START_ENCRYPTION_EVENT

MariaDB starting with 10.1.7

The START_ENCRYPTION event was introduced in MariaDB 10.1.7.

Since MariaDB 10.1.7, the START_ENCRYPTION event is written to every binary log file if encrypt_binlog is set to ON.

This event is written just once, after the Format Description event (which is the first event of a binlog file at pos 4).

The event has the 19 bytes event header with EventType set to value 164 (0xa4) + 17 bytes data.

  • Event type is 164 (0xa4)

Fields

  • uint<1> The Encryption scheme, always set to 1 for system files.
  • uint<4> The Encryption key version.
  • byte<12> Nonce (12 random bytes) of current binlog file.

Decryption of following events

All data of following events in the binlog file are encrypted, except for the event_length field

The 16 byte encryption IV is generated from the 12 byte nonce (uint<12>) in the binlog plus the current position of the event being encrypted (uint<4>). This means the last four bytes of the IV change for every event and the first 12 bytes change for every binlog file.

Since the event_length is always unencrypted, the encrypted data block has to be modified before it can be decrypted:

  • store event_length
  • copy the first four bytes (encrypted timestamp) to event_length position (offset=9)
  • decrypt starting from offset 4 and store result at offset 4 of decrypted buffer

The unencrypted block now also needs to be modified

  • move unencrypted timestamp value from offset 9 to the beginning (offset=0)
  • store event_length at position 9

Complete example with CRC32 from a binary log.

b8 5f 5a 59 a4 5d 00 00  00 28 00 00 00 21 01 00 ._ZY.]...(...!..
00 00 00 01 01 00 00 00  65 57 50 26 63 59 37 46 ........eWP&cY7F
2f 3b 33 23 06 bb da 62                          /;3#...b

header, 19 bytes:

  • timestamp [4] = b8 5f 5a 59 => 59 5a 5f b8 => 1499094968 [2017-07-03 17:16:08]
  • type [1} = a4 => 164
  • server_id [4} = 5d 00 00 00 => 00 00 00 5d => 93
  • event_size [4] = 28 00 00 00 => 00 00 00 28 => 40 [header + content + crc32(header + content)]
  • next_pos [4] = 21 01 00 00 => 00 00 01 21 => 289
  • flags [2] = 00 00 => 0

content,17 bytes

  • Enc scheme [1] = 01 => 1
  • Enc key ver [4] = 01 00 00 00 => 00 00 00 01 => 1
  • Nonce [12] = eWP&cY7F/;3#

crc32, 4 bytes, of the whole event (header[19] + content[17])

  • 06 bb da 62 => 62 da bb 06 => 1658501894

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.