diff options
| author | Bruce Momjian <bruce@momjian.us> | 2020-12-25 10:19:44 -0500 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2020-12-25 10:19:44 -0500 |
| commit | 978f869b992f9fca343e99d6fdb71073c76e869a (patch) | |
| tree | b8020240551aa16da5b4fc9fbf96710de2d667e4 /src/backend/access/transam/xlog.c | |
| parent | 5c31afc49d0b62b357218b6f8b01782509ef8acd (diff) | |
| download | postgresql-978f869b992f9fca343e99d6fdb71073c76e869a.tar.gz postgresql-978f869b992f9fca343e99d6fdb71073c76e869a.zip | |
Add key management system
This adds a key management system that stores (currently) two data
encryption keys of length 128, 192, or 256 bits. The data keys are
AES256 encrypted using a key encryption key, and validated via GCM
cipher mode. A command to obtain the key encryption key must be
specified at initdb time, and will be run at every database server
start. New parameters allow a file descriptor open to the terminal to
be passed. pg_upgrade support has also been added.
Discussion: https://postgr.es/m/CA+fd4k7q5o6Nc_AaX6BcYM9yqTbC6_pnH-6nSD=54Zp6NBQTCQ@mail.gmail.com
Discussion: https://postgr.es/m/20201202213814.GG20285@momjian.us
Author: Masahiko Sawada, me, Stephen Frost
Diffstat (limited to 'src/backend/access/transam/xlog.c')
| -rw-r--r-- | src/backend/access/transam/xlog.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index 9867e1b4039..48ca46a941c 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -44,11 +44,13 @@ #include "commands/tablespace.h" #include "common/controldata_utils.h" #include "executor/instrument.h" +#include "crypto/kmgr.h" #include "miscadmin.h" #include "pg_trace.h" #include "pgstat.h" #include "port/atomics.h" #include "postmaster/bgwriter.h" +#include "postmaster/postmaster.h" #include "postmaster/startup.h" #include "postmaster/walwriter.h" #include "replication/basebackup.h" @@ -81,6 +83,7 @@ #include "utils/timestamp.h" extern uint32 bootstrap_data_checksum_version; +extern int bootstrap_file_encryption_keylen; /* Unsupported old recovery command file names (relative to $PGDATA) */ #define RECOVERY_COMMAND_FILE "recovery.conf" @@ -4618,6 +4621,7 @@ InitControlFile(uint64 sysidentifier) ControlFile->wal_log_hints = wal_log_hints; ControlFile->track_commit_timestamp = track_commit_timestamp; ControlFile->data_checksum_version = bootstrap_data_checksum_version; + ControlFile->file_encryption_keylen = bootstrap_file_encryption_keylen; } static void @@ -4717,6 +4721,7 @@ ReadControlFile(void) pg_crc32c crc; int fd; static char wal_segsz_str[20]; + static char file_encryption_keylen_str[20]; int r; /* @@ -4905,6 +4910,12 @@ ReadControlFile(void) /* Make the initdb settings visible as GUC variables, too */ SetConfigOption("data_checksums", DataChecksumsEnabled() ? "yes" : "no", PGC_INTERNAL, PGC_S_OVERRIDE); + + Assert(ControlFile != NULL); + snprintf(file_encryption_keylen_str, sizeof(file_encryption_keylen_str), "%d", + ControlFile->file_encryption_keylen); + SetConfigOption("file_encryption_keylen", file_encryption_keylen_str, PGC_INTERNAL, + PGC_S_OVERRIDE); } /* @@ -5354,6 +5365,16 @@ BootStrapXLOG(void) /* some additional ControlFile fields are set in WriteControlFile() */ WriteControlFile(); + /* Enable file encryption if required */ + if (ControlFile->file_encryption_keylen > 0) + BootStrapKmgr(); + + if (terminal_fd != -1) + { + close(terminal_fd); + terminal_fd = -1; + } + /* Bootstrap the commit log, too */ BootStrapCLOG(); BootStrapCommitTs(); |