_threads(crypt_ctxt->threads, crypt_ctxt->nthreads);
  538. my_free(ctxt->root);
  539. my_free(ctxt);
  540. }
  542. static
  543. crypt_thread_ctxt_t *
  544. create_worker_threads(uint n)
  545. {
  546. crypt_thread_ctxt_t *threads;
  547. uint i;
  549. threads = (crypt_thread_ctxt_t *)
  550. my_malloc(sizeof(crypt_thread_ctxt_t) * n,
  551. MYF(MY_FAE | MY_ZEROFILL));
  553. for (i = 0; i < n; i++) {
  554. crypt_thread_ctxt_t *thd = threads + i;
  556. thd->num = i + 1;
  558. /* Initialize the control mutex and condition var */
  559. if (pthread_mutex_init(&thd->ctrl_mutex, NULL) ||
  560. pthread_cond_init(&thd->ctrl_cond, NULL)) {
  561. goto err;
  562. }
  564. /* Initialize and data mutex and condition var */
  565. if (pthread_mutex_init(&thd->data_mutex, NULL) ||
  566. pthread_cond_init(&thd->data_cond, NULL)) {
  567. goto err;
  568. }
  570. xb_crypt_cipher_open(&thd->cipher_handle);
  572. pthread_mutex_lock(&thd->ctrl_mutex);
  574. if (pthread_create(&thd->id, NULL, decrypt_worker_thread_func,
  575. thd)) {
  576. msg("decrypt: pthread_create() failed: "
  577. "errno = %d\n", errno);
  578. goto err;
  579. }
  580. }
  582. /* Wait for the threads to start */
  583. for (i = 0; i < n; i++) {
  584. crypt_thread_ctxt_t *thd = threads + i;
  586. while (thd->started == FALSE)
  587. pthread_cond_wait(&thd->ctrl_cond, &thd->ctrl_mutex);
  588. pthread_mutex_unlock(&thd->ctrl_mutex);
  589. }
  591. return threads;
  593. err:
  594. return NULL;
  595. }
  597. static
  598. void
  599. destroy_worker_threads(crypt_thread_ctxt_t *threads, uint n)
  600. {
  601. uint i;
  603. for (i = 0; i < n; i++) {
  604. crypt_thread_ctxt_t *thd = threads + i;
  606. pthread_mutex_lock(&thd->data_mutex);
  607. threads[i].cancelled = TRUE;
  608. pthread_cond_signal(&thd->data_cond);
  609. pthread_mutex_unlock(&thd->data_mutex);
  611. pthread_join(thd->id, NULL);
  613. pthread_cond_destroy(&thd->data_cond);
  614. pthread_mutex_destroy(&thd->data_mutex);
  615. pthread_cond_destroy(&thd->ctrl_cond);
  616. pthread_mutex_destroy(&thd->ctrl_mutex);
  618. xb_crypt_cipher_close(thd->cipher_handle);
  620. my_free(thd->to);
  621. }
  623. my_free(threads);
  624. }
  626. static
  627. void *
  628. decrypt_worker_thread_func(void *arg)
  629. {
  630. crypt_thread_ctxt_t *thd = (crypt_thread_ctxt_t *) arg;
  632. pthread_mutex_lock(&thd->ctrl_mutex);
  634. pthread_mutex_lock(&thd->data_mutex);
  636. thd->started = TRUE;
  637. pthread_cond_signal(&thd->ctrl_cond);
  639. pthread_mutex_unlock(&thd->ctrl_mutex);
  641. while (1) {
  642. thd->data_avail = FALSE;
  643. pthread_cond_signal(&thd->data_cond);
  645. while (!thd->data_avail && !thd->cancelled) {
  646. pthread_cond_wait(&thd->data_cond, &thd->data_mutex);
  647. }
  649. if (thd->cancelled)
  650. break;
  652. if (xb_crypt_decrypt(thd->cipher_handle, thd->from,
  653. thd->from_len, thd->to, &thd->to_len,
  654. thd->iv, thd->iv_len,
  655. thd->hash_appended)) {
  656. thd->failed = TRUE;
  657. continue;
  658. }
  660. }
  662. pthread_mutex_unlock(&thd->data_mutex);
  664. return NULL;
  665. }