diff --git a/src/bin/pg_probackup/backup.cpp b/src/bin/pg_probackup/backup.cpp index 75864e79c..75fa0032d 100644 --- a/src/bin/pg_probackup/backup.cpp +++ b/src/bin/pg_probackup/backup.cpp @@ -2935,7 +2935,7 @@ static void compress_encrypt_directory() char enc_file[MAXPGPATH] = {0}; unsigned char hmac_buffer[MAX_HMAC_LEN + 1] = {0}; unsigned char enc_buffer[MAX_ENCRYPT_LEN + 1] = {0}; - unsigned char out_buffer[MAX_ENCRYPT_LEN + 1] = {0}; + unsigned char out_buffer[MAX_CRYPTO_MODULE_LEN + 1] = {0}; char errmsg[MAX_ERRMSG_LEN] = {0}; int algo; @@ -2970,15 +2970,20 @@ static void compress_encrypt_directory() return; } - CryptoModuleParamsCheck(gen_key, encrypt_dev_params, encrypt_mode, encrypt_key, encrypt_salt); + CryptoModuleParamsCheck(gen_key, encrypt_dev_params, encrypt_mode, encrypt_key, encrypt_salt, &key_type); initCryptoSession(&crypto_module_session); algo = transform_type(encrypt_mode); if (gen_key) { + if (key_type == KEY_TYPE_PLAINTEXT) { + elog(ERROR, "forbid to generate plaint key\n"); + } + key = (char*)malloc(KEY_MAX_LEN); ret = crypto_create_symm_key_use(crypto_module_session, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, (size_t*)&key_len); if (ret != 1) { + pg_free(key); crypto_get_errmsg_use(NULL, errmsg); clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); elog(ERROR, "crypto module gen key error, errmsg:%s\n", errmsg); @@ -2986,53 +2991,62 @@ static void compress_encrypt_directory() } else { key = SEC_decodeBase64(encrypt_key, &key_len); if (NULL == key) { + pg_free(encrypt_key); clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); elog(ERROR, "crypto module decode key error, please check --with-key.\n"); } } - - encrypt_key = SEC_encodeBase64(key, (GS_UINT32)key_len); - if (NULL == encrypt_key) { - clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); - elog(ERROR, "crypto module encode key error.\n"); + pg_free(encrypt_key); + if (key_type != KEY_TYPE_PLAINTEXT) { + encrypt_key = SEC_encodeBase64(key, (GS_UINT32)key_len); + if (NULL == encrypt_key) { + pg_free(encrypt_key); + pg_free(key); + clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); + elog(ERROR, "crypto module encode key error.\n"); + } + + elog(INFO, "crypto module encrypt with key: %s , salt: %s \n", encrypt_key, encrypt_salt); } - - elog(INFO, "crypto module encrypt with key: %s , salt: %s \n", encrypt_key, encrypt_salt); ret = crypto_ctx_init_use(crypto_module_session, &crypto_module_keyctx, (ModuleSymmKeyAlgo)algo, 1, (unsigned char*)key, key_len); if (ret != 1) { + pg_free(encrypt_key); + pg_free(key); crypto_get_errmsg_use(NULL, errmsg); clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); elog(ERROR, "crypto keyctx init error, errmsg:%s\n", errmsg); } - algo = getHmacType((ModuleSymmKeyAlgo)algo); - - ret = crypto_hmac_init_use(crypto_module_session, &crypto_hmac_keyctx, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, key_len); - if (ret != 1) - { - crypto_get_errmsg_use(NULL, errmsg); - clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); - elog(ERROR, "crypto hmac keyctx init error, errmsg:%s\n", errmsg); + algo = transform_hmac_type(encrypt_mode); + if (algo != MODULE_ALGO_MAX) { + ret = crypto_hmac_init_use(crypto_module_session, &crypto_hmac_keyctx, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, key_len); + if (ret != 