MXS-867: Binlog server encryption key has same format as MariaDB key file

Default algorithm is now AES_CBC.
The MariaDB 10.1 key file cannot be read as it might contain more than
1 rows.

server/modules/routing/binlogrouter/blr.c

@@ -2455,6 +2455,37 @@ bool blr_parse_key(char *buffer, ROUTER_INSTANCE *router)
   char *p = buffer;
   int length = 0;
   uint8_t *key = (uint8_t *)router->encryption.key_value;
+  unsigned int id = strtoll(p, &p, 10);
+
+  /* key range is 1 .. 255 */
+  if (id < 1 || id > 255)
+  {
+      MXS_ERROR("Invalid Key Id (values 1..255) in Encryption Key file at index 0. File %s",
+                router->encryption.key_management_filename);
+      return false;
+  }
+
+  /* Valid key is only BINLOG_SYSTEM_DATA_CRYPTO_SCHEME (value is 1) */
+  if (id != BINLOG_SYSTEM_DATA_CRYPTO_SCHEME)
+  {
+      MXS_ERROR("The Key Id %d is not valid: binlog encryption needs Key Id %d. File %s",
+                id,
+                BINLOG_SYSTEM_DATA_CRYPTO_SCHEME,
+                router->encryption.key_management_filename);
+      return false;
+  }
+
+  /* Look for ';' separator */
+  if (*p != ';')
+  {
+      MXS_ERROR("Syntax error in Encryption Key file at index %lu. File %s",
+                p - buffer,
+                router->encryption.key_management_filename);
+      return false;
+  }
+
+  /* Now read the hex data */
+  p++;
 
   while (isspace(*p) && *p != '\n')
   {

server/modules/routing/binlogrouter/blr.h

@@ -83,7 +83,13 @@ MXS_BEGIN_DECLS
 #define BLR_REPORT_CHECKSUM_FORMAT "CRC32 0x"
 #define BLR_REPORT_REP_HEADER 0x02
 
-/* Supported Encryption algorithms */
+/**
+ * Supported Encryption algorithms
+ *
+ * Note: AES_ECB is only internally used
+ * Available algorithms for binlog files
+ * Encryption/Decryption are AES_CBC and AES_CTR
+ */
 enum blr_aes_mode
 {
     BLR_AES_CBC,
@@ -91,8 +97,8 @@ enum blr_aes_mode
     BLR_AES_ECB
 };
 
-/* Default encryption alogorithm is AES_CTR */
-#define BINLOG_DEFAULT_ENC_ALGO    BLR_AES_CTR
+/* Default encryption alogorithm is AES_CBC */
+#define BINLOG_DEFAULT_ENC_ALGO    BLR_AES_CBC
 
 /**
  * Binlog event types

server/modules/routing/binlogrouter/blr_master.c

@@ -1444,7 +1444,7 @@ blr_handle_binlog_record(ROUTER_INSTANCE *router, GWBUF *pkt)
 
                         if (new_fde)
                         {
-                            memcpy(new_fde, ptr + 5, hdr.event_size);
+                            memcpy(new_fde, ptr + MYSQL_HEADER_LEN + 1, hdr.event_size);
                             if (router->saved_master.fde_event)
                             {
                                 MXS_FREE(router->saved_master.fde_event);

server/modules/routing/binlogrouter/blr_slave.c

@@ -2141,7 +2141,7 @@ blr_slave_binlog_dump(ROUTER_INSTANCE *router, ROUTER_SLAVE *slave, GWBUF *queue
     /* FDE ends at pos 4 + FDE size */
     fde_end_pos = 4 + GWBUF_LENGTH(fde);
 
-    /* Send the FORMAT_DESCRIPTION_EVENT */
+    /* Send a Fake FORMAT_DESCRIPTION_EVENT */
     if (slave->binlog_pos != 4)
     {
         blr_slave_send_fde(router, slave, fde);

server/modules/routing/binlogrouter/maxbinlogcheck.c

@@ -240,7 +240,8 @@ printUsage(const char *progname)
     printf("  -M|--mariadb10    MariaDB 10 binlog compatibility\n");
     printf("  -V|--version      Print version information and exit\n");
     printf("  -K|--key_file     AES Key file for MariaDB 10.1 binlog file decryption\n");
-    printf("  -A|--aes_algo     AES Algorithm for MariaDB 10.1 binlog file decryption (default=AES_CTR, AES_CBC)\n");
+    printf("  -A|--aes_algo     AES Algorithm for MariaDB 10.1 binlog file decryption (default=AES_CBC, AES_CTR)\n");
+    printf("  -H|--header       Print content of binlog event header\n");
     printf("  -?|--help         Print this help text\n");
 }