Readme中的DEK 轮转修复

include/en_config.h

@@ -24,5 +24,9 @@
 #define BACKUP_BIN_PATH             ENCRYPTSQL_INSTALL_DIR "/bin/backup"
 #define RESTORE_BIN_PATH            ENCRYPTSQL_INSTALL_DIR "/bin/restore"
 
+// 客户端侧用于decryptres解密
+#define DEK_FILE_PATH               ENCRYPTSQL_CONFIG_DIR "/dek"
+// 服务端用于存储加密的DEK
+#define DEK_SEALED_PATH             ENCRYPTSQL_CONFIG_DIR "/dek.sealed"
 
 #endif /* ENCRYPTSQL_CONFIG_H */

readme.md

@@ -379,9 +379,9 @@ cmk rotate off;
 --CK <cols>    轮换指定列密钥，多个列名用逗号分隔
 --ALL          轮换所有密钥（表密钥+所有列密钥）
 --EXAMPLES:
-ROTATE DEK NOW users -TK;
+ROTATE DEK NOW table_name -TK;
-ROTATE DEK NOW users -CK `name`,`email`;
+ROTATE DEK NOW table_name -CK colname1,colname2;
-ROTATE DEK NOW users -ALL;
+ROTATE DEK NOW table_name -ALL;
 ```
 
 ---

src/encryptsql/encryptstmt.cpp

@@ -189,31 +189,6 @@ static A_Const *encryptAConst(A_Const *aconst, T_Cipher encryptCipher, EncryptIn
     } else {
         auto tmpInt = (int64_t *) palloc(sizeof(int64_t));
         double tmpDouble;
-        //fixed by qxy for RND encrypt
-//         if (encryptCipher == CIPHER_RND) {
-//             *tmpInt = intVal(AConstValue);
-// //			isFloat = true;
-// //			*tmpInt *= Float_Scale;
-//         } else if (IsA(AConstValue, Float) || (info->isPeerColFloat)) //
-//         {
-//             isFloat = true;
-//             tmpDouble = atof(strVal(AConstValue));
-//             *tmpInt = tmpDouble * Float_Scale;
-//             if (info->isPeerColFloat) {
-//                 info->isPeerColFloat = false;
-//             }
-//         } else if (IsA(AConstValue, Integer)) {
-//             *tmpInt = intVal(AConstValue);
-//             isFloat = true;
-//             *tmpInt *= Float_Scale;
-//         } else {
-//             *tmpInt = intVal(AConstValue);
-//             if (info->isFloatorIntCol) { // 当前列是float或Int列
-//                 isFloat = true;
-//                 *tmpInt *= Float_Scale;
-//             }
-//         }
-        
         // 去除放缩逻辑
 		if (encryptCipher == CIPHER_RND) {
 			*tmpInt = intVal(AConstValue);
@@ -256,26 +231,9 @@ static A_Const *encryptAConst(A_Const *aconst, T_Cipher encryptCipher, EncryptIn
 		}
     }
 
-    //kms test start
-//    std::string col_need_encrypt;
-//    col_need_encrypt = cmk_mapperGetInfoCol();
-//    std::string dek_tmp;
-//    if (!col_need_encrypt.empty()) {
-//        cmk_mapperGetDekByCol(col_need_encrypt, dek_tmp);
-//        std::cout << dek_tmp << std::endl;
-//        cmk_mapperSetInfoCol(col_need_encrypt);
-//    }
 
-    //kms test end
     std::string dek_tmp;
-    //cmk_mapperGetDekTableLevel(dek_tmp);
     std::string col_need_encrypt;
-    // col_need_encrypt = cmk_mapperGetInfoCol();
-    // encrypted_col = col_need_encrypt;
-    // std::cout << encrypted_col << std::endl;
-    // if(cmk_mapperIsRotateCmd()) cmk_mapperGetDekStoreTmpForUpdate(col_need_encrypt, dek_tmp);
-    // else cmk_mapperGetDekByCol(col_need_encrypt, dek_tmp);
-    // if(!info->isFromAExpr && !info->isFromUpdate) cmk_mapperSetInfoCol(col_need_encrypt);
     col_need_encrypt = DekInterface::getInfoCol();
     if(DekInterface::isRotateCmd()) DekInterface::getDekColLevelForUpdate(col_need_encrypt, dek_tmp);
     else DekInterface::getDekColLevel(col_need_encrypt, dek_tmp);

src/utils/en_config.h

@@ -24,5 +24,9 @@
 #define BACKUP_BIN_PATH             ENCRYPTSQL_INSTALL_DIR "/bin/backup"
 #define RESTORE_BIN_PATH            ENCRYPTSQL_INSTALL_DIR "/bin/restore"
 
+// 客户端侧用于decryptres解密
+#define DEK_FILE_PATH               ENCRYPTSQL_CONFIG_DIR "/dek"
+// 服务端用于存储加密的DEK
+#define DEK_SEALED_PATH             ENCRYPTSQL_CONFIG_DIR "/dek.sealed"
 
 #endif /* ENCRYPTSQL_CONFIG_H */