1) + { + pg_free(encrypt_key); + pg_free(key); + crypto_get_errmsg_use(NULL, errmsg); + clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); + elog(ERROR, "crypto hmac keyctx init error, errmsg:%s\n", errmsg); + } } - fseek(backup_tar_fd,0,SEEK_END); + fseek(backup_tar_fd, 0, SEEK_END); backup_tar_length = ftell(backup_tar_fd); - fseek(backup_tar_fd,0,SEEK_SET); + fseek(backup_tar_fd, 0, SEEK_SET); while(backup_tar_pos < backup_tar_length) { + ret = memset_s(enc_buffer, MAX_ENCRYPT_LEN + 1, '\0', MAX_ENCRYPT_LEN + 1); + securec_check(ret, "\0", "\0"); + if ((backup_tar_length - backup_tar_pos) > MAX_ENCRYPT_LEN) { - ret = memset_s(enc_buffer, MAX_ENCRYPT_LEN + 1, '\0', MAX_ENCRYPT_LEN + 1); - securec_check(ret, "\0", "\0"); - fread(enc_buffer,MAX_ENCRYPT_LEN,1,backup_tar_fd); + fread(enc_buffer, MAX_ENCRYPT_LEN, 1, backup_tar_fd); backup_tar_pos += MAX_ENCRYPT_LEN; enc_buffer_len = MAX_ENCRYPT_LEN; } else { - ret = memset_s(enc_buffer, MAX_ENCRYPT_LEN + 1, '\0', MAX_ENCRYPT_LEN + 1); - securec_check(ret, "\0", "\0"); - fread(enc_buffer,(backup_tar_length - backup_tar_pos),1,backup_tar_fd); + fread(enc_buffer, (backup_tar_length - backup_tar_pos), 1, backup_tar_fd); enc_buffer_len = backup_tar_length - backup_tar_pos; backup_tar_pos = backup_tar_length; } @@ -3043,26 +3057,36 @@ static void compress_encrypt_directory() ret = memset_s(hmac_buffer, MAX_HMAC_LEN + 1, '\0', MAX_HMAC_LEN + 1); securec_check(ret, "\0", "\0"); - ret = crypto_hmac_use(crypto_hmac_keyctx, (unsigned char*)enc_buffer, enc_buffer_len, hmac_buffer, (size_t*)&hmac_len); - if (ret != 1) { - clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); - elog(ERROR, ("failed to calculate hmac\n")); + if (algo != MODULE_ALGO_MAX){ + ret = crypto_hmac_use(crypto_hmac_keyctx, (unsigned char*)enc_buffer, enc_buffer_len, hmac_buffer, (size_t*)&hmac_len); + if (ret != 1) { + pg_free(encrypt_key); + pg_free(key); + clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); + elog(ERROR, ("failed to calculate hmac\n")); + } } ret = crypto_encrypt_decrypt_use(crypto_module_keyctx, 1, (unsigned char*)enc_buffer, enc_buffer_len, (unsigned char*)encrypt_salt, MAX_IV_LEN, out_buffer, (size_t*)&out_buffer_len, NULL); if (ret != 1) { + pg_free(encrypt_key); + pg_free(key); clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); elog(ERROR, ("failed to encrypt backup file\n")); } fwrite(out_buffer, 1, out_buffer_len, enc_backup_fd); - fwrite(hmac_buffer, 1, hmac_len, enc_backup_fd); + if (algo != MODULE_ALGO_MAX) { + fwrite(hmac_buffer, 1, hmac_len, enc_backup_fd); + } } fclose(backup_tar_fd); fclose(enc_backup_fd); clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); + pg_free(encrypt_key); + pg_free(key); rc = sprintf_s(sys_cmd, MAXPGPATH, "rm %s %s.tar -rf", current.root_dir, current.root_dir); securec_check_ss_c(rc, "\0", "\0"); diff --git a/src/bin/pg_probackup/catalog.cpp b/src/bin/pg_probackup/catalog.cpp index b257429ee..95657dd74 100644 --- a/src/bin/pg_probackup/catalog.cpp +++ b/src/bin/pg_probackup/catalog.cpp @@ -2879,13 +2879,10 @@ char* relpathbackend(RelFileNode rnode, BackendId backend, ForkNumber forknum) static void uncompress_decrypt_directory(const char *instance_name_str) { errno_t rc; - - bool res = false; DIR *data_dir = NULL; struct dirent *data_ent = NULL; uint key_len = 0; uint hmac_len = MAX_HMAC_LEN; - uint key_idx_uint = 0; uint dec_buffer_len = 0; uint out_buffer_len = MAX_CRYPTO_MODULE_LEN; long int enc_file_pos = 0; @@ -2906,18 +2903,13 @@ static void uncompress_decrypt_directory(const char *instance_name_str) return; } - CryptoModuleParamsCheck(gen_key, encrypt_dev_params, encrypt_mode, encrypt_key, encrypt_salt); + CryptoModuleParamsCheck(gen_key, encrypt_dev_params, encrypt_mode, encrypt_key, encrypt_salt, &key_type); initCryptoSession(&crypto_module_session); algo = transform_type(encrypt_mode); if (gen_key) { - rc = crypto_create_symm_key_use(crypto_module_session, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, (size_t*)&key_len); - if (rc != 1) { - crypto_get_errmsg_use(NULL, errmsg); - clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); - elog(ERROR, "crypto module gen key error, errmsg:%s\n", errmsg); - } + elog(ERROR, "only backup can use --gen-key command."); } else { key = SEC_decodeBase64(encrypt_key, &key_len); if (NULL == key) { @@ -2928,17 +2920,20 @@ static void uncompress_decrypt_directory(const char *instance_name_str) rc = crypto_ctx_init_use(crypto_module_session, &crypto_module_keyctx, (ModuleSymmKeyAlgo)algo, 0, (unsigned char*)key, key_len); if (rc != 1) { + pg_free(key); crypto_get_errmsg_use(NULL, errmsg); clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); elog(ERROR, "crypto keyctx init error, errmsg:%s\n", errmsg); } - algo = getHmacType((ModuleSymmKeyAlgo)algo); - rc = crypto_hmac_init_use(crypto_module_session, &crypto_hmac_keyctx, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, key_len); - if (rc != 1) { - crypto_get_errmsg_use(NULL, errmsg); - clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); - elog(ERROR, "crypto keyctx init error, errmsg:%s\n", errmsg); + algo = transform_hmac_type(encrypt_mode); + if (algo != MODULE_ALGO_MAX) { + rc = crypto_hmac_init_use(crypto_module_session, &crypto_hmac_keyctx, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, key_len); + if (rc != 1) { + crypto_get_errmsg_use(NULL, errmsg); + clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); + elog(ERROR, "crypto keyctx init error, errmsg:%s\n", errmsg); + } } rc = sprintf_s(backup_instance_path, MAXPGPATH, "%s/%s/%s", @@ -2947,6 +2942,8 @@ static void uncompress_decrypt_directory(const char *instance_name_str) data_dir = fio_opendir(backup_instance_path, FIO_BACKUP_HOST); if (data_dir == NULL) { + pg_free(key); + clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); elog(ERROR, "cannot open directory \"%s\": %s", backup_instance_path, strerror(errno)); return; } @@ -2959,6 +2956,7 @@ static void uncompress_decrypt_directory(const char *instance_name_str) FILE* enc_backup_fd = fopen(enc_backup_file,"rb"); if(NULL == enc_backup_fd) { + pg_free(key); clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); elog(ERROR, ("failed to create or open encrypt backup file.")); return; @@ -2976,47 +2974,78 @@ static void uncompress_decrypt_directory(const char *instance_name_str) FILE* dec_file_fd = fopen(dec_backup_file,"wb"); - while(enc_file_pos < enc_file_len) + if (algo == MODULE_ALGO_MAX) { - memset_s(dec_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN); - memset_s(out_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN); + while(enc_file_pos < enc_file_len) + { + memset_s(dec_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN); + memset_s(out_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN); - if(enc_file_pos + MAX_CRYPTO_MODULE_LEN + MAX_HMAC_LEN < enc_file_len) { - fread(dec_buffer, 1, MAX_CRYPTO_MODULE_LEN, enc_backup_fd); - fread(hmac_read_buffer, 1, MAX_HMAC_LEN, enc_backup_fd); - dec_buffer_len = MAX_CRYPTO_MODULE_LEN; - enc_file_pos += (MAX_CRYPTO_MODULE_LEN + MAX_HMAC_LEN); - } else { - fread(dec_buffer, 1, enc_file_len - (enc_file_pos + MAX_HMAC_LEN), enc_backup_fd); - fread(hmac_read_buffer, 1, MAX_HMAC_LEN, enc_backup_fd); - dec_buffer_len = enc_file_len - (enc_file_pos + MAX_HMAC_LEN); - enc_file_pos = enc_file_len; + if(enc_file_pos + MAX_CRYPTO_MODULE_LEN < enc_file_len) { + fread(dec_buffer, 1, MAX_CRYPTO_MODULE_LEN, enc_backup_fd); + dec_buffer_len = MAX_CRYPTO_MODULE_LEN; + enc_file_pos += MAX_CRYPTO_MODULE_LEN; + } else { + fread(dec_buffer, 1, enc_file_len - enc_file_pos, enc_backup_fd); + dec_buffer_len = enc_file_len - enc_file_pos; + enc_file_pos = enc_file_len; + } + + rc = crypto_encrypt_decrypt_use(crypto_module_keyctx, 0, (unsigned char*)dec_buffer, dec_buffer_len, + (unsigned char*)encrypt_salt, MAX_IV_LEN, (unsigned char*)out_buffer, (size_t*)&out_buffer_len, NULL); + if(rc != 1) { + crypto_get_errmsg_use(NULL, errmsg); + pg_free(key); + clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); + elog(ERROR, ("failed to decrypt enc_backup_file, errmsg: %s"), errmsg); + } + fwrite(out_buffer, 1, out_buffer_len, dec_file_fd); } + } else { + while(enc_file_pos < enc_file_len) + { + memset_s(dec_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN); + memset_s(out_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN); - rc = crypto_encrypt_decrypt_use(crypto_module_keyctx, 0, (unsigned char*)dec_buffer, dec_buffer_len, - (unsigned char*)encrypt_salt, MAX_IV_LEN, (unsigned char*)out_buffer, (size_t*)&out_buffer_len, NULL); - if(rc != 1) { - crypto_get_errmsg_use(NULL, errmsg); - clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); - elog(ERROR, ("failed to decrypt enc_backup_file, errmsg: %s"), errmsg); + if(enc_file_pos + MAX_CRYPTO_MODULE_LEN + MAX_HMAC_LEN < enc_file_len) { + fread(dec_buffer, 1, MAX_CRYPTO_MODULE_LEN, enc_backup_fd); + fread(hmac_read_buffer, 1, MAX_HMAC_LEN, enc_backup_fd); + dec_buffer_len = MAX_CRYPTO_MODULE_LEN; + enc_file_pos += (MAX_CRYPTO_MODULE_LEN + MAX_HMAC_LEN); + } else { + fread(dec_buffer, 1, enc_file_len - (enc_file_pos + MAX_HMAC_LEN), enc_backup_fd); + fread(hmac_read_buffer, 1, MAX_HMAC_LEN, enc_backup_fd); + dec_buffer_len = enc_file_len - (enc_file_pos + MAX_HMAC_LEN); + enc_file_pos = enc_file_len; + } + + rc = crypto_encrypt_decrypt_use(crypto_module_keyctx, 0, (unsigned char*)dec_buffer, dec_buffer_len, + (unsigned char*)encrypt_salt, MAX_IV_LEN, (unsigned char*)out_buffer, (size_t*)&out_buffer_len, NULL); + if(rc != 1) { + pg_free(key); + crypto_get_errmsg_use(NULL, errmsg); + clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); + elog(ERROR, ("failed to decrypt enc_backup_file, errmsg: %s"), errmsg); + } + + rc = crypto_hmac_use(crypto_hmac_keyctx, (unsigned char*)out_buffer, out_buffer_len, hmac_cal_buffer, (size_t*)&hmac_len); + if(rc != 1) { + pg_free(key); + crypto_get_errmsg_use(NULL, errmsg); + clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); + elog(ERROR, ("failed to calculate hmac, errmsg: %s"), errmsg); + } + + if (strncmp((char*)hmac_cal_buffer, (char*)hmac_read_buffer, (size_t)hmac_len) != 