diff --git a/include/en_config.h b/include/en_config.h index abec66a..67a6ca0 100644 --- a/include/en_config.h +++ b/include/en_config.h @@ -24,5 +24,9 @@ #define BACKUP_BIN_PATH ENCRYPTSQL_INSTALL_DIR "/bin/backup" #define RESTORE_BIN_PATH ENCRYPTSQL_INSTALL_DIR "/bin/restore" +// 客户端侧用于decryptres解密 +#define DEK_FILE_PATH ENCRYPTSQL_CONFIG_DIR "/dek" +// 服务端用于存储加密的DEK +#define DEK_SEALED_PATH ENCRYPTSQL_CONFIG_DIR "/dek.sealed" #endif /* ENCRYPTSQL_CONFIG_H */ diff --git a/readme.md b/readme.md index ef1c5cb..bd1b0c7 100755 --- a/readme.md +++ b/readme.md @@ -379,9 +379,9 @@ cmk rotate off; --CK 轮换指定列密钥,多个列名用逗号分隔 --ALL 轮换所有密钥(表密钥+所有列密钥) --EXAMPLES: -ROTATE DEK NOW users -TK; -ROTATE DEK NOW users -CK `name`,`email`; -ROTATE DEK NOW users -ALL; +ROTATE DEK NOW table_name -TK; +ROTATE DEK NOW table_name -CK colname1,colname2; +ROTATE DEK NOW table_name -ALL; ``` --- diff --git a/src/KMSAdapter/dek_interface.cpp b/src/KMSAdapter/dek_interface.cpp index f3428f1..a74ecc7 100755 --- a/src/KMSAdapter/dek_interface.cpp +++ b/src/KMSAdapter/dek_interface.cpp @@ -741,7 +741,7 @@ void connectionSelect() { DekInterface::setDekTableLevel(dek); } else { // 否则是列级密钥 DekInterface::setDekColLevel(col_name, dek); - } + } } PQclear(res1); // 释放查询结果 diff --git a/src/encryptsql/encryptstmt.cpp b/src/encryptsql/encryptstmt.cpp index c267343..c116c11 100755 --- a/src/encryptsql/encryptstmt.cpp +++ b/src/encryptsql/encryptstmt.cpp @@ -189,31 +189,6 @@ static A_Const *encryptAConst(A_Const *aconst, T_Cipher encryptCipher, EncryptIn } else { auto tmpInt = (int64_t *) palloc(sizeof(int64_t)); double tmpDouble; - //fixed by qxy for RND encrypt -// if (encryptCipher == CIPHER_RND) { -// *tmpInt = intVal(AConstValue); -// // isFloat = true; -// // *tmpInt *= Float_Scale; -// } else if (IsA(AConstValue, Float) || (info->isPeerColFloat)) // -// { -// isFloat = true; -// tmpDouble = atof(strVal(AConstValue)); -// *tmpInt = tmpDouble * Float_Scale; -// if (info->isPeerColFloat) { -// info->isPeerColFloat = false; -// } -// } else if (IsA(AConstValue, Integer)) { -// *tmpInt = intVal(AConstValue); -// isFloat = true; -// *tmpInt *= Float_Scale; -// } else { -// *tmpInt = intVal(AConstValue); -// if (info->isFloatorIntCol) { // 当前列是float或Int列 -// isFloat = true; -// *tmpInt *= Float_Scale; -// } -// } - // 去除放缩逻辑 if (encryptCipher == CIPHER_RND) { *tmpInt = intVal(AConstValue); @@ -256,26 +231,9 @@ static A_Const *encryptAConst(A_Const *aconst, T_Cipher encryptCipher, EncryptIn } } - //kms test start -// std::string col_need_encrypt; -// col_need_encrypt = cmk_mapperGetInfoCol(); -// std::string dek_tmp; -// if (!col_need_encrypt.empty()) { -// cmk_mapperGetDekByCol(col_need_encrypt, dek_tmp); -// std::cout << dek_tmp << std::endl; -// cmk_mapperSetInfoCol(col_need_encrypt); -// } - //kms test end std::string dek_tmp; - //cmk_mapperGetDekTableLevel(dek_tmp); std::string col_need_encrypt; - // col_need_encrypt = cmk_mapperGetInfoCol(); - // encrypted_col = col_need_encrypt; - // std::cout << encrypted_col << std::endl; - // if(cmk_mapperIsRotateCmd()) cmk_mapperGetDekStoreTmpForUpdate(col_need_encrypt, dek_tmp); - // else cmk_mapperGetDekByCol(col_need_encrypt, dek_tmp); - // if(!info->isFromAExpr && !info->isFromUpdate) cmk_mapperSetInfoCol(col_need_encrypt); col_need_encrypt = DekInterface::getInfoCol(); if(DekInterface::isRotateCmd()) DekInterface::getDekColLevelForUpdate(col_need_encrypt, dek_tmp); else DekInterface::getDekColLevel(col_need_encrypt, dek_tmp); diff --git a/src/utils/en_config.h b/src/utils/en_config.h index abec66a..67a6ca0 100644 --- a/src/utils/en_config.h +++ b/src/utils/en_config.h @@ -24,5 +24,9 @@ #define BACKUP_BIN_PATH ENCRYPTSQL_INSTALL_DIR "/bin/backup" #define RESTORE_BIN_PATH ENCRYPTSQL_INSTALL_DIR "/bin/restore" +// 客户端侧用于decryptres解密 +#define DEK_FILE_PATH ENCRYPTSQL_CONFIG_DIR "/dek" +// 服务端用于存储加密的DEK +#define DEK_SEALED_PATH ENCRYPTSQL_CONFIG_DIR "/dek.sealed" #endif /* ENCRYPTSQL_CONFIG_H */