From e06d2a8dc1e60c177b67b71e87a5423a5ae1af60 Mon Sep 17 00:00:00 2001 From: Masahiko Sawada Date: Fri, 28 Jun 2019 17:46:53 +0900 Subject: [PATCH 4/9] Add facility to give process-local encryption key. --- src/backend/storage/kmgr/Makefile | 2 +- src/backend/storage/kmgr/tempkey.c | 39 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 src/backend/storage/kmgr/tempkey.c diff --git a/src/backend/storage/kmgr/Makefile b/src/backend/storage/kmgr/Makefile index e695dcf..60073d2 100644 --- a/src/backend/storage/kmgr/Makefile +++ b/src/backend/storage/kmgr/Makefile @@ -12,6 +12,6 @@ subdir = src/backend/storage/kmgr top_builddir = ../../../.. include $(top_builddir)/src/Makefile.global -OBJS = kmgr.o plugin.o +OBJS = kmgr.o tempkey.o plugin.o include $(top_srcdir)/src/backend/common.mk diff --git a/src/backend/storage/kmgr/tempkey.c b/src/backend/storage/kmgr/tempkey.c new file mode 100644 index 0000000..5df283c --- /dev/null +++ b/src/backend/storage/kmgr/tempkey.c @@ -0,0 +1,39 @@ +/*------------------------------------------------------------------------- + * + * tempkey.c + * Provide backend-local temporary key + * + * Copyright (c) 2019, PostgreSQL Global Development Group + * + * IDENTIFICATION + * src/backend/storage/kmgr/tempkey.c + * + *------------------------------------------------------------------------- + */ + +#include "postgres.h" + +#include "storage/kmgr.h" + +static bool tempkey_initialized = false; +static char tempkey[ENCRYPTION_KEY_SIZE]; + +char * +GetBackendKey(void) +{ + if (!tempkey_initialized) + { + char keybuf[ENCRYPTION_KEY_SIZE]; + int ret; + + ret = pg_strong_random(keybuf, ENCRYPTION_KEY_SIZE); + if (!ret) + ereport(ERROR, + (errmsg("failed to generate temporary key"))); + + memcpy(tempkey, keybuf, ENCRYPTION_KEY_SIZE); + tempkey_initialized = true; + } + + return tempkey; +} -- 1.8.3.1