0) { + pg_free(key); + elog(ERROR, ("hmac verify failed\n")); + } + + fwrite(out_buffer, 1, out_buffer_len, dec_file_fd); } - - rc = crypto_hmac_use(crypto_hmac_keyctx, (unsigned char*)out_buffer, out_buffer_len, hmac_cal_buffer, (size_t*)&hmac_len); - if(rc != 1) { - crypto_get_errmsg_use(NULL, errmsg); - clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); - elog(ERROR, ("failed to calculate hmac, errmsg: %s"), errmsg); - } - - if (strncmp((char*)hmac_cal_buffer, (char*)hmac_read_buffer, (size_t)hmac_len) != 0) { - elog(ERROR, ("hmac verify failed\n")); - } - - fwrite(out_buffer, 1, out_buffer_len, dec_file_fd); } fclose(dec_file_fd); fclose(enc_backup_fd); - clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx); rc = sprintf_s(sys_cmd, MAXPGPATH, "tar -xPf %s/%s.tar", backup_instance_path, data_ent->d_name); @@ -3046,6 +3075,7 @@ static void uncompress_decrypt_directory(const char *instance_name_str) fio_closedir(data_dir); data_dir = NULL; } + pg_free(key); } /* diff --git a/src/bin/pg_probackup/common_cipher.cpp b/src/bin/pg_probackup/common_cipher.cpp index c7185a0ca..cfa7c0e67 100644 --- a/src/bin/pg_probackup/common_cipher.cpp +++ b/src/bin/pg_probackup/common_cipher.cpp @@ -103,21 +103,21 @@ void unload_crypto_module() int transform_type(const char* type) { - if (strcmp(type, "AES128_CBC") == 0) { + if (strcmp(type, "AES128_CBC") == 0 || strcmp(type, "AES128_CBC_HMAC_SHA256") == 0) { return MODULE_AES_128_CBC; - } else if (strcmp(type, "AES128_CTR") == 0) { + } else if (strcmp(type, "AES128_CTR") == 0 || strcmp(type, "AES128_CTR_HMAC_SHA256") == 0) { return MODULE_AES_128_CTR; - } else if (strcmp(type, "AES128_GCM") == 0) { + } else if (strcmp(type, "AES128_GCM") == 0 || strcmp(type, "AES128_GCM_HMAC_SHA256") == 0) { return MODULE_AES_128_GCM; - } else if (strcmp(type, "AES256_CBC") == 0) { + } else if (strcmp(type, "AES256_CBC") == 0 || strcmp(type, "AES256_CBC_HMAC_SHA256") == 0) { return MODULE_AES_256_CBC; - } else if (strcmp(type, "AES256_CTR") == 0) { + } else if (strcmp(type, "AES256_CTR") == 0 || strcmp(type, "AES256_CTR_HMAC_SHA256") == 0) { return MODULE_AES_256_CTR; - } else if (strcmp(type, "AES256_GCM") == 0) { + } else if (strcmp(type, "AES256_GCM") == 0 || strcmp(type, "AES256_GCM_HMAC_SHA256") == 0) { return MODULE_AES_256_GCM; - } else if (strcmp(type, "SM4_CBC") == 0) { + } else if (strcmp(type, "SM4_CBC") == 0 || strcmp(type, "SM4_CBC_HMAC_SM3") == 0) { return MODULE_SM4_CBC; - } else if (strcmp(type, "SM4_CTR") == 0) { + } else if (strcmp(type, "SM4_CTR") == 0 || strcmp(type, "SM4_CTR_HMAC_SM3") == 0) { return MODULE_SM4_CTR; } @@ -136,7 +136,24 @@ int getHmacType(ModuleSymmKeyAlgo algo) return MODULE_ALGO_MAX; } -void initCryptoModule(char* crypto_module_params, const char* encrypt_mode) +int transform_hmac_type(const char* type) +{ + if (strcmp(type, "AES128_CBC_HMAC_SHA256") == 0 + || strcmp(type, "AES128_CTR_HMAC_SHA256") == 0 + || strcmp(type, "AES128_GCM_HMAC_SHA256") == 0 + || strcmp(type, "AES256_CBC_HMAC_SHA256") == 0 + || strcmp(type, "AES256_CTR_HMAC_SHA256") == 0 + || strcmp(type, "AES256_GCM_HMAC_SHA256") == 0) { + return MODULE_HMAC_SHA256; + } else if (strcmp(type, "SM4_CBC_HMAC_SM3") == 0 + || strcmp(type, "SM4_CTR_HMAC_SM3") == 0) { + return MODULE_HMAC_SM3; + } + + return MODULE_ALGO_MAX; +} + +void initCryptoModule(char* crypto_module_params, const