From 0a4556984c5eaf19e039595a14a83270113af68e Mon Sep 17 00:00:00 2001 From: dmchen Date: Mon, 1 Apr 2024 09:19:29 +0000 Subject: [PATCH] merge --- include/common/tmsg.h | 1 + include/util/tdef.h | 5 +--- source/common/src/tmsg.c | 4 ++++ source/dnode/mgmt/exe/dmMain.c | 4 ++-- source/dnode/mgmt/mgmt_dnode/src/dmHandle.c | 6 +++++ source/dnode/mgmt/mgmt_vnode/src/vmHandle.c | 26 ++++++++++----------- source/dnode/mgmt/node_util/src/dmFile.c | 21 ++++++++++++----- source/dnode/mnode/impl/src/mndVgroup.c | 1 + 8 files changed, 43 insertions(+), 25 deletions(-) diff --git a/include/common/tmsg.h b/include/common/tmsg.h index 0ad000b235..e5a12c13cd 100644 --- a/include/common/tmsg.h +++ b/include/common/tmsg.h @@ -1709,6 +1709,7 @@ typedef struct { int8_t learnerSelfIndex; SReplica learnerReplicas[TSDB_MAX_LEARNER_REPLICA]; int32_t changeVersion; + int8_t encryptAlgorithm; } SCreateVnodeReq; int32_t tSerializeSCreateVnodeReq(void* buf, int32_t bufLen, SCreateVnodeReq* pReq); diff --git a/include/util/tdef.h b/include/util/tdef.h index f87abff83d..bc439ddb35 100644 --- a/include/util/tdef.h +++ b/include/util/tdef.h @@ -395,10 +395,7 @@ typedef enum ELogicConditionType { #define TSDB_ENCRYPT_ALGO_NONE_STR "none" #define TSDB_ENCRYPT_ALGO_SM4_STR "sm4" #define TSDB_ENCRYPT_ALGO_NONE 0 -#define TSDB_ENCRYPT_ALGO_SM1 1 -#define TSDB_ENCRYPT_ALGO_SM2 2 -#define TSDB_ENCRYPT_ALGO_SM3 3 -#define TSDB_ENCRYPT_ALGO_SM4 4 +#define TSDB_ENCRYPT_ALGO_SM4 1 #define TSDB_DEFAULT_ENCRYPT_ALGO TSDB_ENCRYPT_ALGO_NONE #define TSDB_MIN_ENCRYPT_ALGO TSDB_ENCRYPT_ALGO_NONE #define TSDB_MAX_ENCRYPT_ALGO TSDB_ENCRYPT_ALGO_SM4 diff --git a/source/common/src/tmsg.c b/source/common/src/tmsg.c index f959c3b4df..b034890e31 100644 --- a/source/common/src/tmsg.c +++ b/source/common/src/tmsg.c @@ -5103,6 +5103,7 @@ int32_t tSerializeSCreateVnodeReq(void *buf, int32_t bufLen, SCreateVnodeReq *pR } if (tEncodeI32(&encoder, pReq->changeVersion) < 0) return -1; if (tEncodeI32(&encoder, pReq->keepTimeOffset) < 0) return -1; + if (tEncodeI8(&encoder, pReq->encryptAlgorithm) < 0) return -1; tEndEncode(&encoder); @@ -5196,6 +5197,9 @@ int32_t tDeserializeSCreateVnodeReq(void *buf, int32_t bufLen, SCreateVnodeReq * if (!tDecodeIsEnd(&decoder)) { if (tDecodeI32(&decoder, &pReq->keepTimeOffset) < 0) return -1; } + if (!tDecodeIsEnd(&decoder)) { + if (tDecodeI8(&decoder, &pReq->encryptAlgorithm) < 0) return -1; + } tEndDecode(&decoder); tDecoderClear(&decoder); diff --git a/source/dnode/mgmt/exe/dmMain.c b/source/dnode/mgmt/exe/dmMain.c index a682978035..f8ca992b22 100644 --- a/source/dnode/mgmt/exe/dmMain.c +++ b/source/dnode/mgmt/exe/dmMain.c @@ -367,10 +367,10 @@ int mainWindows(int argc, char **argv) { } if(global.generateCode) { - updateEncryptKey(global.encryptKey); + int ret = updateEncryptKey(global.encryptKey); taosCloseLog(); taosCleanupArgs(); - return 0; + return ret; } if(getEncryptKey() != 0){ diff --git a/source/dnode/mgmt/mgmt_dnode/src/dmHandle.c b/source/dnode/mgmt/mgmt_dnode/src/dmHandle.c index daaff3456d..684742fe53 100644 --- a/source/dnode/mgmt/mgmt_dnode/src/dmHandle.c +++ b/source/dnode/mgmt/mgmt_dnode/src/dmHandle.c @@ -16,6 +16,7 @@ #define _DEFAULT_SOURCE #include "dmInt.h" #include "systable.h" +#include "tchecksum.h" extern SConfig *tsCfg; @@ -234,6 +235,11 @@ int32_t dmProcessCreateEncryptKeyReq(SDnodeMgmt *pMgmt, SRpcMsg *pMsg) { } code = updateEncryptKey(cfgReq.value); + if(code == 0) { + tsEncryptionKeyChksum = taosCalcChecksum(0, cfgReq.value, strlen(cfgReq.value)); + tsEncryptionKeyStat = ENCRYPT_KEY_STAT_LOADED; + strncpy(tsEncryptKey, cfgReq.value, ENCRYPT_KEY_LEN + 1); + } pMsg->code = code; pMsg->info.rsp = NULL; diff --git a/source/dnode/mgmt/mgmt_vnode/src/vmHandle.c b/source/dnode/mgmt/mgmt_vnode/src/vmHandle.c index 95ed21b302..518735e01f 100644 --- a/source/dnode/mgmt/mgmt_vnode/src/vmHandle.c +++ b/source/dnode/mgmt/mgmt_vnode/src/vmHandle.c @@ -143,12 +143,12 @@ static void vmGenerateVnodeCfg(SCreateVnodeReq *pCreate, SVnodeCfg *pCfg) { } } #if defined(TD_ENTERPRISE) - pCfg->tsdbCfg.encryptAlgorithm = DND_CA_SM4; + pCfg->tsdbCfg.encryptAlgorithm = pCreate->encryptAlgorithm; if(pCfg->tsdbCfg.encryptAlgorithm == DND_CA_SM4){ strncpy(pCfg->tsdbCfg.encryptKey, tsEncryptKey, ENCRYPT_KEY_LEN); } #else - pCfg->walCfg.cryptAlgorithm = 0; + pCfg->tsdbCfg.cryptAlgorithm = 0; #endif pCfg->walCfg.vgId = pCreate->vgId; @@ -159,7 +159,7 @@ static void vmGenerateVnodeCfg(SCreateVnodeReq *pCreate, SVnodeCfg *pCfg) { pCfg->walCfg.segSize = pCreate->walSegmentSize; pCfg->walCfg.level = pCreate->walLevel; #if defined(TD_ENTERPRISE) - pCfg->walCfg.encryptAlgorithm = DND_CA_SM4; + pCfg->walCfg.encryptAlgorithm = pCreate->encryptAlgorithm; if(pCfg->walCfg.encryptAlgorithm == DND_CA_SM4){ strncpy(pCfg->walCfg.encryptKey, tsEncryptKey, ENCRYPT_KEY_LEN); } @@ -168,7 +168,7 @@ static void vmGenerateVnodeCfg(SCreateVnodeReq *pCreate, SVnodeCfg *pCfg) { #endif #if defined(TD_ENTERPRISE) - pCfg->tdbEncryptAlgorithm = DND_CA_SM4; + pCfg->tdbEncryptAlgorithm = pCreate->encryptAlgorithm; if(pCfg->tdbEncryptAlgorithm == DND_CA_SM4){ strncpy(pCfg->tdbEncryptKey, tsEncryptKey, ENCRYPT_KEY_LEN); } @@ -266,14 +266,14 @@ int32_t vmProcessCreateVnodeReq(SVnodeMgmt *pMgmt, SRpcMsg *pMsg) { ", days:%d keep0:%d keep1:%d keep2:%d keepTimeOffset%d tsma:%d precision:%d compression:%d minRows:%d maxRows:%d" ", wal fsync:%d level:%d retentionPeriod:%d retentionSize:%" PRId64 " rollPeriod:%d segSize:%" PRId64 ", hash method:%d begin:%u end:%u prefix:%d surfix:%d replica:%d selfIndex:%d " - "learnerReplica:%d learnerSelfIndex:%d strict:%d changeVersion:%d", + "learnerReplica:%d learnerSelfIndex:%d strict:%d changeVersion:%d encryptAlgorithm:%d", req.vgId, TMSG_INFO(pMsg->msgType), req.pages, req.pageSize, req.buffer, req.pageSize * 1024, (uint64_t)req.buffer * 1024 * 1024, req.cacheLast, req.cacheLastSize, req.sstTrigger, req.tsdbPageSize, req.tsdbPageSize * 1024, req.db, req.dbUid, req.daysPerFile, req.daysToKeep0, req.daysToKeep1, req.daysToKeep2, req.keepTimeOffset, req.isTsma, req.precision, req.compression, req.minRows, req.maxRows, req.walFsyncPeriod, req.walLevel, req.walRetentionPeriod, req.walRetentionSize, req.walRollPeriod, req.walSegmentSize, req.hashMethod, req.hashBegin, req.hashEnd, req.hashPrefix, req.hashSuffix, req.replica, req.selfIndex, req.learnerReplica, - req.learnerSelfIndex, req.strict, req.changeVersion); + req.learnerSelfIndex, req.strict, req.changeVersion, req.encryptAlgorithm); for (int32_t i = 0; i < req.replica; ++i) { dInfo("vgId:%d, replica:%d ep:%s:%u dnode:%d", req.vgId, i, req.replicas[i].fqdn, req.replicas[i].port, @@ -298,13 +298,13 @@ int32_t vmProcessCreateVnodeReq(SVnodeMgmt *pMgmt, SRpcMsg *pMsg) { return -1; } - //if(req.encryptAlgorithm == DND_CA_SM4){ - // if(strlen(tsEncryptKey) == 0){ - // terrno = TSDB_CODE_DNODE_INVALID_ENCRYPTKEY; - // dError("vgId:%d, failed to create vnode since encrypt key is empty", req.vgId); - // return -1; - // } - //} + if(req.encryptAlgorithm == DND_CA_SM4){ + if(strlen(tsEncryptKey) == 0){ + terrno = TSDB_CODE_DNODE_INVALID_ENCRYPTKEY; + dError("vgId:%d, failed to create vnode since encrypt key is empty", req.vgId); + return -1; + } + } vmGenerateVnodeCfg(&req, &vnodeCfg); diff --git a/source/dnode/mgmt/node_util/src/dmFile.c b/source/dnode/mgmt/node_util/src/dmFile.c index f68fb1f6f2..e765bdec88 100644 --- a/source/dnode/mgmt/node_util/src/dmFile.c +++ b/source/dnode/mgmt/node_util/src/dmFile.c @@ -15,10 +15,10 @@ #define _DEFAULT_SOURCE #include "dmUtil.h" -#include "tchecksum.h" #include "tjson.h" #include "tgrant.h" #include "crypt.h" +#include "tchecksum.h" #define MAXLEN 1024 #define DM_KEY_INDICATOR "this indicator!" @@ -355,9 +355,6 @@ int32_t updateEncryptKey(char *key) { goto _OVER; } - tsEncryptionKeyChksum = taosCalcChecksum(0, key, strlen(key)); - tsEncryptionKeyStat = ENCRYPT_KEY_STAT_LOADED; - code = 0; _OVER: taosMemoryFree(encryptCode); @@ -418,6 +415,7 @@ int32_t getEncryptKey(){ int32_t code = -1; char encryptFile[PATH_MAX] = {0}; char checkFile[PATH_MAX] = {0}; + char *machineId = NULL; snprintf(encryptFile, sizeof(encryptFile), "%s%sdnode%s%s", tsDataDir, TD_DIRSEP, TD_DIRSEP, DM_ENCRYPT_CODE_FILE); snprintf(checkFile, sizeof(checkFile), "%s%sdnode%s%s", tsDataDir, TD_DIRSEP, TD_DIRSEP, DM_CHECK_CODE_FILE); @@ -432,11 +430,22 @@ int32_t getEncryptKey(){ goto _OVER; } + if (!(machineId = tGetMachineId())) { + terrno = TSDB_CODE_OUT_OF_MEMORY; + goto _OVER; + } + + char *encryptKey = NULL; //TODO: dmchen parse key from code - //checkAndGetCryptKey(content, tGetMachineId(), (char**)&tsEncryptKey); + if(checkAndGetCryptKey(content, machineId, &encryptKey) != 0){ + goto _OVER; + } + strncpy(tsEncryptKey, encryptKey, ENCRYPT_KEY_LEN); + + taosMemoryFreeClear(encryptKey); //TODO: dmchen checksum - strncpy(tsEncryptKey, content, ENCRYPT_KEY_LEN); + tsEncryptionKeyChksum = taosCalcChecksum(0, tsEncryptKey, ENCRYPT_KEY_LEN); tsEncryptionKeyStat = ENCRYPT_KEY_STAT_LOADED; taosMemoryFreeClear(content); diff --git a/source/dnode/mnode/impl/src/mndVgroup.c b/source/dnode/mnode/impl/src/mndVgroup.c index 571f17fab6..67ad2d5067 100644 --- a/source/dnode/mnode/impl/src/mndVgroup.c +++ b/source/dnode/mnode/impl/src/mndVgroup.c @@ -304,6 +304,7 @@ void *mndBuildCreateVnodeReq(SMnode *pMnode, SDnodeObj *pDnode, SDbObj *pDb, SVg createReq.hashSuffix = pDb->cfg.hashSuffix; createReq.tsdbPageSize = pDb->cfg.tsdbPageSize; createReq.changeVersion = ++(pVgroup->syncConfChangeVer); + createReq.encryptAlgorithm = pDb->cfg.encryptAlgorithm; for (int32_t v = 0; v < pVgroup->replica; ++v) { SReplica *pReplica = NULL;