char* encrypt_mode, int* key_type) { int ret = 1; SupportedFeature supportedfeature; @@ -161,6 +178,7 @@ void initCryptoModule(char* crypto_module_params, const char* encrypt_mode) exit(1); } + *key_type = supportedfeature.key_type; } void initCryptoSession(void** crypto_module_session) @@ -209,10 +227,8 @@ void clearCrypto(void* crypto_module_session, void* crypto_module_keyctx, void* unload_crypto_module(); } -void CryptoModuleParamsCheck(bool gen_key, char* params, const char* module_encrypt_mode, const char* module_encrypt_key, const char* module_encrypt_salt) +void CryptoModuleParamsCheck(bool gen_key, char* params, const char* module_encrypt_mode, const char* module_encrypt_key, const char* module_encrypt_salt, int* key_type) { - errno_t rc = 0; - if (!load_crypto_module_lib()) { fprintf(stderr, ("load crypto module lib failed\n")); exit(1); @@ -222,7 +238,7 @@ void CryptoModuleParamsCheck(bool gen_key, char* params, const char* module_encr fprintf(stderr, ("encrypt mode and crypto module params cannot be NULL\n")); exit(1); } else { - initCryptoModule(params, module_encrypt_mode); + initCryptoModule(params, module_encrypt_mode, key_type); } if (gen_key && NULL != module_encrypt_key) { diff --git a/src/bin/pg_probackup/common_cipher.h b/src/bin/pg_probackup/common_cipher.h index 81e52bc51..e04f89301 100644 --- a/src/bin/pg_probackup/common_cipher.h +++ b/src/bin/pg_probackup/common_cipher.h @@ -73,14 +73,15 @@ extern crypto_hmac_type crypto_hmac_use; extern int transform_type(const char* type); extern int getHmacType(ModuleSymmKeyAlgo algo); +extern int transform_hmac_type(const char* type); extern bool load_crypto_module_lib(); extern void unload_crypto_module(); -extern void initCryptoModule(char* crypto_module_params, const char* encrypt_mode); +extern void initCryptoModule(char* crypto_module_params, const char* encrypt_mode, int* key_type); extern void initCryptoSession(void** crypto_module_session); extern void releaseCryptoSession(void* crypto_module_session); extern void releaseCryptoCtx(void* crypto_module_keyctx); extern void clearCrypto(void* crypto_module_session, void* crypto_module_keyctx, void* crypto_hmac_keyctx); -extern void CryptoModuleParamsCheck(bool gen_key, char* params, const char* module_encrypt_mode, const char* module_encrypt_key, const char* module_encrypt_salt); +extern void CryptoModuleParamsCheck(bool gen_key, char* params, const char* module_encrypt_mode, const char* module_encrypt_key, const char* module_encrypt_salt, int* key_type); #ifdef __cplusplus } diff --git a/src/bin/pg_probackup/pg_probackup.cpp b/src/bin/pg_probackup/pg_probackup.cpp index 9a266e575..64df6426b 100644 --- a/src/bin/pg_probackup/pg_probackup.cpp +++ b/src/bin/pg_probackup/pg_probackup.cpp @@ -154,6 +154,7 @@ static ProbackupSubcmd backup_subcmd = NO_CMD; /* encrypt options */ bool gen_key = false; +int key_type = KEY_TYPE_INVALID; char* encrypt_mode = NULL; char* encrypt_key = NULL; char* encrypt_salt = NULL; diff --git a/src/bin/pg_probackup/pg_probackupc.h b/src/bin/pg_probackup/pg_probackupc.h index 151fa1898..090d6f036 100644 --- a/src/bin/pg_probackup/pg_probackupc.h +++ b/src/bin/pg_probackup/pg_probackupc.h @@ -82,6 +82,7 @@ extern bool specify_extdir; extern bool specify_tbsdir; extern bool gen_key; +extern int key_type; extern char* encrypt_mode ; extern char* encrypt_key ; extern char* encrypt_salt;